MyCity » Ambulanta -> Arhiva Ambulante » Problem sa USB stick-ovima!

Problem sa USB stick-ovima!

Napisano na dan: 14.2.2008

Strana:
1
2
3

Problem sa USB stick-ovima!

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Bespuche Poslao: 23 Feb 2008 17:06 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hm...evo uradio sam citav postupak na trecem racunaru. USB se ocistio. Izvadio sam ga, ponovo vratio i: Dopuna: 23 Feb 2008 17:06 ComboFix 08-02-18.1 - Aleksandar 2008-02-23 16:48:35.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1134 [GMT 1:00] Running from: C:\Documents and Settings\Aleksandar\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\xbox.dll I:\Autorun.inf J:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))) . 2008-02-23 11:25 . 2008-02-23 11:26 <DIR> d-------- C:\WINDOWS\LastGood 2008-02-20 00:28 . 2008-02-20 00:28 <DIR> d-------- C:\Program Files\TeamViewer3 2008-02-20 00:28 . 2008-02-20 00:29 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\TeamViewer 2008-02-20 00:27 . 2008-02-20 00:27 <DIR> d-------- C:\Documents and Settings\Aleksandar\temp 2008-02-19 15:00 . 2008-02-19 15:00 <DIR> d--hs---- C:\FOUND.003 2008-02-19 12:07 . 2008-02-19 12:07 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\Babylon 2008-02-18 19:59 . 2008-02-18 19:59 <DIR> d-------- C:\Program Files\Pravoslavac 2008-02-18 18:59 . 2008-02-18 18:59 <DIR> d-------- C:\Program Files\Babylon 2008-02-18 18:58 . 2008-02-18 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon 2008-02-18 18:58 . 2008-02-18 18:58 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\Babylon 2008-02-14 09:50 . 2008-02-14 09:50 <DIR> d--hs---- C:\FOUND.002 2008-02-05 00:06 . 2008-02-05 00:06 <DIR> d--hs---- C:\FOUND.001 2008-02-04 02:04 . 2008-02-04 02:05 <DIR> d-------- C:\Program Files\PurePlay 2008-02-04 02:04 . 2008-02-04 02:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PurePlay 2008-02-02 20:05 . 2008-02-02 20:05 <DIR> d--hs---- C:\FOUND.000 2008-02-01 20:14 . 2008-02-01 20:14 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\Ahead 2008-02-01 17:36 . 2008-02-01 17:36 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\Corel 2008-02-01 17:06 . 2008-02-01 17:06 <DIR> d-------- C:\Documents and Settings\bubuleja\Contacts 2008-02-01 14:25 . 2008-02-01 14:25 <DIR> d-------- C:\Documents and Settings\bubuleja\Application Data\vlc 2008-01-31 19:11 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-01-27 10:32 . 2008-01-27 10:32 <DIR> d-------- C:\WINDOWS\system32\Assassins Creed Diaporama dir 2008-01-27 10:32 . 2008-01-27 10:32 532,480 --a------ C:\WINDOWS\system32\Assassins Creed Diaporama.scr 2008-01-24 11:00 . 2008-01-24 11:01 <DIR> d-------- C:\Program Files\AdVantage 2008-01-24 10:59 . 2008-01-24 10:59 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-01-24 10:59 . 2008-01-24 10:59 <DIR> d-------- C:\Documents and Settings\Aleksandar\Application Data\DAEMON Tools 2008-01-24 10:56 . 2008-01-24 10:56 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-01-23 20:33 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-23 20:33 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2008-01-23 20:33 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2008-01-23 20:33 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2008-01-23 20:33 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2008-01-23 20:33 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2008-01-23 20:33 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2008-01-23 20:33 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2008-01-23 17:28 . 2008-01-23 17:28 <DIR> d-------- C:\Program Files\Minilyrics 2008-01-23 17:28 . 2008-01-23 17:28 <DIR> d-------- C:\Downloads . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-23 19:33 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2008-01-22 20:45 --------- d-----w C:\Program Files\uTorrent 2008-01-22 20:45 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\uTorrent 2008-01-22 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-22 17:45 --------- d-----w C:\Program Files\Windows Live 2008-01-22 17:45 --------- d-----w C:\Program Files\MessengerDiscovery 2008-01-22 17:45 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-22 16:57 --------- d-----w C:\Program Files\MSN Messenger 2008-01-22 16:43 --------- d-----w C:\Program Files\SpeedSim 2008-01-22 16:00 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\LimeWire 2008-01-22 15:58 --------- d-----w C:\Program Files\Java 2008-01-22 15:55 --------- d-----w C:\Program Files\LimeWire 2008-01-22 15:55 --------- d-----w C:\Program Files\Common Files\Java 2008-01-22 15:53 --------- d-----w C:\Program Files\DU Meter 2008-01-22 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hagel Technologies 2008-01-20 11:00 --------- d-----w C:\Program Files\MathType 2008-01-20 11:00 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Design Science 2008-01-18 19:13 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys 2008-01-18 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpieleEntwicklungsKombinat 2008-01-18 19:13 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\SpieleEntwicklungsKombinat 2008-01-16 14:05 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-01-13 22:19 16,384 ----a-w C:\WINDOWS\system32\cologsver.exe 2008-01-12 18:20 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Corel 2008-01-12 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-01-12 18:13 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2008-01-12 18:09 --------- d-----w C:\Program Files\Corel 2008-01-12 18:09 --------- d-----w C:\Program Files\Common Files\Corel 2008-01-12 17:43 --------- d-----w C:\Program Files\GameSpy 2008-01-12 17:41 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-01-12 17:41 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-01-12 17:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-01-12 17:41 22,328 ----a-w C:\Documents and Settings\Aleksandar\Application Data\PnkBstrK.sys 2008-01-12 17:41 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-01-12 17:33 --------- d-----w C:\Program Files\Electronic Arts 2008-01-12 10:21 --------- d-----w C:\Program Files\MSBuild 2008-01-12 10:21 --------- d-----w C:\Program Files\Microsoft Works 2008-01-12 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-11 21:36 --------- d-----w C:\Program Files\Codec Pack - All In 1 2008-01-11 21:35 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-01-11 21:27 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-01-11 21:04 --------- d-----w C:\Program Files\VirtualDJ 2008-01-11 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET 2008-01-11 20:56 --------- d-----w C:\Program Files\Webteh 2008-01-11 20:56 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\BSplayer PRO 2008-01-11 20:55 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\vlc 2008-01-11 20:53 --------- d-----w C:\Program Files\VideoLAN 2008-01-11 20:41 --------- d-----w C:\Program Files\Unlocker 2008-01-11 20:28 --------- d-----w C:\Program Files\Paragon Software 2008-01-11 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\{6D37E3A7-1FF9-4D49-8B3D-DD22E85ADB90} 2008-01-11 20:19 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-11 20:19 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Apple Computer 2008-01-11 20:17 --------- d-----w C:\Program Files\QuickTime 2008-01-11 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-11 20:14 --------- d-----w C:\Documents and Settings\Aleksandar\Application Data\Ahead 2008-01-11 20:13 --------- d-----w C:\Program Files\Nero 2008-01-11 20:13 --------- d-----w C:\Program Files\Common Files\Ahead 2008-01-11 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-01-11 19:58 --------- d-----w C:\Program Files\VIA 2008-01-11 19:40 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-01-11 19:40 --------- d-----w C:\Program Files\Realtek 2008-01-11 19:37 --------- d-----w C:\Program Files\Winamp 2008-01-11 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA 2008-01-11 19:26 --------- d-----w C:\Program Files\My Company Name 2008-01-11 19:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-11 19:23 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-11 19:12 --------- d-----w C:\Program Files\microsoft frontpage 2008-01-11 19:08 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {965B54B0-71E0-4611-8DE7-F73FA0B20E26} [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2007-12-18 14:42 267488] [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 17:51 486856] "USDownloader"="D:\download\PROGRAMI\internet\USDownloader\USDownloader.exe" [2008-01-14 19:46 528384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 16125440 C:\WINDOWS\RTHDCPL.exe] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088] "Userinit"="C:\WINDOWS\system32\cologsver.exe" [2008-01-13 23:19 16384] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 22:49 3116768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Documents and Settings\Aleksandar\Start Menu\Programs\Startup\ Pravoslavac 2008.lnk - C:\Program Files\Pravoslavac\Pravoslavac 2008.exe [2008-02-18 19:59:41 1054254] C:\Documents and Settings\bubuleja\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] --a------ 2007-06-28 15:19 880080 C:\Program Files\AdVantage\AdVantage.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] --a------ 2007-06-29 15:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-11 21:17 155648 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] -r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 08:26] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 04:36] R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 08:26] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 09:14] R4 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c5705ba-ca63-11dc-8e76-0019664e5da7}] \Shell\AutoOpen\command - L:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c5705bb-ca63-11dc-8e76-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e8ff91c-d322-11dc-8e85-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21820ac8-dfc1-11dc-8e93-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21820ac9-dfc1-11dc-8e93-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21820aca-dfc1-11dc-8e93-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21820acb-dfc1-11dc-8e93-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22800348-d19e-11dc-8e82-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d1cf4da-de48-11dc-8e90-0019664e5da7}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce1e4a8-ce77-11dc-8e7d-0019664e5da7}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce1e4aa-ce77-11dc-8e7d-0019664e5da7}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce1e4ac-ce77-11dc-8e7d-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{788d3416-c741-11dc-8e71-c301b4cf956f}] \Shell\AutoOpen\command - H:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85422e40-c9db-11dc-8e74-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85422e41-c9db-11dc-8e74-0019664e5da7}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8676c29b-d49d-11dc-8e8a-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8676c29c-d49d-11dc-8e8a-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8676c29d-d49d-11dc-8e8a-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8676c29e-d49d-11dc-8e8a-0019664e5da7}] \Shell\AutoOpen\command - L:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90abc160-cc1f-11dc-8e7a-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90abc161-cc1f-11dc-8e7a-0019664e5da7}] \Shell\AutoOpen\command - L:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c6a744-cf6e-11dc-8e7f-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c6a745-cf6e-11dc-8e7f-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcfaf7a2-c07d-11dc-8e5c-0019664e5da7}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3bd83ec-d1c9-11dc-8e83-0019664e5da7}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe Newly Created Service - APPMGMT . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-23 16:49:43 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-23 16:50:07 ComboFix-quarantined-files.txt 2008-02-23 15:50:06 ComboFix2.txt 2008-02-18 17:13:06

Profil

bobby Poslao: 23 Feb 2008 17:49 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovde imas druge infekcije. Bespuche, ovako nigde necemo stici. Prvo, ti mene zbunjujes logovima sa razlicitih racunara, pa tesko pratim infekciju. Drugo, taman ocistim ojedan racunar, ti ga onda inficiras necim sa drugog racunara. Zamolio bih te da racunare radimo jedan po jedan i da u medjuvremenu izmedju tih racunara ne bude ni jednog jedinog transfera fajlova. Kazi mi sada koliko racunara imas, i postavi HijackThis i ComboFix log sa prvog racunara. Nemoj HijackThis i ostale alate da prenosis sa kompa na komp koriscenjem USB stickova, jer nista necemo postici ukoliko se infekcija vrti u krug.

Profil

Bespuche Poslao: 25 Feb 2008 12:50 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! O, sorry. Od sada cu ova 2 sticka ubacivati samo u ovaj racunar, dok ne ustanovimo sta je u pitanju. Nego, mene zbunjuje sto, kada odradim sve ovo sto mi kazes, tako ociscene stickove samo izvadim iz tog istog racunara na kom su ocisceni i u isti ih vratim, imam Autoopen na dupli klik. Vise mi nod ne javlja viruse na njima, samo se pojavi ovaj Autoopen. Stickove sam ubacivao na 7 razlicitih racunara i na svakom je ista prica. Dosta drugova mi je reklo da im se isto desava sa stickovima. Evo idemo ispocetka, znaci, od sada svi eksperimenti se vrse na ovom racunaru! Prvo pokrecem Flash Dis., pa Combo, pa Hijack: Evo odradio je FlashDisinfector i sada je normalni OPEN na dupli klik. Evo pokrecem ostala 2 programa: ComboFix 08-02-15.2 - Razvoj 2008-02-25 12:37:51.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.91 [GMT 1:00] Running from: C:\Documents and Settings\Razvoj\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))) . 2008-02-22 07:40 . 2008-02-22 09:02 <DIR> d-------- C:\Program Files\Minilyrics 2008-02-19 08:40 . 2008-02-19 08:40 <DIR> d-------- C:\Program Files\Pravoslavac 2008-02-14 07:33 . 2008-02-14 07:37 <DIR> d-------- C:\Program Files\The KMPlayer 2008-02-13 11:00 . 2008-02-13 11:09 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\IMVU 2008-02-13 10:59 . 2008-02-13 11:08 <DIR> d-------- C:\Program Files\IMVU 2008-02-11 13:52 . 2008-02-11 13:52 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\Media Player Classic 2008-02-11 13:29 . 2008-02-13 07:52 <DIR> d-------- C:\Program Files\EO Video 2008-02-11 13:29 . 2008-02-11 13:28 724,992 --a------ C:\WINDOWS\iun6002.exe 2008-02-08 10:10 . 2008-02-08 10:10 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-02-08 10:10 . 2008-02-08 10:10 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-02-08 10:10 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-02-08 08:43 . 2008-02-08 08:43 334 --ah----- C:\WINDOWS\Fix.reg 2008-02-06 16:09 . 2008-02-06 16:09 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-02-06 16:06 . 2008-02-06 16:06 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2008-02-06 16:06 . 2008-02-06 16:06 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2008-02-06 11:13 . 2008-02-06 11:14 <DIR> d-------- C:\Program Files\Opera 9 2008-01-31 15:20 . 2008-01-31 15:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-31 15:12 . 2008-01-31 15:57 <DIR> d-------- C:\Documents and Settings\Razvoj\.housecall6.6 2008-01-31 08:50 . 2008-02-22 09:01 <DIR> d-------- C:\Program Files\eMule 2008-01-30 07:54 . 2008-01-30 07:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-01-30 07:54 . 2008-01-30 07:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-29 14:20 . 2008-01-29 14:20 48,174 --a------ C:\olearch.dat 2008-01-29 14:14 . 2008-01-29 14:14 0 --a------ C:\acadminidump.dmp 2008-01-29 12:49 . 2008-01-29 12:49 <DIR> d-------- C:\WINDOWS\SXS 2008-01-29 11:43 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll 2008-01-29 11:43 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll 2008-01-29 11:41 . 2008-01-29 11:41 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-01-29 11:37 . 2008-01-29 11:38 <DIR> d-------- C:\Program Files\Microsoft WSE 2008-01-25 10:50 . 2008-01-25 10:50 <DIR> d-------- C:\Program Files\Common Files\Synacast 2008-01-25 10:50 . 2008-01-25 10:50 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\PPMate 2008-01-25 10:01 . 2008-01-25 10:01 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\acccore 2008-01-25 08:09 . 2008-01-25 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-01-25 08:09 . 2008-01-25 08:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-01-25 08:09 . 2008-01-25 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL 2008-01-25 08:08 . 2008-02-06 07:20 <DIR> d-------- C:\Program Files\Common Files\AOL 2008-01-25 08:07 . 2008-01-25 08:09 538 --ah----- C:\IPH.PH . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-22 11:43 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Screenshot Sender 2008-02-22 08:46 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-02-22 06:26 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\uTorrent 2008-02-18 08:57 --------- d-----w C:\Program Files\Winamp 2008-02-14 10:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-14 07:29 --------- d-----w C:\Program Files\ESET 2008-02-14 07:24 --------- d-----w C:\Program Files\BitDefender 2008-02-14 07:18 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Babylon 2008-02-14 07:17 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-02-14 06:05 --------- d-----w C:\Program Files\Webteh 2008-02-14 06:04 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\BSplayer PRO 2008-02-08 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-02-08 09:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-06 06:17 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Skype 2008-01-29 13:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-01-29 13:00 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Autodesk 2008-01-29 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-01-24 12:19 --------- d-----w C:\Program Files\BWMeter 2008-01-24 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\DeskSoft 2008-01-24 12:18 16,896 ----a-w C:\WINDOWS\system32\drivers\dsnpfd.sys 2008-01-24 12:18 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\DeskSoft 2008-01-24 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-23 11:36 --------- d-----w C:\Program Files\Autodesk 2008-01-22 06:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-21 11:03 --------- d-----w C:\Program Files\QuickTime 2008-01-21 11:02 --------- d-----w C:\Program Files\ImTOO 2008-01-21 10:17 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-21 10:00 --------- d-----w C:\Program Files\Windows Live 2008-01-21 10:00 --------- d-----w C:\Program Files\MSN Messenger 2008-01-15 13:53 --------- d-----w C:\Program Files\Phoenix Contact 2008-01-14 13:49 --------- d-----w C:\Program Files\Skype 2008-01-14 10:30 --------- d-----w C:\Program Files\Common Files\Skype 2008-01-14 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-05-22 13:55 2663480] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-06 16:08 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] C:\Documents and Settings\Razvoj\Start Menu\Programs\Startup\ BWMeter.lnk - C:\Program Files\BWMeter\BWMeter.exe [2008-01-24 13:18:17 753664] Pravoslavac 2008.lnk - C:\Program Files\Pravoslavac\Pravoslavac 2008.exe [2008-02-19 08:40:16 1054254] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL] --a------ 2006-02-06 10:12 327680 C:\Program Files\Audio Deck\EnMixCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 15:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 15:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-12-18 17:32 25365032 C:\Program Files\Skype\Phone\Skype.exe R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-06 16:09] R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 17:26] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56] R3 dsnpfd;DeskSoft Service;C:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2008-01-24 13:18] R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2006-01-12 13:57] S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 17:23] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-08 10:10] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfbc53a2-af8a-11dc-b671-005070231a9d}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe . Contents of the 'Scheduled Tasks' folder "2008-02-15 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-25 12:40:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-25 12:41:58 ComboFix-quarantined-files.txt 2008-02-25 11:41:42 ComboFix2.txt 2008-02-21 08:54:47 ComboFix3.txt 2008-02-20 08:25:50 ComboFix4.txt 2008-02-15 06:31:41 Logfile of HijackThis v1.99.1 Scan saved at 12:42:26 PM, on 2/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Razvoj\Desktop\zekaThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe O4 - Startup: Pravoslavac 2008.lnk = C:\Program Files\Pravoslavac\Pravoslavac 2008.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Razvoj\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - live365.com/players/play365.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe Dopuna: 25 Feb 2008 12:50 Izvadio stickove, vratio ih i: O ovome sam ti pricao. U isti racunar ih vratim i opet "Autoopen".

Profil

bobby Poslao: 25 Feb 2008 19:23 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfbc53a2-af8a-11dc-b671-005070231a9d}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Ovo treba da resi Autoopen. Mozda nece hteti odmah, pa zato probaj kako se ponasa nakon restarta. Jeste li prenosili MS Office instalaciju preko tih stickova? Dopuna: 25 Feb 2008 19:23 Pogledaj da li na C: particiji imas folder MSOCache. Nisam siguran da li ce da funkcionise ovo nase ciscenje, posto sam upravo nasao informaciju da je ovo crv koji se ugradjuje u sve EXE fajlove na kompu (kao klasican virus). Zove se W32/Autorun.worm.aw [po McAfeeu] ili Win32.Dawin [po Symantecu] Za sada cemo ovu informaciju uzeti sa rezervom. Probaj ono gore sto sam ti napisao, pa vidi da li ce da se javi jos uvek onaj Autoopen.

Profil

Bespuche Poslao: 26 Feb 2008 07:39 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da, prenosio sam Office instalaciju sa jednim od njih i to malo prije nego sto se ovo pocelo desavati koliko se sjecam. A Combo nesto nece da mi odradi scan. POjavi se onaj plavi ekrancic, pise Combo is prepairing....i ugasi se. Kad nece, nece... Probavacu dok ne uspije pa ti saljem log, mada evo 5 puta sam probao...i poslije restarta ali nista. Dopuna: 26 Feb 2008 7:39 Zaboravih napisati, imam MSOCache na C:.

Profil

bobby Poslao: 26 Feb 2008 19:08 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probaj da promenis ime Combofix.exe u rty.exe. Probaj i sledeci online scan (moras iz IE-a da odradis): http://www.bitdefender.com/scan8/ie.html Na kraju skeniranja ces negde imati opciju da snimis log (ne mogu sada tacno da se setim kako se zove opcija i kako se do nje dolazi). Molim te iskopiraj taj log ovde, a ukoliko ne moze da stane u poruku onda ga okaci pomocu opcije Prikaci fajl, koju imas ispod polja za pisanje poruke na forumu.

Profil

Bespuche Poslao: 27 Feb 2008 14:48 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Uspio sam pokrenuti Combo, napokon. Morao sam ga ponovi downloadovati. Ne znam zasto nije mogao ovaj stari sto mi je bio na desktopu. Odradio sam i online scan, nema infekcija.Evo svih podataka: mycity.rs/must-login.png ComboFix 08-02-25.3 - Razvoj 2008-02-27 14:41:59.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.137 [GMT 1:00] Running from: C:\Documents and Settings\Razvoj\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Razvoj\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))) . 2008-02-27 11:28 . 2008-02-27 11:28 <DIR> d-------- C:\WINDOWS\LastGood 2008-02-27 11:28 . 2008-02-27 14:33 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-02-27 11:26 . 2008-02-27 11:26 <DIR> d-------- C:\rty 2008-02-22 07:40 . 2008-02-27 11:59 <DIR> d-------- C:\Program Files\Minilyrics 2008-02-19 08:40 . 2008-02-19 08:40 <DIR> d-------- C:\Program Files\Pravoslavac 2008-02-14 07:33 . 2008-02-14 07:37 <DIR> d-------- C:\Program Files\The KMPlayer 2008-02-13 11:00 . 2008-02-13 11:09 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\IMVU 2008-02-13 10:59 . 2008-02-13 11:08 <DIR> d-------- C:\Program Files\IMVU 2008-02-11 13:52 . 2008-02-11 13:52 <DIR> d-------- C:\Documents and Settings\Razvoj\Application Data\Media Player Classic 2008-02-11 13:29 . 2008-02-13 07:52 <DIR> d-------- C:\Program Files\EO Video 2008-02-11 13:29 . 2008-02-11 13:28 724,992 --a------ C:\WINDOWS\iun6002.exe 2008-02-08 10:10 . 2008-02-08 10:10 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-02-08 10:10 . 2008-02-08 10:10 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-02-08 10:10 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-02-08 08:43 . 2008-02-08 08:43 334 --ah----- C:\WINDOWS\Fix.reg 2008-02-06 16:09 . 2008-02-06 16:09 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-02-06 16:06 . 2008-02-06 16:06 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2008-02-06 16:06 . 2008-02-06 16:06 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2008-02-06 11:13 . 2008-02-06 11:14 <DIR> d-------- C:\Program Files\Opera 9 2008-01-31 15:20 . 2008-01-31 15:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-31 15:12 . 2008-01-31 15:57 <DIR> d-------- C:\Documents and Settings\Razvoj\.housecall6.6 2008-01-31 08:50 . 2008-02-22 09:01 <DIR> d-------- C:\Program Files\eMule 2008-01-30 07:54 . 2008-01-30 07:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-01-30 07:54 . 2008-01-30 07:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-01-29 14:20 . 2008-01-29 14:20 48,174 --a------ C:\olearch.dat 2008-01-29 14:14 . 2008-01-29 14:14 0 --a------ C:\acadminidump.dmp 2008-01-29 12:49 . 2008-01-29 12:49 <DIR> d-------- C:\WINDOWS\SXS 2008-01-29 11:43 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll 2008-01-29 11:43 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll 2008-01-29 11:41 . 2008-01-29 11:41 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-01-29 11:37 . 2008-01-29 11:38 <DIR> d-------- C:\Program Files\Microsoft WSE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-27 11:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-26 06:21 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\DeskSoft 2008-02-25 13:27 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-02-22 11:43 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Screenshot Sender 2008-02-22 06:26 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\uTorrent 2008-02-18 08:57 --------- d-----w C:\Program Files\Winamp 2008-02-14 10:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-02-14 07:29 --------- d-----w C:\Program Files\ESET 2008-02-14 07:24 --------- d-----w C:\Program Files\BitDefender 2008-02-14 07:18 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Babylon 2008-02-14 07:17 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-02-14 06:05 --------- d-----w C:\Program Files\Webteh 2008-02-14 06:04 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\BSplayer PRO 2008-02-08 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-02-06 06:20 --------- d-----w C:\Program Files\Common Files\AOL 2008-02-06 06:17 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Skype 2008-01-29 13:00 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-01-29 13:00 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\Autodesk 2008-01-29 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-01-25 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-01-25 09:50 --------- d-----w C:\Program Files\Common Files\Synacast 2008-01-25 09:50 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\PPMate 2008-01-25 09:01 --------- d-----w C:\Documents and Settings\Razvoj\Application Data\acccore 2008-01-25 07:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-01-25 07:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-01-24 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\DeskSoft 2008-01-24 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-23 11:36 --------- d-----w C:\Program Files\Autodesk 2008-01-22 06:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-01-21 11:03 --------- d-----w C:\Program Files\QuickTime 2008-01-21 11:02 --------- d-----w C:\Program Files\ImTOO 2008-01-21 10:17 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-21 10:00 --------- d-----w C:\Program Files\Windows Live 2008-01-21 10:00 --------- d-----w C:\Program Files\MSN Messenger 2008-01-15 13:53 --------- d-----w C:\Program Files\Phoenix Contact 2008-01-14 13:49 --------- d-----w C:\Program Files\Skype 2008-01-14 10:30 --------- d-----w C:\Program Files\Common Files\Skype 2008-01-14 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-05-22 13:55 2663480] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-06 16:08 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] C:\Documents and Settings\Razvoj\Start Menu\Programs\Startup\ Pravoslavac 2008.lnk - C:\Program Files\Pravoslavac\Pravoslavac 2008.exe [2008-02-19 08:40:16 1054254] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnvyHFCPL] --a------ 2006-02-06 10:12 327680 C:\Program Files\Audio Deck\EnMixCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 15:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 15:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-12-18 17:32 25365032 C:\Program Files\Skype\Phone\Skype.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-06 16:09] R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 17:26] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56] R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2006-01-12 13:57] S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 17:23] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-08 10:10] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41969a08-8392-11dc-b630-005070231a9d}] \Shell\AutoOpen\command - K:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe . Contents of the 'Scheduled Tasks' folder "2008-02-15 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-27 14:44:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-27 14:46:02 ComboFix-quarantined-files.txt 2008-02-27 13:45:53 ComboFix2.txt 2008-02-25 11:41:59 ComboFix3.txt 2008-02-21 08:54:47 ComboFix4.txt 2008-02-20 08:25:50 ComboFix5.txt 2008-02-15 06:31:41

Profil

bobby Poslao: 27 Feb 2008 17:23 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41969a08-8392-11dc-b630-005070231a9d}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Takodje, obrisi onaj MSOCache ukoliko se nalazi u osnovnom direktorijumu C particije.

Profil

Bespuche Poslao: 02 Mar 2008 11:12 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo cu sutra odraditi, jer mi je taj racunar na poslu. A u medjuvremenu, slusaj ovo. Palo mi je napamet da rucno izbrisem ovaj folder MSOCache sa USB sticka, ali ga nisam mogao vidjeti na obican nacin, cak ni kada ukljucim SHOW HIDDEN FILES. Sjetio sam se Total Commander-a i instalirao ga. Naravno, pokazao mi je MSOCache folder i ovaj virus (KB915865.exe) u njemu. Izbrisao sam ga, izbrisao MSOCache folder sa racunara (ovog drugog racunara na kom se isto desava), izbrisao nekih 5 fajlova u C:/windows/Prefetch koji pocinju sa KB915865 pa jos neki nastavak imaju. Restartovao racunar, usb je ok. Ali izvadim ga iz racunara, vratim i opet Autoopen i opet MSOCache folder na njemu. I tako stalno. Izbrisem ga pomocu Commander-a, izvadim stick, vratim, folder se pojavio opet. Mozda ti ova informacija bude od koristi, pa ti zato pisem, a sutra cu odraditi ovo sto si mi napisao. Pozz

Profil

bobby Poslao: 02 Mar 2008 20:45 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ta informacija mi, nazalost, samo potvrdjuje da imas fajl-infektor na kompjuteru, a to ne pomaze nikakva pomoc na daljinu. Reci da li si raspolozen da skines nekih 38mb sa neta, pa da te uputim na besplatnu, jednokratnu verziju McAfee-a, koji bi trebao da moze da resi ovu infekciju. Dopuna: 02 Mar 2008 20:45 Zapravo, TrendMicro bi trebao da isto moze ovo da resi. Evo link za njihov online scan: http://housecall65.trendmicro.com/ Postoje ActiveX (za Internet Exlorer) i Java (za ostale) verzije, i radi i na ostalim OS-ovima osim Windowsa. Proskeniraj njime ceo komp i prenesi ovde izvestaj sta je nasao.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa USB stick-ovima!

Ko je trenutno na forumu

Ukupno su 1057 korisnika na forumu :: 36 registrovanih, 3 sakrivenih i 1018 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: alkatraz080, aramis s, Areal84, bojan_t, bojank, dankisha, darkojbn, Dogma21, dolinalima, draganl, havoc995, Jeremiah, Koridor, krkalon, KUZMAR, ladro, laurusri, Marko Marković, Mercury, Miki01, milenko crazy north, milos.cbr, mkukoleca, nenooo, opt1, Prašinar, sap, Smiljke, Srle993, star_t, stegonosa, Suva planina, Tila Painen, W123, zdrebac, Zimbabwe

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by