ComboFix 10-02-07.08 - Administrator 02/08/2010 17:24:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.369 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SKYNET
-------\Service_SKYNET


((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.

2010-02-08 15:18 . 2010-02-08 15:37 -------- d-----w- C:\$AVG
2010-02-08 15:17 . 2010-02-08 15:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-08 15:17 . 2010-02-08 15:17 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-08 15:17 . 2010-02-08 15:57 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-08 15:17 . 2010-02-08 15:17 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-08 15:17 . 2010-02-08 15:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-08 15:17 . 2010-02-08 15:17 -------- d-----w- c:\program files\AVG
2010-02-08 15:17 . 2010-02-08 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-08 15:17 . 2010-02-08 15:36 -------- d-----w- c:\windows\SxsCaPendDel
2010-02-08 14:28 . 2010-02-08 14:28 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-08 14:28 . 2010-02-08 14:28 -------- d-----w- c:\program files\TrendMicro
2010-02-08 13:38 . 2010-02-08 13:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ACD Systems
2010-02-08 13:38 . 2010-02-08 13:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\ACD Systems
2010-02-08 13:38 . 2010-02-08 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-02-08 13:38 . 2010-02-08 13:38 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-02-08 13:38 . 2010-02-08 13:38 -------- d-----w- c:\program files\ACD Systems
2010-02-08 13:36 . 2010-02-08 13:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-02-08 11:46 . 2010-02-08 11:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft
2010-02-07 20:28 . 2008-04-13 16:26 36396 ----a-w- c:\documents and settings\Administrator\Application Data\BSplayer\AC3 Filter\uninstall.exe
2010-02-07 20:28 . 2007-08-18 08:54 20480 ----a-w- c:\documents and settings\Administrator\Application Data\BSplayer\AC3 Filter\ac3config.exe
2010-02-07 20:28 . 2007-08-18 08:53 16384 ----a-w- c:\documents and settings\Administrator\Application Data\BSplayer\AC3 Filter\dialog_patch.exe
2010-02-07 20:28 . 2007-07-05 02:33 892928 ----a-w- c:\documents and settings\Administrator\Application Data\BSplayer\AC3 Filter\iconv.dll
2010-02-07 20:26 . 2008-12-19 16:15 4338246 ----a-w- c:\documents and settings\Administrator\Application Data\BSplayer\FFDShow\libavcodec.dll
2010-02-07 20:24 . 2010-02-07 22:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer
2010-02-07 20:24 . 2010-02-07 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer Pro
2010-02-07 20:24 . 2010-02-07 20:24 -------- d-----w- c:\program files\Webteh
2010-02-07 14:50 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-07 14:50 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-07 14:50 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-07 14:50 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-07 14:50 . 2010-02-07 14:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-07 11:46 . 2010-02-07 11:47 -------- d-----w- c:\program files\directX
2010-02-07 11:21 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-07 11:21 . 2010-02-07 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-07 11:21 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-07 11:04 . 2010-02-07 11:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-07 11:04 . 2010-02-07 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-06 22:18 . 2010-02-08 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-06 22:18 . 2010-02-06 22:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-06 22:05 . 2010-02-06 22:05 -------- d-----w- c:\program files\Girder
2010-02-06 22:02 . 2010-02-06 22:02 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-06 22:00 . 2010-02-06 22:00 -------- d-----w- c:\program files\Free Pack
2010-02-06 21:58 . 2010-02-06 22:09 -------- d-----w- C:\ProgDVB
2010-02-06 21:53 . 2010-02-06 21:53 -------- d-----w- c:\program files\DVBViewerTE
2010-02-06 21:52 . 2010-02-06 21:53 -------- d-----w- c:\program files\TechniSat DVB
2010-02-06 21:51 . 2006-03-14 01:22 349184 ----a-r- c:\windows\system32\drivers\SkyNET.sys
2010-02-06 21:04 . 2010-02-06 20:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-06 20:51 . 2004-08-04 01:07 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-02-06 20:51 . 2010-02-07 22:54 -------- d-----w- c:\program files\JDownloader
2010-02-06 20:51 . 2010-02-08 11:20 -------- d-----w- C:\down
2010-02-06 20:50 . 2004-08-04 01:07 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-06 20:50 . 2010-02-06 20:50 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-06 20:49 . 2010-02-06 20:49 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-06 20:49 . 2010-02-06 20:49 -------- d-----w- c:\windows\system32\LogFiles
2010-02-06 20:47 . 2010-02-06 20:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Logitech
2010-02-06 20:44 . 2010-02-06 20:44 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-06 20:44 . 2010-02-06 20:44 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-06 20:44 . 2010-02-06 20:44 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-06 20:44 . 2010-02-06 20:44 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-06 20:43 . 2010-02-06 20:44 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-06 20:42 . 2010-02-06 20:42 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-06 20:42 . 2010-02-06 20:42 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-06 20:42 . 2010-02-06 20:42 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-06 20:42 . 2010-02-06 20:42 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-06 20:42 . 2010-02-06 20:42 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-06 20:34 . 2009-10-11 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-06 20:34 . 2010-02-06 22:03 -------- d-----w- c:\program files\Java
2010-02-06 20:34 . 2010-02-06 20:34 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-02-06 20:28 . 2010-02-06 20:28 0 ----a-w- c:\windows\nsreg.dat
2010-02-06 20:28 . 2010-02-06 20:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-06 20:03 . 2010-02-06 20:03 -------- d-----w- c:\windows\system32\Lang
2010-02-06 20:00 . 2005-05-05 18:43 69632 ------r- c:\windows\Alcmtr.exe
2010-02-06 20:00 . 2006-05-06 16:26 2808832 ------r- c:\windows\alcwzrd.exe
2010-02-06 20:00 . 2010-02-06 20:00 -------- d-----w- c:\program files\Realtek
2010-02-06 20:00 . 2010-02-06 20:00 315392 ----a-w- c:\windows\HideWin.exe
2010-02-06 20:00 . 2007-01-14 16:54 520192 ------r- c:\windows\RtlExUpd.dll
2010-02-06 19:51 . 2007-05-08 15:53 143360 ------r- c:\windows\system32\xRaidAPI.dll
2010-02-06 19:51 . 2007-05-08 16:06 1953792 ------r- c:\windows\system32\xRaidSetup.exe
2010-02-06 19:51 . 2007-05-10 17:33 48640 ----a-r- c:\windows\system32\drivers\jraid.sys
2010-02-06 19:51 . 2010-02-06 19:51 -------- d-----w- c:\windows\RaidTool
2010-02-06 19:47 . 2010-02-06 19:47 -------- d-----w- c:\program files\Attansic
2010-02-06 19:47 . 2010-02-06 19:47 -------- d-----w- c:\windows\system32\Attansic
2010-02-06 19:47 . 2007-03-15 22:12 38656 ----a-r- c:\windows\system32\drivers\atl01_xp.sys
2010-02-06 19:44 . 2010-02-06 19:44 -------- d-----w- c:\program files\Intel
2010-02-06 19:41 . 2004-08-13 02:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2010-02-06 19:41 . 2006-10-12 11:33 10288 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-02-06 19:36 . 2010-02-06 19:36 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-06 19:36 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-06 19:36 . 2010-02-06 19:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-02-06 19:36 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2010-02-06 19:35 . 2010-02-06 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-06 19:35 . 2010-02-06 19:35 -------- d-----w- c:\program files\Lavasoft
2010-02-06 19:31 . 2010-02-06 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\comodo
2010-02-06 19:31 . 2010-02-06 19:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Comodo
2010-02-06 19:31 . 2010-02-06 19:31 79760 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-06 19:31 . 2010-02-06 19:31 143104 ----a-w- c:\windows\system32\guard32.dll
2010-02-06 19:31 . 2010-02-06 19:31 87056 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-06 19:31 . 2010-02-06 19:31 24208 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-06 19:31 . 2010-02-06 19:31 -------- d-----w- c:\program files\COMODO
2010-02-06 19:30 . 2010-02-06 19:30 -------- d-----w- c:\program files\CCleaner
2010-02-06 19:29 . 2010-02-06 19:29 -------- d-----w- c:\program files\Foxit Software
2010-02-06 19:29 . 2010-02-06 19:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Foxit
2010-02-06 19:28 . 2010-02-06 19:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2010-02-06 19:28 . 2010-02-06 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-02-06 19:27 . 2010-02-06 19:27 -------- d-----w- c:\program files\CyberLink
2010-02-06 19:22 . 2010-02-06 19:22 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-06 19:21 . 2010-02-06 19:21 -------- d--h--w- c:\windows\$hf_mig$
2010-02-06 19:19 . 2008-01-22 13:42 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-02-06 19:19 . 2010-02-06 19:20 -------- d-----w- c:\program files\ATI Technologies
2010-02-06 19:19 . 2010-02-06 22:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-06 19:18 . 2010-02-06 19:19 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-06 19:18 . 2010-02-06 19:18 -------- d-----w- C:\ATI
2010-02-06 18:01 . 2010-02-06 18:01 12328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 11:10 . 2010-02-07 11:10 -------- d-----w- c:\program files\KONAMI
2010-02-07 11:10 . 2010-02-07 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2010-02-06 22:03 . 2010-02-06 22:03 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-02-06 22:03 . 2010-02-06 22:03 2002 ---ha-w- c:\documents and settings\All Users\Application Data\ArcSoft\arcsoft-tmt-21-080228-web\acforall.dll
2010-02-06 22:03 . 2010-02-06 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-02-06 22:03 . 2010-02-06 22:03 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-06 20:46 . 2010-02-06 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-02-06 20:46 . 2010-02-06 20:46 -------- d-----w- c:\program files\Common Files\Logishrd
2010-02-06 20:46 . 2010-02-06 20:46 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-06 20:46 . 2010-02-06 20:46 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-06 20:46 . 2010-02-06 20:46 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-06 20:46 . 2010-02-06 20:46 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-06 20:46 . 2010-02-06 20:46 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-06 20:46 . 2010-02-06 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-02-06 20:46 . 2010-02-06 20:46 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-06 20:46 . 2010-02-06 20:46 -------- d-----w- c:\program files\Logitech
2010-02-06 20:46 . 2010-02-06 20:46 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-06 18:20 . 2010-02-06 17:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-06 17:25 . 2010-02-06 17:25 -------- d-----w- c:\program files\microsoft frontpage
2010-02-06 17:22 . 2010-02-06 17:22 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2004-08-04 01:07 . 2004-08-04 01:07 158658 --sha-r- c:\windows\system32\ytdid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2010-02-06 1655552]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-21 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-08 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-06 1822720]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Girder3.lnk - c:\program files\Girder\Girder.exe [2010-2-6 1830912]
PowerInstall Softcam Updater.lnk - c:\program files\Free Pack\PSU\PSU.EXE [2009-7-16 60081]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-6 809488]
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2010-2-6 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-08 15:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 00:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5570:TCP"= 5570:TCP:hhueexnj

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/6/2010 8:36 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/8/2010 4:17 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/8/2010 4:17 PM 360584]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2/6/2010 8:31 PM 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2/6/2010 8:31 PM 24208]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2/8/2010 4:17 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/8/2010 4:17 PM 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 12:17 PM 1181328]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2/6/2010 9:46 PM 10384]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2/6/2010 8:47 PM 38656]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ashqcisz
tmdtzmh
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:42]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:42]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:42]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:42]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:42]
.
.
------- Supplementary Scan -------
.
TCP: {B796EC5E-6369-4208-86F5-B9AB07967FB6} = 93.93.192.2,93.93.192.3
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4u5hjx65.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.elitesecurity.org/f101-PC-DVB-kartice
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 17:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3500)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-02-08 17:30:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-08 16:30

Pre-Run: 38,402,506,752 bytes free
Post-Run: 38,308,020,224 bytes free

- - End Of File - - B6969B36B85C6C47D67CB097BA88D878

racunar ja malo odlepio,kad kliknem na onu ikonicu pored sata za jacinu zvuka izbaci mi ovu poruku



a i sam promeni Appearance sa Windows XP style na Classic style...

Ugasi AVG
Skini ovaj fajl na desktop, raspakuj i prevuci misem na ikonicu Combofixa

Postavi log posle ciscenja

Nije kompletan log, iskopiraj ga ovde i klikni send, pa okaci link http://pastebin.com/

http://pastebin.com/m17176437

posle restarta racunara primetio sam ovo



ta poruka je vezana za sky star2 karticu,a pod device manager je ovo

Ajde prvo uploaduj sledeci folder preko ovog linka http://www.speedyshare.com/

C:\Qoobox\Quarantine Znaci zipuj ga, uploaduj i postavi mi link (download) na PP da neko slucajno ne dira to.

Onda ugasi antivirus i ponovi postupak sa ovom skriptom

Tek kad si iskljucio AVG, combofix je pokazao sve stavke za brisanje.
Ok ponovicemo jos jednom.

Nazalost moraces da reinstaliras onaj drajver, to je brisao prilikom prvog pustanja i ja ne mogu da ga vratim. Mislim na modem i TV karticu.

@izda, jesi ti prikacen na neku mrezu? Tebi se non stop vraca infekcija, znaci ja je obrisem ona je tu.

na kakvu mrezu? ovo je kucni racunare,komada jedan! mislim da smo pre izvesnog vremena imali slican problem i da si pokusavao da mi pomognes...
ovo je ta tema,izgleda da je dosta slicna situacija http://www.elitesecurity.org/t350050-0-Imam-dve-stetocine

_{[Ovu poruku je menjao izida dana 09.02.2010. u 09:59 GMT+1]}

Iskopiraj ovo u notepad pod nazivom CFScript i prevuci misem na combofix.

Brate ja ne znam sta se ovo kod tebe desava. Znaci svaki put kad obrisem infekcija se ponovo povrati.
Nisam pametan sta vise da radim.

a jel povezano sa onim proslim problemom ili je ovo nesto zasebno posto se meni ovo desava svakih par meseci.

Ajde posalji ponovo na uplod quarantine pa mi daj link na pp da vidim o cemu se ovde radi, sta je ovo. jer nigde na netu nema informacije za ove fajlove.
Fajlovi nisu isti kao prosli put, ali se ocigledno radi o istoj infekciji. Nije mi jasno kako se dovlaci kod tebe.

Evo o cemu se radi, to sam i pretpostavio kad sam te pitao da li si povezan na mrezu. Znaci Conficker je u pitanju.

http://www.virustotal.com/anal...4dc669876b31f07354f-1265713345

Uradices sledece:
Skini sa neta ovo http://www.microsoft.com/security/malwareremove/default.aspx
I ovo http://www.microsoft.com/downl...067B73D6A03&displaylang=en

Diskonektuj se sa neta pa tek onda instaliraj oba.
idi run i kucaj mrt.exe enter i neka pocisti sve sto nadje. Javi kakvo je stanje posle ovoga.

Nebi bilo lose posto vidis da Avira ima definicije za ovu varijantu, da je instaliras i skeniras komletan racunar. Naravno obrisi AVG prvo, i pocisti ostatke sa http://www.avg.com/ww-en/download-tools

btw

Evo ti putanja fajla c:\windows\system32\ytdid.dll

Proveri ga u safe mode posle skeniranja da li je jos tu.

skinuo sam sve ovo,diskonektovao se,instalirao ovo prvo,odradio full scan,on je pronasao 8 virusa,u onom meniju sa virusima pokazao mi je 2 konflikera,obrisao sam ih,instalirao onu zakrpu,restart...
ovo nisam radio zato sto sam to uradio kad se instaliralo,posle restarta iskocila je ikonica za update....
izbrisao sam Avg,instalirao ovu Aviru,ona je skenirala i nasla isto to.




ali koliko vidim to se nalazi u folderu od Combofix-a?

Ona je nasla to u karantinu i za to ne brini. nadam se da si sve ovo kad si radio imao iskljucen system restore na Xp

nemam pojma ni gde se to gasi a ni gde se pali!
pokusao sam da odradim ovo za brisanje Combofix-a


ali nece da ga izbrise nego ponovo pocne da skenira

http://pastebin.com/m240e4a3c

a sto se tice tog System restore ovako je bilo:



inace update radi najnormalnije!

_{[Ovu poruku je menjao izida dana 09.02.2010. u 16:02 GMT+1]}

U run kucas Combofix /Uninstall

Trebalo bi da jesad sve u redu, kad deinstaliras Combofix on ce sam da resetuje system restore.

evo izbrisao ga je sad,ako bude nekih promena javicu,za sad sve radi kao da je normalno...
brata hvala za ovo,ja kad god imam neki problem sa virusom uvek ga ti popravis :-)
HVALA!

Stikliraj turn off system restore pre ciscenja bilo kojim AV alatom, idealno bi bilo da ciscenje uradis iz safe moda ovako ti se moze desiti da posle ciscenja virus trojana ipak bude tu (cam beck iz system resore)