Problem sa Recyclerom

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ja imam isti problem na svim particijama se vidi folder Recycle i znam da je virus probao sam nekako da ih izbrisem ali i dalje se vrate.Na jednoj temi sam video da treba da se skenira kom sa ComboFix, to sam uradio evo ga log



ComboFix 09-02-10.03 - Marko 2009-02-11 10:38:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.152 [GMT 1:00]
Running from: c:\documents and settings\Marko\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

2009-02-11 10:35 . 2009-02-11 10:36 <DIR> d-------- C:\32788R22FWJFW
2009-02-11 10:30 . 2009-02-11 10:30 <DIR> d-------- c:\program files\Java
2009-02-11 10:30 . 2009-02-11 10:30 <DIR> d-------- c:\program files\Common Files\Java
2009-02-11 10:30 . 2006-11-09 15:07 49,265 --a------ c:\windows\system32\jpicpl32.cpl
2009-02-11 10:09 . 2009-02-11 10:18 <DIR> d-------- c:\program files\proeWildfire 4.0
2009-02-11 10:05 . 2009-02-11 10:05 <DIR> d-------- C:\licenca
2009-02-11 10:01 . 2009-02-11 10:01 <DIR> d-------- c:\program files\Alcohol Soft
2009-02-11 09:57 . 2009-02-11 09:57 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-11 00:07 . 2009-02-11 10:53 <DIR> d-------- c:\documents and settings\Marko\Tracing
2009-02-11 00:05 . 2009-02-11 00:05 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-11 00:05 . 2009-02-11 00:05 <DIR> d-------- c:\program files\Microsoft
2009-02-11 00:03 . 2009-02-11 00:05 <DIR> d-------- c:\program files\Windows Live
2009-02-10 23:50 . 2009-02-10 23:50 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-10 22:49 . 2009-02-10 22:49 <DIR> d-------- c:\documents and settings\Marko\Application Data\AdobeUM
2009-02-10 22:35 . 2009-02-10 22:35 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-02-10 22:35 . 2009-02-10 22:35 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Adobe Systems
2009-02-10 20:08 . 2009-02-10 20:08 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ConeXware
2009-02-10 20:07 . 2009-02-11 10:02 <DIR> d-------- c:\program files\PowerArchiver
2009-02-10 18:44 . 2009-02-10 20:15 <DIR> d-------- C:\Downloads
2009-02-10 18:16 . 2009-02-10 18:16 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2009-02-10 18:03 . 2007-02-20 16:04 2,463,976 --a------ c:\windows\system32\NPSWF32.dll
2009-02-10 18:03 . 2007-02-20 16:04 190,696 --a------ c:\windows\system32\NPSWF32_FlashUtil.exe
2009-02-10 17:47 . 2009-02-10 22:45 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-10 17:45 . 2009-02-10 17:45 <DIR> d-------- c:\program files\Common Files\ChaosGroup
2009-02-10 17:45 . 2009-02-10 17:45 <DIR> d-------- c:\program files\Chaos Group
2009-02-10 17:40 . 2009-02-10 17:40 <DIR> d-------- c:\documents and settings\Marko\Application Data\Autodesk
2009-02-10 17:38 . 2009-02-11 10:54 <DIR> d-------- c:\program files\FlashGet
2009-02-10 17:37 . 2009-02-10 17:37 <DIR> d-------- c:\program files\Turbo Squid Tentacles
2009-02-10 17:36 . 2009-02-10 17:36 <DIR> d-------- c:\program files\Microsoft WSE
2009-02-10 17:31 . 2009-02-10 17:33 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2009-02-10 17:31 . 2009-02-10 17:40 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Autodesk
2009-02-10 17:30 . 2009-02-10 17:33 <DIR> d-------- c:\program files\Autodesk
2009-02-10 17:30 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2009-02-10 17:30 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
2009-02-10 17:30 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
2009-02-10 17:29 . 2009-02-10 17:29 <DIR> d-------- c:\program files\MSBuild
2009-02-10 17:27 . 2009-02-10 17:27 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-10 17:26 . 2009-02-10 17:26 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-10 17:25 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-10 16:47 . 2009-02-10 16:48 <DIR> d-------- c:\program files\BORGChat
2009-02-10 16:45 . 2009-02-10 16:45 <DIR> d-------- c:\program files\Common Files\McNeel Shared
2009-02-10 16:44 . 2009-02-10 16:44 <DIR> d-------- c:\program files\Rhinoceros 4.0
2009-02-10 16:44 . 2009-02-10 16:44 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\McNeel
2009-02-10 16:39 . 2009-02-10 16:39 0 --a------ c:\windows\nsreg.dat
2009-02-10 16:32 . 2009-02-10 18:54 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-02-10 16:32 . 2009-02-10 18:54 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-02-10 16:31 . 2009-02-10 16:31 <DIR> d-------- c:\program files\Kaspersky Lab
2009-02-10 16:31 . 2009-02-11 10:54 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2009-02-10 16:31 . 2009-02-11 10:51 3,469,344 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-10 16:31 . 2009-02-11 10:51 344,096 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-10 16:31 . 2009-02-11 10:51 32,376 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-10 16:31 . 2009-02-11 10:51 3,304 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-10 16:22 . 2009-02-10 16:22 <DIR> d-------- c:\program files\VistaDriveIcon
2009-02-10 16:22 . 2009-02-10 16:22 6,912,054 --a------ c:\windows\startup.bmp
2009-02-10 16:22 . 2008-04-14 05:42 218,624 --a------ c:\windows\system32\uxtheme.backup
2009-02-10 16:19 . 2009-02-10 16:22 <DIR> d-------- c:\windows\VistaMizer
2009-02-10 16:19 . 2009-02-10 16:19 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2009-02-10 16:17 . 2008-04-14 00:15 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2009-02-10 16:17 . 2008-04-13 22:09 142,592 --a------ c:\windows\system32\drivers\aec.sys
2009-02-10 16:17 . 2008-04-14 00:47 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
2009-02-10 16:17 . 2008-04-14 00:45 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
2009-02-10 16:17 . 2008-04-14 00:15 56,576 --a------ c:\windows\system32\drivers\swmidi.sys
2009-02-10 16:17 . 2008-04-14 00:15 52,864 --a------ c:\windows\system32\drivers\dmusic.sys
2009-02-10 16:17 . 2008-04-14 00:09 7,552 --a------ c:\windows\system32\drivers\mskssrv.sys
2009-02-10 16:17 . 2008-04-14 00:15 6,272 --a------ c:\windows\system32\drivers\splitter.sys
2009-02-10 16:17 . 2008-04-14 00:09 5,376 --a------ c:\windows\system32\drivers\mspclock.sys
2009-02-10 16:17 . 2008-04-14 00:09 4,992 --a------ c:\windows\system32\drivers\mspqm.sys
2009-02-10 16:17 . 2001-08-17 14:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-02-10 16:17 . 2008-04-14 00:15 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys
2009-02-10 16:16 . 2008-04-14 00:10 57,600 --a------ c:\windows\system32\drivers\redbook.sys
2009-02-10 16:16 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2009-02-10 16:16 . 2001-08-17 14:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys
2009-02-10 16:14 . 2009-02-11 10:30 <DIR> dr------- C:\Program Files
2009-02-10 16:14 . 2009-02-11 00:05 <DIR> dr------- c:\documents and settings\All Users.WINDOWS\Documents
2009-02-10 16:13 . 2009-02-10 16:13 <DIR> d-------- c:\windows\nview
2009-02-10 16:13 . 2002-08-29 07:30 1,086,182 -ra------ c:\windows\SET1D.tmp
2009-02-10 16:13 . 2007-12-07 15:05 360,448 --a------ c:\windows\system32\NVUNINST.EXE
2009-02-10 16:13 . 2007-12-07 06:51 360,448 --a------ c:\windows\system32\nvudisp.exe
2009-02-10 16:13 . 2007-12-07 06:51 17,737 --a------ c:\windows\system32\nvdisp.nvu
2009-02-10 16:13 . 2001-08-23 13:00 13,608 -ra------ c:\windows\SET32.tmp
2009-02-10 16:12 . 2009-02-10 16:02 <DIR> d--h----- c:\documents and settings\Default User.WINDOWS
2009-02-10 16:12 . 2009-02-10 15:23 <DIR> d-------- c:\documents and settings\All Users.WINDOWS
2009-02-10 16:10 . 2009-02-10 16:10 <DIR> d-------- c:\program files\Realtek Sound Manager
2009-02-10 16:09 . 2009-02-10 16:09 <DIR> d-------- c:\program files\Realtek AC97
2009-02-10 16:09 . 2009-02-10 16:10 <DIR> d-------- c:\program files\AvRack
2009-02-10 16:09 . 2005-06-21 03:09 18,751,488 -ra------ c:\windows\system32\ALSNDMGR.CPL
2009-02-10 16:09 . 2005-06-20 14:39 9,410,048 -ra------ c:\windows\system32\RTLCPL.EXE
2009-02-10 16:09 . 2005-06-20 15:08 2,324,480 -ra------ c:\windows\system32\drivers\ALCXWDM.SYS
2009-02-10 16:09 . 2005-06-02 09:31 294,912 -r------- c:\windows\alcupd.exe
2009-02-10 16:09 . 2005-06-02 09:43 200,704 -r------- c:\windows\alcrmv.exe
2009-02-10 16:09 . 2004-09-07 07:23 156,672 -ra------ c:\windows\system32\RTLCPAPI.dll
2009-02-10 16:09 . 2002-02-05 06:54 141,016 -ra------ c:\windows\system32\ALSNDMGR.WAV
2009-02-10 16:09 . 2005-06-20 14:42 77,824 -ra------ c:\windows\SOUNDMAN.EXE
2009-02-10 16:09 . 2005-05-18 06:38 40,960 -r------- c:\windows\system32\ChCfg.exe
2009-02-10 16:09 . 2001-07-05 17:19 164 -r------- c:\windows\avrack.ini
2009-02-10 16:08 . 2009-02-10 16:09 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-02-10 16:07 . 2009-02-10 16:07 <DIR> d-------- c:\program files\Marvell
2009-02-10 16:07 . 2005-04-26 04:22 60,928 -ra------ c:\windows\system32\drivers\viamraid.sys
2009-02-10 16:06 . 2009-02-10 16:07 <DIR> d-------- c:\program files\VIA
2009-02-10 16:06 . 2009-02-10 16:09 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-02-10 16:04 . 2004-10-05 16:54 306,688 --a------ c:\windows\IsUninst.exe
2009-02-10 16:03 . 2004-04-27 16:26 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2009-02-10 16:03 . 2004-08-13 03:56 5,810 -ra------ c:\windows\system32\drivers\ASACPI.sys
2009-02-10 16:03 . 2009-02-10 16:09 4,594 --a------ c:\windows\Ascd_tmp.ini
2009-02-10 16:02 . 2009-02-10 16:02 316,640 --a------ c:\windows\WMSysPr9.prx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 17:54 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-10 15:22 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-02-10 14:41 65,536 ----a-w c:\windows\DUMP6570.tmp
2009-02-10 14:25 --------- d-----w c:\program files\microsoft frontpage
2009-02-10 14:24 558,142 ----a-w c:\windows\java\Packages\WOYVFHJJ.ZIP
2009-02-10 14:24 155,995 ----a-w c:\windows\java\Packages\PFBDB3R7.ZIP
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll
.

------- Sigcheck -------

2002-08-29 04:41 599040 f3587750a7481dccbea13d473a0700be c:\windows\$NtServicePackUninstall$\wininet.dll
2008-04-14 05:42 811008 ea4b3947114545d3fb9729c0bfede730 c:\windows\ServicePackFiles\i386\wininet.dll
2008-04-14 05:42 811008 ea4b3947114545d3fb9729c0bfede730 c:\windows\system32\wininet.dll
2008-04-14 05:42 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\VistaMizer\old\wininet.dll

2002-08-29 04:41 516608 2246d8d8f4714a2cedb21ab9b1849abb c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 05:42 547328 a55b8899d2ea2e800061bcfd456e34dc c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 05:42 547328 a55b8899d2ea2e800061bcfd456e34dc c:\windows\system32\winlogon.exe
2008-04-14 05:42 507904 ed0ef0a136dec83df69f04118870003e c:\windows\VistaMizer\old\winlogon.exe

2002-08-29 04:50 1947904 0e8efb15746878a9b256e75267337233 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
2008-04-14 00:01 2323072 063ff1fa9777d2fd8d6b608f1f700e1f c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 00:01 2323072 063ff1fa9777d2fd8d6b608f1f700e1f c:\windows\system32\ntkrnlpa.exe
2008-04-14 00:01 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\VistaMizer\old\ntkrnlpa.exe

2002-08-29 03:03 2042240 b9080d97dbd631aadf9128f7316958d2 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
2008-04-14 00:57 2446208 1c48d9f3ea6db95915564655c006be8a c:\windows\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 00:57 2446208 1c48d9f3ea6db95915564655c006be8a c:\windows\system32\ntoskrnl.exe
2008-04-14 00:57 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\VistaMizer\old\ntoskrnl.exe

2008-04-14 05:42 1551872 c26978d5f821a7330439dd7f0aaaf678 c:\windows\explorer.exe
2002-08-29 04:41 1004032 a82b28bfc2e4455fe43022a498c0ef0a c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 05:42 1551872 c26978d5f821a7330439dd7f0aaaf678 c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-14 05:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\VistaMizer\old\explorer.exe

2002-08-29 04:41 13312 414de7cf9d3f19c3ea902f1bb38ec116 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 05:42 25088 b5e8782d4af1b3756f38e11e7c157bbe c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 05:42 25088 b5e8782d4af1b3756f38e11e7c157bbe c:\windows\system32\ctfmon.exe
2008-04-14 05:42 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\VistaMizer\old\ctfmon.exe

2002-08-29 04:41 139776 a3763ce319d9eb3ec2ac04901f293b9d c:\windows\$NtServicePackUninstall$\wuauclt.exe
2008-04-14 05:42 111104 88d78f1c0c77194425ef5ec9242beac3 c:\windows\ServicePackFiles\i386\wuauclt.exe
2008-04-14 05:42 111104 88d78f1c0c77194425ef5ec9242beac3 c:\windows\system32\wuauclt.exe
2008-04-14 05:42 111104 ed7262e52c31cf1625b65039102bc16c c:\windows\VistaMizer\old\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-07 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-07 81920]
"DrvIcon"="c:\program files\VistaDriveIcon\DrvIcon.exe" [2008-04-13 49152]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-10 206088]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-07-25 1998896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-07 c:\windows\system32\nwiz.exe]

c:\documents and settings\Marko\Start Menu\Programs\Startup\
BORGChat.lnk - c:\program files\BORGChat\BORGChat.exe [4/1/2007 4:59:52 PM 1041920]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29:38 PM 33808]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04:52 AM 65536]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02:46 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06:48 PM 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b787b75-f81a-11dd-aa33-0013d4a58409}]
\Shell\AutoRun\command - I:\setup.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Marko\Application Data\Mozilla\Firefox\Profiles\dwjkhryk.default\
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-11 10:54:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028-)
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\SHDOCVW.dll
c:\program files\FlashGet\fgmgr.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre1.5.0_10\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-02-11 10:59:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-11 09:57:08

Pre-Run: 67.759.235.072 bytes free
Post-Run: 67,787,374,592 bytes free

259
a skinucu i ovaj program za skeniranje flesheva

Dopuna: 11 Feb 2009 11:30

USBNoRisk by bobby

Started at 11.2.2009 11:19:09

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {4d47b852-f77e-11dd-8653-806d6172696f}
E: {b5a1a276-f781-11dd-aa27-806d6172696f}
F: {b5a1a277-f781-11dd-aa27-806d6172696f}
G: {b5a1a278-f781-11dd-aa27-806d6172696f}
H: {b5a1a279-f781-11dd-aa27-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 4d47b852-f77e-11dd-8653-806d6172696f
========================================

Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for E:
No key found for b5a1a276-f781-11dd-aa27-806d6172696f
========================================

Autorun.inf on F: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for F:
No key found for b5a1a277-f781-11dd-aa27-806d6172696f
========================================

Autorun.inf on G: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for G:
No key found for b5a1a278-f781-11dd-aa27-806d6172696f
========================================

Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for H:
No key found for b5a1a279-f781-11dd-aa27-806d6172696f
========================================

========================================



New device connected at 11.2.2009 11:19:59

Scanning for connected USB mass storage...
----------------------------------------
J: {fe7e3aa8-f788-11dd-aa2d-0013d4a58409}
Added J:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on J: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for fe7e3aa8-f788-11dd-aa2d-0013d4a58409
========================================

----------------------------------------

Desktop.ini on J: - None
----------------------------------------

========================================

========================================
Removed J:
========================================


New device connected at 11.2.2009 11:21:19

Scanning for connected USB mass storage...
----------------------------------------
J: {b89d5a02-f825-11dd-aa34-0013d4a58409}
Added J:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on J: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for b89d5a02-f825-11dd-aa34-0013d4a58409
========================================

----------------------------------------

Desktop.ini on J: - None
----------------------------------------

========================================

========================================
Removed J:
========================================


New device connected at 11.2.2009 11:21:45

Scanning for connected USB mass storage...
----------------------------------------
J: {b89d5a02-f825-11dd-aa34-0013d4a58409}
Added J:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on J: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for b89d5a02-f825-11dd-aa34-0013d4a58409
========================================

----------------------------------------

Desktop.ini on J: - None
----------------------------------------

========================================

========================================
Removed J:
========================================


New device connected at 11.2.2009 11:22:10

Scanning for connected USB mass storage...
----------------------------------------
J: {b89d5a02-f825-11dd-aa34-0013d4a58409}
Added J:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on J: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for b89d5a02-f825-11dd-aa34-0013d4a58409
========================================

----------------------------------------

Desktop.ini on J: - None
----------------------------------------

========================================

========================================
Removed J:
========================================


New device connected at 11.2.2009 11:23:14

Scanning for connected USB mass storage...
----------------------------------------
J: {b89d5a03-f825-11dd-aa34-0013d4a58409}
Added J:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on J: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for b89d5a03-f825-11dd-aa34-0013d4a58409
========================================

----------------------------------------

Desktop.ini on J: - None
----------------------------------------

========================================

========================================
Removed J:
========================================
========================================

========================================


New device connected at 11.2.2009 11:25:01

Scanning for connected USB mass storage...
----------------------------------------
J: {b89d5a04-f825-11dd-aa34-0013d4a58409}
Added J:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on J: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for b89d5a04-f825-11dd-aa34-0013d4a58409
========================================

----------------------------------------

Desktop.ini on J: - None
----------------------------------------

========================================

========================================
Removed J:
========================================
========================================

========================================

Dopuna: 11 Feb 2009 14:11

Neko da pomogne?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

A u toj temi gde si ''video da treba da se skenira kom sa ComboFix'', nisi video da nešto drugo treba da se uradi?

Na primer, da se isprati uputstvo za otvaranje teme?



Što se tiče tvog problema... Koji je tačan naziv tog foldera?

Da nije možda RECYCLER (a ne Recycle)?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da recycler nije recycle

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U pitanju je legitiman folder (to je Windows-ov Recycle Bin).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

dr_Bora ::U pitanju je legitiman folder (to je Windows-ov Recycle Bin).
Ne Recycle Bin nego Recycler, nalazi mi se na svim particijama i ne moze da se izbrise.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kao što rekoh, folder RECYCLER koji se nalazi na root-u svake particije je legitiman sistemski folder koji ima funkciju Recycle Bin-a.


Ti ga obrišeš - Windows ga vrati. OK?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ok kapiram, pitam zato sto znam da postoji virus sa takvim nazivom.pre mije kaspersky nalazio i brisao ga sa flesha i neki autoran.inf

Dopuna: 14 Feb 2009 22:12

danas sam kod druga ubacio flash a on ima Linux Kubuntu i na fleshu mi je pronasao ovaj virus Recycler koji je u sebi imao neki folder sa brojkama

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ko ga je pronašao? Tvoj drug? Neki program? Ili?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa kada smo otvorili flash al pod operativnim sistemom Linux kubuntu nasao je folder i to na svakom fleshu koji sam imao.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

RECYCLER folder sa flash-a možeš obrisati. One koji se nalaze na HDD-u ne treba dirati (folder nije maliciozan - postoje primerci malware-a koji se pokreću iz tog foldera i to je ono što tebi AV može detektovati no sam folder je potpuno bezopasan).