Poslao: 09 Dec 2009 21:03
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
Postavi i DDS logove (uputstvo, korak 2).
Poslao: 10 Dec 2009 18:28
- zex2911
- Novi MyCity graðanin
- Pridružio: 09 Dec 2009
- Poruke: 3
Izvinjavam se zbog nekompletne poruke, evo i ostatka:
DDS (Ver_09-12-01.01) - NTFSx86
Run by zeljko at 19:10:02,37 on sre 09.12.2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.432 [GMT 1:00]
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\MSI\MSI Q-Face\webtest.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\zeljko\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.msi.com/
mWinlogon: Taskman=c:\recycler\s-1-5-21-1663062102-3775951678-413002649-6002\nissan.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [Q-Face agent] c:\program files\msi\msi q-face\webtest.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {41827D3D-9887-4AE7-888E-A7DA26AB2AC8} =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-11-25 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-11-25 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-11-25 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091111.001\IDSXpx86.sys [2009-11-17 329592]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-6 55136]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-7-7 159744]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\\ccSvcHst.exe [2009-11-25 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-25 102448]
R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [2007-1-29 449408]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091209.002\NAVENG.SYS [2009-12-9 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091209.002\NAVEX15.SYS [2009-12-9 1323568]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-7-6 156160]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-9 533344]
=============== Created Last 30 ================
2009-12-06 19:58:16 545 ----a-w- c:\windows\UC.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\RAR.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\PKZIP.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\LHA.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\ARJ.PIF
2009-12-06 19:58:15 1218 ----a-w- c:\windows\wincmd.ini
2009-12-06 19:58:15 0 d-----w- C:\totalcmd
2009-12-06 19:39:10 0 d-----w- c:\docume~1\zeljko\applic~1\Artisteer
2009-12-06 19:36:03 0 d-----w- c:\program files\Artisteer 2
2009-11-29 16:10:31 0 d-----w- c:\program files\vanBasco's Karaoke Player
2009-11-26 15:21:45 0 d-----r- c:\program files\Norton Support
2009-11-26 06:29:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-11-22 16:30:28 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-22 16:30:28 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-22 16:30:22 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-22 16:30:22 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-21 10:49:41 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-21 10:49:41 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-11-21 10:49:30 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-21 10:49:30 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-21 10:49:29 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-21 10:49:27 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-21 10:49:26 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-21 10:49:23 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-21 10:44:55 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-21 10:42:11 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-21 10:42:08 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-21 10:42:07 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-21 10:40:21 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-11-21 10:38:30 0 d-----w- c:\windows\system32\PreInstall
2009-11-21 10:38:28 0 d--h--w- c:\windows\$hf_mig$
2009-11-19 19:57:09 0 d-----w- c:\program files\K-Lite Codec Pack
2009-11-18 09:03:13 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-11-18 09:03:13 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-11-18 09:03:13 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-11-18 09:03:03 0 d-----w- c:\windows\system32\SupportAppXL
2009-11-18 09:02:53 0 d-----w- c:\program files\MODEM Mobile Connection
2009-11-17 20:42:07 0 d-----w- c:\docume~1\zeljko\applic~1\FastStone
2009-11-17 20:37:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-17 20:35:03 0 d-----r- c:\program files\Skype
2009-11-17 19:49:18 0 d-----w- c:\program files\FastStone Image Viewer
2009-11-17 18:23:59 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-11-17 12:50:06 0 d-----w- c:\docume~1\alluse~1\applic~1\InterAction studios
2009-11-17 12:42:46 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-11-17 12:42:41 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-17 12:42:41 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-17 12:42:41 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-17 12:42:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-17 12:42:40 0 d-----w- c:\program files\Symantec
2009-11-17 12:42:40 0 d-----w- c:\program files\common files\Symantec Shared
2009-11-17 12:41:54 0 d-----w- c:\windows\system32\drivers\NIS
2009-11-17 12:41:51 0 d-----w- c:\program files\Norton Internet Security
2009-11-17 12:41:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-11-17 12:41:15 0 d-----w- c:\program files\NortonInstaller
2009-11-17 12:41:15 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-11-17 11:06:36 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2009-11-17 11:06:36 20992 ----a-w- c:\windows\system32\dshowext.ax
2009-11-17 11:06:36 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-11-17 11:06:36 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-11-17 11:06:31 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-11-17 11:06:31 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-17 10:58:38 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-11-17 10:58:25 1309504 ----a-r- c:\windows\system32\drivers\athw.sys
2009-11-17 10:53:52 0 d-----w- c:\windows\RE_DRIVE
==================== Find3M ====================
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-07-06 16:59:00 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-07-07 21:13:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-07-06 16:58:56 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat
============= FINISH: 19:10:42,53 ===============
Poslao: 10 Dec 2009 20:52
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder
Dvoklikom pokreni avenger.exe
Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:
Files to delete:
Registry values to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Taskman
Klikni Execute, a zatim Yes u sledeæa dva prozora koji æe se otvoriti
Kompjuter æe se restartovati (u odreðenim sluèajevima: dva puta) i zapoèeti æe proces èišæenja/skeniranja
Kada proces bude završen, logfile C:\avenger.txt æe se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.
Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.
Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.
Poslao: 10 Dec 2009 21:55
- zex2911
- Novi MyCity graðanin
- Pridružio: 09 Dec 2009
- Poruke: 3
Logfile of The Avenger Version 2.0, (c) by Swandog46
Platform: Windows XP
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\RECYCLER\S-1-5-21-1663062102-3775951678-413002649-6002\nissan.exe" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman" deleted successfully.
Completed script processing.
Finished! Terminate.
USBNoRisk 2.5 (26 July 2009) by bobby
Started at 10.12.2009 21:36:13
Searching for connected USB Mass storage...
Searching for other storage...
C: {f1393426-d367-11de-9882-806d6172696f}
D: {f1393427-d367-11de-9882-806d6172696f}
Scanning fixed storage...
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for f1393426-d367-11de-9882-806d6172696f
No Desktop.ini files found on C:
No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for f1393427-d367-11de-9882-806d6172696f
No Desktop.ini files found on D:
Initial scan finished!
New device connected at 10.12.2009 21:36:51
Scanning for connected USB mass storage...
E: {c7c48764-d420-11de-9886-0025d36a44c5}
Added E:
Scanning USB mass storage for files...
No blocked files found on E:
No Autorun.inf files found on E:
Sanitized mountpoint for c7c48764-d420-11de-9886-0025d36a44c5
Desktop.ini found at E:\curice\ contains interesting CLSID string
CLSID not found in registry
Desktop.ini found at E:\trikfx\ contains interesting CLSID string
CLSID not found in registry
No mimics found on drive E:
Removed E:
New device connected at 10.12.2009 21:38:23
Scanning for connected USB mass storage...
E: {01d1703a-d545-11de-9889-0025d36a44c5}
Added E:
Scanning USB mass storage for files...
No blocked files found on E:
autorun.inf found on E:
File E:\autorun.inf renamed successfully
Content of E:\autorun.inf.blocked
action=Open folder to view files using Windows Explorer
No mountpoint found for E:
Sanitized mountpoint for 01d1703a-d545-11de-9889-0025d36a44c5
Desktop.ini found at E:\Recycled\ contains interesting CLSID string
CLSID not found in registry
Desktop.ini found at E:\$RECYCLE.BIN\ contains interesting CLSID string
CLSID not found in registry
Desktop.ini found at E:\curice\ contains interesting CLSID string
CLSID not found in registry
No mimics found on drive E:
Removed E:
New device connected at 10.12.2009 21:40:43
Scanning for connected USB mass storage...
E: {8ef1ded3-e5cb-11de-98b4-0025d36a44c5}
Added E:
Scanning USB mass storage for files...
No blocked files found on E:
autorun.inf found on E:
File E:\autorun.inf renamed successfully
Content of E:\autorun.inf.blocked
action=Open folder to view files using Windows Explorer
Files referenced from E:\autorun.inf.blocked
No mountpoint found for 8ef1ded3-e5cb-11de-98b4-0025d36a44c5
Desktop.ini found at E:\trikfx\ contains interesting CLSID string
CLSID not found in registry
Desktop.ini found at E:\curice\ contains interesting CLSID string
CLSID not found in registry
No mimics found on drive E:
Removed E:
New device connected at 10.12.2009 21:40:47
Scanning for connected USB mass storage...
E: {8ef1ded3-e5cb-11de-98b4-0025d36a44c5}
Added E:
Scanning USB mass storage for files...
Blocked file found: E:\autorun.inf.blocked
Content of E:\autorun.inf.blocked
action=Open folder to view files using Windows Explorer
Files referenced from E:\autorun.inf.blocked
No Autorun.inf files found on E:
No mountpoint found for 8ef1ded3-e5cb-11de-98b4-0025d36a44c5
Desktop.ini found at E:\trikfx\ contains interesting CLSID string
CLSID not found in registry
Desktop.ini found at E:\curice\ contains interesting CLSID string
CLSID not found in registry
No mimics found on drive E:
Removed E:
New device connected at 10.12.2009 21:40:50
Scanning for connected USB mass storage...
E: {8ef1ded3-e5cb-11de-98b4-0025d36a44c5}
Added E:
Scanning USB mass storage for files...
Blocked file found: E:\autorun.inf.blocked
Content of E:\autorun.inf.blocked
action=Open folder to view files using Windows Explorer
Files referenced from E:\autorun.inf.blocked
No Autorun.inf files found on E:
No mountpoint found for 8ef1ded3-e5cb-11de-98b4-0025d36a44c5
Desktop.ini found at E:\trikfx\ contains interesting CLSID string
CLSID not found in registry
Desktop.ini found at E:\curice\ contains interesting CLSID string
CLSID not found in registry
No mimics found on drive E:
Removed E:
usb uredjaji su kaceni ovim redom:
Cruzer SanDisc 8GB
Transcend StoreJet 320 GB
Blueberry mp3 player
e da, da ne zaboravim, pozdravio te J. Davor, on mi je i rekao za ovaj sajt...