problem sa laptopom

5

problem sa laptopom

offline
  • Pridružio: 07 Apr 2008
  • Poruke: 85
  • Gde živiš: Kos.Mitrovica

Fles sam ocistila sa Esetom i prebrisala 19 inficiranih fajlova. Moze li sada da se koristi jer nema sanse da udjem na vas sajt sa mog laptopa MSI.
Imam Combofix na mom laptopu evo saljem log samo da ga pokrenem.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Probaj da otvoriš MC nakon što dobiješ logfile (nakon skeniranja) - trebalo bi biti moguće.

offline
  • Pridružio: 07 Apr 2008
  • Poruke: 85
  • Gde živiš: Kos.Mitrovica

Evo uspela sam, sjajno. Evo loga:





ComboFix 10-03-16.03 - s 03/16/2010 23:15:47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.561 [GMT 1:00]
Running from: c:\documents and settings\s\Desktop\abc.exe.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\s\Application Data\Desktopicon
c:\documents and settings\s\Application Data\Desktopicon\eBayShortcuts.exe
c:\program files\Smart-Shopper
c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
c:\program files\Smart-Shopper\Uninst.exe
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-16 22:22 . 2009-03-18 14:17 38208 ----a-w- c:\documents and settings\s\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-16 22:15 . 2010-03-16 22:15 -------- d-----w- c:\documents and settings\s\Local Settings\Application Data\ESET
2010-03-16 22:14 . 2010-03-16 18:44 158208 ----a-w- c:\windows\Knucob.exe
2010-03-16 20:01 . 2010-03-16 20:01 -------- d-----w- c:\documents and settings\s\Application Data\ESET
2010-03-16 19:59 . 2010-03-16 19:59 -------- d-----w- c:\program files\ESET
2010-03-16 19:59 . 2010-03-16 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-03-16 11:53 . 2010-03-16 11:53 80896 --sh--r- c:\documents and settings\s\Application Data\kksw.exe
2010-03-15 18:57 . 2010-03-15 18:57 156672 ----a-w- c:\windows\Knucoa.exe
2010-03-15 18:35 . 2010-03-15 18:34 200704 --sh--r- c:\windows\system32\wmiexecxz.exe
2010-03-14 14:17 . 2010-03-04 12:18 150528 --sh--r- c:\documents and settings\s\Application Data\kvmm.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 22:22 . 2009-08-04 19:28 -------- d-----w- c:\documents and settings\s\Application Data\skypePM
2010-03-16 21:56 . 2009-08-04 19:23 -------- d-----w- c:\documents and settings\s\Application Data\Skype
2010-03-16 21:30 . 2009-08-18 18:07 -------- d-----w- c:\program files\Flock
2010-03-16 10:18 . 2009-08-03 19:16 -------- d-----w- c:\program files\Eudora
2010-03-16 06:15 . 2008-11-28 11:47 -------- d-----w- c:\documents and settings\s\Application Data\Smart-Shopper
2010-02-13 18:51 . 2008-10-18 18:45 72416 ----a-w- c:\documents and settings\s\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 18:41 . 2010-02-13 18:41 -------- d-----w- c:\program files\Ulead Systems
2010-02-13 18:37 . 2010-02-13 18:36 -------- d-----w- c:\program files\ABBYY FineReader 4.0 Sprint
2010-02-13 18:34 . 2008-10-18 21:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-13 18:28 . 2010-02-13 18:28 -------- d-----w- c:\program files\BearPaw 1200CU
2009-02-09 09:59 . 2009-02-09 09:59 8 --sh--r- c:\windows\system32\BA44BEDEE4.sys
2009-02-09 10:08 . 2009-02-09 09:54 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-10-19 243072]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2009-07-30 17377584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 88203]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\s\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2009-8-12 261632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-10-18 589824]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2010-2-13 61440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"Microsoft Windows Hosting Service Login"= c:\docume~1\s\LOCALS~1\Temp\explorer.exe
"c:\\WINDOWS\\system32\\wmiexecxz.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/18/2008 8:26 PM 32320]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [12/6/2007 9:03 PM 660768]
R3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [10/18/2008 7:40 PM 70144]
S2 gupdate1ca1539b6131de;Google Update Service (gupdate1ca1539b6131de);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2009 8:23 PM 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [7/27/2009 6:13 PM 480128]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [7/27/2009 6:13 PM 1472000]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 19:23]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 19:23]

2010-03-16 c:\windows\Tasks\User_Feed_Synchronization-{4E4918B5-5D17-43B7-91BA-ADDE683173F0}.job
- c:\windows\system32\msfeedssync.exe [2008-07-12 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.rs/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.rs/
FF - prefs.js: keyword.URL - hxxp://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPUlmm.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Smart-Shopper - c:\program files\Smart-Shopper\Uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-03-16 23:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2388-)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AirLive\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\TUProgSt.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-03-16 23:26:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-16 22:26

Pre-Run: 27,725,651,968 bytes free
Post-Run: 27,752,800,256 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2F98DA861A6745538B2B8E57117A1D5A

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\Knucob.exe
c:\documents and settings\s\Application Data\kksw.exe
c:\windows\Knucoa.exe
c:\windows\system32\wmiexecxz.exe
c:\documents and settings\s\Application Data\kvmm.exe

Folder::
c:\documents and settings\s\Application Data\Smart-Shopper

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"Microsoft Windows Hosting Service Login"=-
"c:\\WINDOWS\\system32\\wmiexecxz.exe"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Nakon ovoga odradi i skeniranje programom Gmer i postavi i te logove. Sutra nastavljamo...

offline
  • Pridružio: 07 Apr 2008
  • Poruke: 85
  • Gde živiš: Kos.Mitrovica

Napisano: 17 Mar 2010 11:23

Dobar dan, evo loga nakon skeniranja




ComboFix 10-03-16.05 - s 03/17/2010 11:14:22.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.206 [GMT 1:00]
Running from: c:\documents and settings\s\Desktop\abc.exe.exe
Command switches used :: c:\documents and settings\s\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\documents and settings\s\Application Data\kksw.exe"
"c:\documents and settings\s\Application Data\kvmm.exe"
"c:\windows\Knucoa.exe"
"c:\windows\Knucob.exe"
"c:\windows\system32\wmiexecxz.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\s\Application Data\kksw.exe
c:\documents and settings\s\Application Data\kvmm.exe
c:\documents and settings\s\Application Data\Smart-Shopper
c:\documents and settings\s\Application Data\Smart-Shopper\cs\Config.xml
c:\documents and settings\s\Application Data\Smart-Shopper\cs\db\Aliases.dbs
c:\documents and settings\s\Application Data\Smart-Shopper\cs\db\Sites.dbs
c:\documents and settings\s\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip
c:\documents and settings\s\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip
c:\documents and settings\s\Application Data\Smart-Shopper\cs\report\aggr_storage.xml
c:\documents and settings\s\Application Data\Smart-Shopper\cs\report\send_storage.xml
c:\documents and settings\s\Application Data\Smart-Shopper\cs\res2\WhiteList.dbs
c:\windows\Knucoa.exe
c:\windows\Knucob.exe
c:\windows\system32\wmiexecxz.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-17 to 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-16 22:22 . 2009-03-18 14:17 38208 ----a-w- c:\documents and settings\s\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-16 22:15 . 2010-03-16 22:15 -------- d-----w- c:\documents and settings\s\Local Settings\Application Data\ESET
2010-03-16 20:01 . 2010-03-16 20:01 -------- d-----w- c:\documents and settings\s\Application Data\ESET
2010-03-16 19:59 . 2010-03-16 19:59 -------- d-----w- c:\program files\ESET
2010-03-16 19:59 . 2010-03-16 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 10:18 . 2009-08-04 19:23 -------- d-----w- c:\documents and settings\s\Application Data\Skype
2010-03-17 09:42 . 2009-08-04 19:28 -------- d-----w- c:\documents and settings\s\Application Data\skypePM
2010-03-16 21:30 . 2009-08-18 18:07 -------- d-----w- c:\program files\Flock
2010-03-16 10:18 . 2009-08-03 19:16 -------- d-----w- c:\program files\Eudora
2010-02-13 18:51 . 2008-10-18 18:45 72416 ----a-w- c:\documents and settings\s\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 18:41 . 2010-02-13 18:41 -------- d-----w- c:\program files\Ulead Systems
2010-02-13 18:37 . 2010-02-13 18:36 -------- d-----w- c:\program files\ABBYY FineReader 4.0 Sprint
2010-02-13 18:34 . 2008-10-18 21:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-13 18:28 . 2010-02-13 18:28 -------- d-----w- c:\program files\BearPaw 1200CU
2009-02-09 09:59 . 2009-02-09 09:59 8 --sh--r- c:\windows\system32\BA44BEDEE4.sys
2009-02-09 10:08 . 2009-02-09 09:54 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-10-19 243072]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2009-07-30 17377584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 88203]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\s\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2009-8-12 261632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-10-18 589824]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2010-2-13 61440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/18/2008 8:26 PM 32320]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [12/6/2007 9:03 PM 660768]
R3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [10/18/2008 7:40 PM 70144]
S2 gupdate1ca1539b6131de;Google Update Service (gupdate1ca1539b6131de);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2009 8:23 PM 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [7/27/2009 6:13 PM 480128]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [7/27/2009 6:13 PM 1472000]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 19:23]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 19:23]

2010-03-17 c:\windows\Tasks\User_Feed_Synchronization-{4E4918B5-5D17-43B7-91BA-ADDE683173F0}.job
- c:\windows\system32\msfeedssync.exe [2008-07-12 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.rs/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.rs/
FF - prefs.js: keyword.URL - hxxp://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPUlmm.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-03-17 11:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-17 11:19:52
ComboFix-quarantined-files.txt 2010-03-17 10:19
ComboFix2.txt 2010-03-16 22:26

Pre-Run: 27,690,885,120 bytes free
Post-Run: 27,679,752,192 bytes free

- - End Of File - - 5C8443F675C100F94A4131703040765A

Dopuna: 17 Mar 2010 12:14

Evo log koji sam napravila skeniranjem sa GMERom ali nikako ne uspevam da napravim skeniranje sa drugom opcijom: Desnim tasterom misa na prozor GMER, potom opcija Only non MS Files, to ne mogu da nadjem bas nikako.


ComboFix 10-03-16.05 - s 03/17/2010 11:14:22.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.206 [GMT 1:00]
Running from: c:\documents and settings\s\Desktop\abc.exe.exe
Command switches used :: c:\documents and settings\s\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\documents and settings\s\Application Data\kksw.exe"
"c:\documents and settings\s\Application Data\kvmm.exe"
"c:\windows\Knucoa.exe"
"c:\windows\Knucob.exe"
"c:\windows\system32\wmiexecxz.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\s\Application Data\kksw.exe
c:\documents and settings\s\Application Data\kvmm.exe
c:\documents and settings\s\Application Data\Smart-Shopper
c:\documents and settings\s\Application Data\Smart-Shopper\cs\Config.xml
c:\documents and settings\s\Application Data\Smart-Shopper\cs\db\Aliases.dbs
c:\documents and settings\s\Application Data\Smart-Shopper\cs\db\Sites.dbs
c:\documents and settings\s\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip
c:\documents and settings\s\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip
c:\documents and settings\s\Application Data\Smart-Shopper\cs\report\aggr_storage.xml
c:\documents and settings\s\Application Data\Smart-Shopper\cs\report\send_storage.xml
c:\documents and settings\s\Application Data\Smart-Shopper\cs\res2\WhiteList.dbs
c:\windows\Knucoa.exe
c:\windows\Knucob.exe
c:\windows\system32\wmiexecxz.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-17 to 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-16 22:22 . 2009-03-18 14:17 38208 ----a-w- c:\documents and settings\s\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-16 22:15 . 2010-03-16 22:15 -------- d-----w- c:\documents and settings\s\Local Settings\Application Data\ESET
2010-03-16 20:01 . 2010-03-16 20:01 -------- d-----w- c:\documents and settings\s\Application Data\ESET
2010-03-16 19:59 . 2010-03-16 19:59 -------- d-----w- c:\program files\ESET
2010-03-16 19:59 . 2010-03-16 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 10:18 . 2009-08-04 19:23 -------- d-----w- c:\documents and settings\s\Application Data\Skype
2010-03-17 09:42 . 2009-08-04 19:28 -------- d-----w- c:\documents and settings\s\Application Data\skypePM
2010-03-16 21:30 . 2009-08-18 18:07 -------- d-----w- c:\program files\Flock
2010-03-16 10:18 . 2009-08-03 19:16 -------- d-----w- c:\program files\Eudora
2010-02-13 18:51 . 2008-10-18 18:45 72416 ----a-w- c:\documents and settings\s\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 18:41 . 2010-02-13 18:41 -------- d-----w- c:\program files\Ulead Systems
2010-02-13 18:37 . 2010-02-13 18:36 -------- d-----w- c:\program files\ABBYY FineReader 4.0 Sprint
2010-02-13 18:34 . 2008-10-18 21:03 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-13 18:28 . 2010-02-13 18:28 -------- d-----w- c:\program files\BearPaw 1200CU
2009-02-09 09:59 . 2009-02-09 09:59 8 --sh--r- c:\windows\system32\BA44BEDEE4.sys
2009-02-09 10:08 . 2009-02-09 09:54 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-26 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-10-19 243072]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2009-07-30 17377584]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 88203]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\s\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2009-8-12 261632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-10-18 589824]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2010-2-13 61440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/18/2008 8:26 PM 32320]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [12/6/2007 9:03 PM 660768]
R3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver;c:\windows\system32\drivers\AGR1310_51.sys [10/18/2008 7:40 PM 70144]
S2 gupdate1ca1539b6131de;Google Update Service (gupdate1ca1539b6131de);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2009 8:23 PM 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [7/27/2009 6:13 PM 480128]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [7/27/2009 6:13 PM 1472000]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 19:23]

2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 19:23]

2010-03-17 c:\windows\Tasks\User_Feed_Synchronization-{4E4918B5-5D17-43B7-91BA-ADDE683173F0}.job
- c:\windows\system32\msfeedssync.exe [2008-07-12 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.rs/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\s\Application Data\Mozilla\Firefox\Profiles\q81hzvo0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.rs/
FF - prefs.js: keyword.URL - hxxp://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPUlmm.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-03-17 11:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-17 11:19:52
ComboFix-quarantined-files.txt 2010-03-17 10:19
ComboFix2.txt 2010-03-16 22:26

Pre-Run: 27,690,885,120 bytes free
Post-Run: 27,679,752,192 bytes free

- - End Of File - - 5C8443F675C100F94A4131703040765A

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Dobar dan... Smile

Ja bih da vidim Gmer log (postavila si 2 ComboFix loga). Dovoljan je log prvog Gmer skeniranja.

offline
  • Pridružio: 07 Apr 2008
  • Poruke: 85
  • Gde živiš: Kos.Mitrovica

Izvinjenje za pogresan log. Brzina cini svoje...




GMER 1.0.15.15281 - gmer.net
Rootkit scan 2010-03-17 12:02:42
Windows 5.1.2600 Service Pack 3
Running: 9936hhh7.exe; Driver: C:\DOCUME~1\s\LOCALS~1\Temp\fxtdypog.sys


---- System - GMER 1.0.15 ----

Code \??\C:\abc.exe\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys The system cannot find the file specified. !
? C:\abc.exe\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0046DC90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0046DAF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0046DAF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0046DAF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0046DC90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0046DAF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0046DC90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0046DAF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0046DBC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0046DC90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0046DAF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetFocus] [00468F40] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0046DAF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0046DC90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0046DBC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetFocus] [00468F40] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [004689C0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [00468AF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollPos] [00468A20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0046DAF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0046DC90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0046DBC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetFocus] [00468F40] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [0046DAF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [0046DC90] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetFocus] [00468F40] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0046DAF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0046DAF0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0046DBC0] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0046DD60] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0046DA20] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)
IAT C:\Program Files\ooVoo\oovoo.exe[3116] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetFocus] [00468F40] C:\Program Files\ooVoo\oovoo.exe (ooVoo/ooVoo)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027210be4c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027210be4c@001a758e8cf5 0x58 0x6A 0x78 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027210be4c@0012ee3bc1bf 0x97 0x78 0x1A 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00027210be4c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00027210be4c@001a758e8cf5 0x58 0x6A 0x78 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00027210be4c@0012ee3bc1bf 0x97 0x78 0x1A 0x1D ...

---- EOF - GMER 1.0.15 ----

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ok, da proverimo stanje na flash diskovima.



Arrow Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 07 Apr 2008
  • Poruke: 85
  • Gde živiš: Kos.Mitrovica

Imam dva flesa i dva ulaza, evo ja sam nesto uradila i nadam se da je dobro.



USBNoRisk 2.5 (26 July 2009) by bobby

Started at 3/17/2010 6:35:35 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {c482629d-9d4c-11dd-b438-806d6172696f}
D: {c482629e-9d4c-11dd-b438-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for c482629d-9d4c-11dd-b438-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for c482629e-9d4c-11dd-b438-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 3/17/2010 6:36:13 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {70686b00-caa4-11dd-8da7-0013d386bb23}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
autorun.inf found on F:
----------------------------------------
File F:\autorun.inf renamed successfully

Content of F:\autorun.inf.blocked
----------------------------------------
[autorun
$STATICSHITfasfSAfwqfjwqLOjFASFjaSLFjWLQfWFJWQLFjWLQjfwlqjfwlqfjILGFJALFJAWLCNASLIKJFWLFJWQFJWlfjWQwqLJFwqFwqJFWLQfjWLQFWQ
open=POGRESHILI///sudbinemi.exe
~dskaldkasjdiwqjdw
action=Open folder to view files using Windows Explorer
&kjfasFkajfiwfjiwq
!ksoafasfjwifjwif
icon=%SystemRoot%\system32\SHELL32.dll,4
)djsaikfjaikfJWFwfwq
Shell\open\command=POGRESHILI///sudbinemi.exe
fasflwFwFWqkfwofjwWwq
shell\open\command=POGRESHILI///sudbinemi.exe
"mfsakfjasKFJasFajfalsfas
USEAUTOPLAY=1
*asmkddjkaDjAKfjjwlqfjwlqfjWQfjWQJFWQiljfwQ
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

No mountpoint found for 70686b00-caa4-11dd-8da7-0013d386bb23
----------------------------------------

----------------------------------------
Desktop.ini found at F:\LAUDA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------
Desktop.ini found at F:\POGRESHILI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------
Desktop.ini found at F:\SEKA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 3/17/2010 6:36:33 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {70686b00-caa4-11dd-8da7-0013d386bb23}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
[autorun
$STATICSHITfasfSAfwqfjwqLOjFASFjaSLFjWLQfWFJWQLFjWLQjfwlqjfwlqfjILGFJALFJAWLCNASLIKJFWLFJWQFJWlfjWQwqLJFwqFwqJFWLQfjWLQFWQ
open=POGRESHILI///sudbinemi.exe
~dskaldkasjdiwqjdw
action=Open folder to view files using Windows Explorer
&kjfasFkajfiwfjiwq
!ksoafasfjwifjwif
icon=%SystemRoot%\system32\SHELL32.dll,4
)djsaikfjaikfJWFwfwq
Shell\open\command=POGRESHILI///sudbinemi.exe
fasflwFwFWqkfwofjwWwq
shell\open\command=POGRESHILI///sudbinemi.exe
"mfsakfjasKFJasFajfalsfas
USEAUTOPLAY=1
*asmkddjkaDjAKfjjwlqfjwlqfjWQfjWQJFWQiljfwQ
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 70686b00-caa4-11dd-8da7-0013d386bb23
----------------------------------------

----------------------------------------
Desktop.ini found at F:\LAUDA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------
Desktop.ini found at F:\POGRESHILI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------
Desktop.ini found at F:\SEKA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 3/17/2010 6:37:14 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {7b0de95a-cead-11dd-8daf-0013d386bb23}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 7b0de95a-cead-11dd-8daf-0013d386bb23
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 3/17/2010 6:37:36 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {7b0de95a-cead-11dd-8daf-0013d386bb23}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 7b0de95a-cead-11dd-8daf-0013d386bb23
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 3/17/2010 6:37:52 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {7b0de95a-cead-11dd-8daf-0013d386bb23}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 7b0de95a-cead-11dd-8daf-0013d386bb23
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 3/17/2010 6:38:06 PM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================


New device connected at 3/17/2010 6:38:22 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {7b0de95a-cead-11dd-8daf-0013d386bb23}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 7b0de95a-cead-11dd-8daf-0013d386bb23
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 3/17/2010 6:38:46 PM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================


New device connected at 3/17/2010 6:38:53 PM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Aktiviraj prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html


Sa prvog flasha obriši foldere:

POGRESHILI
LAUDA
SEKA

i file:

autorun.inf.blocked



-------------------------------------------------------------------------------------


Kakvo je sada stanje? Ako je sve ok, potrebno je deinstalirati ComboFix (sa oba kompjutera):
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.


Preostale programe možeš obrisati.

Ko je trenutno na forumu
 

Ukupno su 1131 korisnika na forumu :: 26 registrovanih, 8 sakrivenih i 1097 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amaterSRB, bokisha253, delrey, draganl, Džordžino, FOX, goxin, Još malo pa deda, Komentator, Kubovac, laurusri, Lieutenant, Marko Marković, Matija, mercedesamg, Mercury, Milos ZA, Mirage 2000N, nebkv, nenad81, nikoladim, procesor, vathra, W123, wizzardone, 79693