Tema: (riješeno) Nakon uklanjanja virusa (?) internet ne radi
View Single Post
Staro 06.10.2009., 00:23   #3
shmufla
Premium
 
Datum registracije: Sep 2008
Lokacija: Zagreb
Postovi: 51



--------------------------------------------------------------------------


ComboFix 09-10-04.01 - Tibor 06.10.2009 0:03.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1120 [GMT 2:00]
Running from: c:\documents and settings\Tibor\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tibor\Application Data\.#
c:\documents and settings\Tibor\Application Data\.#\MBX@198@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@198@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@208@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@208@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@208@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@294@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@294@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@294@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@2A0@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@2A0@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@36C@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@36C@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@398@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@398@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@424@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@424@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@59C@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@59C@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@6FC@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@6FC@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@730@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@730@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@7C0@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@7C0@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@7C0@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@910@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@910@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@968@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@968@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@A2C@11837A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@A2C@11837B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@A2C@11837C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@AE8@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@AE8@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@AE8@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@B30@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@B30@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@B74@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@B74@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@BD0@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@BD0@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@BD0@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@CDC@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@CDC@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@CDC@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@D2C@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@D2C@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@DB8@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@DB8@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@DB8@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@E58@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@E58@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@E94@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@E94@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@E94@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@EE8@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@EE8@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@EE8@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F08@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F08@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F20@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F20@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F20@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F50@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F50@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F50@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F60@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F60@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F64@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F64@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@FC8@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@FC8@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@FD4@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@FD4@10737A0.###
c:\documents and settings\Tibor\Application Data\AD ON Multimedia
c:\documents and settings\Tibor\Application Data\AD ON Multimedia\eBay Shortcuts\config.ini
c:\documents and settings\Tibor\Application Data\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
c:\recycler\S-1-5-21-1177238915-343818398-725345543-1003
c:\recycler\S-1-5-21-1935655697-1563985344-682003330-1003
D:\resycled
E:\resycled
F:\resycled
N:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 12:54 . 2004-08-01 22:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2004-08-01 22:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 21:41 . 2008-11-13 23:57 -------- d-----w- c:\documents and settings\Tibor\Application Data\Azureus
2009-08-27 21:28 . 2009-08-27 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-27 21:28 . 2009-08-27 21:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-27 21:28 . 2009-08-27 21:28 -------- d-----w- c:\documents and settings\Tibor\Application Data\SUPERAntiSpyware.com
2009-08-27 21:28 . 2008-11-06 21:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-24 19:25 . 2009-08-23 18:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-23 19:03 . 2009-08-23 19:03 -------- d-----w- c:\program files\ESET
2009-08-23 19:03 . 2009-08-23 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-23 18:48 . 2009-08-23 18:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Twins
2009-08-21 23:58 . 2009-04-20 19:45 -------- d-----w- c:\program files\Burn4Free
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-11-10 18:24 . 2008-11-10 18:24 0 --sha-w- c:\windows\system32\sys_drv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\Tibor\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-11-8 589824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [31.10.2008 18:46 85265]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [31.10.2008 18:46 9600]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.8.2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.8.2009 16:06 74480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.8.2009 16:06 7408]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [13.11.2008 22:53 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [10.4.2009 23:32 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [10.4.2009 23:32 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [30.7.2004 15:03 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [30.7.2004 15:03 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [10.4.2009 23:32 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [30.7.2004 15:03 98952]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tibor\Application Data\Mozilla\Firefox\Profiles\x3q2a29i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 00:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2416)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Ad-Aware\aawservice.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-05 0:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-05 22:14

Pre-Run: 38.388.600.832 bytes free
Post-Run: 38.645.841.920 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=AlwaysOff

218 --- E O F --- 2009-04-16 21:29

----------------------------------------------------------------------

(Ne znam da li sam to trebao radit u safe modu, ali nisam.)
-->
Internet sam riješio, ali nekako sumnjam da sam se kvalitetno riješio i tog virusa pa sam ipak pustio combofix da odradi. U nastavku je log pa bi te molio da malo pogledaš i kažeš šta bi još trebalo napravit.

Hvala



--------------------------------------------------------------------------


ComboFix 09-10-04.01 - Tibor 06.10.2009 0:03.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1120 [GMT 2:00]
Running from: c:\documents and settings\Tibor\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tibor\Application Data\.#
c:\documents and settings\Tibor\Application Data\.#\MBX@198@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@198@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@208@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@208@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@208@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@294@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@294@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@294@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@2A0@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@2A0@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@36C@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@36C@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@398@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@398@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@424@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@424@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@59C@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@59C@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@6FC@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@6FC@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@730@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@730@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@7C0@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@7C0@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@7C0@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@910@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@910@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@968@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@968@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@A2C@11837A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@A2C@11837B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@A2C@11837C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@AE8@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@AE8@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@AE8@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@B30@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@B30@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@B74@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@B74@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@BD0@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@BD0@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@BD0@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@CDC@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@CDC@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@CDC@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@D2C@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@D2C@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@DB8@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@DB8@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@DB8@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@E58@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@E58@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@E94@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@E94@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@E94@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@EE8@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@EE8@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@EE8@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F08@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F08@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F20@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F20@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F20@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F50@11937A8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F50@11937B8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F50@11937C8.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F60@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F60@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F64@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@F64@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@FC8@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@FC8@10737A0.###
c:\documents and settings\Tibor\Application Data\.#\MBX@FD4@1073790.###
c:\documents and settings\Tibor\Application Data\.#\MBX@FD4@10737A0.###
c:\documents and settings\Tibor\Application Data\AD ON Multimedia
c:\documents and settings\Tibor\Application Data\AD ON Multimedia\eBay Shortcuts\config.ini
c:\documents and settings\Tibor\Application Data\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
c:\recycler\S-1-5-21-1177238915-343818398-725345543-1003
c:\recycler\S-1-5-21-1935655697-1563985344-682003330-1003
D:\resycled
E:\resycled
F:\resycled
N:\resycled

.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 12:54 . 2004-08-01 22:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2004-08-01 22:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 21:41 . 2008-11-13 23:57 -------- d-----w- c:\documents and settings\Tibor\Application Data\Azureus
2009-08-27 21:28 . 2009-08-27 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-27 21:28 . 2009-08-27 21:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-27 21:28 . 2009-08-27 21:28 -------- d-----w- c:\documents and settings\Tibor\Application Data\SUPERAntiSpyware.com
2009-08-27 21:28 . 2008-11-06 21:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-24 19:25 . 2009-08-23 18:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-23 19:03 . 2009-08-23 19:03 -------- d-----w- c:\program files\ESET
2009-08-23 19:03 . 2009-08-23 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-23 18:48 . 2009-08-23 18:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Twins
2009-08-21 23:58 . 2009-04-20 19:45 -------- d-----w- c:\program files\Burn4Free
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-11-10 18:24 . 2008-11-10 18:24 0 --sha-w- c:\windows\system32\sys_drv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\Tibor\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-23 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-11-8 589824]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [31.10.2008 18:46 85265]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [31.10.2008 18:46 9600]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.8.2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.8.2009 16:06 74480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.8.2009 16:06 7408]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [13.11.2008 22:53 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [10.4.2009 23:32 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [10.4.2009 23:32 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [30.7.2004 15:03 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [30.7.2004 15:03 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [10.4.2009 23:32 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [30.7.2004 15:03 98952]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tibor\Application Data\Mozilla\Firefox\Profiles\x3q2a29i.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 00:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2416)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Ad-Aware\aawservice.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-05 0:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-05 22:14

Pre-Run: 38.388.600.832 bytes free
Post-Run: 38.645.841.920 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=AlwaysOff

218 --- E O F --- 2009-04-16 21:29

----------------------------------------------------------------------

(Ne znam da li sam to trebao radit u safe modu, ali nisam.)
Zadnje izmijenjeno od: domy_os. 10.10.2009. u 16:30.
shmufla je offline   Reply With Quote