flesh problem

1

flesh problem

offline
  • Pridružio: 26 Dec 2007
  • Poruke: 97

imam problem sa fleshom(pozajmio od drugara:(...) na njemu ima samo autorun koji ne mogu da izbrisem i pokazuje da ima 1.4g a fles je inace od 4g nasao je avast neke viruse: autorun.inf,curice.exe,klizavi.exe,recycler.exe,sta god sam imao na fleshu on je ubacio viruse (na drugom kompu sam to pokupio)!
ne mogu da snimam na flesh,ne mogu da ga formatiram sta da radim?


pentium 4 cpu3.ooghz
1.5g ram
windows xp professional ver.2002 service pack 3
dial ap

DDS (Ver_09-12-01.01) - NTFSx86
Run by dragan at 22:01:52.62 on Sun 12/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.677 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\dragan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
mWinlogon: Taskman=c:\recycler\s-1-5-21-1021014418-0590927759-270325044-3174\nissan.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [msnsc] c:\windows\system32\msnsc.exe
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\dragan\startm~1\programs\startup\pravoslavac 2009.lnk - c:\program files\pravoslavac\Pravoslavac.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
TCP: {DD6AF472-B2B5-4706-9561-CB42AE877254} = 87.250.33.21 87.250.33.22
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dragan\applic~1\mozilla\firefox\profiles\ba8vjz76.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-4 114768]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 81688]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [2009-12-6 201960]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-4 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-4 138680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-9 54752]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-4 352920]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1ca6a72d33c7090;Google Update Service (gupdate1ca6a72d33c7090);c:\program files\google\update\GoogleUpdate.exe [2009-11-21 133104]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-6 1684736]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-12-25 15:35:34 2974810112 ----a-w- C:\fifa.iso
2009-12-23 13:55:00 0 d-sh--w- c:\documents and settings\dragan\IECompatCache
2009-12-20 14:09:07 0 d-----w- c:\program files\EA SPORTS
2009-12-15 14:08:07 0 d-----w- c:\program files\Pocket Tanks Deluxe
2009-12-12 22:16:04 0 d--h--r- C:\AHCache
2009-12-08 15:34:02 0 d-----w- c:\docume~1\dragan\applic~1\Real Desktop
2009-12-08 15:33:57 0 d-----w- c:\program files\Real Desktop
2009-12-08 15:29:14 0 d-----w- c:\docume~1\dragan\applic~1\Locktime
2009-12-08 15:06:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Locktime
2009-12-08 15:06:45 0 d-----w- c:\program files\NetLimiter 2 Monitor
2009-12-06 09:58:40 38 ----a-w- c:\windows\system32\defragboot.ini
2009-12-06 09:58:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Systweak
2009-12-06 09:57:10 0 d-----w- c:\docume~1\dragan\applic~1\Systweak
2009-12-06 09:56:33 17136 ----a-w- c:\windows\system32\sasnative32.exe
2009-12-06 09:56:33 0 d-----w- c:\docume~1\alluse~1\applic~1\MyDefrag
2009-12-06 09:56:22 0 d-----w- c:\program files\Advanced System Optimizer 3
2009-12-06 09:41:25 0 d-----w- c:\program files\NCH Software
2009-12-06 01:12:37 352256 ----a-w- c:\windows\vncutil.exe
2009-12-06 01:12:36 41984 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-06 01:12:36 122880 ----a-w- c:\windows\RtkAudioService.exe
2009-12-06 01:12:35 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-12-06 01:12:33 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-12-06 01:12:32 0 d-----w- c:\program files\Realtek
2009-12-06 01:12:16 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-12-04 21:36:14 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-04 21:31:54 0 d-----w- C:\ATI
2009-12-01 20:32:00 0 d-----w- c:\program files\Activision
2009-11-28 22:45:01 0 d-----w- c:\program files\THQ
2009-11-28 21:07:10 0 ----a-w- C:\1909
2009-11-28 19:10:41 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-28 19:10:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-28 19:10:38 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-28 19:10:38 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-28 19:10:36 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-28 19:10:36 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-28 19:10:34 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

==================== Find3M ====================

2009-12-15 15:21:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-26 23:29:00 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-11-03 11:39:04 5940736 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-02 10:53:30 18782720 ----a-w- c:\windows\RTHDCPL.EXE
2009-10-24 12:56:31 418480 -c--a-w- c:\windows\system32\wrap_oal.dll
2009-10-24 12:56:31 115432 -c--a-w- c:\windows\system32\OpenAL32.dll
2009-10-06 17:40:01 139152 -c--a-w- c:\docume~1\dragan\applic~1\PnkBstrK.sys
2009-10-06 17:39:54 111928 -c--a-w- c:\windows\system32\PnkBstrB.exe
2009-10-06 17:39:46 794408 -c--a-w- c:\windows\system32\pbsvc.exe
2009-10-06 17:39:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-30 04:18:22 3565056 ----a-w- c:\windows\system32\dllcache\ati2mtag.sys
2009-09-30 02:20:58 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-30 02:19:56 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-30 02:10:52 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-30 02:10:36 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-30 02:10:24 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-30 02:10:16 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-30 02:10:02 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-30 02:08:50 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-30 02:08:48 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-30 02:07:30 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-30 02:07:08 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-30 02:00:06 3818272 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-30 01:47:22 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-30 01:46:56 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-09-30 01:34:06 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-30 01:30:32 475136 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-30 01:28:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-30 01:28:36 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-30 01:27:54 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-30 01:27:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-30 01:26:52 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-30 01:26:04 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-30 01:22:42 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2009-09-29 20:15:00 593920 ------w- c:\windows\system32\ati2sgag.exe

============= FINISH: 22:02:32.45 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav...

Napomena: Nemoj priključivati usb memorijske uređaje dok god ti ne budem rekao da ih priključiš.


Isprati sledeće uputstvo...


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 26 Dec 2007
  • Poruke: 97

Napisano: 28 Dec 2009 2:18

ComboFix 09-12-26.05 - dragan 12/28/2009 1:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.911 [GMT 1:00]
Running from: c:\documents and settings\dragan\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\recycler\S-1-5-21-1021014418-0590927759-270325044-3174
c:\recycler\S-1-5-21-3404941617-8258411286-255512666-4089
c:\recycler\S-1-5-21-4608540425-3293630619-475748746-9565
c:\recycler\S-1-5-21-6880283687-1465265892-459987151-5026
c:\recycler\S-1-5-21-7849976882-6472749022-611194407-1219
c:\recycler\S-1-5-21-8365874735-6851995393-907373698-2981

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.

2009-12-23 13:55 . 2009-12-23 13:55 -------- d-sh--w- c:\documents and settings\dragan\IECompatCache
2009-12-20 14:09 . 2009-12-20 14:09 -------- d-----w- c:\program files\EA SPORTS
2009-12-15 14:08 . 2009-12-15 14:08 -------- d-----w- c:\program files\Pocket Tanks Deluxe
2009-12-12 22:16 . 2009-12-12 22:16 -------- d-----r- C:\AHCache
2009-12-10 23:01 . 2009-12-10 23:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-08 15:34 . 2009-12-08 15:34 -------- d-----w- c:\documents and settings\dragan\Application Data\Real Desktop
2009-12-08 15:33 . 2009-12-08 15:33 -------- d-----w- c:\program files\Real Desktop
2009-12-08 15:29 . 2009-12-08 15:29 -------- d-----w- c:\documents and settings\dragan\Application Data\Locktime
2009-12-08 15:10 . 2009-12-08 15:10 -------- d-----w- c:\program files\Opera
2009-12-08 15:06 . 2009-12-08 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Locktime
2009-12-08 15:06 . 2009-12-08 15:06 -------- d-----w- c:\program files\NetLimiter 2 Monitor
2009-12-06 09:58 . 2009-12-06 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2009-12-06 09:57 . 2009-12-06 09:57 -------- d-----w- c:\documents and settings\dragan\Application Data\Systweak
2009-12-06 09:56 . 2009-12-06 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MyDefrag
2009-12-06 09:56 . 2009-08-19 15:49 17136 ----a-w- c:\windows\system32\sasnative32.exe
2009-12-06 09:56 . 2009-12-06 09:58 -------- d-----w- c:\program files\Advanced System Optimizer 3
2009-12-06 09:41 . 2009-12-06 09:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-12-06 09:41 . 2009-12-06 09:41 -------- d-----w- c:\program files\NCH Software
2009-12-06 01:12 . 2009-10-08 06:24 352256 ----a-w- c:\windows\vncutil.exe
2009-12-06 01:12 . 2009-10-23 10:53 41984 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-06 01:12 . 2009-03-17 06:07 122880 ----a-w- c:\windows\RtkAudioService.exe
2009-12-06 01:12 . 2006-01-04 07:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2009-12-06 01:12 . 2008-08-05 12:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2009-12-06 01:12 . 2009-12-06 01:12 -------- d-----w- c:\program files\Realtek
2009-12-06 01:12 . 2009-11-02 05:48 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-12-04 21:37 . 2009-12-04 21:37 -------- d-----w- c:\documents and settings\dragan\Local Settings\Application Data\ATI
2009-12-04 21:37 . 2009-12-04 21:37 -------- d-----w- c:\documents and settings\dragan\Application Data\ATI
2009-12-04 21:37 . 2009-12-04 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-12-04 21:36 . 2009-12-04 21:36 0 ----a-w- c:\windows\ativpsrm.bin
2009-12-04 21:31 . 2009-12-04 21:31 -------- d-----w- C:\ATI
2009-12-01 20:32 . 2009-12-01 20:32 -------- d-----w- c:\program files\Activision
2009-11-28 22:45 . 2009-12-04 21:27 -------- d-----w- c:\program files\THQ
2009-11-28 19:10 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-28 19:10 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-28 19:10 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-28 19:10 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-28 19:10 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-28 19:10 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-28 19:10 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 00:45 . 2009-11-26 23:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-25 18:22 . 2009-06-03 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-25 16:28 . 2009-08-30 22:12 -------- d-----w- c:\documents and settings\dragan\Application Data\AIMP
2009-12-25 16:24 . 2009-08-31 10:03 -------- d-----w- c:\program files\Opera 10 Beta
2009-12-15 16:44 . 2009-06-18 14:47 -------- d-----w- c:\documents and settings\dragan\Application Data\DAEMON Tools Lite
2009-12-15 16:42 . 2009-06-18 14:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-15 15:21 . 2009-06-18 14:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-15 15:21 . 2009-05-04 10:08 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-15 15:20 . 2009-06-18 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-08 15:14 . 2009-07-25 13:39 -------- d-----w- c:\documents and settings\dragan\Application Data\Winamp
2009-12-08 15:12 . 2009-07-25 13:39 -------- d-----w- c:\program files\Winamp
2009-12-06 16:58 . 2009-05-04 10:06 -------- d-----w- c:\program files\AIMP2
2009-12-06 10:00 . 2009-08-31 09:36 -------- d-----w- c:\documents and settings\dragan\Application Data\FreshDiagnose
2009-12-06 01:12 . 2009-05-04 01:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-04 21:35 . 2009-05-04 01:18 -------- d-----w- c:\program files\ATI Technologies
2009-12-02 22:26 . 2009-11-22 22:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-02 16:24 . 2009-05-09 15:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-28 19:58 . 2009-06-05 15:33 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-26 23:47 . 2009-05-04 01:14 -------- d-----w- c:\program files\QuickTime Alternative
2009-11-26 23:47 . 2009-11-26 23:47 -------- d-----w- c:\program files\Common Files\Apple
2009-11-26 23:47 . 2009-11-26 23:47 -------- d-----w- c:\program files\Apple Software Update
2009-11-26 23:47 . 2009-11-26 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-26 23:30 . 2009-11-26 23:28 -------- d-----w- c:\program files\DAP
2009-11-26 23:29 . 2009-11-26 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-11-26 23:29 . 2009-11-26 23:29 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-11-24 23:54 . 2009-05-04 09:39 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-05-04 09:40 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-05-04 09:40 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-05-04 09:40 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-05-04 09:40 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-04 09:40 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-04 09:40 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-04 09:40 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-05-04 09:40 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 22:43 . 2009-11-22 22:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-22 16:53 . 2009-10-10 11:33 -------- d-----w- c:\documents and settings\dragan\Application Data\IObit
2009-11-21 09:22 . 2009-09-29 14:35 -------- d-----w- c:\program files\Google
2009-11-21 06:41 . 2009-11-21 06:41 -------- d-----w- c:\program files\Lavalys
2009-11-21 06:03 . 2009-11-21 06:01 -------- d-----w- c:\documents and settings\dragan\Application Data\WeatherPulse
2009-11-14 08:15 . 2009-08-30 22:23 -------- d-----w- c:\program files\Codebox
2009-11-14 07:22 . 2009-05-21 19:03 -------- d-----w- c:\program files\Ubisoft
2009-11-08 16:30 . 2009-05-09 15:27 -------- d-----w- c:\documents and settings\dragan\Application Data\InstallShield
2009-11-03 11:39 . 2009-05-04 01:23 5940736 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-02 10:53 . 2009-05-04 01:23 18782720 ----a-w- c:\windows\RTHDCPL.EXE
2009-10-30 11:10 . 2009-10-30 11:10 1183176 ----a-w- c:\documents and settings\dragan\Application Data\Mozilla\Firefox\Profiles\ba8vjz76.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-10-24 12:56 . 2009-09-06 19:09 418480 -c--a-w- c:\windows\system32\wrap_oal.dll
2009-10-24 12:56 . 2009-09-06 19:09 115432 -c--a-w- c:\windows\system32\OpenAL32.dll
2009-10-06 17:40 . 2009-10-06 17:40 139152 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-06 17:40 . 2009-10-06 17:40 139152 -c--a-w- c:\documents and settings\dragan\Application Data\PnkBstrK.sys
2009-10-06 17:40 . 2009-10-06 17:40 139152 -c--a-w- c:\documents and settings\dragan\Application Data\PnkBstrK.sys
2009-10-06 17:39 . 2009-10-06 17:39 111928 -c--a-w- c:\windows\system32\PnkBstrB.exe
2009-10-06 17:39 . 2009-10-06 17:39 794408 -c--a-w- c:\windows\system32\pbsvc.exe
2009-10-06 17:39 . 2009-10-06 17:39 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-30 04:18 . 2009-05-04 01:57 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-09-30 02:20 . 2007-08-22 02:09 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-30 02:19 . 2009-05-04 01:56 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-30 02:10 . 2009-05-04 01:57 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-30 02:10 . 2009-05-04 01:57 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-30 02:10 . 2009-05-04 01:57 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-30 02:10 . 2009-05-04 01:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-30 02:10 . 2009-05-04 01:56 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-30 02:08 . 2009-05-04 01:57 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-30 02:08 . 2009-05-04 01:56 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-30 02:07 . 2009-05-04 01:56 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-30 02:07 . 2009-05-04 01:56 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-30 02:00 . 2009-05-04 01:56 3818272 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-30 01:47 . 2009-05-04 01:57 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-30 01:46 . 2007-08-22 01:35 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-09-30 01:34 . 2009-09-30 01:34 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-30 01:30 . 2009-05-04 01:56 475136 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-30 01:28 . 2009-09-30 01:28 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-30 01:28 . 2009-05-04 01:57 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-30 01:27 . 2009-05-04 01:56 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-09-30 01:27 . 2009-09-30 01:27 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-30 01:27 . 2009-09-30 01:27 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-30 01:26 . 2007-08-22 01:15 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-30 01:26 . 2009-09-30 01:26 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-30 01:22 . 2009-05-04 01:56 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2009-09-29 20:15 . 2009-05-11 11:01 593920 ------w- c:\windows\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-28 344064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\dragan\Start Menu\Programs\Startup\
Pravoslavac 2009.lnk - c:\program files\Pravoslavac\Pravoslavac.exe [2009-5-4 1547746]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/4/2009 10:40 AM 114768]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [4/23/2007 5:08 PM 81688]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [12/6/2009 10:56 AM 201960]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2009 10:40 AM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10/9/2009 11:07 PM 54752]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/4/2009 11:08 AM 691696]
S2 gupdate1ca6a72d33c7090;Google Update Service (gupdate1ca6a72d33c7090);c:\program files\Google\Update\GoogleUpdate.exe [11/21/2009 7:21 AM 133104]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/6/2009 2:12 AM 1684736]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
.
------- Supplementary Scan -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\dragan\Application Data\Mozilla\Firefox\Profiles\ba8vjz76.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-msnsc - c:\windows\system32\msnsc.exe
AddRemove-LifeGlobe Sharks, Terrors of the Deep_is1 - c:\program files\Prolific Publishing



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-12-28 01:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-796845957-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7e,d4,ce,4a,0b,01,a2,46,ee,69,8d,96,34,0b,65,6d,fb,29,52,36,f9,83,47,
4e,8a,74,01,68,02,d9,c8,77,32,f4,a7,bd,da,36,bf,02,ca,31,e0,45,ec,c1,39,97,\
"??"=hex:8a,e2,b0,b3,90,b9,b2,59,df,4c,b4,5f,ea,17,d5,b7

[HKEY_USERS\S-1-5-21-448539723-796845957-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:81,4a,29,81,cf,e5,aa,e0,14,9b,4b,1f,ff,9d,d7,37,4e,e6,15,40,5b,
55,13,57,28,82,68,c5,81,77,9e,f3,67,60,62,e7,cd,97,39,1d,5a,3c,89,ae,ef,e8,\
"rkeysecu"=hex:fb,05,da,b0,a2,1d,a6,52,e3,1e,94,ec,2a,54,19,2f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768-)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-28 01:54:57
ComboFix-quarantined-files.txt 2009-12-28 00:54

Pre-Run: 38,906,216,448 bytes free
Post-Run: 38,869,495,808 bytes free

- - End Of File - - 38CD313E5DEF98CDA13B5CC8D942251D

Dopuna: 28 Dec 2009 16:09

pozz
sta dalje?

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Korak 1.


Preuzmi reg file na Desktop sa dole navedenog linka i pokreni ga dvoklikom na ikonicu.

Kada se pojavi MsgBox klikni na Yes pa na drugom MsgBox_u koji se pojavi klikni na Ok.

Arrow https://www.mycity.rs/must-login.png



Korak 2.


- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 26 Dec 2007
  • Poruke: 97

pa imam dva flsha,jedan koji je zarezen i drugi(koje do sada nisam ubacivao)
telefon sa usb kablom koji nisam koristio skoro,i demon tools virtuelni drajv--ako i to spada u to.
ili samo ovaj zarazeni?
e sad,znaci svaki od ovih uredjaja u svaki usb ulaz(slot) ili je ne bitno?
pozz

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Ubaci samo onaj zaraženi ukoliko nećeš da proveriš i ostale da li su zaraženi.

Da pojasnim uputstvo.

Pokreneš USBNoRisk i sačekaš desetak sekundi, zatim priključiš usb uređaj i opet sačekaš deset sekundi.

Izvadiš taj usb uređaj, priključiš drugi i opet sačekaš deset sekundi...pa treći....itd.

Ukoliko ćeš proveravati više uređaja zapamti/zapiši redosled po kom si ih priključivao da bih ja mogao da ti dam dalja uputstva.

Kada odradiš ovaj deo posla, desni klik mišem u beli okvir prozora i odaberi opciju Save log.

Otvoriće ti se Notepad i taj tekst koji bude u njemu iskopiraj ovde u poruci.

offline
  • Pridružio: 26 Dec 2007
  • Poruke: 97

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 12/29/2009 12:42:21 AM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {ae9a5e84-384a-11de-bd56-806d6172696f}
D: {ae9a5e85-384a-11de-bd56-806d6172696f}
E: {ae9a5e86-384a-11de-bd56-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for ae9a5e84-384a-11de-bd56-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for ae9a5e85-384a-11de-bd56-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for ae9a5e86-384a-11de-bd56-806d6172696f
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 12/29/2009 12:42:43 AM

Scanning for connected USB mass storage...
----------------------------------------
H: {d6d2c7ce-384d-11de-a624-0016e66f64ac}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for d6d2c7ce-384d-11de-a624-0016e66f64ac
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
========================================

========================================
Removed H:
========================================


New device connected at 12/29/2009 12:43:16 AM

Scanning for connected USB mass storage...
----------------------------------------
H: {bb2a70ca-d04c-11de-a772-0016e66f64ac}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File H:\autorun.inf renamed successfully

Content of H:\autorun.inf.blocked
----------------------------------------
;aØ??ëÁ?á???[t??f??ÁVMm???à?_????Úü?ðèòÈúI?J?x?
[autorun
;sà?sg?Â_??gìxâþÍ??
open=KLIZAVI/sapun.exe
;b??è?s??g????:ý?)vÌ?x?m?X?E?O?üe,~?bFmw??é?O?W?Y??xo??ç???tä)&??`J??bNy?ÁwEd??À#}?ÓIOr?ñ??ìéÌ???OÖBwe??À???È??Ã]?àð&?üë?ÜÝ^Ý<?
icon=%SystemRoot%\system32\SHELL32.dll,4
;??tëCé?ùààtykY?Ãò??ÿIvÍCIò-L?m??ë???#?íD?Ý?ð??Eù?dm?@?FôkmÁ[M
shell\\open\\command=KLIZAVI/sapun.exe
;ré?d??fÏùùIC???CÁ??wâÓt?Ô?sðW?ÔwbfæeY???í?????Ãè?d?Æ????Êç?Áç+?t?[a?Ã?
shell\\explore\\command=KLIZAVI/sapun.exe
;????ò?ÖmíFÒ???Ã?r?à?fsWÌNE?????????a??ùs?LmaìÃk%:üZ??òÂ?Nä?A?ØCv??éí??f?åÁäs?èY?è???AjA
useautoplay=1
;Òeú?màò???*???%sFRCèY
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

No mountpoint found for bb2a70ca-d04c-11de-a772-0016e66f64ac
----------------------------------------

----------------------------------------
Desktop.ini found at H:\curice\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\KLIZAVI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================

========================================
Removed H:
========================================


New device connected at 12/29/2009 12:44:33 AM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 12/29/2009 12:44:33 AM

Scanning for connected removable storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================
========================================

========================================
========================================

========================================

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.
(drugi po redosledu po kom si ih priključivao).

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{bb2a70ca-d04c-11de-a772-0016e66f64ac}
folder_list:H:\curice\
folder_list:H:\KLIZAVI\
folder_list:%DRIVE%


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

offline
  • Pridružio: 26 Dec 2007
  • Poruke: 97

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 12/30/2009 12:09:38 AM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {ae9a5e84-384a-11de-bd56-806d6172696f}
D: {ae9a5e85-384a-11de-bd56-806d6172696f}
E: {ae9a5e86-384a-11de-bd56-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for ae9a5e84-384a-11de-bd56-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for ae9a5e85-384a-11de-bd56-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for ae9a5e86-384a-11de-bd56-806d6172696f
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 12/30/2009 12:10:24 AM

Scanning for connected USB mass storage...
----------------------------------------
H: {bb2a70ca-d04c-11de-a772-0016e66f64ac}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
;aØ??ëÁ?á???[t??f??ÁVMm???à?_????Úü?ðèòÈúI?J?x?
[autorun
;sà?sg?Â_??gìxâþÍ??
open=KLIZAVI/sapun.exe
;b??è?s??g????:ý?)vÌ?x?m?X?E?O?üe,~?bFmw??é?O?W?Y??xo??ç???tä)&??`J??bNy?ÁwEd??À#}?ÓIOr?ñ??ìéÌ???OÖBwe??À???È??Ã]?àð&?üë?ÜÝ^Ý<?
icon=%SystemRoot%\system32\SHELL32.dll,4
;??tëCé?ùààtykY?Ãò??ÿIvÍCIò-L?m??ë???#?íD?Ý?ð??Eù?dm?@?FôkmÁ[M
shell\\open\\command=KLIZAVI/sapun.exe
;ré?d??fÏùùIC???CÁ??wâÓt?Ô?sðW?ÔwbfæeY???í?????Ãè?d?Æ????Êç?Áç+?t?[a?Ã?
shell\\explore\\command=KLIZAVI/sapun.exe
;????ò?ÖmíFÒ???Ã?r?à?fsWÌNE?????????a??ùs?LmaìÃk%:üZ??òÂ?Nä?A?ØCv??éí??f?åÁäs?èY?è???AjA
useautoplay=1
;Òeú?màò???*???%sFRCèY
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for bb2a70ca-d04c-11de-a772-0016e66f64ac
----------------------------------------

----------------------------------------
Desktop.ini found at H:\curice\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\KLIZAVI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================


Processing script
----------------------------------------
bb2a70ca-d04c-11de-a772-0016e66f64ac
Drive letter for GUID: H:
SectionStart = 1
SectionEnd = 4
----------------------------------------
Folder list for H:\curice\:
----------------------------------------

--ahs   64   H:\curice\Desktop.ini   H:\curice\Desktop.ini
-rahs   138752   H:\curice\elena.exe   H:\curice\elena.exe

----------------------------------------
Folder list for H:\KLIZAVI\:
----------------------------------------

--ahs   64   H:\KLIZAVI\Desktop.ini   H:\KLIZAVI\Desktop.ini
-rahs   143360   H:\KLIZAVI\sapun.exe   H:\KLIZAVI\sapun.exe

----------------------------------------
Folder list for H:\:
----------------------------------------

--a--   622   H:\AUTORU~1.BL~   H:\autorun.inf.blocked
dr-hs   0   H:\JOURNE~1   H:\Journey to the center of the earth
dr-hs   0   H:\OFFICE~1   H:\office2007
dr-hs   0   H:\RECYCLER   H:\RECYCLER
dr-hs   0   H:\curice   H:\curice
dr-hs   0   H:\PINPRO~1   H:\PINprobniTest
dr-hs   0   H:\KLIZAVI   H:\KLIZAVI

----------------------------------------

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{bb2a70ca-d04c-11de-a772-0016e66f64ac}
no_sh:
delete_blocked:
folder_delete:%DRIVE%\KLIZAVI\
folder_delete:%DRIVE%\curice\
folder_delete:%DRIVE%\RECYCLER\
folder_list:%DRIVE%


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

Ko je trenutno na forumu
 

Ukupno su 844 korisnika na forumu :: 11 registrovanih, 0 sakrivenih i 833 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: cemix, darionis, draganl, kikisp, Koridor, kybonacci, Metanoja, milenko crazy north, repac, SR-3m, yrraf