MyCity » Ambulanta -> Arhiva Ambulante » Worm preko USB-a

Worm preko USB-a

Napisano na dan: 17.6.2008

Worm preko USB-a

Sledeća strana

Pagination

Odgovori

Chinaman Poslao: 17 Jun 2008 18:10 Idi na vrh
offline Chinaman Građanin Pridružio: 11 Okt 2004 Poruke: 46 Gde živiš: Srbija,L.a.	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preko USB-a usao mi je "crv" koji je NOD32 v3.0.650.0 detektovao i obrisao (H:\gg.exe), ali kao posledicu svega toga, ja vise ne mogu pristupiti particijama na hard disku (C i D), kao i USB-u iz My Computer-a, ni duplim klikom, a ni desnim klikom. Naime otvori se prozor u kome moram izabrati program kojim cu otvoriti zeljenu particiju ili USB. Ako pokusam desnim klikom, na mestu opcija Open i Explore sada stoji niz simbola i slova bez ikakvog smisla. Jedini nacin da pristupim je preko Address Bar-a. Pristup optickim uredjajima kao i otvaranje pojedinacnih fajlova funkcionise bez problema. Koristim Folder Guide i imam precicu za D particiju i ona radi. Skenirao sam racunar i sada kao nije vise zarazen, ali problem postoji. Unapred hvala. Logfile of HijackThis v1.99.1 Scan saved at 18:06:29, on 6/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\RFA Platinum\rfagent.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Flock\flock\flock.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\WHO.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=download.veze.net:1080 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\gg.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Profil

dr_Bora Poslao: 17 Jun 2008 20:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Chinaman Poslao: 17 Jun 2008 21:29 Idi na vrh
offline Chinaman Građanin Pridružio: 11 Okt 2004 Poruke: 46 Gde živiš: Srbija,L.a.	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisam bio pri racunaru, pa sa kasnjenjm: ComboFix 08-06-16.5 - Uruk'hai 2008-06-17 21:10:03.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.183 [GMT 2:00] Running from: C:\Documents and Settings\Uruk'hai\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))) . 2008-06-16 23:01 . 2008-06-16 23:02 <DIR> d-------- C:\Program Files\Avant Browser 2008-06-16 13:21 . 2008-06-16 13:21 36 --a------ C:\WINDOWS\Tiny_Run.ini 2008-06-14 23:13 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll 2008-06-14 23:13 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll 2008-06-14 23:13 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll 2008-06-14 23:13 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll 2008-06-14 23:13 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll 2008-06-14 23:13 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll 2008-06-12 04:20 . 2008-06-12 04:20 <DIR> d-------- C:\Documents and Settings\Uruk'hai\Application Data\Games 2008-06-12 04:18 . 2008-06-12 04:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-06-12 04:16 . 2008-06-12 04:16 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2008-06-12 04:16 . 2008-06-12 04:16 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2008-06-07 23:48 . 2008-06-07 23:51 <DIR> d-------- C:\Documents and Settings\Uruk'hai\Application Data\deskDOC DWG to PDF Professional 2008-06-07 14:19 . 2008-06-07 14:19 <DIR> d-------- C:\Documents and Settings\Uruk'hai\Application Data\TreeCardGames 2008-06-07 14:19 . 2008-06-07 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TreeCardGames 2008-06-07 14:18 . 2008-06-07 14:19 <DIR> d-------- C:\Program Files\Sudoku Up 2008-05-23 21:21 . 2008-05-23 21:24 <DIR> d-------- C:\Program Files\SportsKeeping 2008-05-19 18:35 . 2008-06-12 14:03 <DIR> d-------- C:\Program Files\SpeedFan 2008-05-19 18:35 . 2008-05-19 18:35 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-05-18 22:56 . 2008-05-18 22:40 152,844 --a--c--- C:\WINDOWS\system32\dllcache\framdit.ttf 2008-05-18 22:56 . 2008-05-18 22:40 135,984 --a--c--- C:\WINDOWS\system32\dllcache\framd.ttf 2008-05-18 12:56 . 2008-05-18 12:56 <DIR> d-------- C:\Program Files\Ubisoft 2008-05-18 12:56 . 2008-05-18 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\POPWWPROFILES . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-17 17:29 --------- d-----w C:\Documents and Settings\Uruk'hai\Application Data\MxBoost 2008-06-17 16:18 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-06-17 08:06 --------- d-----w C:\Documents and Settings\Uruk'hai\Application Data\Skype 2008-06-16 23:15 --------- d-----w C:\Program Files\Opera 2008-06-16 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups 2008-06-16 16:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-14 21:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-12 12:02 --------- d-----w C:\Program Files\Luxor 2 2008-06-12 02:11 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-10 07:38 --------- d-----w C:\Program Files\AIMP2 2008-06-07 21:55 --------- d-----w C:\Program Files\TM FilePacker 2008-05-16 15:25 --------- d-----w C:\Program Files\Maxthon2 2008-05-03 20:10 --------- d-----w C:\Program Files\Microsoft.NET 2008-05-03 16:34 --------- d-----w C:\Program Files\BestGameEver 2008-04-23 18:59 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-04-21 16:22 --------- d-----w C:\Program Files\KONAMI 2008-04-21 13:19 --------- d-----w C:\Program Files\VID_1345&PID_0003 . ------- Sigcheck ------- 2007-09-05 21:03 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 13:43 23165736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 00:34 6729728] "nwiz"="nwiz.exe" [2005-05-12 00:34 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 00:34 86016] "CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 17:46 172032] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2006-10-20 14:49 94720] "OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2006-10-30 16:07 335872] "rfagent"="C:\Program Files\RFA Platinum\rfagent.exe" [2007-06-12 15:37 617088] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 21:01 54832] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072] "ctfmon.exe"="C:\WINDOWS\gg.exe" [ ] C:\Documents and Settings\Uruk'hai\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "msacm.divxa32"= msaud32_divx.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "C:\\Program Files\\Autodesk\\Backburner\\server.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 10:01] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52] R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 22:53] R1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS [2006-10-26 17:27] R1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS [2006-10-20 14:48] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37] R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service [] R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 10:01] R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2004-11-01 13:56] R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL [2006-10-20 14:49] R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL [2006-10-20 14:49] R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL [2006-10-20 14:49] R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL [2006-10-20 14:49] R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL [2006-10-20 14:49] R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL [2006-10-20 14:49] R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL [2006-10-20 14:49] R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL [2006-10-20 14:49] R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL [2006-10-20 14:49] R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL [2006-10-20 14:49] R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL [2006-10-20 14:49] R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL [2006-10-20 14:49] R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL [2006-10-20 14:49] S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49] S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50] S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e53a6e-5be4-11dc-a74c-00e04c865873}] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe \Shell\explore\Command - gg.exe 0e \Shell\open\Command - gg.exe 0o [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc9a790c-b07c-11dc-8b46-00e04c865873}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-17 21:15:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-06-17 21:25:17 ComboFix-quarantined-files.txt 2008-06-17 19:25:12 Pre-Run: 11,650,502,656 bytes free Post-Run: 11,643,539,456 bytes free 167

Profil

dr_Bora Poslao: 17 Jun 2008 21:57 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U toku idućeg postupka priključi taj USB flash drive koji je bio inficiran. Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. ------------------------------------------------------------------------------------- Zatim otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1e53a6e-5be4-11dc-a74c-00e04c865873}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc9a790c-b07c-11dc-8b46-00e04c865873}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Reci mi i kakvo je stanje sa otvaranjem diskova nakon svega ovoga...

Profil

Chinaman Poslao: 17 Jun 2008 22:36 Idi na vrh
offline Chinaman Građanin Pridružio: 11 Okt 2004 Poruke: 46 Gde živiš: Srbija,L.a.	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada je OK. Hvala! Evo i log: ComboFix 08-06-16.5 - Uruk'hai 2008-06-17 22:19:20.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.273 [GMT 2:00] Running from: C:\Documents and Settings\Uruk'hai\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Uruk'hai\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))) . 2008-06-16 23:01 . 2008-06-16 23:02 <DIR> d-------- C:\Program Files\Avant Browser 2008-06-16 13:21 . 2008-06-16 13:21 36 --a------ C:\WINDOWS\Tiny_Run.ini 2008-06-14 23:13 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll 2008-06-14 23:13 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll 2008-06-14 23:13 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll 2008-06-14 23:13 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll 2008-06-14 23:13 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll 2008-06-14 23:13 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll 2008-06-12 04:20 . 2008-06-12 04:20 <DIR> d-------- C:\Documents and Settings\Uruk'hai\Application Data\Games 2008-06-12 04:18 . 2008-06-12 04:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-06-12 04:16 . 2008-06-12 04:16 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2008-06-12 04:16 . 2008-06-12 04:16 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2008-06-07 23:48 . 2008-06-07 23:51 <DIR> d-------- C:\Documents and Settings\Uruk'hai\Application Data\deskDOC DWG to PDF Professional 2008-06-07 14:19 . 2008-06-07 14:19 <DIR> d-------- C:\Documents and Settings\Uruk'hai\Application Data\TreeCardGames 2008-06-07 14:19 . 2008-06-07 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TreeCardGames 2008-06-07 14:18 . 2008-06-07 14:19 <DIR> d-------- C:\Program Files\Sudoku Up 2008-05-23 21:21 . 2008-05-23 21:24 <DIR> d-------- C:\Program Files\SportsKeeping 2008-05-19 18:35 . 2008-06-12 14:03 <DIR> d-------- C:\Program Files\SpeedFan 2008-05-19 18:35 . 2008-05-19 18:35 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-05-18 22:56 . 2008-05-18 22:40 152,844 --a--c--- C:\WINDOWS\system32\dllcache\framdit.ttf 2008-05-18 22:56 . 2008-05-18 22:40 135,984 --a--c--- C:\WINDOWS\system32\dllcache\framd.ttf 2008-05-18 12:56 . 2008-05-18 12:56 <DIR> d-------- C:\Program Files\Ubisoft 2008-05-18 12:56 . 2008-05-18 13:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\POPWWPROFILES . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-17 20:13 --------- d-----w C:\Documents and Settings\Uruk'hai\Application Data\MxBoost 2008-06-17 16:18 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-06-17 08:06 --------- d-----w C:\Documents and Settings\Uruk'hai\Application Data\Skype 2008-06-16 23:15 --------- d-----w C:\Program Files\Opera 2008-06-16 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups 2008-06-16 16:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-14 21:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-12 12:02 --------- d-----w C:\Program Files\Luxor 2 2008-06-12 02:11 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-10 07:38 --------- d-----w C:\Program Files\AIMP2 2008-06-07 21:55 --------- d-----w C:\Program Files\TM FilePacker 2008-05-16 15:25 --------- d-----w C:\Program Files\Maxthon2 2008-05-03 20:10 --------- d-----w C:\Program Files\Microsoft.NET 2008-05-03 16:34 --------- d-----w C:\Program Files\BestGameEver 2008-04-23 18:59 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-04-21 16:22 --------- d-----w C:\Program Files\KONAMI 2008-04-21 13:19 --------- d-----w C:\Program Files\VID_1345&PID_0003 . ------- Sigcheck ------- 2007-09-05 21:03 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 13:43 23165736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-12 00:34 6729728] "nwiz"="nwiz.exe" [2005-05-12 00:34 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-05-12 00:34 86016] "CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 17:46 172032] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2006-10-20 14:49 94720] "OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2006-10-30 16:07 335872] "rfagent"="C:\Program Files\RFA Platinum\rfagent.exe" [2007-06-12 15:37 617088] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 21:01 54832] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072] C:\Documents and Settings\Uruk'hai\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "msacm.divxa32"= msaud32_divx.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "C:\\Program Files\\Autodesk\\Backburner\\server.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 10:01] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52] R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 22:53] R1 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS [2006-10-26 17:27] R1 VFILT;Outpost Firewall Kernel Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS [2006-10-20 14:48] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37] R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service [] R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 10:01] R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2004-11-01 13:56] R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL [2006-10-20 14:49] R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL [2006-10-20 14:49] R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL [2006-10-20 14:49] R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL [2006-10-20 14:49] R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL [2006-10-20 14:49] R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL [2006-10-20 14:49] R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL [2006-10-20 14:49] R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL [2006-10-20 14:49] R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL [2006-10-20 14:49] R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL [2006-10-20 14:49] R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL [2006-10-20 14:49] R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL [2006-10-20 14:49] R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL [2006-10-20 14:49] S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49] S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50] S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50] Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-06-17 22:23:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-06-17 22:31:22 ComboFix-quarantined-files.txt 2008-06-17 20:31:16 ComboFix2.txt 2008-06-17 19:25:19 Pre-Run: 11,601,518,592 bytes free Post-Run: 11,591,393,280 bytes free 156

Profil

dr_Bora Poslao: 17 Jun 2008 22:39 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

Chinaman Poslao: 17 Jun 2008 22:44 Idi na vrh
offline Chinaman Građanin Pridružio: 11 Okt 2004 Poruke: 46 Gde živiš: Srbija,L.a.	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK, deinstalirao sam. Jos jednom ti hvala!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Worm preko USB-a

Ko je trenutno na forumu

Ukupno su 868 korisnika na forumu :: 57 registrovanih, 11 sakrivenih i 800 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Acivi, ajo baba, anta, Apok, Beli Laufer, bigfoot, BORUTUS, BraneS, brundo65, cenejac111, Darkhunter, dejoglina, Denaya, Dimitrije Paunovic, Dimitrise93, djboj, havoc995, HogarStrashni, HrcAk47, ILGromovnik, Joja, jukeboxer, kjkszpj, Koridor, Kubovac, ljuba, mercedesamg, mile23, milenko crazy north, Milometer, milos.cbr, MiroslavD, Misirac, moldway, MrNo, nebkv, nemkea71, nobutado, oldtimer, randja26, Ripanjac, robertino, royst33, shone34, solic, sovanova95, Srky Boy, styg, Vatreni Zmaj, Vlada1389, vukovi, zastavnik, Zimbabwe, zixmix, Zoca, Žrnov, 223223

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by