Win32:Malware-gen

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 22 Feb 2010 22:38

Koristim Win XP, kablovski internet 1536/512 kbps.
Pre dva dana sam primeti da mi je računar usporio, te da je po nekad prilično bučan. Nisam imao na njemu nikakav antivirus program te sam pokušao da skinem neki besplatan.
Skinem na primer Aviru pustim instalaciju međutim ništa se ne dešava, isto tako i sa AVG ...
Pokušao sam skenirati računar na nekom od on line skenera, ali mi virus ne dozvoljava. Symantec sajt uopšte ne mogu otvoriti, Not Found, BitDefender takođe.
Nekako sam uspeo skinuti Avast te je on locirao taj win32-malware-gen.
Na primer kada otvorim IE on se aktivira, mislim da je Avast locirao 9 takvih aktiviranja.

Dopuna: 23 Feb 2010 10:31

Skonato sam da odmah treba da prikačim log pa sam danas skinuo dds međutim prilikom pokretanja mi izbacuje poruku:

dds.com is not a valid in Win32 application.

Da dodam;
Koristio sam i Ewido, nije ništa pronašao, a Spiware Terminator je u Ewidovoj instalaciji pronašao 3 Trojan.Agenta i kada ih je pobrisao, Ewido više nisam mogao da pokrenem pa sam ga deinstalirao.
Bio sam i na Microsoft sajtu tamo sam uspeo da skeniram računar, no ništa ne detektuje.
Kačio sam i Hijackthis log i sve je čisto po "njima".

Šta mi je činiti?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Data su tri linka za download DDS-a - probaj preuzeti program sa nekog drugog linka.

Takođe, potrebni su Gmer logovi.


Citat:Nekako sam uspeo skinuti Avast te je on locirao taj win32-malware-gen.
Na primer kada otvorim IE on se aktivira, mislim da je Avast locirao 9 takvih aktiviranja.

Napravi screenshot neke od tih detekcija ili postavi avast!-ove logove (zanima me naziv file-a koji bude detektovan).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav,

uradio sam 3 slikanja, fajl je 2.25 da ne instaliram nove programe da smanjim fotku zipovao sam

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png


sledi log dds-a

DDS (Ver_09-12-01.01) - NTFSx86
Run by nas at 12:56:31.28 on Tue 02/23/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.48 [GMT -8:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Documents and Settings\nas\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x080f -f video -m logitech -d 12.0.1278.0
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: raiffeisenbank.rs\rol
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263835400078
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263835388578
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT9.dll
DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/EBCSCC2A.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-21 162512]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-2-20 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-21 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-21 40384]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-21 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-21 40384]

=============== Created Last 30 ================

2010-02-21 12:08:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-02-21 08:03:30 0 d-----w- c:\program files\WinClamAVShield
2010-02-21 07:55:12 0 d-----w- c:\program files\Crawler
2010-02-20 23:09:33 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-20 23:09:33 0 d-----w- c:\docume~1\nas\applic~1\Spyware Terminator
2010-02-20 23:09:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2010-02-20 23:09:27 0 d-----w- c:\program files\Spyware Terminator
2010-02-20 20:44:38 0 d-----w- c:\program files\RegDefense
2010-02-20 19:11:15 0 d-----w- c:\docume~1\nas\applic~1\AVG8
2010-02-19 21:05:38 0 d-----w- c:\docume~1\nas\applic~1\Malwarebytes
2010-02-19 21:05:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-17 19:06:13 125 ----a-w- c:\windows\disney.ini
2010-02-15 09:31:02 0 d-----w- c:\program files\Alcohol Soft
2010-02-15 09:29:06 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-14 10:35:31 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-14 09:44:35 0 d--h--w- c:\windows\system32\GroupPolicy
2010-02-12 20:03:16 764868 -c----w- c:\windows\system32\dllcache\apph_sp.sdb
2010-02-12 20:03:15 217118 -c----w- c:\windows\system32\dllcache\apphelp.sdb
2010-02-12 20:03:15 1197294 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-02-12 20:02:35 0 d-----w- c:\program files\Windows Media Connect 2
2010-02-12 20:00:01 0 d-----w- c:\windows\system32\LogFiles
2010-02-12 19:31:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-12 19:19:34 0 d-----r- c:\program files\Skype
2010-02-07 07:23:48 0 d-----w- c:\program files\common files\Windows Live
2010-02-07 07:22:55 0 d-----w- c:\program files\Microsoft

==================== Find3M ====================


============= FINISH: 12:57:26.31 ===============

sledi opet problem koji me potsetio da sam juče ili prekjuče već pokušao sa Gmerom i isto mi se ovo dešavalo, računar se gasi, kačim sliku




mycity.rs/must-login.png

mycity.rs/must-login.png

A uf sati mi trebaju za par slika i rečenica, užasno je spor :-(

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obzirom na to da nemaš Service Pack 3 i da nisi imao antivirus, ovde može da bude bukvalno bilo šta.

Jasno ti je i samom u kakvom je stanju Windows - ja ne mogu da ti garantujem da ga možemo dovesti u bolje pa čak ni da ga nećemo dovesti u gore stanje (kao što rekoh, tu može da bude bilo šta).


Ako želiš da probamo i vidimo da li se nešto da uraditi, isprati donje uputstvo.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nije problem, ovakav Win mi ništa ne znači

Naknadno sam pročitao za RootRepeal pa upravo to radim, da završim pa okačim izveštaj ili da odmah pređemo na ovo što si napisao?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ako dobiješ RootRepeal log, postavi ga i onda pređi na gornje uputstvo.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 23 Feb 2010 23:52

1.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/02/23 13:53
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF7DE9000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF9F88000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP1488
Image Path: \Driver\PCI_PNP1488
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF6242000 Size: 49152 File Visible: No Signed: -
Status: -

Name: splm.sys
Image Path: splm.sys
Address: 0xF991E000 Size: 995328 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebdc5a

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebdb16

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebe0ca

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebdff4

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebd6ec

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "splm.sys" at address 0xf9937da4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "splm.sys" at address 0xf9938132

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebdbf0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebd62c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebd690

#: 160 Function Name: NtQueryKey
Status: Hooked by "splm.sys" at address 0xf993820a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebdd10

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebe198

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebdcd0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf7ebde50

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x81b8b1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x81b8d1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x81b8d1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81b8d1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81b8d1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x81b8d1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x81b8d1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x81b8d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x818b6500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x818b6500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x818b6500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x818b6500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x818b6500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x818b6500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x818b6500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x818b6500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x818b6500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x818b6500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x818b6500 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x81b8e1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x81b8e1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x81b8e1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x81b8e1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x81b8e1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81b8e1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81b8e1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x81b8e1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x81b8e1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x81b8e1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x81b8e1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x819441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x819441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x819441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x819441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x819441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x819441f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x819441f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x81b8f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x81b8f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x81b8f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x81b8f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81b8f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81b8f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x81b8f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x81b8f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x81b8f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x81b8f1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x81b8f1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x819791f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x819791f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x819791f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x819791f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x819791f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x819791f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x818d41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x818d41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x818d41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x818d41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x818d41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x818d41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x818d41f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8179f500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_CREATE]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_CLOSE]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_READ]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_SHUTDOWN]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_CLEANUP]
Process: System Address: 0x817741f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ
瑎てȁః瑎て, IRP_MJ_PNP]
Process: System Address: 0x817741f8 Size: 121

==EOF==

Dopuna: 24 Feb 2010 0:21

ComboFix 10-02-23.03 - nas 02/23/2010 15:06:12.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.114 [GMT -8:00]
Running from: c:\documents and settings\nas\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\nas\LOCALS~1\Temp\sspjbn.tmp
c:\documents and settings\nas\Local Settings\Temp\sspjbn.tmp

.
((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-23 05:57 . 2010-02-23 05:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spyware Terminator
2010-02-21 12:09 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-21 12:09 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-21 12:09 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-21 12:09 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-21 12:09 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-21 12:09 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-21 12:09 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-21 12:08 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-21 12:08 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-21 12:08 . 2010-02-21 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-21 08:03 . 2010-02-21 08:31 -------- d-----w- c:\program files\WinClamAVShield
2010-02-21 07:55 . 2010-02-23 22:53 -------- d-----w- c:\program files\Crawler
2010-02-20 23:09 . 2010-02-23 09:22 -------- d-----w- c:\documents and settings\nas\Application Data\Spyware Terminator
2010-02-20 23:09 . 2010-02-20 23:09 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-02-20 23:09 . 2010-02-20 23:09 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-02-20 23:09 . 2010-02-20 23:09 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-20 23:09 . 2010-02-21 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-02-20 23:09 . 2010-02-23 05:57 -------- d-----w- c:\program files\Spyware Terminator
2010-02-20 22:36 . 2010-02-20 22:36 21808 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-20 20:44 . 2010-02-20 20:51 -------- d-----w- c:\program files\RegDefense
2010-02-20 19:11 . 2010-02-20 19:11 -------- d-----w- c:\documents and settings\nas\Application Data\AVG8
2010-02-19 21:05 . 2010-02-19 21:05 -------- d-----w- c:\documents and settings\nas\Application Data\Malwarebytes
2010-02-19 21:05 . 2010-02-19 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-15 09:31 . 2010-02-15 09:31 -------- d-----w- c:\program files\Alcohol Soft
2010-02-15 09:29 . 2010-02-15 09:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-14 10:35 . 2010-02-14 10:35 -------- d-----w- c:\program files\Common Files\logishrd
2010-02-14 09:44 . 2010-02-14 09:44 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-02-12 20:02 . 2010-02-12 20:02 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-12 20:00 . 2010-02-12 20:00 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-12 20:00 . 2010-02-12 20:00 -------- d-----w- c:\windows\system32\LogFiles
2010-02-12 19:31 . 2010-02-15 16:26 -------- d-----w- c:\documents and settings\nas\Application Data\skypePM
2010-02-12 19:31 . 2010-02-12 19:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-12 19:20 . 2010-02-15 20:32 -------- d-----w- c:\documents and settings\nas\Application Data\Skype
2010-02-12 19:19 . 2010-02-12 19:19 -------- d-----w- c:\program files\Common Files\Skype
2010-02-12 19:19 . 2010-02-12 19:20 -------- d-----r- c:\program files\Skype
2010-02-12 19:19 . 2010-02-12 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-07 11:34 . 2010-02-07 11:34 -------- d-----w- c:\documents and settings\nas\Local Settings\Application Data\Help
2010-02-07 10:39 . 2010-02-07 10:39 -------- d-----w- c:\documents and settings\nas\Local Settings\Application Data\Opera
2010-02-07 10:39 . 2010-02-07 10:39 -------- d-----w- c:\program files\Opera
2010-02-07 07:23 . 2010-02-07 07:23 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-07 07:23 . 2010-02-14 19:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-07 07:22 . 2010-02-07 07:22 -------- d-----w- c:\program files\Microsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 12:08 . 2009-12-24 18:28 -------- d-----w- c:\program files\Alwil Software
2010-02-19 13:51 . 2009-12-12 19:07 -------- d-----w- c:\documents and settings\nas\Application Data\vlc
2010-02-15 11:37 . 2009-10-12 20:21 -------- d-----w- c:\program files\AVG
2010-02-14 20:30 . 2010-02-14 10:35 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-14 20:11 . 2009-10-13 04:17 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-01-21 08:22 . 2009-10-23 04:20 -------- d-----w- c:\documents and settings\nas\Application Data\MSN6
2010-01-19 14:59 . 2010-01-19 14:59 -------- d-----w- c:\documents and settings\nas\Application Data\dvdcss
2010-01-17 09:06 . 2010-01-17 09:06 -------- d-----w- c:\program files\vSoft
2009-12-27 16:43 . 2009-12-27 16:43 -------- d-----w- c:\program files\Chicken Invaders
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-20 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-02-20 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2009-05-01 460048]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=c:\docume~1\nas\LOCALS~1\Temp\sspjbn.tmp 2nHAPKGEHD

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/15/2010 1:29 AM 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/21/2010 4:09 AM 162512]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2/20/2010 3:09 PM 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/21/2010 4:09 AM 19024]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-12-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 04:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: raiffeisenbank.rs\rol
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT9.dll
DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/EBCSCC2A.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-02-23 15:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81B8D1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf9a96fc3
\Driver\ACPI -> ACPI.sys @ 0xf98decb8
\Driver\atapi -> 0x81b8d1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: VIA Compatable Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf977dba0
PacketIndicateHandler -> NDIS.sys @ 0xf976ca0b
SendHandler -> NDIS.sys @ 0xf9780b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3864)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RunDll32.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-23 15:17:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-23 23:17

Pre-Run: 13,660,127,232 bytes free
Post-Run: 13,862,576,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 6C0235C7DEB942C2C5B1D8F3150F2BCF

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Preuzmi sledeći file na Desktop: https://www.mycity.rs/must-login.png

Dvoklikni ga i kada se pojavi upit, klikni Yes.


Ono što je dobra vest jeste da ovo izgleda kao čist kompjuter.

Da li je sada Windows stabilniji? Ako nije, deinstaliraj SpywareTerminator i ukloni ostatke AVG-a (možda pomogne): http://www.mycity.rs/Antivirus-programi/Programi-z.....tvera.html


Instaliraj SP3.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jesi ga opravio, svaka cast!!!

Mogu na sve sajtove Symantec, BitDefender...
Radi kao Doxa!!!

Jednom mi je pukao Explorer, jednom se resetovao iz cista mira, nestao mi language bar i to je to. Sitnica.

Je li to kraj price?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.


Ne želim da budem dosadan, ali: instaliraj SP3. Windows će ti biti stabilniji i daleko otporniji na malware.



To je sve...