Spor rad racunara

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

P.S.
Obavestenje se pojavljuje nakon sto sam snimila na Desktop onaj kod koji ste mi poslali i prevukla CFScript.txt preko ComboFix-a

Dopuna: 24 Jan 2009 17:30

ComboFix 09-01-21.04 - Administrator 2009-01-24 17:13:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.8 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\BaD88IxB.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SearchIn1Step
c:\documents and settings\All Users\Application Data\SearchIn1Step\searchin1168.exe
c:\documents and settings\All Users\Application Data\SearchIn1Step\searchin1172.exe
c:\program files\NoAdware5.0
c:\program files\NoAdware5.0\nutils.dll
c:\program files\SearchIn1Step
c:\program files\SearchIn1Step\home.js
c:\program files\SearchIn1Step\readme.html
c:\program files\SearchIn1Step\searchin1.dll
c:\program files\SearchIn1Step\searchin1.exe
c:\program files\SearchIn1Step\si1opt.exe
c:\program files\SearchIn1Step\uninstall.exe
c:\windows\system32\BaD88IxB.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEARCHIN1STEP_SERVICE
-------\Service_SearchIn1Step Service


((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2018-06-16 20:41 . 2004-08-03 21:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys
2018-06-16 20:41 . 2004-08-03 21:31 20,992 --a--c--- c:\windows\system32\dllcache\rtl8139.sys
2009-01-24 16:11 . 2009-01-24 16:12 <DIR> d-------- C:\32788R22FWJFW
2009-01-17 12:39 . 2009-01-17 12:39 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-17 12:39 . 2009-01-17 12:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-17 12:20 . 2009-01-17 12:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-16 03:02 . 2009-01-16 03:02 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-15 03:06 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-15 03:06 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-15 03:06 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-15 03:06 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-15 03:06 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-01-15 03:06 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-01-15 03:05 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-15 03:00 . 2009-01-16 03:07 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-15 03:00 . 2005-06-28 10:21 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-01-14 15:27 . 2009-01-14 15:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Avira
2008-12-28 01:27 . 2008-12-28 01:29 <DIR> d--h----- c:\program files\Zero G Registry
2008-12-28 01:27 . 2008-12-28 01:29 <DIR> d-------- c:\program files\GeoGebra
2008-12-28 01:26 . 2008-12-28 01:26 <DIR> d--h----- c:\documents and settings\Administrator\InstallAnywhere
2008-12-27 15:45 . 2008-12-27 15:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DivX
2008-12-27 15:16 . 2008-12-27 15:16 <DIR> d-------- c:\program files\UltraISO
2008-12-27 15:16 . 2008-12-27 15:16 <DIR> d-------- c:\program files\Common Files\EZB Systems
2008-12-27 15:07 . 2009-01-22 21:24 <DIR> d-------- c:\documents and settings\Administrator\Contacts
2008-12-25 18:31 . 2009-01-20 15:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent
2008-12-25 14:36 . 2008-12-25 14:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp
2008-12-25 14:35 . 2009-01-23 00:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM
2008-12-25 14:28 . 2009-01-23 09:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype
2008-12-25 07:19 . 2009-01-20 10:38 <DIR> d-------- c:\documents and settings\Administrator
2008-12-24 20:40 . 2008-12-24 20:40 <DIR> d-------- c:\program files\FileZilla Server
2008-12-24 20:26 . 2008-12-24 20:26 <DIR> d-------- c:\program files\FileZilla FTP Client
2008-12-24 20:26 . 2008-12-24 20:38 <DIR> d-------- c:\documents and settings\jeca\Application Data\FileZilla
2008-12-24 18:19 . 2008-12-24 19:29 <DIR> d-------- c:\documents and settings\jeca\dwhelper
2008-12-24 17:49 . 2008-12-24 17:49 <DIR> d-------- c:\windows\Sun
2008-12-24 17:48 . 2004-08-03 22:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-24 17:21 . 2008-12-24 17:23 <DIR> d-------- c:\documents and settings\jeca\Application Data\Winamp
2008-12-24 16:49 . 2009-01-12 02:22 69 --a------ c:\windows\NeroDigital.ini
2008-12-24 14:55 . 2008-12-24 14:55 <DIR> d-------- c:\documents and settings\jeca\Application Data\Locktime
2008-12-24 14:47 . 2008-12-24 14:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Locktime
2008-12-24 14:31 . 2008-12-24 14:31 <DIR> d-------- c:\documents and settings\jeca\Application Data\Nero
2008-12-24 14:28 . 2006-03-17 11:45 802,816 --a------ c:\windows\system32\imagXRA7.dll
2008-12-24 14:28 . 2006-03-17 14:49 368,640 --a------ c:\windows\system32\TwnLib4.dll
2008-12-24 14:28 . 2006-03-17 11:45 258,048 --a------ c:\windows\system32\imagXR7.dll
2008-12-24 14:27 . 2008-12-24 14:28 <DIR> d-------- c:\program files\Nero
2008-12-24 14:27 . 2008-12-24 14:28 <DIR> d-------- c:\program files\Common Files\Nero
2008-12-24 14:27 . 2008-12-24 14:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-24 14:27 . 2006-03-17 11:45 1,757,184 --a------ c:\windows\system32\imagX7.dll
2008-12-24 14:27 . 2006-03-17 11:45 497,296 --a------ c:\windows\system32\imagXpr7.dll
2008-12-24 14:22 . 2008-12-24 14:22 <DIR> d-------- c:\program files\MyTorrent Downloader
2008-12-24 14:22 . 2008-12-24 14:22 <DIR> d-------- c:\documents and settings\jeca\Application Data\.Torrent Searcher Client
2008-12-24 14:21 . 2008-12-24 20:18 <DIR> d-------- c:\program files\BitLord
2008-12-24 14:20 . 2008-12-24 15:25 <DIR> d-------- c:\program files\BitComet
2008-12-24 14:20 . 2009-01-20 14:47 <DIR> d-------- C:\Downloads
2008-12-24 14:19 . 2008-12-24 14:19 <DIR> d-------- c:\program files\Mozilla Thunderbird
2008-12-24 14:19 . 2008-12-24 14:19 <DIR> d-------- c:\documents and settings\jeca\Application Data\Thunderbird
2008-12-24 14:17 . 2008-12-24 14:18 <DIR> d-------- c:\program files\MapSphere
2008-12-24 14:16 . 2008-12-24 14:16 <DIR> d-------- c:\program files\Java
2008-12-24 14:16 . 2006-10-12 03:10 49,265 --a------ c:\windows\system32\jpicpl32.cpl
2008-12-24 14:15 . 2008-12-24 14:15 <DIR> d-------- c:\program files\Common Files\Java
2008-12-24 14:14 . 2008-12-24 14:14 <DIR> d-------- c:\program files\Google
2008-12-24 14:13 . 2009-01-20 14:50 <DIR> d-------- c:\program files\FlashGet
2008-12-24 13:55 . 2008-12-24 17:26 <DIR> d-------- c:\program files\A d r e s e

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 11:45 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-04 16:50 --------- d-----w c:\program files\Totalcmd 7.03
2008-12-29 20:14 --------- d-----w c:\program files\Common Files\Adobe
2008-12-28 00:32 --------- d-----w c:\program files\Crystal Player
2008-12-25 00:40 --------- d-----w c:\documents and settings\jeca\Application Data\Skype
2008-12-24 23:05 --------- d-----w c:\documents and settings\jeca\Application Data\skypePM
2008-12-24 16:22 --------- d-----w c:\program files\Winamp
2008-12-24 14:27 --------- d-----w c:\program files\Opera
2008-12-24 14:26 --------- d-----w c:\documents and settings\jeca\Application Data\SUPERAntiSpyware.com
2008-12-24 14:18 --------- d-----w c:\documents and settings\jeca\Application Data\uTorrent
2008-12-22 13:01 --------- d-----w c:\program files\uTorrent
2008-12-21 14:16 --------- d-----w c:\program files\Common Files\xing shared
2008-12-21 14:15 --------- d-----w c:\program files\Real
2008-12-21 14:15 --------- d-----w c:\program files\Common Files\Real
2008-12-13 20:26 --------- d-----w c:\program files\Skype
2008-12-13 20:26 --------- d-----w c:\program files\Common Files\Skype
2008-12-13 20:26 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-13 10:52 --------- d-----w c:\documents and settings\jeca\Application Data\Avira
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:35 --------- d-----w c:\program files\MSN Messenger
2008-06-08 12:17 24,192 ----a-w c:\documents and settings\jeca\usbsermptxp.sys
2008-06-08 12:17 22,768 ----a-w c:\documents and settings\jeca\usbsermpt.sys
2008-04-22 22:40 56 --sh--r c:\windows\system32\2DA480F34A.sys
2008-04-22 22:40 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-26 68856]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-25 2356088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\mihajlo\\igrice\\Re-volt\\revolt.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\pavle\\igrice\\ARMY MEN\\3DO\\Army Men RTS\\amrts.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15235:TCP"= 15235:TCP:BitComet 15235 TCP
"15235:UDP"= 15235:UDP:BitComet 15235 UDP

R4 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-04-22 164097]
R4 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2008-04-22 254209]
R4 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-04-22 41217]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uSearch Page = [Link mogu videti samo ulogovani korisnici]
uSearch Bar = [Link mogu videti samo ulogovani korisnici]
mDefault_Search_URL = [Link mogu videti samo ulogovani korisnici]
uSearchAssistant = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
mSearchAssistant = [Link mogu videti samo ulogovani korisnici]
IE: &Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
LSP: avsda.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq59da94.default\
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-01-24 17:21:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe
c:\program files\FileZilla Server\FileZilla server.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-24 17:24:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-24 16:24:43
ComboFix2.txt 2009-01-23 23:14:55

Pre-Run: 2,661,859,328 bytes free
Post-Run: 2,725,363,712 bytes free

218 --- E O F --- 2009-01-16 02:07:12

Dopuna: 24 Jan 2009 21:03

da li sam dobro uploadovala folder C:\qoobox\quarantine\Registry_backups?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Jesi, dobro si uradila.


Ovo sada izgleda ok i ovde više ne bi trebalo biti malware-a.


Treba da znaš da je program koji smo koristili u ovom postupku greškom obrisao neke unose u registru vezane za program UltraISO.

Pokušaćemo to srediti, no možda će biti potrebno da reinstaliraš program (ako primetiš da ne radi kako treba, onda ga reinstaliraj).

Skini na Desktop: [Link mogu videti samo ulogovani korisnici]

Dvoklikni na taj file i kada se pojavi upit, klikni Yes.



Preostaje još da uradiš sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore




I to je sve.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jel mogu za svaki slucaj da ga instaliram odmah ( UltraISO )?

Dopuna: 24 Jan 2009 21:49

Puno ste mi pomogli!HVALA

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Molim.

UltraISO možeš i odmah reinstalirati...