TrojanDownloader Agent NWG i ostala bagra :(

1

TrojanDownloader Agent NWG i ostala bagra :(

offline
  • SSpin 
  • Saradnik foruma
  • Pridružio: 09 Dec 2004
  • Poruke: 6488
  • Gde živiš: Nis -> ***Durlan City***

Sramota me što sam relativno skoro otvarao temu, ali opet sam nemoćan. U pat poziciji sam (treba mi komp, nemam vreme za reinstal #januarski...) itd.

Primetio sam mshta.exe. Nekoliko istih procesa i dosta mi je zauzimao RAM. Zatim je ušao neki trojan. Kako Avira nije mogla da se izbori, instalirao sam NOD ali i dalje i dalje prijavljuje TrojanDownloader Agent NWG.

Pokušava da se konektuje na neki sajt i svuče još bagre.. nikako ne mogu da ga lociram i trajno obrišem

Avira, Nod, SpyBot, MBAM, sve latest definicijama skenirano trt.

Imam trenutno Nod i Sunbelt aktivne tako da kapiram da neće još skoro umreti, ali osećam da je trojan živ pa vapim za pomoć (pošto mi ovih dana baš treba komp a ne bih da rikne).

-

DDS (Ver_10-12-12.02) - NTFSx86
Run by SSpin at 23:20:48.39 on Tue 01/25/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.834 [GMT 1:00]

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir Desktop *Disabled/Outdated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Avira FireWall *Disabled*
FW: Sunbelt Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Documents and Settings\SSpin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://elt.asksearch.com/?cfg=2-360-0-<!-- function kerio_ignor(a) { } kerio_ignor("--><HTML><BODY><!--"); document.write("Ad blocked here by SPF.");kerio_ignor(" -->Ad blocked here by SPF.</BODY></HTML><!-- "); //-->
uURLSearchHooks: H - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DebugBar BHO: {69fc0024-10eb-480a-bbf2-3bf4e78e17b1} - c:\program files\core services\debugbar\DebugInfoBar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: DebugBar: {3e1201f4-1707-409f-bb45-a5f192381da0} - c:\program files\core services\debugbar\DebugToolBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = avnotify.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {5C53B829-BB74-4B24-8B5D-8D597B397852} = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~4\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sspin\applic~1\mozilla\firefox\profiles\aky8ynt5.default\
FF - component: c:\documents and settings\sspin\application data\mozilla\firefox\profiles\aky8ynt5.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\sspin\application data\mozilla\firefox\profiles\aky8ynt5.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\winnt-32\MinimizeToTrayPlus.dll
FF - plugin: c:\documents and settings\sspin\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\sspin\local settings\application data\flock\update\1.2.213.0\npFlockOneClick8.dll
FF - plugin: c:\documents and settings\sspin\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: MinimizeToTrayPlus: {de1b245c-de57-11da-ba2d-0050c2490048} - %profile%\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Gmail Checker: {6BFD307A-C040-11DA-9749-FB1C850B47DF} - %profile%\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-1-25 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-4-15 54752]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2011-1-25 65576]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys --> c:\windows\system32\drivers\fgxscsi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-9-26 30192]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2009-3-4 30336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2009-9-22 48736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-25 11:43:33 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2011-01-25 11:43:25 -------- d-----w- c:\program files\Sunbelt Software
2011-01-25 11:40:33 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-01-24 15:16:28 -------- d-----w- c:\program files\ESET
2011-01-15 23:16:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Boxtools
2011-01-15 23:16:02 -------- d-----w- c:\program files\A-PDF Text Extractor
2011-01-02 15:09:25 -------- d-----w- c:\program files\MagicISO
2011-01-02 14:36:43 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2011-01-02 14:36:43 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2011-01-02 14:36:43 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2011-01-02 14:36:43 258048 ----a-w- c:\windows\system32\imagXR7.dll
2011-01-02 14:36:43 1757184 ----a-w- c:\windows\system32\imagX7.dll
2011-01-02 14:36:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-12-29 19:08:04 120499 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2010-12-29 19:08:03 -------- d-----w- c:\program files\File Renamer
2010-12-29 18:54:43 -------- d-----w- c:\docume~1\sspin\applic~1\Hulubulu
2010-12-29 18:54:36 -------- d-----w- c:\program files\Advanced Renamer
2010-12-28 17:04:10 -------- d-----w- c:\program files\Eltima Software
2010-12-28 16:56:58 -------- d-----w- c:\program files\GlobFX
2010-12-28 16:51:52 -------- d-----w- c:\windows\system32\Adobe

==================== Find3M ====================

2009-03-11 17:21:05 478720 ----a-w- c:\program files\usbnorisk.exe
2003-01-03 19:36:52 77824 ----a-w- c:\program files\Startup.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A017555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a01d7b0]; MOV EAX, [0x8a01d82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A0A6AB8]
3 CLASSPNP[0xF7637FCF] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000006d[0x8A0AA9E8]
5 ACPI[0xF74AC620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A035940]
\Driver\atapi[0x8A037808] -> IRP_MJ_CREATE -> 0x8A017555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskST380011A_______________________________3.06____#4a33335635335141202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A01739B
\Driver\atapi -> 0x8a13e1e8
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 23:24:06.64 ===============

Hvala momci unapred, i zaista cenima vaš rad i vreme! Ziveli

http://fotkica.com/uploads2N/2245_1019067041_RootRepeal%20report%2001-25-11%20%2823-53-39%29.txt

http://fotkica.com/uploads2N/2245_768101452_Attach.txt

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav SSpin!









U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------




Arrow



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.









goran9888 (AMF Tim)

offline
  • SSpin 
  • Saradnik foruma
  • Pridružio: 09 Dec 2004
  • Poruke: 6488
  • Gde živiš: Nis -> ***Durlan City***

Pre svega veliko hvala na izdvojenom vremenu, Gorane Smile

Log:

ComboFix 11-01-25.03 - SSpin 01/26/2011 15:21:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.860 [GMT 1:00]
Running from: c:\documents and settings\SSpin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Avira FireWall *Disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\d.ini
c:\windows\system32\Config.ini
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
.

2011-01-25 11:43 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2011-01-25 11:43 . 2011-01-25 11:43 -------- d-----w- c:\program files\Sunbelt Software
2011-01-25 11:40 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-01-24 15:49 . 2011-01-24 15:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-01-24 15:16 . 2011-01-24 15:16 -------- d-----w- c:\program files\ESET
2011-01-15 23:16 . 2011-01-22 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Boxtools
2011-01-15 23:16 . 2011-01-15 23:16 -------- d-----w- c:\program files\A-PDF Text Extractor
2011-01-02 15:09 . 2011-01-02 15:09 -------- d-----w- c:\program files\MagicISO
2011-01-02 14:38 . 2011-01-02 14:38 -------- d-----w- c:\documents and settings\SSpin\Application Data\Nero
2011-01-02 14:36 . 2006-03-17 13:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2011-01-02 14:36 . 2006-03-17 10:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2011-01-02 14:36 . 2006-03-17 10:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2011-01-02 14:36 . 2006-03-17 10:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2011-01-02 14:36 . 2006-03-17 10:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2011-01-02 14:36 . 2011-01-02 14:37 -------- d-----w- c:\program files\Common Files\Nero
2011-01-02 14:36 . 2011-01-02 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-12-29 19:08 . 2010-12-29 19:08 120499 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2010-12-29 19:08 . 2010-12-29 19:11 -------- d-----w- c:\program files\File Renamer
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\documents and settings\SSpin\Application Data\Hulubulu
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\program files\Advanced Renamer
2010-12-28 17:04 . 2010-12-28 17:04 -------- d-----w- c:\program files\Eltima Software
2010-12-28 16:56 . 2010-12-28 16:56 -------- d-----w- c:\program files\GlobFX
2010-12-28 16:51 . 2010-12-28 16:51 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-03-04 10:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-04 10:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-11 17:21 . 2009-03-11 17:21 478720 ----a-w- c:\program files\usbnorisk.exe
2003-01-03 19:36 . 2009-03-07 19:26 77824 ----a-w- c:\program files\Startup.exe
2010-08-25 08:20 . 2009-09-26 16:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SSpin^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\SSpin\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-03-19 20:31 321344 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series]
2002-02-19 02:03 74240 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S10IC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flock Update]
2010-09-26 10:21 136312 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-05 11:02 133104 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-07-22 12:32 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2002-10-25 10:18 4239360 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2002-10-25 10:18 315392 ----a-r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 12:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-03-04 10:07 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-19 19:43 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-15 18:09 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/7/2009 3:46 PM 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/25/2011 12:43 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 4:54 AM 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 7:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 7:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/25/2011 12:40 PM 65576]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 1:23 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/26/2009 5:10 PM 30192]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [3/4/2009 10:43 AM 30336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 9:22 PM 34064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [9/22/2009 12:52 PM 48736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2011-01-25 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-25 20:03]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-10-04 10:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://elt.asksearch.com/?cfg=2-360-0-<!-- function kerio_ignor(a) { } kerio_ignor("--><HTML><BODY><!--"); document.write("Ad blocked here by SPF.");kerio_ignor(" -->Ad blocked here by SPF.</BODY></HTML><!-- "); //-->
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {5C53B829-BB74-4B24-8B5D-8D597B397852} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\SSpin\Application Data\Mozilla\Firefox\Profiles\aky8ynt5.default\
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: MinimizeToTrayPlus: {de1b245c-de57-11da-ba2d-0050c2490048} - %profile%\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Gmail Checker: {6BFD307A-C040-11DA-9749-FB1C850B47DF} - %profile%\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{038cb5c7-48ea-4af9-94e0-a1646542e62b} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{038cb5c7-48ea-4af9-94e0-a1646542e62b} - (no file)
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
MSConfigStartUp-LogitechRegisterVideoApplications - c:\program files\Logitech\Video\InstallHelper.exe
MSConfigStartUp-{F900AF04-D757-5AFE-D57B-8C4BE292DEC4} - c:\documents and settings\SSpin\Application Data\Qywota\efaf.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 15:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A07F555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a0857b0]; MOV EAX, [0x8a08582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A046AB8]
3 CLASSPNP[0xF7637FCF] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000006d[0x8A0A39E8]
5 ACPI[0xF74AC620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A048D98]
\Driver\atapi[0x8A0A1158] -> IRP_MJ_CREATE -> 0x8A07F555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskST380011A_______________________________3.06____#4a33335635335141202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A07F39B
\Driver\atapi -> 0x8a13e1e8
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98E8CD69-E212-A5B4-D018-0500295CB069}\InProcServer32*]
"jamgbjhenlkpopdfgggo"=hex:6a,61,6f,62,68,6e,66,63,64,6e,6b,65,64,67,6a,6e,67,
6f,62,6e,00,c8
"iamglibdggpnddomff"=hex:6a,61,6f,62,68,6e,66,63,64,6e,6b,65,64,67,6a,6e,67,6f,
62,6e,00,04
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1064)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1544)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\hnetcfg.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-26 15:53:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-26 14:53

Pre-Run: 4,587,884,544 bytes free
Post-Run: 4,703,559,680 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3D76B1FBCD17CBE347FAE950B65FDABA
-

Inače dešava se da upalim komp, vidim pozadinu ali nijednu ikonu. Desni klik ne radi. Nakon nekoliko restarta sve normalno. I Chrome je prestao da radi. (to su takođe sve bili simptomi)

Šta mi je dalje činiti? O kakvoj infekciji se radi?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:


TDSSKiller

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.


Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.


U slucaju da dobijes upozorenje Can't cure MBR. Write standard boot code (primer), klikni na Yes.


Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)












goran9888 (AMF Tim)

offline
  • SSpin 
  • Saradnik foruma
  • Pridružio: 09 Dec 2004
  • Poruke: 6488
  • Gde živiš: Nis -> ***Durlan City***

2011/01/26 16:58:22.0640 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/26 16:58:22.0640 ================================================================================
2011/01/26 16:58:22.0640 SystemInfo:
2011/01/26 16:58:22.0640
2011/01/26 16:58:22.0640 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/26 16:58:22.0640 Product type: Workstation
2011/01/26 16:58:22.0640 ComputerName: SSPIN-67966371D
2011/01/26 16:58:22.0640 UserName: SSpin
2011/01/26 16:58:22.0640 Windows directory: C:\WINDOWS
2011/01/26 16:58:22.0640 System windows directory: C:\WINDOWS
2011/01/26 16:58:22.0640 Processor architecture: Intel x86
2011/01/26 16:58:22.0640 Number of processors: 1
2011/01/26 16:58:22.0640 Page size: 0x1000
2011/01/26 16:58:22.0640 Boot type: Normal boot
2011/01/26 16:58:22.0640 ================================================================================
2011/01/26 16:58:22.0828 Initialize success
2011/01/26 16:58:26.0359 ================================================================================
2011/01/26 16:58:26.0359 Scan started
2011/01/26 16:58:26.0359 Mode: Manual;
2011/01/26 16:58:26.0359 ================================================================================
2011/01/26 16:58:27.0656 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/26 16:58:27.0828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/26 16:58:28.0093 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/01/26 16:58:28.0234 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
2011/01/26 16:58:28.0859 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/01/26 16:58:29.0281 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/01/26 16:58:29.0921 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/26 16:58:30.0062 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/26 16:58:30.0359 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/26 16:58:30.0531 audstub (d9f724aa26c010a217c97606b160ed68-) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/26 16:58:30.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/26 16:58:30.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/26 16:58:31.0093 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/26 16:58:31.0296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/26 16:58:31.0453 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/26 16:58:31.0593 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/26 16:58:32.0625 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/26 16:58:32.0843 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/26 16:58:33.0031 dmio (f5e7b358a732d09f4bcf2824b88b9e28-) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/26 16:58:33.0187 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/26 16:58:33.0343 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/26 16:58:33.0593 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/26 16:58:33.0734 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/01/26 16:58:33.0906 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/01/26 16:58:34.0125 epfwtdir (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/01/26 16:58:34.0312 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/26 16:58:34.0468 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/26 16:58:34.0609 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/01/26 16:58:34.0921 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/26 16:58:35.0093 Flpydisk (0dd1de43115b93f4d85e889d7a86f548-) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/26 16:58:35.0234 FltMgr (6cc5181f718820861eeadae38f764b75) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/26 16:58:35.0421 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/01/26 16:58:35.0609 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/26 16:58:35.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/26 16:58:35.0968 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/26 16:58:36.0187 HidUsb (1de6783b918f540149aa69943bdfeba8-) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/26 16:58:36.0421 HTTP (261bf53e1d1c21f04b4e748a6ed3d055) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/26 16:58:36.0765 i8042prt (5502b58eef7486ee6f93f3f164dcb808-) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/26 16:58:36.0937 iadusb (6b9ab7919228559a57d94f762413459d) C:\WINDOWS\system32\DRIVERS\glauiad.sys
2011/01/26 16:58:37.0093 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/26 16:58:37.0484 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/26 16:58:37.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/26 16:58:37.0796 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/26 16:58:37.0953 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/26 16:58:38.0140 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/26 16:58:38.0296 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/26 16:58:38.0453 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/26 16:58:38.0640 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/26 16:58:38.0812 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/26 16:58:39.0000 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/26 16:58:39.0171 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/26 16:58:39.0656 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/01/26 16:58:39.0875 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/26 16:58:40.0078 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/26 16:58:40.0234 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/26 16:58:40.0390 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/26 16:58:40.0562 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/26 16:58:40.0843 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/26 16:58:41.0031 MRxSmb (3500e756812e716351f2d341ae1d5623) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/26 16:58:41.0281 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/26 16:58:41.0468 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/26 16:58:41.0625 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448-) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/26 16:58:41.0812 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/26 16:58:41.0953 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/26 16:58:42.0140 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/26 16:58:42.0312 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/26 16:58:42.0468 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/26 16:58:42.0640 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/26 16:58:42.0812 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/26 16:58:42.0968 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/26 16:58:43.0125 Ndisuio (77d9bf86b912104c229d4f0d25be3c12) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/26 16:58:43.0281 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/26 16:58:43.0421 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/26 16:58:43.0562 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/26 16:58:43.0843 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/26 16:58:44.0140 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/01/26 16:58:44.0343 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/01/26 16:58:44.0500 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/26 16:58:44.0703 Ntfs (7179ac3f4258aec9627590a842fda1d6) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/26 16:58:44.0906 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/26 16:58:45.0109 nv (138c05abeadb234439f7cb84f7f96c13) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/26 16:58:45.0312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/26 16:58:45.0468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/26 16:58:45.0703 Parport (29744eb4ce659dfe3b4122deb45bc478-) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/26 16:58:45.0859 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/26 16:58:46.0015 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/26 16:58:46.0203 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/26 16:58:46.0609 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/26 16:58:47.0562 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/26 16:58:47.0718 PSched (48671f327553dcf1d27f6197f622a668-) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/26 16:58:47.0890 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/26 16:58:48.0078 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2011/01/26 16:58:48.0703 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/26 16:58:48.0875 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/26 16:58:49.0062 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/26 16:58:49.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/26 16:58:49.0390 Rdbss (b48441a6dc703ee4c36db14ee51a189c) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/26 16:58:49.0546 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/26 16:58:49.0703 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/26 16:58:49.0890 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/26 16:58:50.0078 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/26 16:58:50.0281 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/01/26 16:58:50.0500 SbFw (419883201ca9ad697ccfb8fc46dd6f78-) C:\WINDOWS\system32\drivers\SbFw.sys
2011/01/26 16:58:50.0640 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
2011/01/26 16:58:50.0812 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys
2011/01/26 16:58:51.0062 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/26 16:58:51.0250 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/26 16:58:51.0406 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/26 16:58:51.0687 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/26 16:58:52.0000 SIVDRIVER (e3642109319c449bd6181cbcb4a53c59) C:\WINDOWS\system32\Drivers\SIVX32.sys
2011/01/26 16:58:52.0156 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/26 16:58:52.0453 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/26 16:58:52.0687 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/01/26 16:58:52.0687 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/01/26 16:58:52.0718 sptd - detected Locked file (1)
2011/01/26 16:58:52.0859 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/26 16:58:53.0062 Srv (d4af9861c3b6a2163d26dc6b9cf05e2a) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/26 16:58:53.0234 StarOpen (221c2379681d9d0eba57633446cbf50f) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/01/26 16:58:53.0421 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/26 16:58:53.0578 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/26 16:58:53.0750 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/26 16:58:54.0375 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/26 16:58:54.0593 Tcpip (744e57c99232201ae98c49168b918f48-) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/26 16:58:54.0765 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/26 16:58:54.0906 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/26 16:58:55.0125 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/26 16:58:55.0468 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/26 16:58:55.0765 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/26 16:58:55.0984 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/26 16:58:56.0171 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/26 16:58:56.0328 usbehci (4a84dd272df62be5739394b3f90f8ae2) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/26 16:58:56.0484 usbhub (a874d1629762019ceaf824ad8a8c5660) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/26 16:58:56.0656 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/26 16:58:56.0921 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/26 16:58:57.0046 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/26 16:58:57.0171 usbuhci (654c19d5ca14483be3c2384cddc09468-) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/26 16:58:57.0312 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/26 16:58:57.0421 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/26 16:58:57.0531 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/26 16:58:57.0671 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/26 16:58:57.0859 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/26 16:58:58.0125 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/01/26 16:58:58.0281 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8-) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/26 16:58:58.0406 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/26 16:58:58.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/26 16:58:58.0687 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/26 16:58:58.0781 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/26 16:58:58.0781 ================================================================================
2011/01/26 16:58:58.0781 Scan finished
2011/01/26 16:58:58.0781 ================================================================================
2011/01/26 16:58:58.0812 Detected object count: 2
2011/01/26 16:59:08.0781 Locked file(sptd) - User select action: Skip
2011/01/26 16:59:08.0812 \HardDisk0 - will be cured after reboot
2011/01/26 16:59:08.0812 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/26 16:59:19.0734 Deinitialize success

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Ponovo pokreni ComboFix i postavi mi svez CF log u sledecoj poruci.















goran9888 (AMF Tim)

offline
  • SSpin 
  • Saradnik foruma
  • Pridružio: 09 Dec 2004
  • Poruke: 6488
  • Gde živiš: Nis -> ***Durlan City***

Imal spasa? Smile

-
ComboFix 11-01-25.05 - SSpin 01/26/2011 20:14:52.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.824 [GMT 1:00]
Running from: c:\documents and settings\SSpin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Avira FireWall *Disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
.

2011-01-25 11:43 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2011-01-25 11:43 . 2011-01-25 11:43 -------- d-----w- c:\program files\Sunbelt Software
2011-01-25 11:40 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-01-24 15:49 . 2011-01-24 15:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-01-24 15:16 . 2011-01-24 15:16 -------- d-----w- c:\program files\ESET
2011-01-15 23:16 . 2011-01-22 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Boxtools
2011-01-15 23:16 . 2011-01-15 23:16 -------- d-----w- c:\program files\A-PDF Text Extractor
2011-01-02 15:09 . 2011-01-02 15:09 -------- d-----w- c:\program files\MagicISO
2011-01-02 14:38 . 2011-01-02 14:38 -------- d-----w- c:\documents and settings\SSpin\Application Data\Nero
2011-01-02 14:36 . 2006-03-17 13:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2011-01-02 14:36 . 2006-03-17 10:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2011-01-02 14:36 . 2006-03-17 10:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2011-01-02 14:36 . 2006-03-17 10:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2011-01-02 14:36 . 2006-03-17 10:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2011-01-02 14:36 . 2011-01-02 14:37 -------- d-----w- c:\program files\Common Files\Nero
2011-01-02 14:36 . 2011-01-02 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-12-29 19:08 . 2010-12-29 19:08 120499 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2010-12-29 19:08 . 2010-12-29 19:11 -------- d-----w- c:\program files\File Renamer
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\documents and settings\SSpin\Application Data\Hulubulu
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\program files\Advanced Renamer
2010-12-28 17:04 . 2010-12-28 17:04 -------- d-----w- c:\program files\Eltima Software
2010-12-28 16:56 . 2010-12-28 16:56 -------- d-----w- c:\program files\GlobFX
2010-12-28 16:51 . 2010-12-28 16:51 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-03-04 10:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-04 10:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-11 17:21 . 2009-03-11 17:21 478720 ----a-w- c:\program files\usbnorisk.exe
2003-01-03 19:36 . 2009-03-07 19:26 77824 ----a-w- c:\program files\Startup.exe
2010-08-25 08:20 . 2009-09-26 16:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-26_14.44.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-26 18:28 . 2011-01-26 18:28 16384 c:\windows\Temp\Perflib_Perfdata_794.dat
+ 2001-08-23 14:00 . 2011-01-26 14:47 84994 c:\windows\system32\perfc009.dat
- 2001-08-23 14:00 . 2010-10-31 08:17 84994 c:\windows\system32\perfc009.dat
+ 2001-08-23 14:00 . 2011-01-26 14:47 496620 c:\windows\system32\perfh009.dat
- 2001-08-23 14:00 . 2010-10-31 08:17 496620 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SSpin^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\SSpin\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-03-19 20:31 321344 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series]
2002-02-19 02:03 74240 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S10IC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flock Update]
2010-09-26 10:21 136312 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-05 11:02 133104 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-07-22 12:32 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2002-10-25 10:18 4239360 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2002-10-25 10:18 315392 ----a-r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 12:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-03-04 10:07 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-19 19:43 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-15 18:09 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/7/2009 3:46 PM 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/25/2011 12:43 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 4:54 AM 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 7:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 7:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/25/2011 12:40 PM 65576]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 1:23 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/26/2009 5:10 PM 30192]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [3/4/2009 10:43 AM 30336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 9:22 PM 34064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [9/22/2009 12:52 PM 48736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2011-01-25 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-25 20:03]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-10-04 10:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://elt.asksearch.com/?cfg=2-360-0-<!-- function kerio_ignor(a) { } kerio_ignor("--><HTML><BODY><!--"); document.write("Ad blocked here by SPF.");kerio_ignor(" -->Ad blocked here by SPF.</BODY></HTML><!-- "); //-->
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {5C53B829-BB74-4B24-8B5D-8D597B397852} = 208.67.222.222,208.67.220.220
TCP: {6DF862F7-CE13-4B35-881A-32275696F818} = 92.60.224.20 92.60.224.30
FF - ProfilePath - c:\documents and settings\SSpin\Application Data\Mozilla\Firefox\Profiles\aky8ynt5.default\
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: MinimizeToTrayPlus: {de1b245c-de57-11da-ba2d-0050c2490048} - %profile%\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Gmail Checker: {6BFD307A-C040-11DA-9749-FB1C850B47DF} - %profile%\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 20:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98E8CD69-E212-A5B4-D018-0500295CB069}\InProcServer32*]
"jamgbjhenlkpopdfgggo"=hex:6a,61,6f,62,68,6e,66,63,64,6e,6b,65,64,67,6a,6e,67,
6f,62,6e,00,c8
"iamglibdggpnddomff"=hex:6a,61,6f,62,68,6e,66,63,64,6e,6b,65,64,67,6a,6e,67,6f,
62,6e,00,04
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2011-01-26 20:29:05
ComboFix-quarantined-files.txt 2011-01-26 19:28
ComboFix2.txt 2011-01-26 14:53

Pre-Run: 4,685,365,248 bytes free
Post-Run: 4,666,925,056 bytes free

- - End Of File - - 53B5A9265FC2F4A39C3ABC1CA0B50030

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow


Otvoriti Notepad i iskopirati sledeci tekst:

SecCenter::
{11638345-E4FC-4BEE-BB73-EC754659C5F6}
{AD166499-45F9-482A-A743-FDD3350758C7}


DDS::
uStart Page = hxxp://elt.asksearch.com/?cfg=2-360-0-<!-- function kerio_ignor(a) { } kerio_ignor("--><HTML><BODY><!--"); document.write("Ad blocked here by SPF.");kerio_ignor(" -->Ad blocked here by SPF.</BODY></HTML><!-- "); //-->


RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98E8CD69-E212-A5B4-D018-0500295CB069}\InProcServer32*]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.








Arrow


Kakvo je sada stanje racunara? Ima li vidljivih problema?










goran9888 (AMF Tim)

offline
  • SSpin 
  • Saradnik foruma
  • Pridružio: 09 Dec 2004
  • Poruke: 6488
  • Gde živiš: Nis -> ***Durlan City***

Sada je, koliko vidim, ok. NOD više ne prijavljuje ništa...

-
ComboFix 11-01-25.05 - SSpin 01/26/2011 21:47:56.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.777 [GMT 1:00]
Running from: c:\documents and settings\SSpin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SSpin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
.

2011-01-25 11:43 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2011-01-25 11:43 . 2011-01-25 11:43 -------- d-----w- c:\program files\Sunbelt Software
2011-01-25 11:40 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-01-24 15:49 . 2011-01-24 15:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-01-24 15:16 . 2011-01-24 15:16 -------- d-----w- c:\program files\ESET
2011-01-15 23:16 . 2011-01-22 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Boxtools
2011-01-15 23:16 . 2011-01-15 23:16 -------- d-----w- c:\program files\A-PDF Text Extractor
2011-01-02 15:09 . 2011-01-02 15:09 -------- d-----w- c:\program files\MagicISO
2011-01-02 14:38 . 2011-01-02 14:38 -------- d-----w- c:\documents and settings\SSpin\Application Data\Nero
2011-01-02 14:36 . 2006-03-17 13:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2011-01-02 14:36 . 2006-03-17 10:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2011-01-02 14:36 . 2006-03-17 10:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2011-01-02 14:36 . 2006-03-17 10:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2011-01-02 14:36 . 2006-03-17 10:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2011-01-02 14:36 . 2011-01-02 14:37 -------- d-----w- c:\program files\Common Files\Nero
2011-01-02 14:36 . 2011-01-02 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-12-29 19:08 . 2010-12-29 19:08 120499 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2010-12-29 19:08 . 2010-12-29 19:11 -------- d-----w- c:\program files\File Renamer
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\documents and settings\SSpin\Application Data\Hulubulu
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\program files\Advanced Renamer
2010-12-28 17:04 . 2010-12-28 17:04 -------- d-----w- c:\program files\Eltima Software
2010-12-28 16:56 . 2010-12-28 16:56 -------- d-----w- c:\program files\GlobFX
2010-12-28 16:51 . 2010-12-28 16:51 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-03-04 10:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-04 10:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-11 17:21 . 2009-03-11 17:21 478720 ----a-w- c:\program files\usbnorisk.exe
2003-01-03 19:36 . 2009-03-07 19:26 77824 ----a-w- c:\program files\Startup.exe
2010-08-25 08:20 . 2009-09-26 16:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-26_14.44.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-26 18:28 . 2011-01-26 18:28 16384 c:\windows\Temp\Perflib_Perfdata_794.dat
+ 2001-08-23 14:00 . 2011-01-26 14:47 84994 c:\windows\system32\perfc009.dat
- 2001-08-23 14:00 . 2010-10-31 08:17 84994 c:\windows\system32\perfc009.dat
+ 2001-08-23 14:00 . 2011-01-26 14:47 496620 c:\windows\system32\perfh009.dat
- 2001-08-23 14:00 . 2010-10-31 08:17 496620 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SSpin^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\SSpin\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-03-19 20:31 321344 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series]
2002-02-19 02:03 74240 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S10IC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flock Update]
2010-09-26 10:21 136312 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-05 11:02 133104 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-07-22 12:32 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2002-10-25 10:18 4239360 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2002-10-25 10:18 315392 ----a-r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 12:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-03-04 10:07 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-19 19:43 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-15 18:09 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/7/2009 3:46 PM 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/25/2011 12:43 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 4:54 AM 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 7:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 7:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/25/2011 12:40 PM 65576]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 1:23 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/26/2009 5:10 PM 30192]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [3/4/2009 10:43 AM 30336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 9:22 PM 34064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [9/22/2009 12:52 PM 48736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2011-01-25 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-25 20:03]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-10-04 10:30]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {5C53B829-BB74-4B24-8B5D-8D597B397852} = 208.67.222.222,208.67.220.220
TCP: {6DF862F7-CE13-4B35-881A-32275696F818} = 92.60.224.20 92.60.224.30
FF - ProfilePath - c:\documents and settings\SSpin\Application Data\Mozilla\Firefox\Profiles\aky8ynt5.default\
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: MinimizeToTrayPlus: {de1b245c-de57-11da-ba2d-0050c2490048} - %profile%\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Gmail Checker: {6BFD307A-C040-11DA-9749-FB1C850B47DF} - %profile%\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 21:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3808-)
c:\windows\system32\WININET.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2011-01-26 22:01:37
ComboFix-quarantined-files.txt 2011-01-26 21:01
ComboFix2.txt 2011-01-26 19:29
ComboFix3.txt 2011-01-26 14:53

Pre-Run: 4,681,478,144 bytes free
Post-Run: 4,663,042,048 bytes free

- - End Of File - - E55BD62197E89CFB9A24ADE37AB30214
-

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.





Arrow Ukoliko zelis (neobavezan korak) ...


Preuzmi program ATF Cleaner i sačuvaj ga na Desktop.

Štikliraj Select All i nakon toga klikni na Empty Selected.
Kada se pojavi poruka Done Cleaning, zatvori program.




-------------------------------------




Arrow


- Preporucujem ti da instaliras Service Pack 3 tj. update-ujes svoj Operativni Sistem. Necu govoriti o njegovim prednostima u odnosu na Service Pack 2. Te informacije mozes naci na internetu, na "svakom koraku". Uglavnom, MS je prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru i to je jos jedan od problema;


- Toplo ti preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html
Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/







------------------------------------------------

Ko je trenutno na forumu
 

Ukupno su 688 korisnika na forumu :: 47 registrovanih, 5 sakrivenih i 636 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 2967 - dana 31 Okt 2019 06:37

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, _Sale, A.R.Chafee.Jr., aljosa7, Arhiv, Bahuss, caesar2, chichabg, dedalus2, dejoglina, djboj, doktor097, doom83, Dorcolac2, drdoca, dtrivun, Eyes Wide Shut, FantomBP, Gama, hyla, Ivan43, JOntra2, Kubovac, Libertas, ljuba, mandic.101, mandicdamir245, Markoni29, miljannis, MiljanXD, Miskohd, nemkea71, pein, piston79, Profica, repac, robertino, ruger357, s51o, theNedjeljko, vathra, Vik, Vlada78, vobo, voja64, Wisdomseeker, 79693