Možda tražite i:
Šta je Malwarebytes Anti-Malware
Malware C:\WINDOWS\system32\wowfx.dll
Malwarebytes Anti-Malware VS MCShield

MyCity » Ambulanta -> Arhiva Ambulante » malware (cvasds0.dll) ili ko zna šta ?

malware (cvasds0.dll) ili ko zna šta ?

Napisano na dan: 25.11.2009

Strana:
1
2

malware (cvasds0.dll) ili ko zna šta ?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

posebna Poslao: 25 Nov 2009 09:29 Idi na vrh
offline posebna Elitni građanin Pridružio: 08 Jul 2007 Poruke: 2024	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 25 Nov 2009 1:02 Koristim 32-bitni Windows XP (sp3). Unazad 5-6 dana moj komp usporeno radi, pri isključenju čeka 10-15 minuta da se pojavi prozorčić za login off, povremeno se zakoči ekran i ne reaguje na klik mišem ... po sat vremena... Između ostalog, pri prijavljivanju na msn, pojavi se sledeći prozorčić: Obično kliknem na don't send i odmah me diskonektuje sa msn-a.. (Nisam sigurna da li i ovo ima veze sa prethodnim problemima, ali za svaki slučaj..) Kaspersky pri skeniranju nije nalazio ništa posebno, pa ga zamijenim Avastom, koji nađe ovu 'baju' - cvasds0.dll, čini mi se u system32.. a posle u C:\Documents and settings\Administrator\Local settings\Temp... Reinstaliran je sistem, nakon čega je par sati radio normalno, a onda odjednom nisam mogla otvoriti ni jednu od dvije particije hard diska. Poslala sam komp prijatelju koji je našao neke probleme na matičnoj ploči i uspio da ih popravi. Naravno, ponovo je instaliran sistem, skeniran avastom koji je i dalje prijavljivao cvasds0.dll na navedenoj lokaciji. Potom je instaliran KAV9, koji ne nalazi ništa. Sad više nisam sigurna da li je komp čist ili ne, za sada funkcioniše dobro, ali i dalje imam problem pri logovanju na msn. (I strahujem od mogućeg ponavljanja problema, pošto tek treba da spakujem još 35 GB datoteka koje sam spasila nakon nesmotrenog formatiranja D diska, a koje sada čekaju na sigurnom disku ) Koristim wireless konekciju, 1024. DDS (Ver_09-11-24.02) - NTFSx86 Run by xxx at 23:09:19.28 on Tue 11/24/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.432 [GMT 1:00] AV: Kaspersky Anti-Virus On-access scanning enabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\xxx\Desktop\dds.scr ============== Pseudo HJT Report =============== mWinlogon: SFCDisable=-99 (0xffffff9d) BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [cdoosoft] c:\docume~1\xxx\locals~1\temp\herss.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe" dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) uPolicies-explorer: NoWindowsUpdate = 1 (0x1) mPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab Notify: igfxcui - igfxdev.dll Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\xxx\applic~1\mozilla\firefox\profiles\e4pih3e1.default\ ============= SERVICES / DRIVERS =============== R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592] S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2009-11-24 18688] =============== Created Last 30 ================ 2009-11-24 21:53:12 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-11-24 21:53:12 215920 ----a-w- c:\windows\system32\muweb.dll 2009-11-24 21:53:12 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2009-11-24 21:06:58 18688 -c--a-w- c:\windows\system32\dllcache\cdaudio.sys 2009-11-24 21:06:58 18688 ----a-w- c:\windows\system32\drivers\cdaudio.sys 2009-11-24 21:03:35 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2009-11-24 21:03:35 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2009-11-24 21:02:53 6832 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-24 21:02:53 602144 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-24 21:02:53 1472 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-11-24 21:02:53 114720 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-11-24 21:02:53 0 d-----w- c:\program files\Kaspersky Lab 2009-11-24 21:02:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2009-11-24 21:01:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files 2009-11-24 20:38:14 116090 --sh--r- C:\ngp8l.exe 2009-11-24 20:27:48 0 d-----w- c:\documents and settings\xxx\Tracing 2009-11-24 20:14:16 0 d-----w- c:\program files\Microsoft 2009-11-24 20:13:58 0 d-----w- c:\program files\Windows Live SkyDrive 2009-11-24 20:00:16 0 d-----w- c:\program files\common files\Windows Live 2009-11-24 07:27:41 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-11-24 07:27:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-11-24 07:27:39 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-11-24 07:27:39 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-11-24 02:24:34 376 ----a-w- c:\windows\ODBC.INI 2009-11-24 02:24:28 17920 ----a-w- c:\windows\system32\mdimon.dll 2009-11-24 02:23:40 0 d-----w- c:\program files\Microsoft ActiveSync 2009-11-24 02:20:03 3218 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2009-11-24 01:58:18 0 d-----w- c:\windows\system32\wbem\Repository 2009-11-23 23:39:23 0 d-----w- c:\windows\SHELLNEW 2009-11-23 23:33:34 0 d-----w- c:\program files\Webteh 2009-11-23 23:33:34 0 d-----w- c:\docume~1\xxx\applic~1\BSplayer Pro 2009-11-23 23:33:34 0 d-----w- c:\docume~1\xxx\applic~1\BSplayer 2009-11-23 23:27:07 33576 ----a-w- c:\windows\system32\BCGPOleAcc.dll 2009-11-23 23:27:06 802816 ----a-w- c:\windows\system32\imagXRA7.dll 2009-11-23 23:27:06 497296 ----a-w- c:\windows\system32\imagXpr7.dll 2009-11-23 23:27:06 368640 ----a-w- c:\windows\system32\TwnLib4.dll 2009-11-23 23:27:06 3036456 ----a-w- c:\windows\system32\BCGCBPRO860u80.dll 2009-11-23 23:27:06 258048 ----a-w- c:\windows\system32\imagXR7.dll 2009-11-23 23:27:03 1757184 ----a-w- c:\windows\system32\imagX7.dll 2009-11-23 23:27:00 0 d-----w- c:\program files\Nero 2009-11-23 23:14:26 69632 ----a-w- c:\windows\system32\javacpl.cpl 2009-11-23 23:00:08 499712 ----a-w- c:\windows\system32\MSVCP71.dll 2009-11-23 23:00:08 348160 ----a-w- c:\windows\system32\MSVCR71.dll 2009-11-23 23:00:08 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-11-23 22:57:49 0 d-----w- c:\docume~1\xxx\applic~1\ACD Systems 2009-11-23 22:57:29 0 d-----w- c:\docume~1\alluse~1\applic~1\ACD Systems 2009-11-23 22:57:22 0 d-----w- c:\program files\common files\ACD Systems 2009-11-23 22:57:22 0 d-----w- c:\program files\ACD Systems 2009-11-23 22:51:57 0 d-----w- c:\program files\K-Lite Codec Pack 2009-11-23 22:28:37 0 d-----w- c:\program files\common files\ODBC 2009-11-23 22:28:31 0 d-----w- c:\program files\common files\SpeechEngines 2009-11-23 22:26:23 0 d-----r- c:\documents and settings\all users\Documents 2009-11-23 16:00:37 0 d-----w- c:\program files\CCleaner 2009-11-23 15:56:51 0 d-----w- c:\program files\Driver Checker 2009-11-23 15:51:27 0 d-----w- c:\docume~1\xxx\applic~1\OtakuSoftware 2009-11-23 15:49:40 0 d-----w- c:\program files\Windows7 2009-11-23 15:49:29 0 d-----w- c:\program files\RocketDock 2009-11-23 15:38:24 0 d-sh--w- c:\documents and settings\all users\DRM 2009-11-23 15:38:00 0 d--h--w- c:\program files\WindowsUpdate 2009-11-23 15:37:21 0 d-----w- c:\program files\common files\MSSoap 2009-11-23 15:35:14 0 d-----w- c:\program files\Online Services 2009-11-23 15:35:00 0 d-----w- c:\program files\Windows Media Connect 2 2009-11-23 15:34:03 0 d-----w- c:\program files\Messenger 2009-11-23 15:33:59 0 d-----w- c:\program files\MSN Gaming Zone 2009-11-23 15:33:21 0 d-----w- c:\program files\Windows NT ==================== Find3M ==================== 2009-11-24 21:48:42 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2009-11-23 22:39:58 113508 --sh--r- C:\wu1n.exe 2009-11-23 22:31:56 9715200 ----a-w- c:\windows\RTLCPL.EXE 2009-11-23 22:31:56 77824 ----a-w- c:\windows\SOUNDMAN.EXE 2009-11-23 22:31:56 5029376 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-11-23 22:31:56 17508864 ----a-w- c:\windows\RTHDCPL.EXE 2009-11-23 22:31:56 1206816 ----a-w- c:\windows\RtlUpd.exe 2009-11-23 22:31:54 2808832 ----a-w- c:\windows\ALCWZRD.EXE 2009-11-23 22:31:54 2168320 ----a-w- c:\windows\MicCal.exe 2009-11-23 22:31:53 57344 ----a-w- c:\windows\ALCMTR.EXE 2009-11-23 22:28:43 663552 ----a-w- c:\windows\system32\NETw5c32.dll 2009-11-23 22:28:43 4202496 ----a-w- c:\windows\system32\drivers\NETw5x32.sys 2009-11-23 22:28:43 2756608 ----a-w- c:\windows\system32\NETw5r32.dll 2009-11-23 22:28:13 9728 ----a-w- c:\windows\system32\RtNicProp32.dll 2009-11-23 22:28:13 124928 ----a-w- c:\windows\system32\drivers\Rtlh86.sys 2009-11-23 15:35:41 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-22 08:18:26 115372 --sh--r- C:\i9bwjpqc.exe ============= FINISH: 23:09:53.04 =============== https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png Dopuna: 25 Nov 2009 9:29 Maloprije probam da se logujem na msn, ponovo se pojavi onaj prozorčić i ja kliknem da vidim grešku. Dobijem sledeće podatke: Ponovo vidim 'magično' ime cvasds0.dll... I dalje kompjuter radi normalno, osim nemogućnosti prijavljivanja na msn.

Profil

argus Poslao: 25 Nov 2009 14:13 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

posebna Poslao: 25 Nov 2009 15:46 Idi na vrh
offline posebna Elitni građanin Pridružio: 08 Jul 2007 Poruke: 2024	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-11-24.06 - xxx 11/25/2009 15:30.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.568 [GMT 1:00] Running from: c:\documents and settings\xxx\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus On-access scanning disabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\docume~1\xxx\LOCALS~1\Temp\cvasds0.dll c:\docume~1\xxx\LOCALS~1\Temp\cvasds1.dll C:\i9bwjpqc.exe C:\wu1n.exe D:\autorun.inf D:\wu1n.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AVPsys ((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 ))))))))))))))))))))))))))))))) . 2009-11-24 21:53 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-11-24 21:53 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll 2009-11-24 21:01 . 2009-11-24 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-11-24 20:27 . 2009-11-25 14:36 -------- d-----w- c:\documents and settings\xxx\Tracing 2009-11-24 20:14 . 2009-11-24 20:14 -------- d-----w- c:\program files\Microsoft 2009-11-24 20:13 . 2009-11-24 20:13 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-24 20:13 . 2009-11-24 20:14 -------- d-----w- c:\program files\Windows Live 2009-11-24 20:00 . 2009-11-24 20:00 -------- d-----w- c:\program files\Common Files\Windows Live 2009-11-24 07:27 . 2001-08-17 05:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-11-24 07:27 . 2001-08-17 05:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-11-24 07:27 . 2008-04-13 16:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-11-24 07:27 . 2008-04-13 16:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-11-24 02:24 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll 2009-11-23 23:35 . 2009-11-23 23:35 -------- d-----r- C:\MSOCache 2009-11-23 23:34 . 2009-11-23 23:34 0 ----a-w- c:\windows\nsreg.dat 2009-11-23 23:34 . 2009-11-23 23:34 -------- d-----w- c:\documents and settings\xxx\Local Settings\Application Data\Mozilla 2009-11-23 23:33 . 2009-11-23 23:33 -------- d-----w- c:\documents and settings\xxx\Application Data\BSplayer 2009-11-23 23:33 . 2009-11-23 23:33 -------- d-----w- c:\program files\Webteh 2009-11-23 23:33 . 2009-11-23 23:33 -------- d-----w- c:\documents and settings\xxx\Application Data\BSplayer Pro 2009-11-23 23:27 . 2007-08-03 05:48 33576 ----a-w- c:\windows\system32\BCGPOleAcc.dll 2009-11-23 23:27 . 2007-08-03 05:48 3036456 ----a-w- c:\windows\system32\BCGCBPRO860u80.dll 2009-11-23 23:27 . 2006-03-17 08:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll 2009-11-23 23:27 . 2006-03-17 05:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll 2009-11-23 23:27 . 2006-03-17 05:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll 2009-11-23 23:27 . 2006-03-17 05:45 258048 ----a-w- c:\windows\system32\imagXR7.dll 2009-11-23 23:27 . 2006-03-17 05:45 1757184 ----a-w- c:\windows\system32\imagX7.dll 2009-11-23 23:27 . 2009-11-23 23:27 -------- d-----w- c:\program files\Common Files\Ahead 2009-11-23 23:27 . 2009-11-23 23:27 -------- d-----w- c:\program files\Nero 2009-11-23 23:14 . 2009-11-23 23:14 -------- d-----w- c:\program files\Java 2009-11-23 23:14 . 2009-11-23 23:14 -------- d-----w- c:\program files\Common Files\Java 2009-11-23 23:08 . 2009-11-23 23:08 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-11-23 23:07 . 2009-11-23 23:08 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-23 23:00 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-11-23 23:00 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll 2009-11-23 23:00 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll 2009-11-23 23:00 . 2009-11-23 23:00 -------- d-----w- c:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-25 14:36 . 2009-11-24 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-11-25 14:35 . 2009-11-24 21:02 8316 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-25 14:35 . 2009-11-24 21:02 792096 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-25 14:35 . 2009-11-24 21:02 2744 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-11-25 14:35 . 2009-11-24 21:02 180256 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-11-24 21:48 . 2008-01-29 17:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2009-11-24 21:48 . 2009-11-24 21:03 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2009-11-24 21:48 . 2009-11-24 21:03 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2009-11-24 21:48 . 2009-11-24 21:48 44808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll 2009-11-24 21:48 . 2009-11-24 21:48 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys 2009-11-24 21:48 . 2009-11-24 21:48 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe 2009-11-24 21:48 . 2009-11-24 21:48 213520 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP\klif.sys 2009-11-24 21:02 . 2009-11-24 21:02 -------- d-----w- c:\program files\Kaspersky Lab 2009-11-24 04:03 . 2009-11-23 15:51 59568 ----a-w- c:\documents and settings\xxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-24 02:23 . 2009-11-24 02:23 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-11-24 02:21 . 2009-11-24 02:21 -------- d-----w- c:\program files\Microsoft.NET 2009-11-24 02:20 . 2009-11-24 02:20 3218 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2009-11-24 01:56 . 2009-11-24 01:56 115770 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat 2009-11-24 01:56 . 2009-11-23 15:38 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-11-23 22:59 . 2009-11-23 22:58 -------- d-----w- c:\documents and settings\xxx\Application Data\Winamp 2009-11-23 22:58 . 2009-11-23 22:58 -------- d-----w- c:\program files\Winamp 2009-11-23 22:57 . 2009-11-23 22:57 -------- d-----w- c:\documents and settings\xxx\Application Data\ACD Systems 2009-11-23 22:57 . 2009-11-23 22:57 -------- d-----w- c:\program files\Common Files\ACD Systems 2009-11-23 22:57 . 2009-11-23 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems 2009-11-23 22:57 . 2009-11-23 22:57 -------- d-----w- c:\program files\ACD Systems 2009-11-23 22:52 . 2009-11-23 22:51 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-11-23 22:51 . 2009-11-23 22:51 -------- d-----w- c:\program files\Opera 2009-11-23 22:31 . 2009-11-23 22:31 9715200 ----a-w- c:\windows\RTLCPL.EXE 2009-11-23 22:31 . 2009-11-23 22:31 77824 ----a-w- c:\windows\SOUNDMAN.EXE 2009-11-23 22:31 . 2009-11-23 22:31 5029376 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-11-23 22:31 . 2009-11-23 22:31 1206816 ----a-w- c:\windows\RtlUpd.exe 2009-11-23 22:31 . 2009-11-23 22:31 17508864 ----a-w- c:\windows\RTHDCPL.EXE 2009-11-23 22:31 . 2009-11-23 22:31 2168320 ----a-w- c:\windows\MicCal.exe 2009-11-23 22:31 . 2009-11-23 22:31 2808832 ----a-w- c:\windows\ALCWZRD.EXE 2009-11-23 22:31 . 2009-11-23 22:31 57344 ----a-w- c:\windows\ALCMTR.EXE 2009-11-23 22:28 . 2009-11-23 22:28 663552 ----a-w- c:\windows\system32\NETw5c32.dll 2009-11-23 22:28 . 2009-11-23 22:28 4202496 ----a-w- c:\windows\system32\drivers\NETw5x32.sys 2009-11-23 22:28 . 2009-11-23 22:28 2756608 ----a-w- c:\windows\system32\NETw5r32.dll 2009-11-23 22:28 . 2009-11-23 22:28 9728 ----a-w- c:\windows\system32\RtNicProp32.dll 2009-11-23 22:28 . 2009-11-23 22:28 124928 ----a-w- c:\windows\system32\drivers\Rtlh86.sys 2009-11-23 22:28 . 2009-11-23 15:56 -------- d-----w- c:\program files\Driver Checker 2009-11-23 16:25 . 2009-11-23 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-23 16:25 . 2009-11-23 16:25 -------- d-----w- c:\program files\Common Files\InstallShield 2009-11-23 16:00 . 2009-11-23 16:00 -------- d-----w- c:\program files\CCleaner 2009-11-23 15:51 . 2009-11-23 15:51 552 ----a-w- c:\windows\system32\d3d8caps.dat 2009-11-23 15:51 . 2009-11-23 15:51 -------- d-----w- c:\documents and settings\xxx\Application Data\OtakuSoftware 2009-11-23 15:49 . 2009-11-23 15:49 -------- d-----w- c:\program files\Windows7 2009-11-23 15:49 . 2009-11-23 15:49 -------- d-----w- c:\program files\RocketDock 2009-11-23 15:40 . 2009-11-23 15:40 -------- d-----w- c:\program files\microsoft frontpage 2009-11-23 15:35 . 2009-11-23 15:35 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-23 15:35 . 2009-11-23 15:35 -------- d-----w- c:\program files\Windows Media Connect 2 . ------- Sigcheck ------- [-] 2008-04-28 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2008-04-28 . AF8ED52D2A32C7729C7F91C72B8CCB10 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\SP3QFE\kernel32.dll [-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\SP2GDR\kernel32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\SP3GDR\kernel32.dll [-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\SP2QFE\kernel32.dll [-] 2008-03-20 . 9A8D604748D9FE73B66021E5782A4A3C . 989696 . . [5.1.2600.5508] . . c:\windows\system32\kernel32.dll [-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\SP3QFE\mshtml.dll [-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\SP3GDR\mshtml.dll [-] 2008-04-28 . CC429B729FA7B5C39F26A0954D8BA0BB . 3803136 . . [7.00.5730.13] . . c:\windows\system32\mshtml.dll [-] 2008-03-20 . 1CA39C7E1423FF8821664E0E06FEA55E . 343040 . . [7.0.2600.5508] . . c:\windows\system32\msvcrt.dll [-] 2009-08-04 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntoskrnl.exe [-] 2009-08-04 . D6B537A639D623ED85B73AF3E3BE4B94 . 2180352 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntoskrnl.exe [-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntoskrnl.exe [-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntoskrnl.exe [-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe [-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe [-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe [-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe [-] 2008-04-26 . 0F733106A818383806060ABC29FE0F3A . 2306560 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe [-] 2008-03-20 . F92D8964B5286DE225BD2B6BF89764BE . 578560 . . [5.1.2600.5508] . . c:\windows\system32\user32.dll [-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\SP3GDR\wininet.dll [-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\SP3QFE\wininet.dll [-] 2008-04-28 . 88348F8C92C28BA99FE49BD392100CE0 . 920064 . . [7.00.5730.13] . . c:\windows\system32\wininet.dll [-] 2008-08-18 . 4A90F51B778FA0157F60D206E8B37D2A . 1616384 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-26 . BC298B78B311397B421D4D52B44B49EC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2008-04-28 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntkrnlpa.exe [-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntkrnlpa.exe [-] 2009-08-04 . B0BD27AA04C1B8E857C1DADEF4EF2159 . 2057728 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntkrnlpa.exe [-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntkrnlpa.exe [-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe [-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe [-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe [-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe [-] 2008-04-26 . E184A0CF10CADD2B4F5AF0A31E8627D6 . 2185216 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-28 25088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-11-24 208616] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-11-23 17508864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\xxx\Application Data\Mozilla\Firefox\Profiles\e4pih3e1.default\ . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-25 15:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1456) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(1512) c:\windows\system32\setupapi.dll - - - - - - - > 'explorer.exe'(636) c:\windows\system32\msctfime.ime c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\ieframe.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\OneX.DLL c:\windows\system32\MSVCP60.dll c:\windows\system32\eappprxy.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-11-25 15:38 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-25 14:38 Pre-Run: 29,497,044,992 bytes free Post-Run: 29,377,859,584 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - B2CEB6D0ECE89CF90F09BC8952EE170E

Profil

argus Poslao: 25 Nov 2009 18:25 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pronadji sledeci fajl: c:\windows\system32\drivers\cdaudio.sys i posalji na upload preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

posebna Poslao: 25 Nov 2009 19:31 Idi na vrh
offline posebna Elitni građanin Pridružio: 08 Jul 2007 Poruke: 2024	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovala traženi fajl.

Profil

argus Poslao: 25 Nov 2009 21:51 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moras jos jednom upload C:\qoobox\quarantine Zipuj taj folder i posalji preko istog linka

Profil

posebna Poslao: 25 Nov 2009 22:32 Idi na vrh
offline posebna Elitni građanin Pridružio: 08 Jul 2007 Poruke: 2024	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zipovala...uploadovala..

Profil

argus Poslao: 26 Nov 2009 17:44 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

posebna Poslao: 26 Nov 2009 22:00 Idi na vrh
offline posebna Elitni građanin Pridružio: 08 Jul 2007 Poruke: 2024	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 2.5 (26 July 2009) by bobby Started at 11/26/2009 9:36:00 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {f25626e0-d87d-11de-af58-806d6172696f} D: {f25626e1-d87d-11de-af58-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for f25626e0-d87d-11de-af58-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for f25626e1-d87d-11de-af58-806d6172696f No Desktop.ini files found on D: ---------------------------------------- autorun.inf found in Qoobox ---------------------------------------- Content of C:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- [AutoRun] open=ngp8l.exe shell\open\Command=ngp8l.exe ---------------------------------------- Content of C:\QooBox\Quarantine\D\autorun.inf.vir ---------------------------------------- [AutoRun] open=ngp8l.exe shell\open\Command=ngp8l.exe ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 11/26/2009 9:36:52 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6d0cda8e-dacb-11de-9177-0016d421df6b} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- [AutoRun] open=9g86.exe shell\open\Command=9g86.exe ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- F:\9g86.exe -r-hs 114987 ---------------------------------------- No mountpoint found for 6d0cda8e-dacb-11de-9177-0016d421df6b ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 11/26/2009 9:36:56 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6d0cda8e-dacb-11de-9177-0016d421df6b} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [AutoRun] open=9g86.exe shell\open\Command=9g86.exe ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- F:\9g86.exe -r-hs 114987 ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 6d0cda8e-dacb-11de-9177-0016d421df6b ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 11/26/2009 9:37:00 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6d0cda8e-dacb-11de-9177-0016d421df6b} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [AutoRun] open=9g86.exe shell\open\Command=9g86.exe ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- F:\9g86.exe -r-hs 114987 ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 6d0cda8e-dacb-11de-9177-0016d421df6b ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 11/26/2009 9:38:50 PM Scanning for connected USB mass storage... ---------------------------------------- G: {b87229fd-d882-11de-916b-0016d421df6b} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- autorun.inf found on G: ---------------------------------------- File lock detected: USBNoRisk cannot find what locked the file Error renaming file G:\autorun.inf Content of G:\autorun.inf ---------------------------------------- ---------------------------------------- Files referenced from G:\autorun.inf ---------------------------------------- None ---------------------------------------- No mountpoint found for b87229fd-d882-11de-916b-0016d421df6b ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== ======================================== Removed G: ======================================== New device connected at 11/26/2009 9:41:31 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6d0cda8f-dacb-11de-9177-0016d421df6b} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- [AutoRun] open=i9bwjpqc.exe shell\open\Command=i9bwjpqc.exe ---------------------------------------- No mountpoint found for F: Sanitized mountpoint for 6d0cda8f-dacb-11de-9177-0016d421df6b ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 11/26/2009 9:43:28 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6d0cda90-dacb-11de-9177-0016d421df6b} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 6d0cda90-dacb-11de-9177-0016d421df6b ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 11/26/2009 9:43:39 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6d0cda90-dacb-11de-9177-0016d421df6b} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 6d0cda90-dacb-11de-9177-0016d421df6b ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 11/26/2009 9:44:28 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6d0cda91-dacb-11de-9177-0016d421df6b} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 6d0cda91-dacb-11de-9177-0016d421df6b ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 11/26/2009 9:44:30 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6d0cda91-dacb-11de-9177-0016d421df6b} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 6d0cda91-dacb-11de-9177-0016d421df6b ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 11/26/2009 9:44:41 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6d0cda91-dacb-11de-9177-0016d421df6b} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 6d0cda91-dacb-11de-9177-0016d421df6b ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 11/26/2009 9:53:01 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6d0cda92-dacb-11de-9177-0016d421df6b} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 6d0cda92-dacb-11de-9177-0016d421df6b ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 11/26/2009 9:53:13 PM Scanning for connected USB mass storage... ---------------------------------------- F: {6d0cda92-dacb-11de-9177-0016d421df6b} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 6d0cda92-dacb-11de-9177-0016d421df6b ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 11/26/2009 9:53:24 PM Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== ======================================== ======================================== New device connected at 11/26/2009 9:53:57 PM Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== ======================================== ======================================== New device connected at 11/26/2009 9:54:57 PM Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== ======================================== ======================================== New device connected at 11/26/2009 9:55:19 PM Scanning for connected USB mass storage... ---------------------------------------- ======================================== New drive connected, but USBNoRisk can't find it ======================================== ======================================== ========================================

Profil

argus Poslao: 27 Nov 2009 09:38 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ajde jos jednom ponovi postupak sa USBNoRisk-om, ali ovoga puta ugasi antivirus. I postavi log

Profil

MyCity » Ambulanta -> Arhiva Ambulante » malware (cvasds0.dll) ili ko zna šta ?

Ko je trenutno na forumu

Ukupno su 1147 korisnika na forumu :: 47 registrovanih, 11 sakrivenih i 1089 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., airsuba, babaroga, bestguarder, Bobrock1, bojan_t, brundo65, CrazyDiablo, dankisha, djboj, draganca, Draganeli, draganl, ivan979, Još malo pa deda, Koridor, krkalon, kybonacci, Leonov, Lieutenant, mile23, milos.cbr, nebojsag, Nemanja.M, nemkea71, nikoladim, operniki, ozzy, pedjolino76, raptorsi, sevenino, Silvertooth, Smajser, strelac07, Tas011, Tragač, tubular, Vlad000, vladaa012, voja64, wolf431, Zimbabwe, zlatkoa987, zlaya011, Zmaj Ognjeni Vuk, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by