MyCity » Ambulanta -> Arhiva Ambulante » problema sa autoplay-om

problema sa autoplay-om

Napisano na dan: 4.6.2009

Strana:
1
2

problema sa autoplay-om

Sledeća strana

Pagination

Odgovori

Strana:
1
2

adidas Poslao: 04 Jun 2009 14:26 Idi na vrh
offline adidas Građanin Pridružio: 04 Jan 2009 Poruke: 68	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:32:33 AM, on 6/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\New Folder\TR3.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/?fr=fp-yie8 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/?fr=fp-yie8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....2036161259 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5C8A028A-97B9-47A9-9266-796D236908D2}: NameServer = 195.66.160.1 195.66.160.2 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 6902 bytes

Profil

helen1 Poslao: 04 Jun 2009 14:29 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop: Bleeping Computer . . . . . Geeks to Go! Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

adidas Poslao: 04 Jun 2009 18:02 Idi na vrh
offline adidas Građanin Pridružio: 04 Jan 2009 Poruke: 68	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-06-03.04 - Nermin Skretovic 06/04/2009 17:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.456 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090603-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AVPsys ((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 ))))))))))))))))))))))))))))))) . 2009-05-27 02:17 . 2009-05-27 02:17 -------- d-----w- c:\program files\ASUS 2009-05-07 22:36 . 2009-05-07 22:36 -------- d-----w- c:\program files\Alcohol Soft 2009-05-07 22:34 . 2009-05-07 22:34 721904 ----a-w- c:\windows\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-04 13:21 . 2009-01-10 13:22 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-04 13:21 . 2009-01-14 23:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-02 21:24 . 2009-01-22 12:30 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\uTorrent 2009-05-17 01:28 . 2009-01-19 17:04 -------- d-----w- c:\program files\Winamp 2009-05-04 20:47 . 2009-05-04 20:47 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\funkitron 2009-04-28 13:04 . 2009-03-06 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-04-26 13:52 . 2009-04-26 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-04-26 13:52 . 2009-01-15 19:49 -------- d-----w- c:\program files\Yahoo! 2009-04-26 13:52 . 2009-04-26 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-04-23 16:24 . 2009-04-23 16:20 -------- d-----w- c:\program files\Autorun Eater 2009-04-15 12:01 . 2009-04-15 12:01 -------- d-----w- c:\program files\Trymedia 2009-04-14 14:33 . 2009-04-14 14:33 -------- d-----w- c:\program files\FreeRouletteBot V1.2 2009-04-05 18:19 . 2009-04-05 18:19 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Samsung 2009-04-05 18:13 . 2009-04-05 18:13 -------- d-----w- c:\program files\Samsung 2009-04-05 18:13 . 2009-01-20 19:42 -------- d-----w- c:\program files\Common Files\InstallShield 2009-03-08 02:34 . 2008-04-14 15:00 914944 ----a-w- c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2008-04-14 15:00 43008 ----a-w- c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2008-04-14 15:00 18944 ----a-w- c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2008-04-14 15:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2008-04-14 15:00 72704 ----a-w- c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2008-04-14 15:00 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2008-04-14 15:00 34816 ----a-w- c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2008-04-14 15:00 48128 ----a-w- c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2008-04-14 15:00 45568 ----a-w- c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2008-04-14 15:00 156160 ----a-w- c:\windows\system32\msls31.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Program Files\\New Folder\\hl.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/10/2009 3:19 PM 114768] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 1:07 PM 61424] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/10/2009 3:19 PM 20560] S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [1/15/2009 9:35 PM 201728] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-06-04 c:\windows\Tasks\User_Feed_Synchronization-{B462D850-4F4E-4A18-B8EB-C219D7BEFC01}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . - - - - ORPHANS REMOVED - - - - SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\docume~1\ADMINI~1\APPLIC~1\Mozilla\Firefox\Profiles\tuo17agk.default\ . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-04 17:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-515967899-1972579041-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,25,5e,63,e9,14,5b,44,ae,84,b9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,25,5e,63,e9,14,5b,44,ae,84,b9,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(816) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3836) c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\ATK0100\ATKOSD.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\windows\system32\wdfmgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Alwil Software\Avast4\Setup\avast.setup . ************************************************************************ . Completion time: 2009-06-04 18:01 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-04 16:01 Pre-Run: 13,814,710,272 bytes free Post-Run: 13,877,612,544 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 162 --- E O F --- 2009-01-29 01:23

Profil

helen1 Poslao: 04 Jun 2009 18:07 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

adidas Poslao: 04 Jun 2009 19:56 Idi na vrh
offline adidas Građanin Pridružio: 04 Jan 2009 Poruke: 68	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 04 Jun 2009 19:55 USBNoRisk 2.4 (1 June 2009) by bobby Started at 6/4/2009 7:53:20 PM Searching for connected USB Mass storage... ---------------------------------------- F: {ac94f08f-5121-11de-85ab-0015af4584bd} ======================================== Searching for other storage... ---------------------------------------- C: {7bd0ba0f-df18-11dd-a84b-806d6172696f} D: {7bd0ba10-df18-11dd-a84b-806d6172696f} ======================================== Scanning removable storage... ---------------------------------------- No blocked files found on F: autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- [AutoRun] open=AdobeR.exe e shellexecute=AdobeR.exe e shell\Auto\command=AdobeR.exe e shell=Auto ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- F:\AdobeR.exe ---hs 3514318 ---------------------------------------- Sanitized mountpoint for ac94f08f-5121-11de-85ab-0015af4584bd No Desktop.ini files found on F: No mimics found on drive F: ---------------------------------------- Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 7bd0ba0f-df18-11dd-a84b-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 7bd0ba10-df18-11dd-a84b-806d6172696f No Desktop.ini files found on D: ---------------------------------------- autorun.inf found in Qoobox ---------------------------------------- Content of C:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- [AutoRun] open=2a.exe shell\open\Command=2a.exe ---------------------------------------- ======================================== Initial scan finished! ======================================== ======================================== Removed F: ======================================== New device connected at 6/4/2009 7:55:07 PM Scanning for connected USB mass storage... ---------------------------------------- F: {ac94f08f-5121-11de-85ab-0015af4584bd} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [AutoRun] open=AdobeR.exe e shellexecute=AdobeR.exe e shell\Auto\command=AdobeR.exe e shell=Auto ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- F:\AdobeR.exe ---hs 3514318 ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for ac94f08f-5121-11de-85ab-0015af4584bd ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== Dopuna: 04 Jun 2009 19:56 imam jos jednu flesku pa cu i za nju uraditi ovo isto ali ona trenutno sada nije pri meni...

Profil

helen1 Poslao: 04 Jun 2009 22:13 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokrenuces ponovo program USBNoRisk: ici ces na karticu gde pise Script i kopiraces sledece: `{ac94f08f-5121-11de-85ab-0015af4584bd} f_delete: %DRIVE%AdobeR.exe delete_blocked:` potom klikni opciju Run Script i ubodi flash u USB port i postavices nam novi log.

Profil

adidas Poslao: 04 Jun 2009 22:52 Idi na vrh
offline adidas Građanin Pridružio: 04 Jan 2009 Poruke: 68	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 2.4 (1 June 2009) by bobby Started at 6/4/2009 10:51:32 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {7bd0ba0f-df18-11dd-a84b-806d6172696f} D: {7bd0ba10-df18-11dd-a84b-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 7bd0ba0f-df18-11dd-a84b-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 7bd0ba10-df18-11dd-a84b-806d6172696f No Desktop.ini files found on D: ---------------------------------------- autorun.inf found in Qoobox ---------------------------------------- Content of C:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- [AutoRun] open=2a.exe shell\open\Command=2a.exe ---------------------------------------- ======================================== Initial scan finished! ======================================== Processing script ---------------------------------------- New device connected at 6/4/2009 10:52:06 PM Scanning for connected USB mass storage... ---------------------------------------- F: {ac94f08f-5121-11de-85ab-0015af4584bd} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [AutoRun] open=AdobeR.exe e shellexecute=AdobeR.exe e shell\Auto\command=AdobeR.exe e shell=Auto ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- F:\AdobeR.exe ---hs 3514318 ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for ac94f08f-5121-11de-85ab-0015af4584bd ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- ac94f08f-5121-11de-85ab-0015af4584bd Drive letter for GUID: F: SectionStart = 0 SectionEnd = 2 f_delete: file "F:\AdobeR.exe" deleted successfully ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: F:\autorun.inf.blocked > Done! ---------------------------------------- ======================================== Scan finished! ========================================

Profil

helen1 Poslao: 04 Jun 2009 23:35 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\2a.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

adidas Poslao: 05 Jun 2009 02:58 Idi na vrh
offline adidas Građanin Pridružio: 04 Jan 2009 Poruke: 68	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-06-03.04 - Nermin Skretovic 06/05/2009 2:55.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.539 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090604-0] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "C:\2a.exe" . ((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 ))))))))))))))))))))))))))))))) . 2009-06-05 00:47 . 2009-06-05 00:47 -------- d-----w- c:\windows\Sun 2009-06-05 00:01 . 2003-02-26 20:27 36864 ----a-w- c:\windows\system32\wbsys.dll 2009-06-05 00:01 . 2009-06-05 00:01 -------- d-----w- c:\program files\Stardock 2009-06-04 21:33 . 2009-06-04 21:53 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\LimeWire 2009-06-04 21:29 . 2009-06-04 21:29 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-04 21:29 . 2009-06-04 21:29 -------- d-----w- c:\program files\Java 2009-06-04 17:51 . 2009-06-04 20:52 -------- d-----w- C:\USBNoRisk 2009-06-04 16:14 . 2009-06-04 16:14 -------- d-----w- c:\program files\YouTube Downloader 2009-05-27 02:17 . 2009-05-27 02:17 -------- d-----w- c:\program files\ASUS 2009-05-07 22:36 . 2009-05-07 22:36 -------- d-----w- c:\program files\Alcohol Soft 2009-05-07 22:34 . 2009-05-07 22:34 721904 ----a-w- c:\windows\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-05 00:38 . 2009-01-22 12:30 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\uTorrent 2009-06-05 00:38 . 2009-02-06 18:38 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-06-05 00:37 . 2009-01-14 23:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-04 13:21 . 2009-01-10 13:22 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-17 01:28 . 2009-01-19 17:04 -------- d-----w- c:\program files\Winamp 2009-05-04 20:47 . 2009-05-04 20:47 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\funkitron 2009-04-28 13:04 . 2009-03-06 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-04-26 13:52 . 2009-04-26 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-04-26 13:52 . 2009-01-15 19:49 -------- d-----w- c:\program files\Yahoo! 2009-04-26 13:52 . 2009-04-26 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-04-23 16:24 . 2009-04-23 16:20 -------- d-----w- c:\program files\Autorun Eater 2009-04-15 12:01 . 2009-04-15 12:01 -------- d-----w- c:\program files\Trymedia 2009-04-14 14:33 . 2009-04-14 14:33 -------- d-----w- c:\program files\FreeRouletteBot V1.2 2009-03-08 02:34 . 2008-04-14 15:00 914944 ----a-w- c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2008-04-14 15:00 43008 ----a-w- c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2008-04-14 15:00 18944 ----a-w- c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2008-04-14 15:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2008-04-14 15:00 72704 ----a-w- c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2008-04-14 15:00 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2008-04-14 15:00 34816 ----a-w- c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2008-04-14 15:00 48128 ----a-w- c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2008-04-14 15:00 45568 ----a-w- c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2008-04-14 15:00 156160 ----a-w- c:\windows\system32\msls31.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-04_15.59.49 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-05 00:40 . 2009-06-05 00:40 16384 c:\windows\Temp\Perflib_Perfdata_660.dat + 2009-06-05 00:40 . 2009-06-05 00:40 16384 c:\windows\Temp\Perflib_Perfdata_534.dat + 2009-06-05 00:40 . 2009-06-05 00:40 16384 c:\windows\Temp\Perflib_Perfdata_310.dat + 2009-02-06 18:38 . 2009-06-05 00:38 2560 c:\windows\_MSRSTRT.EXE - 2009-02-06 18:38 . 2009-02-06 18:38 2560 c:\windows\_MSRSTRT.EXE + 2009-06-04 21:29 . 2009-06-04 21:29 148888 c:\windows\system32\javaws.exe + 2009-06-04 21:29 . 2009-06-04 21:29 144792 c:\windows\system32\javaw.exe + 2009-06-04 21:29 . 2009-06-04 21:29 144792 c:\windows\system32\java.exe + 2004-06-17 00:32 . 2004-06-17 00:32 372736 c:\windows\Resources\Themes\Royale\Shell\NormalColor\ShellStyle.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Program Files\\New Folder\\hl.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/10/2009 3:19 PM 114768] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [5/15/2008 1:07 PM 61424] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/10/2009 3:19 PM 20560] S3 HSFHWCD2;HSFHWCD2;c:\windows\system32\drivers\HSFHWCD2.sys [1/15/2009 9:35 PM 201728] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-06-04 c:\windows\Tasks\User_Feed_Synchronization-{B462D850-4F4E-4A18-B8EB-C219D7BEFC01}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\docume~1\ADMINI~1\APPLIC~1\Mozilla\Firefox\Profiles\tuo17agk.default\ . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-06-05 02:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-515967899-1972579041-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,25,5e,63,e9,14,5b,44,ae,84,b9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,25,5e,63,e9,14,5b,44,ae,84,b9,\ [HKEY_USERS\S-1-5-21-515967899-1972579041-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(808-) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1560) c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2009-06-05 2:57 ComboFix-quarantined-files.txt 2009-06-05 00:57 ComboFix2.txt 2009-06-04 16:01 Pre-Run: 13,037,125,632 bytes free Post-Run: 13,041,029,120 bytes free 149 --- E O F --- 2009-01-29 01:23

Profil

helen1 Poslao: 05 Jun 2009 08:46 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imas li sada neke probleme?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problema sa autoplay-om

Ko je trenutno na forumu

Ukupno su 908 korisnika na forumu :: 19 registrovanih, 6 sakrivenih i 883 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, bojcistv, bokisha253, djboj, FileFinder, Gerila015, grenadir, Haris, HogarStrashni, Krusarac, kybonacci, Marko Marković, mercedesamg, Sir Budimir, SlaKoj, TalicniTom, vathra, wizzardone, Zerajic

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by