zarzen laptop

4

zarzen laptop

offline
  • Pridružio: 07 Apr 2008
  • Poruke: 85
  • Gde živiš: Kos.Mitrovica

Napisano: 22 Sep 2010 10:43

Dobar dan i velki pozdrav !

Situacija i dalje ista sve blokira, nazalost.

Dopuna: 22 Sep 2010 12:09

Jos da dodam Avira se sada ukljuci i brise ove programe koje sam skinula za skeniranje, a kada pokusam da je pokrenem da skenira sve opet blokira.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ovako.. Ponovo idemo u Safe Mode... Samo ovoga puta izaberi ovu opciju sa slike :





Udji kao Admin.

Ukljuci prikaz skrivenih fajlova.. (dao sam ti vec uputstvo)

Idi na sledecu lokaciju :

Kucas u run :

%appdata%

Tu brises folder koji ima za naziv nasumican red brojeva tipa : 4946550101

Zatim u run kucas :

msconfig

Ides na start up karticu i destikliraj stavku koja isto ima za naziv nasumicne brojeve.

Kada to zavrsis skini ovaj program :

http://www.superantispyware.com/sasportable.php

Izaberi quick scan i obelezi C particiju.

Kada to zavrsis idi u Normalan Rezim rada i javi jel ima poboljsanja.

offline
  • Pridružio: 07 Apr 2008
  • Poruke: 85
  • Gde živiš: Kos.Mitrovica

Sve sam odradila i opet je isto. Ja vise stvarno ne znam, izlude me ovo. A virus sam zakacila kliknuvsi na sliku psa Samojed ako ti nesto znaci ova informacija.

I da dodam ukoliko se izgubim saa mreze laptop se ugasio i onda mi treba vreme da ga pokrenem.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Jel detektovao nesto Ovaj program... Onda ti tu imas jos neku infekciju... Ne znam dal da probamo sa system restore, mada moguce je da ga je malware iskljucio. Cekaj da se konsultujem sa kolegama.

offline
  • Pridružio: 07 Apr 2008
  • Poruke: 85
  • Gde živiš: Kos.Mitrovica

Detektovao je 164 inficiranih fajlova ali ja sad to ne umem da objasnm drugacije vec kao kad skeniram sa onim programom Ad Aware mislim da se tako zvase. To je nasao i nista vise.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

i ti si to uklonila... jel tako? i onaj folder si obrisala i onu stavku u msconfigu?

I posle svega toga stanje je isto?

Pokreni ponovo Superantipsyware izaberi :

Preferences, pa Statistics/Logs tab.
Pod stavkom Scanner Logs, uradi dvoklik SUPERAntiSpyware Scan Logs... Probaj da okacis ili makar uslikas.

offline
  • Pridružio: 07 Apr 2008
  • Poruke: 85
  • Gde živiš: Kos.Mitrovica

Jesam uklonila sam pa sam restartovala i pokusala pet da startujem Combofix, onda se sam laptop ugasio i sve iz pocetka. Sada sam problala da pkrenem Superantipsyware i nema sanse, uporno iskace ovaj prozor koji ne dozvoljava instalaciju i dok ovo kucam stoji veliki crveni prozor na kome pise da posttoji opasnot i da imam 39 inficiranih fajlova, odustala sam vise da ga uklanjam sa monitora !

Ja jedino sto mogu je da uslikam sa mobilinim telefonom ovaj prozor koji iskace !

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Napisano: 22 Sep 2010 15:18

ne, ne moras... Opet ces morati malo da sacekas.

Dopuna: 22 Sep 2010 17:59

Uci ponovo u Safe Mode, i pusti Combofix. Tu nema sanse da ti malware blokira pokretanje, kao sto si i sama imala prilike da vidis.

offline
  • Pridružio: 07 Apr 2008
  • Poruke: 85
  • Gde živiš: Kos.Mitrovica

Napisano: 22 Sep 2010 20:07

Evo uradila sam i super, nema vise onih prozora. Jer bile su dve male ikonice na dnu monitora koje su se sada izgubile.

Ne znam da li da probam skeniranje sada ovako kada normalno radi da vidim da li ce da se pokrene Combofix ?





ComboFix 10-09-20.06 - s 09/22/2010 19:45:44.3.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.637 [GMT 2:00]
Running from: c:\documents and settings\s\Desktop\iexplore.exe.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\s\Local Settings\Application Data\37283673.exe
c:\documents and settings\s\Start Menu\Programs\Security Tool.lnk
c:\windows\VM305Cap.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-22 14:34 . 2010-09-22 14:34 -------- d-----w- C:\rsit
2010-09-22 11:15 . 2010-09-22 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-21 11:30 . 2010-09-21 11:30 -------- d-s---w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-09-21 11:30 . 2010-09-21 11:31 -------- d-----w- c:\documents and settings\Administrator
2010-09-10 17:52 . 2010-09-10 17:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-09-04 20:16 . 2010-09-04 20:16 64960 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-04 20:16 . 2010-09-04 20:16 -------- d-----w- c:\documents and settings\s\Local Settings\Application Data\Apple Computer
2010-09-04 20:16 . 2010-09-04 20:16 -------- d-----w- c:\documents and settings\s\Application Data\Apple Computer
2010-09-04 20:15 . 2010-09-04 20:15 -------- d-----w- c:\program files\Safari
2010-09-04 20:15 . 2010-09-04 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-04 20:15 . 2010-09-04 20:15 -------- d-----w- c:\program files\Bonjour
2010-09-04 20:14 . 2010-09-04 20:14 -------- d-----w- c:\program files\Common Files\Apple
2010-09-04 20:14 . 2010-09-04 20:14 -------- d-----w- c:\documents and settings\s\Local Settings\Application Data\Apple
2010-09-04 20:12 . 2010-09-04 20:12 -------- d-----w- c:\program files\Apple Software Update
2010-09-04 20:12 . 2010-09-04 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-04 20:04 . 2010-09-04 20:04 -------- d-----w- c:\documents and settings\s\Local Settings\Application Data\Netscape
2010-09-04 20:04 . 2010-09-04 20:04 -------- d-----w- c:\documents and settings\s\Application Data\Netscape
2010-09-04 20:03 . 2010-09-04 20:03 -------- d-----w- c:\program files\Netscape
2010-08-25 18:44 . 2010-09-06 20:08 678720 ----a-w- c:\documents and settings\s\Application Data\Maxthon3\Temp\MxUp\7z.dll
2010-08-25 18:44 . 2010-08-25 18:44 -------- d-----w- c:\documents and settings\s\Application Data\Maxthon3
2010-08-25 18:44 . 2010-08-25 18:44 -------- d-----w- c:\program files\Maxthon3
2010-08-25 14:19 . 2010-08-25 14:28 -------- d-----w- c:\program files\IncrediMail
2010-08-23 18:04 . 2010-08-23 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 17:36 . 2009-08-04 19:23 -------- d-----w- c:\documents and settings\s\Application Data\Skype
2010-09-22 11:15 . 2010-09-22 11:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-09-22 11:03 . 2009-08-18 18:07 -------- d-----w- c:\program files\Flock
2010-09-22 11:03 . 2010-09-22 11:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Flock
2010-09-20 20:13 . 2008-10-18 20:51 -------- d-----w- c:\program files\Google
2010-09-20 14:08 . 2009-08-04 19:28 -------- d-----w- c:\documents and settings\s\Application Data\skypePM
2010-08-26 20:28 . 2009-08-03 19:16 -------- d-----w- c:\program files\Eudora
2010-08-21 18:22 . 2008-10-18 18:45 70056 ----a-w- c:\documents and settings\s\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-21 18:22 . 2010-08-21 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoMail
2010-08-21 18:22 . 2010-08-21 18:22 -------- d-----w- c:\program files\PhotoMail Maker
2010-07-28 09:38 . 2009-04-04 21:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-23 04:13 . 2010-07-23 04:13 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-19 17:00 . 2010-07-21 14:43 52224 ----a-w- c:\documents and settings\s\Application Data\Flock\Browser\Profiles\17bpeu40.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-07-19 17:00 . 2010-07-21 14:43 101376 ----a-w- c:\documents and settings\s\Application Data\Flock\Browser\Profiles\17bpeu40.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-06-29 22:13 . 2010-08-14 22:09 52224 ----a-w- c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-06-29 22:13 . 2010-08-14 22:09 101376 ----a-w- c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-06-26 11:07 . 2010-06-28 13:08 65536 ----a-w- c:\documents and settings\s\Application Data\Flock\Browser\Profiles\17bpeu40.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
2009-02-09 09:59 . 2009-02-09 09:59 8 --sh--r- c:\windows\system32\BA44BEDEE4.sys
2009-02-09 10:08 . 2009-02-09 09:54 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2009-07-30 17377584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 88203]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\s\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2009-8-12 261632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\AirLive\Bluetooth Software\BTTray.exe [2005-12-2 618557]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-10-18 589824]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2010-2-13 61440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/18/2008 9:26 PM 32320]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [12/6/2007 10:03 PM 660768]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/20/2010 7:26 PM 135336]
S2 gupdate1ca1539b6131de;Google Update Service (gupdate1ca1539b6131de);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2009 9:23 PM 133104]
S3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [10/18/2008 8:40 PM 70144]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [7/27/2009 7:13 PM 480128]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [7/27/2009 7:13 PM 1472000]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-09-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]

2010-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 19:23]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 19:23]

2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{4E4918B5-5D17-43B7-91BA-ADDE683173F0}.job
- c:\windows\system32\msfeedssync.exe [2008-07-12 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.rs/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=
FF - component: c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPUlmm.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-37283673 - c:\documents and settings\s\Local Settings\Application Data\37283673.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-09-22 19:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
.
Completion time: 2010-09-22 19:59:36
ComboFix-quarantined-files.txt 2010-09-22 17:59

Pre-Run: 25,331,568,640 bytes free
Post-Run: 25,594,683,392 bytes free

- - End Of File - - 92478DFF41DA6195B917428448A6399E

Dopuna: 22 Sep 2010 20:31

Evo sada sam uradila skeniranje normalno pa evo i tog loga :



ComboFix 10-09-22.01 - s 09/22/2010 20:22:23.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.291 [GMT 2:00]
Running from: c:\documents and settings\s\Desktop\iexplore.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-22 14:34 . 2010-09-22 14:34 -------- d-----w- C:\rsit
2010-09-22 11:15 . 2010-09-22 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-21 11:30 . 2010-09-21 11:30 -------- d-s---w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-09-21 11:30 . 2010-09-21 11:31 -------- d-----w- c:\documents and settings\Administrator
2010-09-10 17:52 . 2010-09-10 17:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-09-04 20:16 . 2010-09-04 20:16 64960 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-04 20:16 . 2010-09-04 20:16 -------- d-----w- c:\documents and settings\s\Local Settings\Application Data\Apple Computer
2010-09-04 20:16 . 2010-09-04 20:16 -------- d-----w- c:\documents and settings\s\Application Data\Apple Computer
2010-09-04 20:15 . 2010-09-04 20:15 -------- d-----w- c:\program files\Safari
2010-09-04 20:15 . 2010-09-04 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-04 20:15 . 2010-09-04 20:15 -------- d-----w- c:\program files\Bonjour
2010-09-04 20:14 . 2010-09-04 20:14 -------- d-----w- c:\program files\Common Files\Apple
2010-09-04 20:14 . 2010-09-04 20:14 -------- d-----w- c:\documents and settings\s\Local Settings\Application Data\Apple
2010-09-04 20:12 . 2010-09-04 20:12 -------- d-----w- c:\program files\Apple Software Update
2010-09-04 20:12 . 2010-09-04 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-04 20:04 . 2010-09-04 20:04 -------- d-----w- c:\documents and settings\s\Local Settings\Application Data\Netscape
2010-09-04 20:04 . 2010-09-04 20:04 -------- d-----w- c:\documents and settings\s\Application Data\Netscape
2010-09-04 20:03 . 2010-09-04 20:03 -------- d-----w- c:\program files\Netscape
2010-08-25 18:44 . 2010-09-06 20:08 678720 ----a-w- c:\documents and settings\s\Application Data\Maxthon3\Temp\MxUp\7z.dll
2010-08-25 18:44 . 2010-08-25 18:44 -------- d-----w- c:\documents and settings\s\Application Data\Maxthon3
2010-08-25 18:44 . 2010-08-25 18:44 -------- d-----w- c:\program files\Maxthon3
2010-08-25 14:19 . 2010-08-25 14:28 -------- d-----w- c:\program files\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 18:03 . 2009-08-04 19:23 -------- d-----w- c:\documents and settings\s\Application Data\Skype
2010-09-22 11:15 . 2010-09-22 11:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-09-22 11:03 . 2009-08-18 18:07 -------- d-----w- c:\program files\Flock
2010-09-22 11:03 . 2010-09-22 11:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Flock
2010-09-20 20:13 . 2008-10-18 20:51 -------- d-----w- c:\program files\Google
2010-09-20 14:08 . 2009-08-04 19:28 -------- d-----w- c:\documents and settings\s\Application Data\skypePM
2010-08-26 20:28 . 2009-08-03 19:16 -------- d-----w- c:\program files\Eudora
2010-08-23 18:04 . 2010-08-23 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2010-08-21 18:22 . 2008-10-18 18:45 70056 ----a-w- c:\documents and settings\s\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-21 18:22 . 2010-08-21 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoMail
2010-08-21 18:22 . 2010-08-21 18:22 -------- d-----w- c:\program files\PhotoMail Maker
2010-07-28 09:38 . 2009-04-04 21:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-23 04:13 . 2010-07-23 04:13 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-19 17:00 . 2010-07-21 14:43 52224 ----a-w- c:\documents and settings\s\Application Data\Flock\Browser\Profiles\17bpeu40.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-07-19 17:00 . 2010-07-21 14:43 101376 ----a-w- c:\documents and settings\s\Application Data\Flock\Browser\Profiles\17bpeu40.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-06-29 22:13 . 2010-08-14 22:09 52224 ----a-w- c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-06-29 22:13 . 2010-08-14 22:09 101376 ----a-w- c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-06-26 11:07 . 2010-06-28 13:08 65536 ----a-w- c:\documents and settings\s\Application Data\Flock\Browser\Profiles\17bpeu40.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}\components\Engine.dll
2009-02-09 09:59 . 2009-02-09 09:59 8 --sh--r- c:\windows\system32\BA44BEDEE4.sys
2009-02-09 10:08 . 2009-02-09 09:54 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.
((((((((((((((((((((((((((((( SnapShot@2010-09-22_17.55.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-22 18:03 . 2010-09-22 18:03 16384 c:\windows\temp\Perflib_Perfdata_850.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2009-07-30 17377584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 88203]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\s\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2009-8-12 261632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\AirLive\Bluetooth Software\BTTray.exe [2005-12-2 618557]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-10-18 589824]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2010-2-13 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/18/2008 9:26 PM 32320]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [12/6/2007 10:03 PM 660768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/20/2010 7:26 PM 135336]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate1ca1539b6131de;Google Update Service (gupdate1ca1539b6131de);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2009 9:23 PM 133104]
S3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [10/18/2008 8:40 PM 70144]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [7/27/2009 7:13 PM 480128]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [7/27/2009 7:13 PM 1472000]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-09-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]

2010-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 19:23]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 19:23]

2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{4E4918B5-5D17-43B7-91BA-ADDE683173F0}.job
- c:\windows\system32\msfeedssync.exe [2008-07-12 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.rs/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=
FF - component: c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPUlmm.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-09-22 20:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1904)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2010-09-22 20:28:57
ComboFix-quarantined-files.txt 2010-09-22 18:28
ComboFix2.txt 2010-09-22 17:59

Pre-Run: 25,519,194,112 bytes free
Post-Run: 25,507,577,856 bytes free

- - End Of File - - 3FC054C84E5A83C7A932E057AED671FE

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kakvo je stanje sada? Very Happy

Sta je sa restartom racunara, jel se desava?

Ko je trenutno na forumu
 

Ukupno su 1337 korisnika na forumu :: 58 registrovanih, 7 sakrivenih i 1272 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Acivi, amaterSRB, aramis s, babaroga, bankulen, Bobrock1, bojankrstc, Botovac, Brana01, Bubimir, comi_pfc, danilopu, dankisha, darcaud, DENIRO, Dimitrise93, Djokkinen, Doca, dule10savic, GandorCC, Georgius, HogarStrashni, HrcAk47, hyla, Ivan001, kalens021, kjkszpj, krkalon, kybonacci, laurusri, Luka Blažević, milanovic, milutin134, Miroljub1979, Mixelotti, mrvica78, nenooo, opt1, Panonsky, panzerwaffe, pristinski korpus, proka89, raptorsi, robertino, ruma, sap, sickmouse, slonic_tonic, Smajser, Sumadija34, suton, taz1cl, uruk, vathra, VJ, Vladko, vukovi