Poslao: 08 Mar 2009 17:33
|
offline
- BoxterBG
- Novi MyCity građanin
- Pridružio: 26 Nov 2008
- Poruke: 24
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:59 PM, on 3/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Goran\Desktop\BOXTERBG\TR3.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\Documents and Settings\LocalService\jorl.exe \s,
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: DSLMON.lnk = ?
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C7F2C3E-E60C-4F0E-A005-846765B55C8B}: NameServer = 212.200.82.4 212.200.82.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C7F2C3E-E60C-4F0E-A005-846765B55C8B}: NameServer = 212.200.82.4 212.200.82.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C: \Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 3719 bytes
Molio bih za proveru loga zbog usporenosti rada kompa.
Sa kaspersky-m sam uspeo da uklonim neke od pretnji, kao i sa ad-aware-om ali ipak nesto zaostaje i to uzrokuje svakodnevno za povecanjem broja malware-a, virusa i ostalih pretnji...
Molio bih vas da mi pomognete!
Unapred zahvalan.
|
|
|
|
|
Poslao: 08 Mar 2009 18:35
|
offline
- BoxterBG
- Novi MyCity građanin
- Pridružio: 26 Nov 2008
- Poruke: 24
|
ComboFix 09-03-06.02 - Goran 2009-03-08 18:21:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.76 [GMT 1:00]
Running from: c:\documents and settings\Goran\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
.
2009-03-08 15:19 . 2009-03-08 15:35 <DIR> d-------- c:\program files\NoAdware
2009-03-08 14:37 . 2009-03-08 14:37 707,584 --a------ c:\windows\system32\va.exe
2009-03-08 04:18 . 2009-03-08 04:20 <DIR> d-------- c:\documents and settings\Goran\Application Data\vlc
2009-03-07 05:07 . 2009-03-07 05:07 <DIR> d-------- c:\program files\Yahoo!
2009-03-07 05:07 . 2009-03-07 05:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-07 04:58 . 2009-03-07 05:09 <DIR> d-------- c:\documents and settings\Goran\Application Data\mIRC
2009-03-07 04:45 . 2009-03-07 04:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2009-03-07 04:42 . 2009-03-07 04:42 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> dr------- c:\program files\Skype
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-06 11:35 . 2009-03-06 11:35 12,800 --ah----- c:\documents and settings\LocalService\jorl.exe
2009-03-06 11:34 . 2009-03-06 11:35 114,176 --------- C:\autoexec.exe
2009-03-04 12:11 . 2009-03-07 02:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\Goran\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-04 12:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-01 02:39 . 2009-03-01 02:39 34,016 --a------ c:\windows\system32\drivers\sfnbzezv.sys
2009-02-28 12:15 . 2009-03-06 11:35 67,584 ---h----- c:\windows\system32\secupdat.dat
2009-02-28 02:59 . 2009-02-28 02:59 <DIR> d-------- c:\program files\Eagle USB ADSL Modem
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 17:23 802,848 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-08 17:23 8,400 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-08 17:23 2,800 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-08 17:23 196,640 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-08 17:05 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-08 15:58 5,618,277 ----a-w c:\program files\eav_nt64_enu.msi
2009-03-07 04:07 --------- d-----w c:\documents and settings\Goran\Application Data\Skype
2009-03-07 03:44 --------- d-----w c:\program files\Nokia
2009-03-07 03:43 --------- d-----w c:\program files\Common Files\Nokia
2009-03-07 03:41 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-07 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-04 00:39 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-04 00:39 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-04 00:39 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-28 03:40 --------- d-----w c:\documents and settings\Goran\Application Data\Ahead
2009-02-28 01:59 29 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-02-28 01:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 22:26 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-09 4136960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Goran\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-12-13 1642496]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe [2009-02-28 929889]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sfnbzezv.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 sfnbzezv;sfnbzezv;c:\windows\system32\drivers\sfnbzezv.sys [2009-03-01 34016]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2008-12-12 233816]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 PAC7302;iLook 300;c:\windows\system32\drivers\PAC7302.SYS [2008-12-13 458112]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2008-12-13 31616]
S3 core64;Device Core;\??\c:\windows\system32\drivers\core64.sys --> c:\windows\system32\drivers\core64.sys [?]
S3 core86;Device Core x86;\??\c:\windows\system32\drivers\core86.sys --> c:\windows\system32\drivers\core86.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-03-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = \blank.htm
IE: &Search
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-08 18:25:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-602162358-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**)**%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(848-)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\asuskbservice.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-08 18:27:10 - machine was rebooted [Goran]
ComboFix-quarantined-files.txt 2009-03-08 17:27:07
Pre-Run: 24,784,490,496 bytes free
Post-Run: 24,736,243,712 bytes free
165
Dopuna: 08 Mar 2009 18:35
evo,mislim da je to to...
|
|
|
|
|
|
Poslao: 09 Mar 2009 17:27
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Iskljuci Antivirus.
Otvoriti Notepad i iskopirati sledeci tekst:
File::
c:\windows\system32\va.exe
c:\documents and settings\LocalService\jorl.exe
C:\autoexec.exe
c:\windows\system32\drivers\sfnbzezv.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\drivers\core64.sys
c:\windows\system32\drivers\core86.sys
Driver::
core64
core86
sfnbzezv
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sfnbzezv.sys]
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
|
|
|
|
Poslao: 10 Mar 2009 13:10
|
offline
- BoxterBG
- Novi MyCity građanin
- Pridružio: 26 Nov 2008
- Poruke: 24
|
ComboFix 09-03-06.02 - Goran 2009-03-10 12:51:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.59 [GMT 1:00]
Running from: c:\documents and settings\Goran\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Goran\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.
2009-03-08 23:43 . 2009-03-09 01:47 <DIR> d-------- c:\program files\DivX
2009-03-08 15:19 . 2009-03-08 15:35 <DIR> d-------- c:\program files\NoAdware
2009-03-08 14:37 . 2009-03-08 14:37 707,584 --a------ c:\windows\system32\va.exe
2009-03-08 04:18 . 2009-03-08 04:20 <DIR> d-------- c:\documents and settings\Goran\Application Data\vlc
2009-03-07 05:07 . 2009-03-07 05:07 <DIR> d-------- c:\program files\Yahoo!
2009-03-07 05:07 . 2009-03-07 05:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-07 04:58 . 2009-03-07 05:09 <DIR> d-------- c:\documents and settings\Goran\Application Data\mIRC
2009-03-07 04:45 . 2009-03-07 04:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2009-03-07 04:42 . 2009-03-07 04:42 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> dr------- c:\program files\Skype
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-06 11:35 . 2009-03-06 11:35 12,800 --ah----- c:\documents and settings\LocalService\jorl.exe
2009-03-06 11:34 . 2009-03-06 11:35 114,176 --------- C:\autoexec.exe
2009-03-04 12:11 . 2009-03-07 02:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\Goran\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-04 12:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-01 02:39 . 2009-03-01 02:39 34,016 --a------ c:\windows\system32\drivers\sfnbzezv.sys
2009-02-28 12:15 . 2009-03-06 11:35 67,584 ---h----- c:\windows\system32\secupdat.dat
2009-02-28 02:59 . 2009-02-28 02:59 <DIR> d-------- c:\program files\Eagle USB ADSL Modem
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 11:53 802,848 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-10 11:53 8,400 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-10 11:53 2,800 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-10 11:53 196,640 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-08 17:05 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-08 15:58 5,618,277 ----a-w c:\program files\eav_nt64_enu.msi
2009-03-07 04:07 --------- d-----w c:\documents and settings\Goran\Application Data\Skype
2009-03-07 03:44 --------- d-----w c:\program files\Nokia
2009-03-07 03:43 --------- d-----w c:\program files\Common Files\Nokia
2009-03-07 03:41 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-07 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-04 00:39 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-04 00:39 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-04 00:39 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-28 03:40 --------- d-----w c:\documents and settings\Goran\Application Data\Ahead
2009-02-28 01:59 29 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-02-28 01:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 22:26 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-03-08_18.26.30.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-28 22:35:56 684,032 ----a-w c:\windows\system32\divx.dll
+ 2008-11-06 16:33:52 684,032 ----a-w c:\windows\system32\DivX.dll
+ 2008-11-06 16:33:54 823,296 ----a-w c:\windows\system32\divx_xx07.dll
+ 2008-11-06 16:33:54 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
+ 2008-11-06 16:33:54 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
+ 2008-11-06 16:33:54 802,816 ----a-w c:\windows\system32\divx_xx11.dll
+ 2008-11-06 16:37:36 524,288 ----a-w c:\windows\system32\DivXsm.exe
+ 2008-11-06 16:33:02 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
+ 2008-12-09 02:28:52 294,912 ----a-w c:\windows\system32\dpu11.dll
+ 2008-12-09 02:28:52 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
+ 2008-12-09 02:28:52 344,064 ----a-w c:\windows\system32\dpus11.dll
+ 2008-12-09 02:28:52 57,344 ----a-w c:\windows\system32\dpv11.dll
+ 2008-11-06 16:37:28 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2008-11-06 16:37:30 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2008-11-06 16:37:28 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
+ 2008-11-06 16:35:00 1,044,480 ----a-w c:\windows\system32\libdivx.dll
+ 2008-11-06 16:37:28 551,672 ------w c:\windows\system32\px.dll
+ 2008-11-06 16:37:28 129,784 ------w c:\windows\system32\pxafs.dll
+ 2008-11-06 16:37:28 66,296 ------w c:\windows\system32\pxcpya64.exe
+ 2008-11-06 16:37:28 120,056 ------w c:\windows\system32\pxcpyi64.exe
+ 2008-11-06 16:37:28 518,904 ------w c:\windows\system32\pxdrv.dll
+ 2008-11-06 16:37:30 72,440 ------w c:\windows\system32\pxhpinst.exe
+ 2008-11-06 16:37:28 64,760 ------w c:\windows\system32\pxinsa64.exe
+ 2008-11-06 16:37:28 118,520 ------w c:\windows\system32\pxinsi64.exe
+ 2008-11-06 16:37:30 187,128 ------w c:\windows\system32\pxmas.dll
+ 2008-11-06 16:37:28 1,628,920 ------w c:\windows\system32\pxsfs.dll
+ 2008-11-06 16:37:28 379,640 ------w c:\windows\system32\pxwave.dll
- 2008-09-19 21:57:34 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
+ 2008-11-06 16:37:32 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
+ 2008-11-06 16:35:00 200,704 ----a-w c:\windows\system32\ssldivx.dll
+ 2008-11-06 16:37:28 88,824 ------w c:\windows\system32\vxblock.dll
- 2006-12-01 23:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-01 23:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-01 23:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-09 4136960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Goran\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-12-13 1642496]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe [2009-02-28 929889]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sfnbzezv.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 sfnbzezv;sfnbzezv;c:\windows\system32\drivers\sfnbzezv.sys [2009-03-01 34016]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2008-12-12 233816]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 PAC7302;iLook 300;c:\windows\system32\drivers\PAC7302.SYS [2008-12-13 458112]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2008-12-13 31616]
S3 core64;Device Core;\??\c:\windows\system32\drivers\core64.sys --> c:\windows\system32\drivers\core64.sys [?]
S3 core86;Device Core x86;\??\c:\windows\system32\drivers\core86.sys --> c:\windows\system32\drivers\core86.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-03-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = \blank.htm
IE: &Search
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-10 12:54:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-602162358-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**)**%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(848-)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\asuskbservice.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-10 12:56:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-10 11:56:50
ComboFix2.txt 2009-03-08 17:27:12
Pre-Run: 24,607,150,080 bytes free
Post-Run: 24,612,532,224 bytes free
203
|
|
|
|
Poslao: 10 Mar 2009 15:26
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Nesto nije u redu, posto nista nije obrisano.
Jesi siguran da si dobro sacuvao skriptu?
|
|
|
|
Poslao: 11 Mar 2009 02:04
|
offline
- BoxterBG
- Novi MyCity građanin
- Pridružio: 26 Nov 2008
- Poruke: 24
|
evo ponovio sam opet isto....
valjda je sad ok.
ComboFix 09-03-06.02 - Goran 2009-03-11 1:50:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.73 [GMT 1:00]
Running from: c:\documents and settings\Goran\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Goran\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
C:\autoexec.exe
c:\documents and settings\LocalService\jorl.exe
c:\windows\system32\drivers\core64.sys
c:\windows\system32\drivers\core86.sys
c:\windows\system32\drivers\sfnbzezv.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\va.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autoexec.exe
c:\documents and settings\LocalService\jorl.exe
c:\windows\system32\drivers\sfnbzezv.sys
c:\windows\system32\drivers\sysdrv32.sys
c:\windows\system32\secupdat.dat
c:\windows\system32\va.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SFNBZEZV
-------\Service_core64
-------\Service_core86
-------\Service_sfnbzezv
((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.
2009-03-10 21:14 . 2009-03-10 21:14 701,440 --a------ c:\windows\system32\bz.exe
2009-03-10 15:35 . 2009-03-10 15:35 701,440 --a------ c:\windows\system32\ui.exe
2009-03-10 15:33 . 2009-03-10 15:33 701,440 --a------ c:\windows\system32\jd.exe
2009-03-10 13:59 . 2009-03-10 13:59 13,312 --ah----- c:\documents and settings\LocalService\uirhee.exe
2009-03-10 13:58 . 2009-03-10 13:58 701,440 --a------ c:\windows\system32\nv.exe
2009-03-10 13:58 . 2009-03-10 13:58 701,440 -r-hs---- c:\windows\system\wmibusn.exe
2009-03-08 23:43 . 2009-03-09 01:47 <DIR> d-------- c:\program files\DivX
2009-03-08 15:19 . 2009-03-08 15:35 <DIR> d-------- c:\program files\NoAdware
2009-03-08 04:18 . 2009-03-08 04:20 <DIR> d-------- c:\documents and settings\Goran\Application Data\vlc
2009-03-07 05:07 . 2009-03-07 05:07 <DIR> d-------- c:\program files\Yahoo!
2009-03-07 05:07 . 2009-03-07 05:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-07 04:58 . 2009-03-07 05:09 <DIR> d-------- c:\documents and settings\Goran\Application Data\mIRC
2009-03-07 04:45 . 2009-03-07 04:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2009-03-07 04:42 . 2009-03-07 04:42 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> dr------- c:\program files\Skype
2009-03-07 04:06 . 2009-03-07 04:06 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-04 12:11 . 2009-03-07 02:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\Goran\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-03-04 12:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-04 12:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-04 12:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-28 02:59 . 2009-02-28 02:59 <DIR> d-------- c:\program files\Eagle USB ADSL Modem
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\ipsink.ax
2009-02-28 02:47 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 11,136 --a--c--- c:\windows\system32\dllcache\slip.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-02-28 02:47 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-02-28 02:47 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 00:52 802,848 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-11 00:52 8,400 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-11 00:52 2,800 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-11 00:52 196,640 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-08 17:05 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-08 15:58 5,618,277 ----a-w c:\program files\eav_nt64_enu.msi
2009-03-07 04:07 --------- d-----w c:\documents and settings\Goran\Application Data\Skype
2009-03-07 03:44 --------- d-----w c:\program files\Nokia
2009-03-07 03:43 --------- d-----w c:\program files\Common Files\Nokia
2009-03-07 03:41 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-07 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-04 00:39 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-04 00:39 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-04 00:39 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-28 03:40 --------- d-----w c:\documents and settings\Goran\Application Data\Ahead
2009-02-28 01:59 29 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-02-28 01:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 22:26 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-09 4136960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Goran\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-12-13 1642496]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe [2009-02-28 929889]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system\\wmibusn.exe"=
"c:\\WINDOWS\\System32\\nv.exe"=
"c:\\WINDOWS\\System32\\jd.exe"=
"c:\\WINDOWS\\System32\\ui.exe"=
"c:\\WINDOWS\\System32\\bz.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [2008-12-12 233816]
R2 WMIBUSn;WMI-Bus NOptic;c:\windows\system\wmibusn.exe [2009-03-10 701440]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 PAC7302;iLook 300;c:\windows\system32\drivers\PAC7302.SYS [2008-12-13 458112]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2008-12-13 31616]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-03-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = \blank.htm
IE: &Search
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-11 01:54:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
c:\windows\system\wmibusn.exe [600] 0x82361620
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-602162358-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**)**%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\asuskbservice.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-11 1:55:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-11 00:55:50
ComboFix2.txt 2009-03-10 11:56:57
ComboFix3.txt 2009-03-08 17:27:12
Pre-Run: 24,599,142,400 bytes free
Post-Run: 24,587,907,072 bytes free
188
|
|
|
|
Poslao: 11 Mar 2009 07:23
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Iskljuci Kaspersky:
Otvoriti Notepad i iskopirati sledeci tekst:
File::
c:\windows\system32\bz.exe
c:\windows\system32\ui.exe
c:\windows\system32\jd.exe
c:\documents and settings\LocalService\uirhee.exe
c:\windows\system32\nv.exe
c:\windows\system\wmibusn.exe
Driver::
WMIBUSn
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system\\wmibusn.exe"=-
"c:\\WINDOWS\\System32\\nv.exe"=-
"c:\\WINDOWS\\System32\\jd.exe"=-
"c:\\WINDOWS\\System32\\ui.exe"=-
"c:\\WINDOWS\\System32\\bz.exe"=-
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
|
|
|
|