Spyware.Passwords/ Pomoc

1

Spyware.Passwords/ Pomoc

offline
  • Pridružio: 31 Jan 2008
  • Poruke: 16

Napisano: 03 Jan 2010 22:41

Pozdrav,
Ne bih ni otvarao temu, ali mojom nepaznjom ili neznanjem (svejedno) sam ugrozio i druge korisnike na netu. Naime, pre nekolko dana sam zapazio cudno ponasanje na index stranici sajta, tj. nije stranica ni mogla jasno da se prikaze na browseru. Pomislio sam da je do mog laptopa, tj da je u pitanju virus ili sta vec - i bi tako (Spyware.Passwords, Trojan.Agent – sve je prkazano u prilozenom txt fajlu) , medjutim kako to obrisem nakon izvesnog vremena sve se opet vrati (nesvestan da stetocine pokupim kad odem na svoj sajt – ironija , al sta da se radi). Ne znam kako se virus pojavio na mom hostingu (gomilu sifri koje posedujem ne drzim u racunaru, jedino je od hostinga sifra memorisana u total komanderu i obicno nakom sto zatvorim total k. obrisem 3 karaktera iz sifre, ali to nisam radio zadnjih nekoliko sedmica) , ali bio je na svaku index stranicu (php, html), js skriptu, kao i sve fajlove koji u svom nazivu imaju ’main’. Virus je bio prikacen na samom dnu fajla a pocinje <script>/*GNU GPL*/ try{window.onload = function(){var… , nekako sam se snasao i pobrisao sve to uz pomoc Cure GNU GPL Virus Fajla koji pronalazi sve zarazene php i html fajlove. Sad me samo zanima da li je nesto ostalo u mom laptopu, nisam bas siguran, iako mi sad deluje da sve radi kako treba. Jedino mi se aplikacije malo teze podizu, mada uzrok moze biti to sto istovremeno radi win patrol, ad aware i avira (za aviru i ad aware imam legalnu licencu, winPatrol je free verzija, winPatrol sam ubacio pre par dana). Ono sto sigurno znam je to da nemam nameru vise ici na net, a da u browseru opcija za java script bude ukljucena,uff. To bi bilo to, jos samo da dodam da koristim hsdpa usb modem za net, a brzina u proseku bude 40kb/s.




DDS (Ver_09-12-01.01) - NTFSx86
Run by korisnik at 21:06:39,87 on ned 03.01.2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.901 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\etMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HSDPA USB MODEM\USB Modem.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Dolphin3D\Sparta\Dolphin3D.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\korisnik\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [etMonitor] c:\windows\etMon.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\korisnik\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: &Search
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542}
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {D08F1EB7-62EE-419C-8481-C062185FA4A8} = 79.143.101.225 79.143.101.229
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\9x7jqumm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MB2 Customized Web Search
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\korisnik\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-23 64288]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-2 11608]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-5 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-5 24336]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2010-1-2 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-2 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-2 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2010-1-2 434945]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-22 56816]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2008-12-5 700152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\cmusbser.sys [2008-11-13 97408]
S2 gupdate1c9b300b817f21e;Google Update Service (gupdate1c9b300b817f21e);c:\program files\google\update\GoogleUpdate.exe [2009-4-1 133104]
S3 DCamUSBET;ET USB 2760 Camera;c:\windows\system32\drivers\etDevice.sys [2007-11-29 121856]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [2007-9-12 217088]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [2007-9-7 6656]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]

=============== Created Last 30 ================

2010-01-03 03:52:58 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-03 03:52:57 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-03 03:52:22 0 d-----w- c:\program files\TuneUp Utilities 2010
2010-01-03 03:52:00 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-03 01:33:14 0 d-----w- c:\program files\Orbitdownloader
2010-01-02 01:16:05 0 d-----w- c:\program files\Avira
2010-01-02 01:16:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-12-31 02:58:53 0 d-----w- c:\docume~1\korisnik\applic~1\WinPatrol
2009-12-31 02:58:34 0 d-----w- c:\program files\BillP Studios
2009-12-30 19:53:17 0 d-----w- c:\program files\Enigma Software Group
2009-12-30 18:35:24 0 d-----w- c:\program files\Opera 10 Beta
2009-12-30 13:45:46 134 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-29 19:45:33 0 d-----w- c:\docume~1\korisnik\applic~1\Ableton
2009-12-29 19:45:26 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-12-29 19:45:03 0 d-----w- c:\program files\Ableton
2009-12-26 04:34:15 0 d-----w- c:\program files\ASIO4ALL v2
2009-12-26 04:32:33 368640 ----a-w- c:\windows\system32\rewire.dll
2009-12-26 04:32:19 1554944 ----a-w- c:\windows\system32\vorbis.acm
2009-12-26 04:32:01 0 d-----w- c:\program files\Outsim
2009-12-26 04:29:46 0 d-----w- c:\program files\Image-Line
2009-12-21 20:01:39 0 d-----w- c:\program files\Vstplugins
2009-12-20 23:14:45 0 d-----w- c:\program files\eRightSoft
2009-12-09 19:06:57 0 d-----w- c:\program files\Free Link Checker
2009-12-09 19:05:24 0 d-----w- c:\windows\system32\URTTEMP
2009-12-06 18:15:16 0 ----a-w- c:\documents and settings\korisnik\fresh.wapcity.us
2009-12-04 22:27:55 0 d-----w- c:\program files\Dolphin3D

==================== Find3M ====================

2010-01-02 01:01:12 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-30 13:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-27 15:05:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 21:07:12,93 ===============




mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 03 Jan 2010 22:54

Zaboravih rootRepeal report:

mycity.rs/must-login.png

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav...


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 31 Jan 2008
  • Poruke: 16

Napisano: 03 Jan 2010 23:55

ComboFix 10-01-03.01 - korisnik 03.01.2010 23:42:05.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1328 [GMT 1:00]
Running from: c:\documents and settings\korisnik\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-03 04:00 . 2010-01-03 04:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2010-01-03 03:52 . 2009-11-17 09:17 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-01-03 03:52 . 2009-11-17 09:12 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-03 03:52 . 2010-01-03 03:52 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-03 03:52 . 2010-01-03 03:52 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-03 01:33 . 2010-01-03 01:33 -------- d-----w- c:\program files\Orbitdownloader
2010-01-02 01:16 . 2010-01-02 01:01 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-02 01:16 . 2010-01-02 01:01 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-02 01:16 . 2010-01-02 01:01 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-02 01:16 . 2010-01-02 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-02 01:16 . 2010-01-02 01:16 -------- d-----w- c:\program files\Avira
2009-12-31 02:58 . 2009-12-31 02:58 -------- d-----w- c:\documents and settings\korisnik\Application Data\WinPatrol
2009-12-31 02:58 . 2008-11-10 14:40 0 ----a-w- c:\documents and settings\korisnik\Application Data\WinPatrol\Config.sys
2009-12-31 02:58 . 2008-11-10 14:40 0 ----a-w- c:\documents and settings\korisnik\Application Data\WinPatrol\Autoexec.bat
2009-12-31 02:58 . 2009-12-31 02:58 -------- d-----w- c:\program files\BillP Studios
2009-12-30 19:53 . 2009-12-30 20:22 -------- d-----w- c:\program files\Enigma Software Group
2009-12-30 18:40 . 2009-12-30 18:40 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Opera
2009-12-30 18:35 . 2009-12-30 18:35 -------- d-----w- c:\program files\Opera 10 Beta
2009-12-30 13:45 . 2009-12-31 19:59 134 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-29 19:45 . 2009-12-29 19:45 -------- d-----w- c:\documents and settings\korisnik\Application Data\Ableton
2009-12-29 19:45 . 2008-03-14 12:22 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-12-29 19:45 . 2009-12-29 19:45 -------- d-----w- c:\program files\Ableton
2009-12-26 04:34 . 2009-12-26 18:53 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-26 04:32 . 2008-03-14 12:22 368640 ----a-w- c:\windows\system32\rewire.dll
2009-12-26 04:32 . 2009-12-26 04:32 -------- d-----w- c:\program files\Outsim
2009-12-26 04:29 . 2009-12-26 04:32 -------- d-----w- c:\program files\Image-Line
2009-12-21 20:06 . 2009-12-21 20:06 -------- d-----w- c:\documents and settings\korisnik\Application Data\Publish Providers
2009-12-21 20:02 . 2009-12-21 20:02 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\Sony
2009-12-21 20:02 . 2009-12-21 20:02 -------- d-----w- c:\documents and settings\korisnik\Application Data\Sony
2009-12-21 20:01 . 2009-12-26 04:32 -------- d-----w- c:\program files\Vstplugins
2009-12-20 23:15 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-12-20 23:15 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-12-20 23:15 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-12-20 23:14 . 2009-12-20 23:14 -------- d-----w- c:\program files\eRightSoft
2009-12-09 19:07 . 2009-12-09 19:07 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\FreeLinkChecker
2009-12-09 19:07 . 2009-12-09 19:47 -------- d-----w- c:\documents and settings\korisnik\Local Settings\Application Data\ApplicationHistory
2009-12-09 19:06 . 2009-12-09 19:06 -------- d-----w- c:\program files\Free Link Checker
2009-12-09 19:05 . 2009-12-09 19:05 -------- d-----w- c:\windows\system32\URTTEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 04:18 . 2009-09-22 21:15 -------- d-----w- c:\documents and settings\korisnik\Application Data\Orbit
2010-01-03 03:52 . 2008-11-11 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-02 01:01 . 2009-06-22 03:49 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-01 06:12 . 2009-11-19 20:53 -------- d-----w- c:\documents and settings\korisnik\Application Data\uTorrent
2009-12-31 03:16 . 2008-11-13 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 03:15 . 2008-12-10 03:45 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 13:55 . 2008-11-13 21:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2008-11-13 21:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-26 00:41 . 2009-04-01 19:33 -------- d-----w- c:\program files\Google
2009-12-24 20:09 . 2009-09-06 18:35 -------- d-----w- c:\program files\SpeedFan
2009-12-21 20:02 . 2008-11-15 17:34 -------- d-----w- c:\program files\Sony
2009-12-19 15:03 . 2009-09-23 01:19 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-19 15:03 . 2009-09-23 01:19 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-19 15:03 . 2009-09-23 01:19 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-19 15:02 . 2009-10-23 14:13 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-19 15:02 . 2009-09-23 01:19 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-19 15:02 . 2009-09-23 01:19 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-19 15:02 . 2009-09-23 01:18 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-19 15:01 . 2009-09-23 01:18 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-19 15:01 . 2009-09-23 01:16 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-19 15:01 . 2009-09-23 01:16 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-19 15:01 . 2009-09-23 01:16 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-19 15:01 . 2009-09-23 01:16 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-19 15:01 . 2009-09-23 01:16 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-04 22:30 . 2009-12-04 22:27 -------- d-----w- c:\program files\Dolphin3D
2009-12-02 23:14 . 2009-12-02 23:14 -------- d-----w- c:\program files\URUSoft
2009-11-29 05:30 . 2009-11-29 05:30 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-27 00:45 . 2009-11-27 00:45 -------- d-----w- c:\documents and settings\korisnik\Application Data\GRETECH
2009-11-27 00:42 . 2009-11-27 00:42 -------- d-----w- c:\program files\GRETECH
2009-11-20 02:51 . 2009-04-26 14:24 -------- d-----w- c:\program files\Unlocker
2009-11-19 21:23 . 2009-09-23 01:19 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-11-19 21:23 . 2009-09-23 01:18 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-19 21:23 . 2009-09-23 01:18 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-19 21:22 . 2009-09-23 01:18 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-19 21:21 . 2009-09-23 01:20 524200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\AutoStart Manager\AutoStart Manager.exe
2009-11-19 20:55 . 2009-11-19 20:55 -------- d-----w- c:\program files\uTorrent
2009-11-19 03:45 . 2008-11-11 08:02 -------- d-----w- c:\documents and settings\korisnik\Application Data\Skype
2009-11-13 01:52 . 2008-11-11 08:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-06 14:16 . 2009-09-09 01:37 -------- d-----w- c:\documents and settings\korisnik\Application Data\Spider Player
2009-10-29 03:05 . 2009-10-27 15:05 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-29 03:04 . 2009-09-23 01:19 2289688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\LT\HostFileEditor.exe
2009-10-29 03:04 . 2009-10-27 15:01 2057424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\LT\ProcessWatch.exe
2009-10-29 03:04 . 2009-09-23 01:20 112216 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ToolBox\AutoStart Manager\SO.dll
2009-10-27 15:05 . 2009-10-27 15:05 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 15:05 . 2009-10-27 15:05 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-27 15:05 . 2009-10-27 15:05 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-27 15:05 . 2009-09-23 01:19 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-27 15:05 . 2009-09-23 00:04 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-27 15:05 . 2009-10-27 15:05 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-27 15:05 . 2009-10-27 15:05 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-27 15:05 . 2009-10-27 15:05 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-27 15:02 . 2009-10-27 15:02 77616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\i386\sbapifsl.sys
2009-10-27 15:02 . 2009-10-27 15:02 69936 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\i386\sbapifs.sys
2009-10-27 15:02 . 2009-10-27 15:02 13360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\i386\sbaphd.sys
2006-05-03 09:06 . 2009-12-20 23:15 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-12-20 23:15 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-12-20 23:15 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-03-01 1851128]
"etMonitor"="c:\windows\etMon.exe" [2007-09-19 102400]
"COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2009-03-01 1851128]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2009-04-14 1246720]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-17 788880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-01-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\korisnik\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^emSwapTool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\emSwapTool.lnk
backup=c:\windows\pss\emSwapTool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 04:42 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 10:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 21:57 30208 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-13 13:49 16377344 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2007-04-11 02:06 53248 ----a-w- c:\windows\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 11:00 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 16:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-05-10 18:22 864256 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CorelDRAW Graphics Suite 11b"=c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=112608 serial=xxxxxxxxxxxxxx
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera 10 Beta\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/23/2009 12:29 AM 64288]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12/5/2008 7:21 PM 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/5/2008 7:21 PM 24336]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [1/2/2010 2:16 AM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/2/2010 2:16 AM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [1/2/2010 2:16 AM 434945]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\cmusbser.sys [11/13/2008 7:48 PM 97408]
S2 gupdate1c9b300b817f21e;Google Update Service (gupdate1c9b300b817f21e);c:\program files\Google\Update\GoogleUpdate.exe [4/1/2009 8:33 PM 133104]
S3 DCamUSBET;ET USB 2760 Camera;c:\windows\system32\drivers\etDevice.sys [11/29/2007 4:16 AM 121856]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [9/12/2007 8:58 PM 217088]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 12:17 PM 1181328]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [9/7/2007 1:43 PM 6656]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24 AM 10064]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [11/17/2009 10:15 AM 1021256]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-03 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:10]

2010-01-03 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:10]

2010-01-03 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:10]

2010-01-03 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:10]

2010-01-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:10]

2010-01-03 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-17 09:20]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 19:33]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 19:33]

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-776561741-839522115-1003Core.job
- c:\documents and settings\korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-10 00:48]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-776561741-839522115-1003UA.job
- c:\documents and settings\korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-10 00:48]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Search
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} -
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\korisnik\Application Data\Mozilla\Firefox\Profiles\9x7jqumm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MB2 Customized Web Search
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-01-03 23:46
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1072)
c:\windows\system32\guard32.dll
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\guard32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-03 23:48:05
ComboFix-quarantined-files.txt 2010-01-03 22:48
ComboFix2.txt 2010-01-03 22:35

Pre-Run: 30.482.989.056 bytes free
Post-Run: 30.444.453.888 bytes free

- - End Of File - - 92ED1C9D9069C114276089508D7B53F1

Dopuna: 04 Jan 2010 0:34

Hm, u zurbi nisam pravilno odradio ovo - combofix nije bio snimljen na desktopu - pa je ispod novi txt fajl.





mycity.rs/must-login.png

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Ovaj log ComboFix_a koji si iskopirao u poruci je log koji si dobio pri drugom pokretanju.

Log koji si prikačio u poruci je od trećeg pokretanja ComboFix alata, a meni je potreban log koji si dobio pri prvom pokretanju ComboFix_a.


Nalazi se na C:\ComboFix.txt

offline
  • Pridružio: 31 Jan 2008
  • Poruke: 16

Da, u pravu si. Nasao sam log na C:\Qoobox

mycity.rs/must-login.png

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Preuzmi bat file sa linka dole na Desktop i pokreni ga dvoklikom na ikonicu.

Po završetku rada otvoriće ti se log.txt koji ćeš iskopirati ovde u poruci.


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 31 Jan 2008
  • Poruke: 16

uradjeno:

pon 04.01.2010 17:18:54,64
Deleted file - c:\windows\system32\fjhdyfhsn.bat

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Sad bi trebalo da je sve ok.


Isprati još sledeće...



Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • Pridružio: 31 Jan 2008
  • Poruke: 16

ok, hvala puno i sve najljepse u Novoj godini. Samo jos jedno pitanje - da li da obrisem winPatrol, jer ako smeta aviri i ad-aware softveru za normalan rad onda opet rizikujem kad je u pitanju zastita?

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Ne bih mogao da ti odgovorim na ovo pitanje, jer nisam koristio navedene programe zajedno, ali ako smatraš da ti ometa rad AV_a ti ga ukloni.


Hvala, takođe sve najbolje u Novoj...

Ko je trenutno na forumu
 

Ukupno su 1352 korisnika na forumu :: 38 registrovanih, 10 sakrivenih i 1304 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, Alibaba1981, babaroga, bladesu, Bobrock1, bojank, bojankrstc, bojanM84, ccoogg123, cemix, Dimitrise93, Dorcolac, dragoljub11987, FileFinder, GenZee, havoc995, ILGromovnik, JOntra, kovinacc, Kubovac, kuntalo, kybonacci, ljuba, madza, maiden6657, Mercury, Mihajlo, Milos ZA, Misirac, opt1, pein, Seeker, shone34, Valter071, zillbg, zzapNDjuric99, Čivi