C:\resycled\boot.com is not valid Win32 application. SHTA???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

kad pokusham da udjem u bilo koju particiju preko exlorera, odnosno preko my computer-a izbaci mi ovo:

C:\resycled\boot.com is not valid Win32 application.

kad udjem preko komandera ili bilo kako drugo udje sve i imam sve fajlove i to na tim paricijama...

zanima me shta je to i kako moze da se reshi ovaj problem.

hvala unapred.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

http://www.mycity.rs/Arhiva-Ambulante/Nece-da-mi-udje-u-C-i-D.html

Je li to ovakav problem ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

jeste, mozda, ali ne kontam nishta... ne pojavljuju mi se toliko tih chuda samo to shto sam napisao...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ja dalje ne znam, to ce vec morati da ti pomognu moderatori foruma.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Tema prebacena u Ambulantu. Ja preuzimam dalje.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

pojavio mi se WARNING!! pojavilo mi se neshto u fazonu da mi je pronashao da imam avg... a sad mi je izbacio neshto DISCLAIMER OF WARRANTY ON SOFTWARE.

SHTA SAD?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Iskljuci AVG prema sledecem uputstvu:

* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

Nakon toga klikni na Yes kada ti izadje ta poruka (Disclaimer...)

Postavi log koji ce ti biti prikazan na ekranu nakon zavrsenog skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

log??? gde da ga nadjem? inache uradio sam to bez gashenja ava-a jer sam sad procitao poruku i sad mi ulazi tamo gde nije hteo... radi sve

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zar ti se na kraju skeniranja ComboFixom nije pojavio Notepad i u njemu log onoga sto je uradjeno?

Ukoliko nije, onda ces log naci na C:\ComboFix.txt
Iskopiraj ovde sadrzaj tog loga.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

DA LI JE OVO?


ComboFix 09-01-21.04 - Microsoft 2009-01-27 19:57:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1536.1206 [GMT 1:00]
Running from: C:\Documents and Settings\Microsoft\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Microsoft\Start Menu\Programs\videosoft
C:\Documents and Settings\Microsoft\Start Menu\Programs\videosoft\Uninstall.lnk
C:\Program Files\Mozilla Firefox\components\iamfamous.dll
C:\Program Files\videosoft
C:\Program Files\videosoft\Uninstall.exe
C:\resycled
C:\resycled\boot.com
C:\WINDOWS\system32\drivers\gaopdxserv.sys
C:\WINDOWS\system32\drivers\msqpdxanuvqnpn.sys
C:\WINDOWS\system32\drivers\msqpdxktvkwlwx.sys
C:\WINDOWS\system32\drivers\msqpdxmkatvhre.sys
C:\WINDOWS\system32\drivers\msqpdxyxxuctuc.sys
C:\WINDOWS\system32\msqpdxqvvknemv.dll
E:\resycled
E:\resycled\boot.com
F:\resycled
F:\resycled\boot.com
I:\resycled
I:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-27 19:53 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2009-01-27 19:41 . 2009-01-27 19:41 <DIR> d-------- C:\USBNoRisk
2009-01-27 04:55 . 2009-01-27 04:55 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-27 04:27 . 2009-01-27 13:53 233 --a------ C:\autorun.inf.blocked
2009-01-26 13:04 . 2009-01-26 13:04 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2009-01-26 13:04 . 2009-01-26 13:04 <DIR> d-------- C:\Program Files\AVG
2009-01-26 13:04 . 2009-01-26 13:04 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2009-01-26 13:04 . 2009-01-26 13:04 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2009-01-26 13:04 . 2009-01-26 13:04 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2009-01-25 14:32 . 2009-01-25 14:32 <DIR> d-------- C:\Program Files\XviD
2009-01-23 21:21 . 2009-01-23 21:24 <DIR> d-------- C:\Program Files\Valve

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2009-01-26 00:17 --------- d-----w C:\Program Files\Common Files\Adobe
2009-01-23 20:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-20 20:18 --------- d-----w C:\Documents and Settings\Microsoft\Application Data\Nokia
2009-01-01 03:27 --------- d-----w C:\Program Files\sXe Injected
2008-12-23 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-12-23 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-12-11 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-12-11 14:14 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-12-10 22:31 --------- d-----w C:\Program Files\VST
2008-12-10 22:31 --------- d-----w C:\Program Files\Common Files\Digidesign
2008-12-10 22:31 --------- d-----w C:\Program Files\Antares Audio Technologies
2008-12-09 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-07 13:58 --------- d-----w C:\Program Files\VirtualDJ
2008-11-02 23:41 155,995 ----a-w C:\WINDOWS\java\Packages\RZ7HJXZT.ZIP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 21:51 1266992]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-20 23:43 1526296]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 13:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-05-20 23:43 1526296 --a------ C:\Program Files\TorrentMan\tbTorr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-20 23:43 1526296]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 13:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "C:\Program Files\TorrentMan\tbTorr.dll" [2008-05-20 23:43 1526296]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 13:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-25 02:09 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:35 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 17:46 217544]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 15:00 1249280]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 07:31 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 16:35 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 00:02 36352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 01:38 34672]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-01-26 13:04 1261336]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2008-08-06 18:37:29 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-26 13:04 10520 C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"aux"= ctwdm32.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [2009-01-26 13:04:26 97928]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\drivers\SkyNET.sys [2008-08-06 18:31:53 349184]
R4 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-26 13:04:17 875288]
R4 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-26 13:04:16 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [2009-01-26 13:04:33 76040]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-09-02 16:37:03 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-09-02 16:37:03 8320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8b55cd-a804-11dd-bc01-000c6ebca499}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com l:
\Shell\Open\command - L:\resycled\boot.com l:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ddd1560-6481-11dd-bbd0-000c6ebca499}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com j:
\Shell\Open\command - J:\resycled\boot.com j:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ddd1561-6481-11dd-bbd0-000c6ebca499}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ddd1565-6481-11dd-bbd0-000c6ebca499}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5db39923-977b-11dd-bbf6-000c6ebca499}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7974d79b-66ef-11dd-bbd3-000c6ebca499}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f01ca2b-7c33-11dd-bbe2-000c6ebca499}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84991aa0-e4cb-11dd-bc3a-000c6ebca499}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com j:
\Shell\Open\command - J:\resycled\boot.com j:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3f5087d-cd0d-11dd-bc26-000c6ebca499}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
FF - ProfilePath - C:\Documents and Settings\Microsoft\Application Data\Mozilla\Firefox\Profiles\011qkgvh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Documents and Settings\Microsoft\Application Data\Mozilla\Firefox\Profiles\011qkgvh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: C:\Program Files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-27 20:03:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
C:\WINDOWS\system32\avgrsstx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-01-27 20:08:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-27 19:08:02

Pre-Run: 11,721,089,024 bytes free
Post-Run: 16,035,221,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

230 --- E O F --- 2009-01-27 18:53:52