TrojanDownloader Agent NWG i ostala bagra :(

1

TrojanDownloader Agent NWG i ostala bagra :(

offline
  • SSpin 
  • Saradnik foruma
  • Pridružio: 09 Dec 2004
  • Poruke: 6488
  • Gde živiš: Nis -> ***Durlan City***

Sramota me što sam relativno skoro otvarao temu, ali opet sam nemoćan. U pat poziciji sam (treba mi komp, nemam vreme za reinstal #januarski...) itd.

Primetio sam mshta.exe. Nekoliko istih procesa i dosta mi je zauzimao RAM. Zatim je ušao neki trojan. Kako Avira nije mogla da se izbori, instalirao sam NOD ali i dalje i dalje prijavljuje TrojanDownloader Agent NWG.

Pokušava da se konektuje na neki sajt i svuče još bagre.. nikako ne mogu da ga lociram i trajno obrišem

Avira, Nod, SpyBot, MBAM, sve latest definicijama skenirano trt.

Imam trenutno Nod i Sunbelt aktivne tako da kapiram da neće još skoro umreti, ali osećam da je trojan živ pa vapim za pomoć (pošto mi ovih dana baš treba komp a ne bih da rikne).

-

DDS (Ver_10-12-12.02) - NTFSx86
Run by SSpin at 23:20:48.39 on Tue 01/25/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.834 [GMT 1:00]

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir Desktop *Disabled/Outdated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Avira FireWall *Disabled*
FW: Sunbelt Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Documents and Settings\SSpin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://elt.asksearch.com/?cfg=2-360-0-<!-- function kerio_ignor(a) { } kerio_ignor("--><HTML><BODY><!--"); document.write("Ad blocked here by SPF.");kerio_ignor(" -->Ad blocked here by SPF.</BODY></HTML><!-- "); //-->
uURLSearchHooks: H - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DebugBar BHO: {69fc0024-10eb-480a-bbf2-3bf4e78e17b1} - c:\program files\core services\debugbar\DebugInfoBar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: DebugBar: {3e1201f4-1707-409f-bb45-a5f192381da0} - c:\program files\core services\debugbar\DebugToolBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = avnotify.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {5C53B829-BB74-4B24-8B5D-8D597B397852} = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~4\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sspin\applic~1\mozilla\firefox\profiles\aky8ynt5.default\
FF - component: c:\documents and settings\sspin\application data\mozilla\firefox\profiles\aky8ynt5.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\sspin\application data\mozilla\firefox\profiles\aky8ynt5.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\winnt-32\MinimizeToTrayPlus.dll
FF - plugin: c:\documents and settings\sspin\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\sspin\local settings\application data\flock\update\1.2.213.0\npFlockOneClick8.dll
FF - plugin: c:\documents and settings\sspin\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: MinimizeToTrayPlus: {de1b245c-de57-11da-ba2d-0050c2490048} - %profile%\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Gmail Checker: {6BFD307A-C040-11DA-9749-FB1C850B47DF} - %profile%\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-1-25 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-4-15 54752]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2011-1-25 65576]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys --> c:\windows\system32\drivers\fgxscsi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-9-26 30192]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2009-3-4 30336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2009-9-22 48736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-25 11:43:33 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2011-01-25 11:43:25 -------- d-----w- c:\program files\Sunbelt Software
2011-01-25 11:40:33 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-01-24 15:16:28 -------- d-----w- c:\program files\ESET
2011-01-15 23:16:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Boxtools
2011-01-15 23:16:02 -------- d-----w- c:\program files\A-PDF Text Extractor
2011-01-02 15:09:25 -------- d-----w- c:\program files\MagicISO
2011-01-02 14:36:43 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2011-01-02 14:36:43 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2011-01-02 14:36:43 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2011-01-02 14:36:43 258048 ----a-w- c:\windows\system32\imagXR7.dll
2011-01-02 14:36:43 1757184 ----a-w- c:\windows\system32\imagX7.dll
2011-01-02 14:36:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-12-29 19:08:04 120499 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2010-12-29 19:08:03 -------- d-----w- c:\program files\File Renamer
2010-12-29 18:54:43 -------- d-----w- c:\docume~1\sspin\applic~1\Hulubulu
2010-12-29 18:54:36 -------- d-----w- c:\program files\Advanced Renamer
2010-12-28 17:04:10 -------- d-----w- c:\program files\Eltima Software
2010-12-28 16:56:58 -------- d-----w- c:\program files\GlobFX
2010-12-28 16:51:52 -------- d-----w- c:\windows\system32\Adobe

==================== Find3M ====================

2009-03-11 17:21:05 478720 ----a-w- c:\program files\usbnorisk.exe
2003-01-03 19:36:52 77824 ----a-w- c:\program files\Startup.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A017555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a01d7b0]; MOV EAX, [0x8a01d82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A0A6AB8]
3 CLASSPNP[0xF7637FCF] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000006d[0x8A0AA9E8]
5 ACPI[0xF74AC620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A035940]
\Driver\atapi[0x8A037808] -> IRP_MJ_CREATE -> 0x8A017555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskST380011A_______________________________3.06____#4a33335635335141202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A01739B
\Driver\atapi -> 0x8a13e1e8
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 23:24:06.64 ===============

Hvala momci unapred, i zaista cenima vaš rad i vreme! Ziveli

http://fotkica.com/uploads2N/2245_1019067041_RootRepeal%20report%2001-25-11%20%2823-53-39%29.txt

http://fotkica.com/uploads2N/2245_768101452_Attach.txt

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav SSpin!









U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------




Arrow



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.









goran9888 (AMF Tim)

offline
  • SSpin 
  • Saradnik foruma
  • Pridružio: 09 Dec 2004
  • Poruke: 6488
  • Gde živiš: Nis -> ***Durlan City***

Pre svega veliko hvala na izdvojenom vremenu, Gorane Smile

Log:

ComboFix 11-01-25.03 - SSpin 01/26/2011 15:21:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.860 [GMT 1:00]
Running from: c:\documents and settings\SSpin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Avira FireWall *Disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\d.ini
c:\windows\system32\Config.ini
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
.

2011-01-25 11:43 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2011-01-25 11:43 . 2011-01-25 11:43 -------- d-----w- c:\program files\Sunbelt Software
2011-01-25 11:40 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-01-24 15:49 . 2011-01-24 15:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-01-24 15:16 . 2011-01-24 15:16 -------- d-----w- c:\program files\ESET
2011-01-15 23:16 . 2011-01-22 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Boxtools
2011-01-15 23:16 . 2011-01-15 23:16 -------- d-----w- c:\program files\A-PDF Text Extractor
2011-01-02 15:09 . 2011-01-02 15:09 -------- d-----w- c:\program files\MagicISO
2011-01-02 14:38 . 2011-01-02 14:38 -------- d-----w- c:\documents and settings\SSpin\Application Data\Nero
2011-01-02 14:36 . 2006-03-17 13:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2011-01-02 14:36 . 2006-03-17 10:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2011-01-02 14:36 . 2006-03-17 10:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2011-01-02 14:36 . 2006-03-17 10:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2011-01-02 14:36 . 2006-03-17 10:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2011-01-02 14:36 . 2011-01-02 14:37 -------- d-----w- c:\program files\Common Files\Nero
2011-01-02 14:36 . 2011-01-02 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-12-29 19:08 . 2010-12-29 19:08 120499 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2010-12-29 19:08 . 2010-12-29 19:11 -------- d-----w- c:\program files\File Renamer
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\documents and settings\SSpin\Application Data\Hulubulu
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\program files\Advanced Renamer
2010-12-28 17:04 . 2010-12-28 17:04 -------- d-----w- c:\program files\Eltima Software
2010-12-28 16:56 . 2010-12-28 16:56 -------- d-----w- c:\program files\GlobFX
2010-12-28 16:51 . 2010-12-28 16:51 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-03-04 10:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-04 10:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-11 17:21 . 2009-03-11 17:21 478720 ----a-w- c:\program files\usbnorisk.exe
2003-01-03 19:36 . 2009-03-07 19:26 77824 ----a-w- c:\program files\Startup.exe
2010-08-25 08:20 . 2009-09-26 16:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SSpin^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\SSpin\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-03-19 20:31 321344 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series]
2002-02-19 02:03 74240 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S10IC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flock Update]
2010-09-26 10:21 136312 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-05 11:02 133104 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-07-22 12:32 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2002-10-25 10:18 4239360 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2002-10-25 10:18 315392 ----a-r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 12:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-03-04 10:07 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-19 19:43 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-15 18:09 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/7/2009 3:46 PM 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/25/2011 12:43 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 4:54 AM 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 7:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 7:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/25/2011 12:40 PM 65576]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 1:23 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/26/2009 5:10 PM 30192]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [3/4/2009 10:43 AM 30336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 9:22 PM 34064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [9/22/2009 12:52 PM 48736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2011-01-25 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-25 20:03]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-10-04 10:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://elt.asksearch.com/?cfg=2-360-0-<!-- function kerio_ignor(a) { } kerio_ignor("--><HTML><BODY><!--"); document.write("Ad blocked here by SPF.");kerio_ignor(" -->Ad blocked here by SPF.</BODY></HTML><!-- "); //-->
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {5C53B829-BB74-4B24-8B5D-8D597B397852} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\SSpin\Application Data\Mozilla\Firefox\Profiles\aky8ynt5.default\
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: MinimizeToTrayPlus: {de1b245c-de57-11da-ba2d-0050c2490048} - %profile%\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Gmail Checker: {6BFD307A-C040-11DA-9749-FB1C850B47DF} - %profile%\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{038cb5c7-48ea-4af9-94e0-a1646542e62b} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{038cb5c7-48ea-4af9-94e0-a1646542e62b} - (no file)
WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
MSConfigStartUp-LogitechRegisterVideoApplications - c:\program files\Logitech\Video\InstallHelper.exe
MSConfigStartUp-{F900AF04-D757-5AFE-D57B-8C4BE292DEC4} - c:\documents and settings\SSpin\Application Data\Qywota\efaf.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 15:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380011A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A07F555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a0857b0]; MOV EAX, [0x8a08582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A046AB8]
3 CLASSPNP[0xF7637FCF] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000006d[0x8A0A39E8]
5 ACPI[0xF74AC620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A048D98]
\Driver\atapi[0x8A0A1158] -> IRP_MJ_CREATE -> 0x8A07F555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskST380011A_______________________________3.06____#4a33335635335141202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A07F39B
\Driver\atapi -> 0x8a13e1e8
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98E8CD69-E212-A5B4-D018-0500295CB069}\InProcServer32*]
"jamgbjhenlkpopdfgggo"=hex:6a,61,6f,62,68,6e,66,63,64,6e,6b,65,64,67,6a,6e,67,
6f,62,6e,00,c8
"iamglibdggpnddomff"=hex:6a,61,6f,62,68,6e,66,63,64,6e,6b,65,64,67,6a,6e,67,6f,
62,6e,00,04
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1064)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1544)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\hnetcfg.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-26 15:53:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-26 14:53

Pre-Run: 4,587,884,544 bytes free
Post-Run: 4,703,559,680 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3D76B1FBCD17CBE347FAE950B65FDABA
-

Inače dešava se da upalim komp, vidim pozadinu ali nijednu ikonu. Desni klik ne radi. Nakon nekoliko restarta sve normalno. I Chrome je prestao da radi. (to su takođe sve bili simptomi)

Šta mi je dalje činiti? O kakvoj infekciji se radi?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:


TDSSKiller

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.


Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.


U slucaju da dobijes upozorenje Can't cure MBR. Write standard boot code (primer), klikni na Yes.


Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)












goran9888 (AMF Tim)

offline
  • SSpin 
  • Saradnik foruma
  • Pridružio: 09 Dec 2004
  • Poruke: 6488
  • Gde živiš: Nis -> ***Durlan City***

2011/01/26 16:58:22.0640 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/26 16:58:22.0640 ================================================================================
2011/01/26 16:58:22.0640 SystemInfo:
2011/01/26 16:58:22.0640
2011/01/26 16:58:22.0640 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/26 16:58:22.0640 Product type: Workstation
2011/01/26 16:58:22.0640 ComputerName: SSPIN-67966371D
2011/01/26 16:58:22.0640 UserName: SSpin
2011/01/26 16:58:22.0640 Windows directory: C:\WINDOWS
2011/01/26 16:58:22.0640 System windows directory: C:\WINDOWS
2011/01/26 16:58:22.0640 Processor architecture: Intel x86
2011/01/26 16:58:22.0640 Number of processors: 1
2011/01/26 16:58:22.0640 Page size: 0x1000
2011/01/26 16:58:22.0640 Boot type: Normal boot
2011/01/26 16:58:22.0640 ================================================================================
2011/01/26 16:58:22.0828 Initialize success
2011/01/26 16:58:26.0359 ================================================================================
2011/01/26 16:58:26.0359 Scan started
2011/01/26 16:58:26.0359 Mode: Manual;
2011/01/26 16:58:26.0359 ================================================================================
2011/01/26 16:58:27.0656 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/26 16:58:27.0828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/26 16:58:28.0093 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/01/26 16:58:28.0234 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
2011/01/26 16:58:28.0859 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/01/26 16:58:29.0281 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/01/26 16:58:29.0921 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/26 16:58:30.0062 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/26 16:58:30.0359 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/26 16:58:30.0531 audstub (d9f724aa26c010a217c97606b160ed68-) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/26 16:58:30.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/26 16:58:30.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/26 16:58:31.0093 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/26 16:58:31.0296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/26 16:58:31.0453 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/26 16:58:31.0593 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/26 16:58:32.0625 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/26 16:58:32.0843 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/26 16:58:33.0031 dmio (f5e7b358a732d09f4bcf2824b88b9e28-) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/26 16:58:33.0187 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/26 16:58:33.0343 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/26 16:58:33.0593 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/26 16:58:33.0734 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/01/26 16:58:33.0906 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/01/26 16:58:34.0125 epfwtdir (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/01/26 16:58:34.0312 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/26 16:58:34.0468 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/26 16:58:34.0609 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/01/26 16:58:34.0921 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/26 16:58:35.0093 Flpydisk (0dd1de43115b93f4d85e889d7a86f548-) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/26 16:58:35.0234 FltMgr (6cc5181f718820861eeadae38f764b75) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/26 16:58:35.0421 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/01/26 16:58:35.0609 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/26 16:58:35.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/26 16:58:35.0968 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/26 16:58:36.0187 HidUsb (1de6783b918f540149aa69943bdfeba8-) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/26 16:58:36.0421 HTTP (261bf53e1d1c21f04b4e748a6ed3d055) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/26 16:58:36.0765 i8042prt (5502b58eef7486ee6f93f3f164dcb808-) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/26 16:58:36.0937 iadusb (6b9ab7919228559a57d94f762413459d) C:\WINDOWS\system32\DRIVERS\glauiad.sys
2011/01/26 16:58:37.0093 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/26 16:58:37.0484 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/26 16:58:37.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/26 16:58:37.0796 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/26 16:58:37.0953 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/26 16:58:38.0140 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/26 16:58:38.0296 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/26 16:58:38.0453 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/26 16:58:38.0640 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/26 16:58:38.0812 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/26 16:58:39.0000 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/26 16:58:39.0171 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/26 16:58:39.0656 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/01/26 16:58:39.0875 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/26 16:58:40.0078 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/26 16:58:40.0234 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/26 16:58:40.0390 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/26 16:58:40.0562 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/26 16:58:40.0843 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/26 16:58:41.0031 MRxSmb (3500e756812e716351f2d341ae1d5623) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/26 16:58:41.0281 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/26 16:58:41.0468 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/26 16:58:41.0625 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448-) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/26 16:58:41.0812 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/26 16:58:41.0953 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/26 16:58:42.0140 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/26 16:58:42.0312 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/26 16:58:42.0468 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/26 16:58:42.0640 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/26 16:58:42.0812 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/26 16:58:42.0968 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/26 16:58:43.0125 Ndisuio (77d9bf86b912104c229d4f0d25be3c12) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/26 16:58:43.0281 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/26 16:58:43.0421 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/26 16:58:43.0562 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/26 16:58:43.0843 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/26 16:58:44.0140 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/01/26 16:58:44.0343 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/01/26 16:58:44.0500 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/26 16:58:44.0703 Ntfs (7179ac3f4258aec9627590a842fda1d6) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/26 16:58:44.0906 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/26 16:58:45.0109 nv (138c05abeadb234439f7cb84f7f96c13) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/26 16:58:45.0312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/26 16:58:45.0468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/26 16:58:45.0703 Parport (29744eb4ce659dfe3b4122deb45bc478-) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/26 16:58:45.0859 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/26 16:58:46.0015 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/26 16:58:46.0203 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/26 16:58:46.0609 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/26 16:58:47.0562 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/26 16:58:47.0718 PSched (48671f327553dcf1d27f6197f622a668-) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/26 16:58:47.0890 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/26 16:58:48.0078 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2011/01/26 16:58:48.0703 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/26 16:58:48.0875 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/26 16:58:49.0062 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/26 16:58:49.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/26 16:58:49.0390 Rdbss (b48441a6dc703ee4c36db14ee51a189c) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/26 16:58:49.0546 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/26 16:58:49.0703 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/26 16:58:49.0890 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/26 16:58:50.0078 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/26 16:58:50.0281 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/01/26 16:58:50.0500 SbFw (419883201ca9ad697ccfb8fc46dd6f78-) C:\WINDOWS\system32\drivers\SbFw.sys
2011/01/26 16:58:50.0640 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
2011/01/26 16:58:50.0812 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys
2011/01/26 16:58:51.0062 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/26 16:58:51.0250 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/26 16:58:51.0406 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/26 16:58:51.0687 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/26 16:58:52.0000 SIVDRIVER (e3642109319c449bd6181cbcb4a53c59) C:\WINDOWS\system32\Drivers\SIVX32.sys
2011/01/26 16:58:52.0156 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/26 16:58:52.0453 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/26 16:58:52.0687 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/01/26 16:58:52.0687 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/01/26 16:58:52.0718 sptd - detected Locked file (1)
2011/01/26 16:58:52.0859 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/26 16:58:53.0062 Srv (d4af9861c3b6a2163d26dc6b9cf05e2a) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/26 16:58:53.0234 StarOpen (221c2379681d9d0eba57633446cbf50f) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/01/26 16:58:53.0421 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/26 16:58:53.0578 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/26 16:58:53.0750 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/26 16:58:54.0375 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/26 16:58:54.0593 Tcpip (744e57c99232201ae98c49168b918f48-) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/26 16:58:54.0765 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/26 16:58:54.0906 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/26 16:58:55.0125 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/26 16:58:55.0468 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/26 16:58:55.0765 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/26 16:58:55.0984 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/26 16:58:56.0171 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/26 16:58:56.0328 usbehci (4a84dd272df62be5739394b3f90f8ae2) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/26 16:58:56.0484 usbhub (a874d1629762019ceaf824ad8a8c5660) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/26 16:58:56.0656 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/26 16:58:56.0921 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/26 16:58:57.0046 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/26 16:58:57.0171 usbuhci (654c19d5ca14483be3c2384cddc09468-) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/26 16:58:57.0312 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/26 16:58:57.0421 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/26 16:58:57.0531 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/26 16:58:57.0671 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/26 16:58:57.0859 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/26 16:58:58.0125 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/01/26 16:58:58.0281 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8-) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/26 16:58:58.0406 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/26 16:58:58.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/26 16:58:58.0687 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/26 16:58:58.0781 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/26 16:58:58.0781 ================================================================================
2011/01/26 16:58:58.0781 Scan finished
2011/01/26 16:58:58.0781 ================================================================================
2011/01/26 16:58:58.0812 Detected object count: 2
2011/01/26 16:59:08.0781 Locked file(sptd) - User select action: Skip
2011/01/26 16:59:08.0812 \HardDisk0 - will be cured after reboot
2011/01/26 16:59:08.0812 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/26 16:59:19.0734 Deinitialize success

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Ponovo pokreni ComboFix i postavi mi svez CF log u sledecoj poruci.















goran9888 (AMF Tim)

offline
  • SSpin 
  • Saradnik foruma
  • Pridružio: 09 Dec 2004
  • Poruke: 6488
  • Gde živiš: Nis -> ***Durlan City***

Imal spasa? Smile

-
ComboFix 11-01-25.05 - SSpin 01/26/2011 20:14:52.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.824 [GMT 1:00]
Running from: c:\documents and settings\SSpin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Avira FireWall *Disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
.

2011-01-25 11:43 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2011-01-25 11:43 . 2011-01-25 11:43 -------- d-----w- c:\program files\Sunbelt Software
2011-01-25 11:40 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-01-24 15:49 . 2011-01-24 15:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-01-24 15:16 . 2011-01-24 15:16 -------- d-----w- c:\program files\ESET
2011-01-15 23:16 . 2011-01-22 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Boxtools
2011-01-15 23:16 . 2011-01-15 23:16 -------- d-----w- c:\program files\A-PDF Text Extractor
2011-01-02 15:09 . 2011-01-02 15:09 -------- d-----w- c:\program files\MagicISO
2011-01-02 14:38 . 2011-01-02 14:38 -------- d-----w- c:\documents and settings\SSpin\Application Data\Nero
2011-01-02 14:36 . 2006-03-17 13:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2011-01-02 14:36 . 2006-03-17 10:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2011-01-02 14:36 . 2006-03-17 10:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2011-01-02 14:36 . 2006-03-17 10:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2011-01-02 14:36 . 2006-03-17 10:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2011-01-02 14:36 . 2011-01-02 14:37 -------- d-----w- c:\program files\Common Files\Nero
2011-01-02 14:36 . 2011-01-02 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-12-29 19:08 . 2010-12-29 19:08 120499 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2010-12-29 19:08 . 2010-12-29 19:11 -------- d-----w- c:\program files\File Renamer
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\documents and settings\SSpin\Application Data\Hulubulu
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\program files\Advanced Renamer
2010-12-28 17:04 . 2010-12-28 17:04 -------- d-----w- c:\program files\Eltima Software
2010-12-28 16:56 . 2010-12-28 16:56 -------- d-----w- c:\program files\GlobFX
2010-12-28 16:51 . 2010-12-28 16:51 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-03-04 10:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-04 10:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-11 17:21 . 2009-03-11 17:21 478720 ----a-w- c:\program files\usbnorisk.exe
2003-01-03 19:36 . 2009-03-07 19:26 77824 ----a-w- c:\program files\Startup.exe
2010-08-25 08:20 . 2009-09-26 16:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-26_14.44.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-26 18:28 . 2011-01-26 18:28 16384 c:\windows\Temp\Perflib_Perfdata_794.dat
+ 2001-08-23 14:00 . 2011-01-26 14:47 84994 c:\windows\system32\perfc009.dat
- 2001-08-23 14:00 . 2010-10-31 08:17 84994 c:\windows\system32\perfc009.dat
+ 2001-08-23 14:00 . 2011-01-26 14:47 496620 c:\windows\system32\perfh009.dat
- 2001-08-23 14:00 . 2010-10-31 08:17 496620 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SSpin^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\SSpin\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-03-19 20:31 321344 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series]
2002-02-19 02:03 74240 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S10IC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flock Update]
2010-09-26 10:21 136312 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-05 11:02 133104 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-07-22 12:32 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2002-10-25 10:18 4239360 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2002-10-25 10:18 315392 ----a-r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 12:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-03-04 10:07 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-19 19:43 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-15 18:09 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/7/2009 3:46 PM 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/25/2011 12:43 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 4:54 AM 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 7:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 7:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/25/2011 12:40 PM 65576]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 1:23 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/26/2009 5:10 PM 30192]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [3/4/2009 10:43 AM 30336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 9:22 PM 34064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [9/22/2009 12:52 PM 48736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2011-01-25 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-25 20:03]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-10-04 10:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://elt.asksearch.com/?cfg=2-360-0-<!-- function kerio_ignor(a) { } kerio_ignor("--><HTML><BODY><!--"); document.write("Ad blocked here by SPF.");kerio_ignor(" -->Ad blocked here by SPF.</BODY></HTML><!-- "); //-->
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {5C53B829-BB74-4B24-8B5D-8D597B397852} = 208.67.222.222,208.67.220.220
TCP: {6DF862F7-CE13-4B35-881A-32275696F818} = 92.60.224.20 92.60.224.30
FF - ProfilePath - c:\documents and settings\SSpin\Application Data\Mozilla\Firefox\Profiles\aky8ynt5.default\
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: MinimizeToTrayPlus: {de1b245c-de57-11da-ba2d-0050c2490048} - %profile%\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Gmail Checker: {6BFD307A-C040-11DA-9749-FB1C850B47DF} - %profile%\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 20:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98E8CD69-E212-A5B4-D018-0500295CB069}\InProcServer32*]
"jamgbjhenlkpopdfgggo"=hex:6a,61,6f,62,68,6e,66,63,64,6e,6b,65,64,67,6a,6e,67,
6f,62,6e,00,c8
"iamglibdggpnddomff"=hex:6a,61,6f,62,68,6e,66,63,64,6e,6b,65,64,67,6a,6e,67,6f,
62,6e,00,04
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2011-01-26 20:29:05
ComboFix-quarantined-files.txt 2011-01-26 19:28
ComboFix2.txt 2011-01-26 14:53

Pre-Run: 4,685,365,248 bytes free
Post-Run: 4,666,925,056 bytes free

- - End Of File - - 53B5A9265FC2F4A39C3ABC1CA0B50030

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow


Otvoriti Notepad i iskopirati sledeci tekst:

SecCenter::
{11638345-E4FC-4BEE-BB73-EC754659C5F6}
{AD166499-45F9-482A-A743-FDD3350758C7}


DDS::
uStart Page = hxxp://elt.asksearch.com/?cfg=2-360-0-<!-- function kerio_ignor(a) { } kerio_ignor("--><HTML><BODY><!--"); document.write("Ad blocked here by SPF.");kerio_ignor(" -->Ad blocked here by SPF.</BODY></HTML><!-- "); //-->


RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98E8CD69-E212-A5B4-D018-0500295CB069}\InProcServer32*]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.








Arrow


Kakvo je sada stanje racunara? Ima li vidljivih problema?










goran9888 (AMF Tim)

offline
  • SSpin 
  • Saradnik foruma
  • Pridružio: 09 Dec 2004
  • Poruke: 6488
  • Gde živiš: Nis -> ***Durlan City***

Sada je, koliko vidim, ok. NOD više ne prijavljuje ništa...

-
ComboFix 11-01-25.05 - SSpin 01/26/2011 21:47:56.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1279.777 [GMT 1:00]
Running from: c:\documents and settings\SSpin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SSpin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
.

2011-01-25 11:43 . 2008-10-31 06:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2011-01-25 11:43 . 2011-01-25 11:43 -------- d-----w- c:\program files\Sunbelt Software
2011-01-25 11:40 . 2008-06-21 03:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-01-24 15:49 . 2011-01-24 15:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-01-24 15:16 . 2011-01-24 15:16 -------- d-----w- c:\program files\ESET
2011-01-15 23:16 . 2011-01-22 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Boxtools
2011-01-15 23:16 . 2011-01-15 23:16 -------- d-----w- c:\program files\A-PDF Text Extractor
2011-01-02 15:09 . 2011-01-02 15:09 -------- d-----w- c:\program files\MagicISO
2011-01-02 14:38 . 2011-01-02 14:38 -------- d-----w- c:\documents and settings\SSpin\Application Data\Nero
2011-01-02 14:36 . 2006-03-17 13:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2011-01-02 14:36 . 2006-03-17 10:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2011-01-02 14:36 . 2006-03-17 10:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2011-01-02 14:36 . 2006-03-17 10:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2011-01-02 14:36 . 2006-03-17 10:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2011-01-02 14:36 . 2011-01-02 14:37 -------- d-----w- c:\program files\Common Files\Nero
2011-01-02 14:36 . 2011-01-02 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-12-29 19:08 . 2010-12-29 19:08 120499 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2010-12-29 19:08 . 2010-12-29 19:11 -------- d-----w- c:\program files\File Renamer
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\documents and settings\SSpin\Application Data\Hulubulu
2010-12-29 18:54 . 2010-12-29 18:54 -------- d-----w- c:\program files\Advanced Renamer
2010-12-28 17:04 . 2010-12-28 17:04 -------- d-----w- c:\program files\Eltima Software
2010-12-28 16:56 . 2010-12-28 16:56 -------- d-----w- c:\program files\GlobFX
2010-12-28 16:51 . 2010-12-28 16:51 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-03-04 10:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-03-04 10:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-11 17:21 . 2009-03-11 17:21 478720 ----a-w- c:\program files\usbnorisk.exe
2003-01-03 19:36 . 2009-03-07 19:26 77824 ----a-w- c:\program files\Startup.exe
2010-08-25 08:20 . 2009-09-26 16:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-26_14.44.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-26 18:28 . 2011-01-26 18:28 16384 c:\windows\Temp\Perflib_Perfdata_794.dat
+ 2001-08-23 14:00 . 2011-01-26 14:47 84994 c:\windows\system32\perfc009.dat
- 2001-08-23 14:00 . 2010-10-31 08:17 84994 c:\windows\system32\perfc009.dat
+ 2001-08-23 14:00 . 2011-01-26 14:47 496620 c:\windows\system32\perfh009.dat
- 2001-08-23 14:00 . 2010-10-31 08:17 496620 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SSpin^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\SSpin\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-03-19 20:31 321344 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series]
2002-02-19 02:03 74240 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S10IC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flock Update]
2010-09-26 10:21 136312 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-05 11:02 133104 ----atw- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2007-07-22 12:32 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2002-10-25 10:18 4239360 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2002-10-25 10:18 315392 ----a-r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 12:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-03-04 10:07 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-19 19:43 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-15 18:09 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/7/2009 3:46 PM 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 12:31 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 12:28 PM 95896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [1/25/2011 12:43 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 4:54 AM 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/4/2010 5:15 PM 810144]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 7:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 7:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [1/25/2011 12:40 PM 65576]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 1:23 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/26/2009 5:10 PM 30192]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [3/4/2009 10:43 AM 30336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 9:22 PM 34064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [9/22/2009 12:52 PM 48736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder

2011-01-25 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-09-26 10:21]

2011-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-25 20:03]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 12:23]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003Core.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1035525444-839522115-1003UA.job
- c:\documents and settings\SSpin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-05 11:02]

2011-01-26 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-10-04 10:30]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {5C53B829-BB74-4B24-8B5D-8D597B397852} = 208.67.222.222,208.67.220.220
TCP: {6DF862F7-CE13-4B35-881A-32275696F818} = 92.60.224.20 92.60.224.30
FF - ProfilePath - c:\documents and settings\SSpin\Application Data\Mozilla\Firefox\Profiles\aky8ynt5.default\
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: MinimizeToTrayPlus: {de1b245c-de57-11da-ba2d-0050c2490048} - %profile%\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Gmail Checker: {6BFD307A-C040-11DA-9749-FB1C850B47DF} - %profile%\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 21:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3808-)
c:\windows\system32\WININET.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2011-01-26 22:01:37
ComboFix-quarantined-files.txt 2011-01-26 21:01
ComboFix2.txt 2011-01-26 19:29
ComboFix3.txt 2011-01-26 14:53

Pre-Run: 4,681,478,144 bytes free
Post-Run: 4,663,042,048 bytes free

- - End Of File - - E55BD62197E89CFB9A24ADE37AB30214
-

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.





Arrow Ukoliko zelis (neobavezan korak) ...


Preuzmi program ATF Cleaner i sačuvaj ga na Desktop.

Štikliraj Select All i nakon toga klikni na Empty Selected.
Kada se pojavi poruka Done Cleaning, zatvori program.




-------------------------------------




Arrow


- Preporucujem ti da instaliras Service Pack 3 tj. update-ujes svoj Operativni Sistem. Necu govoriti o njegovim prednostima u odnosu na Service Pack 2. Te informacije mozes naci na internetu, na "svakom koraku". Uglavnom, MS je prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru i to je jos jedan od problema;


- Toplo ti preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html
Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/







------------------------------------------------

Ko je trenutno na forumu
 

Ukupno su 612 korisnika na forumu :: 3 registrovanih, 1 sakriven i 608 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: dekir, draggan, saputnik plavetnila