MyCity » Ambulanta -> Arhiva Ambulante » Virus na Mp3 playeru

Virus na Mp3 playeru

Napisano na dan: 8.10.2009

Strana:
1
2

Virus na Mp3 playeru

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Prdex Poslao: 08 Okt 2009 11:55 Idi na vrh
offline Prdex Novi MyCity građanin Pridružio: 04 Avg 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Posle dve nedelje guglanja i instalacija i deinstalacija svih mogućih varijanti programa, moram da i ovde iznesem moj problem pa možda neko uspe da mi pomogne. Radi se o virusu na Mp3 playeru Bv:AutoRun-S[Wrm] na Autorun.inf fajlu i Win32.Trojan-Gen na I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Virus je blokirao Mp3 player tako da: ne može se brisati ništa sa njega, ne može se ništa kopirati na njega, ne može se formatirati, ne može se apdejtovati firmwere, i to sve se ne može raditi iz Windowsa, Safe moda, Linuxa, ni uz pomoć specijalizovanih programa za formatiranje USB kao ni uz pomoć Hirens BootCD-a. Koristio sam sve najpoznatije programe za viruse i malwere i očistio sam računar ali Mp3 playeru ne mogu ništa.Kada sam ubo običan USB, Avast je takođe javio iste viruse na njemu ali za razliku od Mp3 playera, uspešno je uklonio viruse i kasnije sam ga bez problema formatirao. Molio bih nekog da mi pomogne, postaviću logove koje budete tražili. Hvala unapred Pozdrav

Profil

diarno Poslao: 08 Okt 2009 12:19 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema sta da trazimo...trebalo je da procitas ovu temu : http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Ne stoji bezveze Vasno prefix...

Profil

Prdex Poslao: 08 Okt 2009 13:33 Idi na vrh
offline Prdex Novi MyCity građanin Pridružio: 04 Avg 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Izvinjavam se, evo: DDS (Ver_09-09-29.01) - NTFSx86 Run by Zoki at 12:38:21.68 on 08/10/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.909 [GMT 2:00] AV: avast! antivirus 4.8.1356 [VPS 091007-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Di recnik\Di.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\eMule\emule.exe C:\Program Files\Easy\TV Capture\RemoteCtl.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\uTorrent\uTorrent.exe C:\Documents and Settings\Zoki\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = 83.136.178.141/users/login.aspx?random=633900252707696000 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File BHO: WitBHO Class: {75ed56af-4dc9-4243-a30c-4ef4dd0ca28f} - c:\documents and settings\zoki\appdata\locallow\chameleontom for ie\wit4ie.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {E33CF602-D945-461A-83F0-819F76A199F8} - No File BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart mRun: [RTHDCPL] RTHDCPL.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Di dictionary] "c:\program files\di recnik\Di.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tvcapt~1.lnk - c:\program files\easy\tv capture\RemoteCtl.exe IE: Download all with Free Download Manager IE: Download selected with Free Download Manager IE: Download with Free Download Manager IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Prevedi sa Di recnikom - c:\program files\di recnik\diie.htm IE: Translate with Di dictionary - IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\zoki\applic~1\mozilla\firefox\profiles\ks404qre.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-17 64160] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2006-2-23 11264] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-1 114768] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-10-16 13696] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-1 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-1 138680] R2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2008-11-4 266180] R2 BTTUNER;MPEG.TV, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [2008-11-4 18944] R2 BTXBAR;MPEG.TV, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2008-11-4 13308] S2 mssoapr32;Microsoft Soap Resource DLL;rundll32.exe c:\windows\system32\mssoapr32.dll,ilyr --> rundll32.exe c:\windows\system32\mssoapr32.dll,ilyr [?] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-1 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-1 352920] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-6-18 12672] =============== Created Last 30 ================ 2009-10-08 11:06 <DIR> --dsh--- C:\Diskeeper 2009-10-06 12:11 <DIR> a-dshr-- C:\cmdcons 2009-10-06 10:52 <DIR> --d----- c:\documents and settings\zoki\DoctorWeb 2009-10-05 15:09 <DIR> --ds---- c:\documents and settings\zoki\UserData 2009-09-30 19:05 <DIR> --d----- c:\program files\AVG 2009-09-30 19:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-09-30 18:52 <DIR> --d----- c:\docume~1\zoki\applic~1\AVG8 2009-09-30 18:12 <DIR> --d----- c:\windows\ERUNT 2009-09-30 16:40 <DIR> --d----- C:\autorun.inf 2009-09-30 14:29 <DIR> --d----- C:\Kamicak ==================== Find3M ==================== 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-31 08:35 3,001 a--sh--- c:\documents and settings\zoki\ppUser.dat 2009-03-13 13:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2009-03-13 13:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 12:38:42.62 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

diarno Poslao: 08 Okt 2009 13:54 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

Prdex Poslao: 08 Okt 2009 14:13 Idi na vrh
offline Prdex Novi MyCity građanin Pridružio: 04 Avg 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-10-07.02 - Zoki 08/10/2009 13:57.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.973 [GMT 2:00] Running from: c:\documents and settings\Zoki\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1356 [VPS 091007-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 ))))))))))))))))))))))))))))))) . 2009-10-08 09:06 . 2009-10-08 09:06 -------- d-----w- C:\Diskeeper 2009-10-06 08:52 . 2009-10-06 08:52 -------- d-----w- c:\documents and settings\Zoki\DoctorWeb 2009-10-05 13:09 . 2009-10-05 13:09 -------- d-s---w- c:\documents and settings\Zoki\UserData 2009-10-02 17:48 . 2009-10-02 17:48 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb 2009-10-02 14:28 . 2009-10-02 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-01 18:36 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-10-01 18:36 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-10-01 18:36 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-10-01 18:36 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-10-01 18:36 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-10-01 18:36 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-10-01 18:36 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-10-01 18:36 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-10-01 18:35 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-30 17:05 . 2009-10-01 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-30 17:05 . 2009-09-30 17:05 -------- d-----w- c:\program files\AVG 2009-09-30 16:52 . 2009-09-30 16:52 -------- d-----w- c:\documents and settings\Zoki\Application Data\AVG8 2009-09-30 16:12 . 2009-09-30 16:12 -------- d-----w- c:\windows\ERUNT 2009-09-30 13:27 . 2009-09-30 13:27 -------- d-----w- c:\program files\Alwil Software 2009-09-30 12:29 . 2009-10-08 11:40 -------- d-----w- C:\Kamicak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-08 12:01 . 2009-02-02 11:29 -------- d-----w- c:\documents and settings\Zoki\Application Data\uTorrent 2009-10-08 09:02 . 2008-10-16 14:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-30 13:38 . 2008-10-30 16:44 -------- d-----w- c:\program files\Google 2009-09-30 12:43 . 2009-06-15 08:04 -------- d-----w- c:\program files\FDN 2009-09-30 12:42 . 2009-06-13 09:15 -------- d-----w- c:\program files\Software Informer 2009-09-29 14:00 . 2008-10-29 10:22 -------- d-----w- c:\program files\Winamp 2009-09-28 09:59 . 2009-02-17 18:37 -------- d-----w- c:\program files\Lavasoft 2009-09-28 09:42 . 2009-03-31 16:45 -------- d-----w- c:\program files\Total Video Converter 2009-09-28 09:42 . 2008-10-29 13:18 -------- d-----w- c:\program files\Tame 2009-09-28 09:40 . 2009-06-29 13:29 -------- d-----w- c:\program files\ChameleonTom for IE 2009-09-28 06:19 . 2009-02-18 07:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-26 16:56 . 2009-02-17 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-10 12:54 . 2009-02-17 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-02-17 18:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-31 06:35 . 2008-10-30 15:46 3001 --sha-w- c:\documents and settings\Zoki\ppUser.dat 2009-08-06 06:28 . 2009-07-28 15:23 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-27 198160] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-20 113664] TV Capture Remote Control.lnk - c:\program files\Easy\TV Capture\RemoteCtl.exe [2008-11-4 143360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\CNAB4RPK.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4676:TCP"= 4676:TCP:bvcsoube "7657:TCP"= 7657:TCP:messenger R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/02/2009 20:38 64160] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/02/2006 11:39 11264] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/10/2009 20:36 114768] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16/10/2008 16:27 13696] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/10/2009 20:36 20560] R2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [04/11/2008 18:22 266180] R2 BTTUNER;MPEG.TV, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [04/11/2008 18:32 18944] R2 BTXBAR;MPEG.TV, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [04/11/2008 18:27 13308] S2 mssoapr32;Microsoft Soap Resource DLL;rundll32.exe c:\windows\system32\mssoapr32.dll,ilyr --> rundll32.exe c:\windows\system32\mssoapr32.dll,ilyr [?] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [18/06/2009 15:47 12672] --- Other Services/Drivers In Memory --- NewlyCreated* - KWPCYFOD Deregistered - kwpcyfod HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs fhhozvgr . . ------- Supplementary Scan ------- . uStart Page = 83.136.178.141/users/login.aspx?random=633900252707696000 IE: Download all with Free Download Manager IE: Download selected with Free Download Manager IE: Download with Free Download Manager IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm IE: Translate with Di dictionary - FF - ProfilePath - c:\documents and settings\Zoki\Application Data\Mozilla\Firefox\Profiles\ks404qre.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll . - - - - ORPHANS REMOVED - - - - BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Notify-avgrsstarter - (no file) Notify-klogon - (no file) Notify-mssoapr32 - (no file) ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-10-08 14:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w&a"\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%(L] @Class="Shell" [HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%(L*\OpenWithList] @Class="Shell" "a"="firefox.exe" "MRUList"="a" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2328-) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-10-08 14:04 ComboFix-quarantined-files.txt 2009-10-08 12:04 Pre-Run: 1,050,488,832 bytes free Post-Run: 1,026,744,320 bytes free 158 USBNoRisk 2.5 (26 July 2009) by bobby Started at 08/10/2009 14:07:51 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {4dc3ec66-6ec5-11dd-8c29-806d6172696f} E: {4dc3ec67-6ec5-11dd-8c29-806d6172696f} G: {4dc3ec69-6ec5-11dd-8c29-806d6172696f} C: {4dc3ec6b-6ec5-11dd-8c29-806d6172696f} F: {4dc3ec6c-6ec5-11dd-8c29-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 4dc3ec6b-6ec5-11dd-8c29-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 4dc3ec66-6ec5-11dd-8c29-806d6172696f ---------------------------------------- Desktop.ini found at D:\Recycled\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No blocked files found on E: No Autorun.inf files found on E: No mountpoint found for E: No mountpoint found for 4dc3ec67-6ec5-11dd-8c29-806d6172696f ---------------------------------------- Desktop.ini found at E:\Recycled\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No blocked files found on F: No Autorun.inf files found on F: No mountpoint found for F: No mountpoint found for 4dc3ec6c-6ec5-11dd-8c29-806d6172696f No Desktop.ini files found on F: ---------------------------------------- No blocked files found on G: No Autorun.inf files found on G: No mountpoint found for G: No mountpoint found for 4dc3ec69-6ec5-11dd-8c29-806d6172696f No Desktop.ini files found on G: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 08/10/2009 14:08:01 Scanning for connected USB mass storage... ---------------------------------------- I: {ab91eca6-283a-11de-a608-00e04d1aafe2} Added I: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on I: ---------------------------------------- autorun.inf found on I: ---------------------------------------- File lock detected: USBNoRisk cannot find what locked the file Error renaming file I:\autorun.inf Content of I:\autorun.inf ---------------------------------------- ---------------------------------------- Files referenced from I:\autorun.inf ---------------------------------------- None ---------------------------------------- Sanitized mountpoint for ab91eca6-283a-11de-a608-00e04d1aafe2 ---------------------------------------- No Desktop.ini files found on I: ---------------------------------------- No mimics found on drive I: ========================================

Profil

diarno Poslao: 08 Okt 2009 23:52 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Busy day Elem : Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\mssoapr32.dll Driver:: mssoapr32 Netsvc:: fhhozvgr Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4676:TCP"=- "7657:TCP"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. I jos nesto..iskljuci Antivirus zastitu i pusti ponovo usbnorisk i postavi mi log..

Profil

Prdex Poslao: 09 Okt 2009 08:30 Idi na vrh
offline Prdex Novi MyCity građanin Pridružio: 04 Avg 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-10-07.05 - Zoki 09/10/2009 8:13.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.1046 [GMT 2:00] Running from: c:\documents and settings\Zoki\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Zoki\Desktop\CFScript.txt AV: avast! antivirus 4.8.1356 [VPS 091008-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\windows\system32\mssoapr32.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSSOAPR32 -------\Service_mssoapr32 ((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 ))))))))))))))))))))))))))))))) . 2009-10-08 12:08 . 2009-10-08 12:09 -------- d-----w- C:\USBNoRisk 2009-10-08 09:06 . 2009-10-08 09:06 -------- d-----w- C:\Diskeeper 2009-10-06 08:52 . 2009-10-06 08:52 -------- d-----w- c:\documents and settings\Zoki\DoctorWeb 2009-10-05 13:09 . 2009-10-05 13:09 -------- d-s---w- c:\documents and settings\Zoki\UserData 2009-10-02 17:48 . 2009-10-02 17:48 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb 2009-10-02 14:28 . 2009-10-02 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-01 18:36 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-10-01 18:36 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-10-01 18:36 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-10-01 18:36 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-10-01 18:36 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-10-01 18:36 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-10-01 18:36 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-10-01 18:36 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-10-01 18:35 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-30 17:05 . 2009-10-01 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-30 17:05 . 2009-09-30 17:05 -------- d-----w- c:\program files\AVG 2009-09-30 16:52 . 2009-09-30 16:52 -------- d-----w- c:\documents and settings\Zoki\Application Data\AVG8 2009-09-30 16:12 . 2009-09-30 16:12 -------- d-----w- c:\windows\ERUNT 2009-09-30 13:27 . 2009-09-30 13:27 -------- d-----w- c:\program files\Alwil Software 2009-09-30 12:29 . 2009-10-09 06:10 -------- d-----w- C:\Kamicak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-09 06:17 . 2009-02-02 11:29 -------- d-----w- c:\documents and settings\Zoki\Application Data\uTorrent 2009-10-08 09:02 . 2008-10-16 14:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-30 13:38 . 2008-10-30 16:44 -------- d-----w- c:\program files\Google 2009-09-30 12:43 . 2009-06-15 08:04 -------- d-----w- c:\program files\FDN 2009-09-30 12:42 . 2009-06-13 09:15 -------- d-----w- c:\program files\Software Informer 2009-09-29 14:00 . 2008-10-29 10:22 -------- d-----w- c:\program files\Winamp 2009-09-28 09:59 . 2009-02-17 18:37 -------- d-----w- c:\program files\Lavasoft 2009-09-28 09:42 . 2009-03-31 16:45 -------- d-----w- c:\program files\Total Video Converter 2009-09-28 09:42 . 2008-10-29 13:18 -------- d-----w- c:\program files\Tame 2009-09-28 09:40 . 2009-06-29 13:29 -------- d-----w- c:\program files\ChameleonTom for IE 2009-09-28 06:19 . 2009-02-18 07:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-26 16:56 . 2009-02-17 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-10 12:54 . 2009-02-17 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-02-17 18:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-31 06:35 . 2008-10-30 15:46 3001 --sha-w- c:\documents and settings\Zoki\ppUser.dat 2009-08-06 06:28 . 2009-07-28 15:23 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys . ((((((((((((((((((((((((((((( SnapShot@2009-10-08_12.02.12 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-30 16:21 . 2009-10-09 06:19 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat - 2009-09-30 16:21 . 2009-10-08 09:31 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat + 2009-10-09 06:18 . 2009-10-09 06:18 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat + 2009-10-09 06:19 . 2009-10-09 06:19 16384 c:\windows\Temp\Perflib_Perfdata_4cc.dat + 2009-10-09 06:19 . 2009-10-09 06:19 16384 c:\windows\Temp\Perflib_Perfdata_450.dat + 2009-10-09 06:00 . 2009-10-09 06:19 32768 c:\windows\Temp\History\History.IE5\MSHist012009100920091010\index.dat - 2009-09-30 16:21 . 2009-10-08 09:31 32768 c:\windows\Temp\History\History.IE5\index.dat + 2009-09-30 16:21 . 2009-10-09 06:19 32768 c:\windows\Temp\History\History.IE5\index.dat + 2009-09-30 16:21 . 2009-10-09 06:19 16384 c:\windows\Temp\Cookies\index.dat - 2009-09-30 16:21 . 2009-10-08 09:31 16384 c:\windows\Temp\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-27 198160] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-20 113664] TV Capture Remote Control.lnk - c:\program files\Easy\TV Capture\RemoteCtl.exe [2008-11-4 143360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] [BU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon] [BU] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mssoapr32] [BU] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\CNAB4RPK.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/02/2009 20:38 64160] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/02/2006 11:39 11264] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/10/2009 20:36 114768] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16/10/2008 16:27 13696] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/10/2009 20:36 20560] R2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [04/11/2008 18:22 266180] R2 BTTUNER;MPEG.TV, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [04/11/2008 18:32 18944] R2 BTXBAR;MPEG.TV, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [04/11/2008 18:27 13308] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [18/06/2009 15:47 12672] . . ------- Supplementary Scan ------- . uStart Page = 83.136.178.141/users/login.aspx?random=633900252707696000 IE: Download all with Free Download Manager IE: Download selected with Free Download Manager IE: Download with Free Download Manager IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm IE: Translate with Di dictionary - FF - ProfilePath - c:\documents and settings\Zoki\Application Data\Mozilla\Firefox\Profiles\ks404qre.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll . - - - - ORPHANS REMOVED - - - - BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-10-09 08:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w&a"\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%(L] @Class="Shell" [HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%(L\OpenWithList] @Class="Shell" "a"="firefox.exe" "MRUList"="a" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3908-) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\savedump.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NetLimiter 2 Pro\nlsvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\CNAB4RPK.EXE . ************************************************************************* . Completion time: 2009-10-09 8:23 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-09 06:23 ComboFix2.txt 2009-10-08 12:04 Pre-Run: 1,071,980,544 bytes free Post-Run: 972,156,928 bytes free 191 Anti-virus je bio isključen i prvi put kada sam pokrenuo USBNORISK, ali evo opet, USBNoRisk 2.5 (26 July 2009) by bobby Started at 09/10/2009 08:25:28 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {4dc3ec66-6ec5-11dd-8c29-806d6172696f} E: {4dc3ec67-6ec5-11dd-8c29-806d6172696f} G: {4dc3ec69-6ec5-11dd-8c29-806d6172696f} C: {4dc3ec6b-6ec5-11dd-8c29-806d6172696f} F: {4dc3ec6c-6ec5-11dd-8c29-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 4dc3ec6b-6ec5-11dd-8c29-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 4dc3ec66-6ec5-11dd-8c29-806d6172696f ---------------------------------------- Desktop.ini found at D:\Recycled\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No blocked files found on E: No Autorun.inf files found on E: No mountpoint found for E: No mountpoint found for 4dc3ec67-6ec5-11dd-8c29-806d6172696f ---------------------------------------- Desktop.ini found at E:\Recycled\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No blocked files found on F: No Autorun.inf files found on F: No mountpoint found for F: No mountpoint found for 4dc3ec6c-6ec5-11dd-8c29-806d6172696f No Desktop.ini files found on F: ---------------------------------------- No blocked files found on G: No Autorun.inf files found on G: No mountpoint found for G: No mountpoint found for 4dc3ec69-6ec5-11dd-8c29-806d6172696f No Desktop.ini files found on G: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 09/10/2009 08:25:38 Scanning for connected USB mass storage... ---------------------------------------- I: {ab91eca6-283a-11de-a608-00e04d1aafe2} Added I: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on I: ---------------------------------------- autorun.inf found on I: ---------------------------------------- File lock detected: USBNoRisk cannot find what locked the file Error renaming file I:\autorun.inf Content of I:\autorun.inf ---------------------------------------- ---------------------------------------- Files referenced from I:\autorun.inf ---------------------------------------- None ---------------------------------------- Sanitized mountpoint for ab91eca6-283a-11de-a608-00e04d1aafe2 ---------------------------------------- No Desktop.ini files found on I: ---------------------------------------- No mimics found on drive I: ========================================

Profil

diarno Poslao: 11 Okt 2009 22:11 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mssoapr32]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Zatim..Iskljuci TeaTimer Ubaci poslednji usb uredjaj koji si ubacio u komp prilikom proslog koriscenja usbnorisk programa Pokreni UsbNoRisk i klikni na script tab... tamo kopiraj sledece : `{ab91eca6-283a-11de-a608-00e04d1aafe2} delete:%DRIVE%autorun.inf folder_delete:%DRIVE%RECYCLER` I javi kakvo je stanje

Profil

Prdex Poslao: 12 Okt 2009 15:33 Idi na vrh
offline Prdex Novi MyCity građanin Pridružio: 04 Avg 2008 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-10-11.03 - Zoki 12/10/2009 15:14.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.1108 [GMT 2:00] Running from: c:\documents and settings\Zoki\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Zoki\Desktop\CFScript.txt AV: avast! antivirus 4.8.1356 [VPS 091011-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 ))))))))))))))))))))))))))))))) . 2009-10-10 16:09 . 2009-10-10 16:09 -------- d-----w- C:\Diskeeper 2009-10-10 16:01 . 2009-10-10 17:24 360224 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-10-10 16:01 . 2009-10-10 17:24 14624 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-10-10 15:39 . 2009-10-10 16:34 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-10-10 15:39 . 2009-10-10 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-10-10 15:39 . 2009-10-10 15:39 -------- d-----w- c:\program files\ParetoLogic 2009-10-10 15:39 . 2009-10-10 15:39 -------- d-----w- c:\documents and settings\Zoki\Local Settings\Application Data\Downloaded Installations 2009-10-10 14:27 . 2009-10-10 14:39 -------- d-----w- C:\SDFix 2009-10-08 12:08 . 2009-10-09 06:26 -------- d-----w- C:\USBNoRisk 2009-10-06 08:52 . 2009-10-06 08:52 -------- d-----w- c:\documents and settings\Zoki\DoctorWeb 2009-10-05 13:09 . 2009-10-05 13:09 -------- d-s---w- c:\documents and settings\Zoki\UserData 2009-10-02 17:48 . 2009-10-02 17:48 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb 2009-10-02 14:28 . 2009-10-02 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-01 18:36 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-10-01 18:36 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-10-01 18:36 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-10-01 18:36 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-10-01 18:36 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-10-01 18:36 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-10-01 18:36 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-10-01 18:36 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-10-01 18:35 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-30 17:05 . 2009-10-01 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-30 17:05 . 2009-09-30 17:05 -------- d-----w- c:\program files\AVG 2009-09-30 16:52 . 2009-09-30 16:52 -------- d-----w- c:\documents and settings\Zoki\Application Data\AVG8 2009-09-30 16:12 . 2009-09-30 16:12 -------- d-----w- c:\windows\ERUNT 2009-09-30 13:27 . 2009-09-30 13:27 -------- d-----w- c:\program files\Alwil Software 2009-09-30 12:29 . 2009-10-12 13:07 -------- d-----w- C:\Kamicak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-12 13:09 . 2008-12-15 09:31 -------- d-----w- c:\program files\Di recnik 2009-10-12 13:07 . 2009-02-02 11:29 -------- d-----w- c:\documents and settings\Zoki\Application Data\uTorrent 2009-10-10 17:24 . 2009-10-10 16:01 7988 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-10-10 17:24 . 2009-10-10 16:01 3488 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-10-08 09:02 . 2008-10-16 14:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-30 13:38 . 2008-10-30 16:44 -------- d-----w- c:\program files\Google 2009-09-30 12:43 . 2009-06-15 08:04 -------- d-----w- c:\program files\FDN 2009-09-30 12:42 . 2009-06-13 09:15 -------- d-----w- c:\program files\Software Informer 2009-09-29 14:00 . 2008-10-29 10:22 -------- d-----w- c:\program files\Winamp 2009-09-28 09:59 . 2009-02-17 18:37 -------- d-----w- c:\program files\Lavasoft 2009-09-28 09:42 . 2009-03-31 16:45 -------- d-----w- c:\program files\Total Video Converter 2009-09-28 09:42 . 2008-10-29 13:18 -------- d-----w- c:\program files\Tame 2009-09-28 09:40 . 2009-06-29 13:29 -------- d-----w- c:\program files\ChameleonTom for IE 2009-09-28 06:19 . 2009-02-18 07:49 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-26 16:56 . 2009-02-17 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-10 12:54 . 2009-02-17 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-02-17 18:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-31 06:35 . 2008-10-30 15:46 3001 --sha-w- c:\documents and settings\Zoki\ppUser.dat 2009-08-06 06:28 . 2009-07-28 15:23 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys . ((((((((((((((((((((((((((((( SnapShot@2009-10-08_12.02.12 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-12 13:08 . 2009-10-12 13:08 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat + 2009-10-12 13:08 . 2009-10-12 13:08 16384 c:\windows\Temp\Perflib_Perfdata_518.dat + 2009-10-10 14:30 . 2009-10-10 14:30 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat - 2009-09-30 16:12 . 2009-09-30 16:12 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2009-10-10 14:30 . 2009-10-10 14:30 606208 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-27 198160] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-20 113664] TV Capture Remote Control.lnk - c:\program files\Easy\TV Capture\RemoteCtl.exe [2008-11-4 143360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\CNAB4RPK.EXE"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/02/2009 20:38 64160] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/02/2006 11:39 11264] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/10/2009 20:36 114768] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16/10/2008 16:27 13696] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/10/2009 20:36 20560] R2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [04/11/2008 18:22 266180] R2 BTTUNER;MPEG.TV, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [04/11/2008 18:32 18944] R2 BTXBAR;MPEG.TV, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [04/11/2008 18:27 13308] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [18/06/2009 15:47 12672] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = 83.136.178.141/users/login.aspx?random=633900252707696000 IE: Download all with Free Download Manager IE: Download selected with Free Download Manager IE: Download with Free Download Manager IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm IE: Translate with Di dictionary - FF - ProfilePath - c:\documents and settings\Zoki\Application Data\Mozilla\Firefox\Profiles\ks404qre.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll . - - - - ORPHANS REMOVED - - - - BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-10-12 15:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w&a"\OpenWithList] @Class="Shell" [HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%(L] @Class="Shell" [HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%(L*\OpenWithList] @Class="Shell" "a"="firefox.exe" "MRUList"="a" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3716) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-10-12 15:21 ComboFix-quarantined-files.txt 2009-10-12 13:20 ComboFix2.txt 2009-10-08 12:04 Pre-Run: 1,111,367,680 bytes free Post-Run: 1,132,896,256 bytes free 167 Stanje nažalost ne promenjeno

Profil

diarno Poslao: 13 Okt 2009 11:03 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pazi pitanje je dal je samo malware bio kriv za taj tvoj problem sa playerom..probaj ga formatirati sa ovim programom(cini cuda veruj mi) http://www.softpedia.com/get/System/Hard-Disk-Util.....Tool.shtml

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus na Mp3 playeru

Ko je trenutno na forumu

Ukupno su 1151 korisnika na forumu :: 8 registrovanih, 2 sakrivenih i 1141 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, Bobrock1, kolle.the.kid, Lazarus, Mi lao shu, nenad81, Skywhaler, vathra

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by