Ok, hvala ti puno..EsetNOd32 stvarno zadaje probleme....Ranije sam koristila Avast i potpuno je ok bio i stitio mi je pc, nisam imala problema, ali nisam do sada imala obicaj da kupujem antivirusne programe, jel racunam da su i ove besplatne verzije efikasne.....
Uradila sam ovako kako si mi napisao za ovaj prvi deo, izgleda da sam Combo kada sam preuzimala prvi put memorisala na Download i onda mi automatski se pokretao odatle, sada sam ga prebacila na Desktop, ali opet ne stoji C:/Desktop ,
Ubacila sam onaj tekst, iskorpirala u Notepad-u, memorisala kao CFScript.txt u desktop-u, i potom otvorila desktop i misem prevuka CFScript.txt preko Combofix , zatim mi se otvorio pop up prozor u gde sam kliknula RUN i pokrenuo se Combo,, al me sada nije mi otvorio ono da prihvatim uslove (I agree), otvorio se samo prozor u kome je izlistao neki tekst zeleni, pa malo veci prozor u kome je pisalo da sacekam i ne otvaram ni jedan program...potom se racunar restartovao i ponovo mi se otvorio isti prozor u kome je pisalo da sacekam dok se ne izbaci izvestaj..
Jel ok, ovo kako sam odradila? Nije mi jasno samo ovo zasto ne stoji da se Combo nalazi na c:/Desktop nego stoji c:/Documents and setings/Administrator/Desktop
Kada sam skidala tj. preuzimala Combo isla sam na link, pa se otvorio popup prozor gde treba da ga smestim i kliknula sam na Desktop , pa na save.
Jel ok ovaj izvestaj, jel se izbrisao ili da odradim ponovo...Meni sumnjivo, da sam dobro odradila, stoji mi opet ESET u start-u kada odtvorim all programs.....
Evo izvestaja za Combo
I danas sam odradila jos odjednom scan sa AntySpayWire i u prvom skeniranju je bilo 85 inficiranih fajlova od sa Adware, od toga dva Trojan Agent/Gen-Poison, pa sam ih odstranila u karantin, i ponovo iyvrslila kompletno sceniranje pa je onda bilo 7 inficiranih fajlova od toga 2 opet Trojan Agent/Gen-Poison ali na drugoj lokaciji. Pa sam i njih odstranila u karantin.
Ako treba izyvestaj ovaj posle skeniranja da prikacimm, sacuvala sam ga.
Malwarebytes, sam sinoc ukljucivala i njime skenirala sve je bilo cisto, i MC Shield kada se ukljuuci pc pokazuje da nema inficiranih fajlova, sa AntySpyWire pokazuje ove trojance i Adware. Pa mi ni to nije jasno...verovatno negde se kriju..
ComboFix 12-05-09.01 - Administrator 09.05.2012 20:47:16.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.512.317 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\system32\drivers\ehdrv.sys"
"c:\windows\system32\drivers\epfwtdir.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ESET
c:\program files\ESET\ESET NOD32 Antivirus\callmsi.exe
c:\program files\ESET\ESET NOD32 Antivirus\DMON.dll
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.cat
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\eamon\eamon.sys
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.cat
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.cat
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.inf
c:\program files\ESET\ESET NOD32 Antivirus\Drivers\epfwtdir\epfwtdir.sys
c:\program files\ESET\ESET NOD32 Antivirus\ecls.exe
c:\program files\ESET\ESET NOD32 Antivirus\ecmd.exe
c:\program files\ESET\ESET NOD32 Antivirus\eeclnt.exe
c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
c:\program files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiDmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiHips.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiProduct.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiProductRcd.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiScan.dll
c:\program files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnDmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnHips.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
c:\program files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
c:\program files\ESET\ESET NOD32 Antivirus\em000_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em001_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em002_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em003_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em004_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em005_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em006_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em009_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em015_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em017_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em018_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em019_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\em022_32.dat
c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOE.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOEEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOutlook.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgOutlookEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgTbEmon.dll
c:\program files\ESET\ESET NOD32 Antivirus\eset.chm
c:\program files\ESET\ESET NOD32 Antivirus\eula.rtf
c:\program files\ESET\ESET NOD32 Antivirus\mfc80u.dll
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.CRT.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFC.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\chrome.manifest
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\Components\eplgTb.dll
c:\program files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird\install.rdf
c:\program files\ESET\ESET NOD32 Antivirus\msvcp80.dll
c:\program files\ESET\ESET NOD32 Antivirus\msvcr80.dll
c:\program files\ESET\ESET NOD32 Antivirus\shellExt.dll
c:\program files\ESET\ESET NOD32 Antivirus\SysInspector.exe
c:\program files\ESET\ESET NOD32 Antivirus\SysRescue.exe
c:\program files\ESET\ESET NOD32 Antivirus\updater.dll
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\default.xml
c:\program files\SweetIM\Messenger\msvcp71.dll
c:\program files\SweetIM\Messenger\msvcr71.dll
c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
c:\program files\SweetIM\Messenger\resources\images\GamesButton.png
c:\program files\SweetIM\Messenger\resources\images\KeyboardButton.png
c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
c:\program files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll
c:\windows\system32\drivers\ehdrv.sys
c:\windows\system32\drivers\epfwtdir.sys
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EHDRV
-------\Legacy_EKRN
-------\Legacy_EPFWTDIR
-------\Service_ehdrv
-------\Service_ekrn
-------\Service_epfwtdir
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-08 15:08 . 2012-05-08 15:08 -------- d-----w- C:\_OTL
2012-05-08 14:18 . 2012-05-09 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2012-05-08 14:18 . 2012-05-08 14:18 -------- d-----w- c:\program files\MCShield
2012-05-08 13:11 . 2011-08-16 10:32 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-05-07 19:38 . 2012-05-08 09:17 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-07 10:00 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-07 10:00 . 2012-05-07 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-06 14:34 . 2012-05-06 14:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-05-06 14:32 . 2012-05-06 14:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-06 14:32 . 2012-05-06 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-05-06 12:29 . 2012-05-06 12:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zbshareware Lab
2012-05-06 12:14 . 2012-05-06 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM
2012-05-02 09:43 . 2012-05-04 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeFileViewer
2012-05-02 09:34 . 2012-05-02 09:34 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-05-02 09:28 . 2012-05-02 09:28 -------- d-----w- c:\program files\MSECache
2012-05-02 09:21 . 2012-05-02 09:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2012-04-30 19:12 . 2012-04-30 19:12 -------- d-----w- c:\program files\Article Submitter 4Pro
2012-04-28 10:29 . 2012-04-29 23:10 -------- d-----w- c:\program files\Hotlist-Search Buzz
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Arthur_A._Evseev_(artevse
2012-04-26 01:47 . 2012-04-26 01:47 -------- d-----w- c:\program files\ArticleToolChest
2012-04-25 16:32 . 2012-04-26 08:55 -------- d-----w- c:\program files\Hotlist-Theme-Buzz
2012-04-25 15:50 . 2012-04-25 15:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xenocode
2012-04-24 19:48 . 2012-04-24 19:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 19:48 . 2012-04-24 19:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 19:48 . 2012-04-24 19:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-21 09:49 . 2012-05-09 12:38 -------- d-----w- c:\program files\Easy Auto Spinner
2012-04-21 09:45 . 2012-05-06 09:28 -------- d-----w- c:\program files\Spin Writer Pro
2012-04-20 18:15 . 2012-04-20 18:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FileTypeAssistant
2012-04-20 18:11 . 2012-04-20 18:11 -------- d-----w- c:\program files\Free Text Pad
2012-04-20 18:05 . 2012-05-02 09:36 -------- d-----w- c:\program files\File Type Assistant
2012-04-20 18:04 . 2012-05-02 09:36 -------- d-----w- c:\program files\FreeFileViewer
2012-04-20 17:48 . 2012-04-20 17:48 -------- d-----w- c:\program files\7-Zip
2012-04-19 16:53 . 2012-05-05 08:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\AbiSuite
2012-04-19 16:52 . 2012-05-05 08:20 -------- d-----w- c:\program files\AbiWord
2012-04-19 11:42 . 2012-04-22 19:34 -------- d-----w- c:\program files\Article sender
2012-04-19 11:14 . 2012-04-19 11:27 -------- d-----w- c:\program files\Easy Homepage Creator V.2.0 DEMO
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\mresreg
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\IN-MEDIAKG
2012-04-19 11:08 . 2012-04-19 11:12 -------- d-----w- c:\program files\HomepageFIX2012
2012-04-19 11:08 . 2012-04-19 11:08 -------- d-----w- c:\program files\mresreg
2012-04-18 15:53 . 2012-04-30 20:17 -------- d-----w- c:\program files\tinySpell
2012-04-18 15:53 . 2012-04-18 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\tinySpell
2012-04-10 17:52 . 2012-05-09 18:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2012-04-10 17:52 . 2012-04-10 17:52 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 12:44 . 2012-03-30 16:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 12:44 . 2012-03-09 05:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-01 10:58 . 2002-12-31 12:00 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2002-12-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-12-31 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-12-31 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-04-24 19:48 . 2002-01-01 01:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"chromium"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-04-28 1224176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 3905920]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-03-12 583680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\MSHTA.exe"=
"c:\\WINDOWS\\system32\\DfrgFat.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58718:TCP"= 58718:TCP:Pando Media Booster
"58718:UDP"= 58718:UDP:Pando Media Booster
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 1:38 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2012 12:00 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2012 12:00 22344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 18:16 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [24.4.2012 21:48 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASPI32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]
2002-12-31 12:00 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:44]
.
2012-05-09 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-04-20 12:24]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1788223648-1644491937-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-01 10:18]
.
2012-05-09 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-04-20 20:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60049
mWindow Title = Microsoft Internet Explorer
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bancaintesabeograd.com\online
TCP: DhcpNameServer = 192.168.1.1
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT9.dll
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\puntj7q9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AlphaMarket Customized Web Search
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-05-09 20:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1788223648-1644491937-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,46,eb,40,e5,57,c5,43,b9,02,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3296)
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2012-05-09 21:07:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 19:07
ComboFix2.txt 2012-05-09 12:42
.
Pre-Run: 10.294.603.776 bytes free
Post-Run: 10.406.715.392 bytes free
.
- - End Of File - - 974F10CF601DAF4348A4FD08878F35C1