Tema za korisnike koji imaju zaražen računar

  • Začetnik teme Začetnik teme clan
  • Datum pokretanja Datum pokretanja
niceboy:
Secam se.:D A zar nisi rekla da ces formatirati?:)
Kliknite za proširenje...



Nisam to ja rekla, to je bio prijedlog od Muvedete. :) Mada, kako stvari stoje - ne znam preostaje li mi više bilo šta drugo... iako me od tog još uvijek odbija činjenica da sam potrošila toliko vremena u pokušaju da to saniram... A sad mi slijedi i prebacivanje fajlova... :(



niceboy:
Ne znam sta bi mogla...Jedino da probas combofix, mozda bi mogao da pomogne, ali sa njim bas i ne radim..
Kliknite za proširenje...


Probat ću.



niceboy:
Kad bi se kolega toske1 javio..
Kliknite za proširenje...

Hajde, toske1, da čujem još šta ti imaš da kažeš, pa da bacim bombu...
 
toske1:
Nisam u toku, kakav problem je u pitanju? Da ne trazim sad unazad, ako moze ukratko, o cemu se radi.
Kliknite za proširenje...



Evo kopije dijela prvog posta:


raskoljnikov:
...

Prvo je kompjuter počeo da mi se restartira bezveze, u toku rada.

Onda sam uključila antivirusni program i on bi mi pokazao prisutnost Exploit.PDF-JS.Gen, ali ne bi završio proces nego bi se kompjuter nakon nekog vremena ponovo restartirao. Taj antivirusni program se zove CounterSpy i iako sam ga ja stavila kao anti-spyware program drugi antivirusni programi (koje sam stavila kasnije) su ga kasnije prepoznali kao Vipre antivirus. Jednom ili dvaput (od desetak puta koliko sam pokretala taj antivirusni program) skeniranje je završeno do kraja i nije pokazivalo ništa, ali bi se već pri slijedećem skeniranju (što sam uvijek činila da bih provjerila da je konačno sve u redu) ponovo restartirao.

Inače uz CounterSpy sam imala instaliran i Norton, ali s Nortonom bi se nakon nekog vremena od uključivanja kompjuter restartirao i to je sve.

Onda sam promijenila 2 druga antivirusna programa (Avira i ESET Smart Security). Ni jedan ne može završiti skeniranje bez resetiranja kompjutera.

Onda sam došla na Krstaricu i pročitala onu temu dr Bore: Uputstvo za traženje pomoći oko problema vezanih za Malware (viruse, crve, adware...), učinila ono što kaže u toj temi, ali još uvijek bez rezultata...


...
Kliknite za proširenje...



Onda je Niceboy tražio da skinem Hijackthis i okačim log u Notepadu, pa je ispalo ovo:


raskoljnikov:
Evo:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:26, on 19.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Advanced System Optimizer 3\systemprotector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SystemProtector] "C:\Program Files\Advanced System Optimizer 3\systemprotector.exe" /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{20CD3C71-A12C-4EBB-8B9F-76A2AB3C1FD3}: NameServer = 85.114.32.7,85.114.32.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{20CD3C71-A12C-4EBB-8B9F-76A2AB3C1FD3}: NameServer = 85.114.32.7,85.114.32.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{20CD3C71-A12C-4EBB-8B9F-76A2AB3C1FD3}: NameServer = 85.114.32.7,85.114.32.8
O17 - HKLM\System\CS3\Services\Tcpip\..\{20CD3C71-A12C-4EBB-8B9F-76A2AB3C1FD3}: NameServer = 85.114.32.7,85.114.32.8
O17 - HKLM\System\CS4\Services\Tcpip\..\{20CD3C71-A12C-4EBB-8B9F-76A2AB3C1FD3}: NameServer = 85.114.32.7,85.114.32.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASO3DiskOptimizer - Systweak Inc. - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 7085 bytes
Kliknite za proširenje...



Nakon toga, probala još ovo:

niceboy:
Log izgleda cist..jedino mozes ovo fixati R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
...
Kliknite za proširenje...


i Kasperskog i Dr.Web Curelt, što mi je predložio Niceboy. Sve bezuspješno, odnosno ti programi nikako ne mogu završiti skeniranje do kraja ni ovako ni u safe modu - prije kraja kompjuter se restartira.
 
toske1:
Ovaj HJT log mi deluje cisto, mozemo da napravimo jos jednu proveru sa programom DDS
Skini ga i pokreni http://download.bleepingcomputer.com/sUBs/dds.scr
Nista ne diraj dok odradi i na kraju klikni ok.
Zatim mi iskopiraj log pod nazivom DDS.txt (veliki log)

sve ukupno traje nepun minut.
Kliknite za proširenje...




Evo:



DDS (Ver_09-12-01.01) - NTFSx86
Run by Marija at 22:30:24,06 on sub 30.01.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.255.44 [GMT 1:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {FA0A62F9-B70F-46E3-A0BF-18D1B4BE1B4C}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Advanced System Optimizer 3\systemprotector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
E:\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Acronis True Image Monitor] "c:\program files\acronis\trueimage\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe"
mRun: [SystemProtector] "c:\program files\advanced system optimizer 3\systemprotector.exe" /autorun
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 6.0\scieplugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {20CD3C71-A12C-4EBB-8B9F-76A2AB3C1FD3} = 85.114.32.7,85.114.32.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marija\applic~1\mozilla\firefox\profiles\ithbahwx.default\
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2009-4-23 36752]
R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [2009-4-23 39440]
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-3-3 110360]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-13 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-18 11608]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-1-27 175888]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-18 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-18 185089]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [2009-12-16 239336]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-18 56816]
R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe [2007-3-9 200768]
R3 ADASPROT;SYSTWEAKASO;c:\program files\advanced system optimizer 3\adasprot32.sys [2009-12-16 6656]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-01-09 10:04:03 0 d-----w- c:\documents and settings\marija\DoctorWeb

==================== Find3M ====================

2010-01-30 00:45:24 5745184 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-01-30 00:45:24 29060 ----a-w- c:\windows\system32\drivers\fidbox.idx
2010-01-30 00:45:24 2372 ----a-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-30 00:45:24 16928 ----a-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-22 20:05:24 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-19 18:58:00 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-19 18:57:59 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-03 15:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2001-11-23 04:08:20 712704 ----a-r- c:\windows\inf\other\AUDIO3D.DLL

============= FINISH: 22:31:30,14 ===============








Što se tiče ovog ComboFix-a ne znam šta da radim s tim jer dobih ovu poruku: IMPORTANT : ComboFix is extremely powerful , You should not run ComboFix.exe unless you are asked to by a trained helper .

Šta ovdje znači da je moćan?
 
ComboFix 10-01-30.05 - Marija 31.01.2010 20:47:47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.255.85 [GMT 1:00]
Running from: c:\documents and settings\Marija\Desktop\ComboFix.exe
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {FA0A62F9-B70F-46E3-A0BF-18D1B4BE1B4C}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-29 16:44 . 2010-01-29 16:44 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2010-01-29 16:39 . 2010-01-29 16:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\RCP 5
2010-01-09 10:04 . 2010-01-09 10:04 -------- d-----w- c:\documents and settings\Marija\DoctorWeb
2010-01-09 04:10 . 2010-01-09 04:10 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-09 04:09 . 2010-01-09 04:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 16:26 . 2008-01-17 14:30 -------- d-----w- c:\documents and settings\Marija\Application Data\skypePM
2010-01-31 15:53 . 2008-01-10 20:19 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-01-31 14:05 . 2009-12-19 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-11 14:48 . 2008-01-17 14:22 -------- d-----w- c:\documents and settings\Marija\Application Data\Skype
2009-12-22 22:11 . 2009-04-23 17:11 117760 ----a-w- c:\documents and settings\Marija\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-22 20:05 . 2009-12-18 16:06 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-21 20:13 . 2009-12-21 20:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-21 01:02 . 2009-12-21 01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 18:04 . 2009-12-19 18:04 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-19 17:09 . 2009-12-19 17:09 -------- d-----w- c:\program files\Trend Micro
2009-12-19 02:17 . 2009-12-19 02:17 -------- d-----w- c:\program files\ESET
2009-12-19 00:24 . 2009-04-24 13:59 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-12-19 00:24 . 2008-03-27 18:13 -------- d-----w- c:\documents and settings\Marija\Application Data\LimeWire
2009-12-18 22:04 . 2009-12-18 22:04 -------- d-----w- c:\program files\CCleaner
2009-12-18 21:34 . 2009-12-18 21:34 -------- d-----w- c:\program files\Sygate
2009-12-18 21:34 . 2009-12-13 23:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-18 05:16 . 2009-12-18 05:16 -------- d-----w- c:\documents and settings\Marija\Application Data\ESET
2009-12-18 05:14 . 2009-12-18 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-12-18 03:00 . 2009-12-18 03:00 0 ----a-w- c:\windows\system32\SBRC.dat
2009-12-18 00:12 . 2009-04-23 17:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-17 21:49 . 2009-12-16 19:35 -------- d-----w- c:\program files\Advanced System Optimizer 3
2009-12-16 21:05 . 2009-12-16 21:04 10331424 ----a-w- c:\documents and settings\Marija\Application Data\Systweak\ASO3\ASO_Setup_12_16_2009.exe
2009-12-16 20:36 . 2009-02-12 22:14 -------- d-----w- c:\documents and settings\Marija\Application Data\uTorrent
2009-12-16 20:17 . 2009-12-16 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2009-12-16 19:36 . 2009-12-16 19:36 -------- d-----w- c:\documents and settings\Marija\Application Data\Systweak
2009-12-16 19:36 . 2009-12-16 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MyDefrag
2009-12-16 19:23 . 2009-01-13 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-16 16:28 . 2009-12-16 16:28 -------- d-----w- c:\program files\Enigma Software Group
2009-12-08 12:58 . 2009-12-08 12:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-08 12:30 . 2009-11-23 20:17 79488 ----a-w- c:\documents and settings\Marija\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-03 15:14 . 2009-12-21 01:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-12-21 01:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Acronis True Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2008-01-10 417838]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-01-10 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-11 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 198160]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SystemProtector"="c:\program files\Advanced System Optimizer 3\systemprotector.exe" [2009-11-07 10028264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [23.4.2009 16:55 36752]
R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [23.4.2009 16:55 39440]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13.2.2009 7:25 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 8:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 8:43 74480]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [16.12.2009 20:36 239336]
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [16.12.2009 20:36 6656]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.4.2009 18:16 717296]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 8:43 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-01-12 c:\windows\Tasks\ASOService.job
- c:\program files\Advanced System Optimizer 3\ASO3.exe [2009-12-16 14:57]
.
 
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {20CD3C71-A12C-4EBB-8B9F-76A2AB3C1FD3} = 85.114.32.7,85.114.32.8
FF - ProfilePath - c:\documents and settings\Marija\Application Data\Mozilla\Firefox\Profiles\ithbahwx.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 20:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-2147178713-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9E81FC8-058C-BD54-A30B-6B2E0BEBD3BA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eakmngbjig"=hex:66,61,65,6d,6d,69,69,66,6f,6f,6f,6b,00,31
"dahnkhem"=hex:64,62,6d,67,6f,6c,64,65,62,68,70,6a,62,62,6a,67,6b,6f,67,6a,70,
67,6b,6e,65,70,63,6c,68,6e,6b,6a,69,62,64,66,67,70,6a,6d,00,00
"iachckjbghegnaolmo"=hex:6a,61,6a,61,61,6e,67,6c,6e,62,6c,64,66,64,65,70,68,61,
70,62,00,00
"hamgmffgfhcedpnl"=hex:6a,61,6a,61,61,6e,67,6c,6e,62,6c,64,66,64,65,70,68,61,
70,62,00,f0
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2416)
c:\windows\system32\SSSensor.dll
.
Completion time: 2010-01-31 20:58:43
ComboFix-quarantined-files.txt 2010-01-31 19:58

Pre-Run: 13.585.895.424 bytes free
Post-Run: 14.451.937.280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 6F74CDD42321B7B80E4911D7C16EA527
 
Ne smem da ti petljam po sistemu, malware, nemas ali koliko si ti Antivirusa i antimalware programa koristila to je neverovatno. Imala si i Nod i Norton.
Evo ti za Aviru cleaner http://dl.antivir.de/down/windows/registrycleaner_en.zip
Za Kasoersky http://support.kaspersky.com/downloads/utils/kavremover10.zip
Koristila si AdAware imas ostatke
Counterspy (ako koristis obrisi)
mbam
SUPERAntiSpyware
Advanced System Optimizer (deinstaliraj)
ComodoCleaner (deinstaliraj)
Ne znam da li sam neki omasio. Sve to instalira svoje drajvere i system ti je toliko opterecen da nije ni cudo da lose radi.

Deinstaliraj Combofix

Srat \ run \ Combofix /uninstall enter i sacekaj da se deinstalira.

Najbolje da skines posle svega CCleaner i lepo ocistis registry. Skini RevoUninstaler pa sa njim deinstaliraj gore navedene programe.
----------------------------------------------------------------
Mislim da ti se sada ne restartuje kom, da li sam u pravu?
 
toske1:
Ne smem da ti petljam po sistemu, malware, nemas ali koliko si ti Antivirusa i antimalware programa koristila to je neverovatno.
Kliknite za proširenje...


:D Šta je tu nevjerovatno? :) Da, uporna sam kad zapnem nekud...:) A ovaj put sam se htjela riješiti virusa... :)




toske1:
Imala si i Nod i Norton.
Evo ti za Aviru cleaner http://dl.antivir.de/down/windows/registrycleaner_en.zip
Za Kasoersky http://support.kaspersky.com/downloads/utils/kavremover10.zip
Koristila si AdAware imas ostatke
Counterspy (ako koristis obrisi)
mbam
SUPERAntiSpyware
Advanced System Optimizer (deinstaliraj)
ComodoCleaner (deinstaliraj)
Ne znam da li sam neki omasio. Sve to instalira svoje drajvere i system ti je toliko opterecen da nije ni cudo da lose radi. ?
Kliknite za proširenje...


Moj osnovni problem je što se restartira bezveze.




toske1:
Deinstaliraj Combofix

Srat \ run \ Combofix /uninstall enter i sacekaj da se deinstalira.

Najbolje da skines posle svega CCleaner i lepo ocistis registry. Skini RevoUninstaler pa sa njim deinstaliraj gore navedene programe.
----------------------------------------------------------------
Mislim da ti se sada ne restartuje kom, da li sam u pravu?
Kliknite za proširenje...


Ne. Još uvijek se restartira bezveze. To nije prečesto, može biti npr. 1x u sat vremena, ponekad češće, ponekad rjeđe, ali je svakako krajnje iritantno.



P.S. Napravit ću sve što si mi napisao.
 
Prijavite se ili registrujte da biste poslali poruku.

Slične teme

PRISTOJANDECKO007
Koji je program najbolji za video editing za ovakav laptop
Odgovora
3
Pregleda
294
RIA77
R
Т
Који Linux изабрати?
2
Odgovora
35
Pregleda
917
User Friendly
User Friendly
matijadivac
Termalni štampač sa Kraford.com — pitanje za one koji se razumeju
Odgovora
0
Pregleda
184
matijadivac
matijadivac

Back
Top