MyCity » Ambulanta -> Arhiva Ambulante » problem autorun.inf

problem autorun.inf

Napisano na dan: 29.9.2009

problem autorun.inf

Sledeća strana

Pagination

Odgovori

kraza Poslao: 29 Sep 2009 18:54 Idi na vrh
offline kraza Zaslužni građanin Pridružio: 10 Okt 2006 Poruke: 588 Gde živiš: uz kompjuter	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 29 Sep 2009 18:51 Pozdrav svima! Imam problem sa autorun.inf fajla, svaki put kada ubacim flesku u komp taj fajl se pojavi na njoj i onda nemogu da izvucem flesku sa sa safely remove hardware, prijavljuje da ne moze da iskljuci flesku jer je u nekom procesu, onda moram da restartujem komp pa tek onda. Imam kaspersky 2009 i skenirao sam ceo komp i nije nasao ni jedan virus a kada sa njim skeniram flesku pojavljuje se Virus: P2P-Worm.Win32.Palevo.jsg i na delete nece da ga izbrise nego kada restartujem komp u toku logovanja iskoci mi prozor za brisanje virusa i tada ga obrise, formatiram flesku i tada je ok, ali cim opet gurnem flesku opet se javi autorun.inf Skenirao sam komp i sa Ad-Aware 2007 i opet nista Inace komp je XP SP2 AMD Athlon 1700Mhz, SBB kablovski internet 1.5Mb/s DDS (Ver_09-09-29.01) - NTFSx86 Run by Kraza yo at 18:09:23.29 on Tue 09/29/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.286 [GMT 2:00] AV: Kaspersky Anti-Virus On-access scanning enabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\WINDOWS\SOUNDMAN.EXE D:\Programi\Clock Tray Skins\ClockTraySkins.exe D:\Programi\Ram Saver pro\ramsaverpro.exe C:\WINDOWS\system32\ctfmon.exe D:\Programi\YzToolBar\yztbr103\YzToolBar.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\svchost.exe -k imgsvc D:\Programi\Firefox\firefox.exe C:\Documents and Settings\Kraza yo\Desktop\dds.pif ============== Pseudo HJT Report =============== uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm uStart Page = [Link mogu videti samo ulogovani korisnici] uSearch Page = [Link mogu videti samo ulogovani korisnici] uSearch Bar = [Link mogu videti samo ulogovani korisnici] mDefault_Search_URL = [Link mogu videti samo ulogovani korisnici] mSearch Page = [Link mogu videti samo ulogovani korisnici] mLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyServer = 221.130.193.14:8080 mSearchAssistant = [Link mogu videti samo ulogovani korisnici] uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll mWinlogon: Taskman=c:\recycler\s-1-5-21-5813555057-7151793982-903390340-1531\nissan.exe BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [SkinClock] d:\programi\clock tray skins\ClockTraySkins.exe uRun: [RAMSaverPro] d:\programi\ram saver pro\ramsaverpro.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ToolBar icon can be changed.] d:\programi\yztoolbar\yztbr103\YzToolBar.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [Vistadrv] c:\windows\vipv3\viphd\vsdrv.exe mRun: [iKeyWorks] c:\progra~1\a4tech\keyboard\Ikeymain.exe mRun: [SoundMan] SOUNDMAN.EXE mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe" uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) IE: &Search - [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici] DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [Link mogu videti samo ulogovani korisnici] DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [Link mogu videti samo ulogovani korisnici] DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [Link mogu videti samo ulogovani korisnici] DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici] DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: klogon - c:\windows\system32\klogon.dll Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll AppInit_DLLs: cru629.dat,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\krazay~1\applic~1\mozilla\firefox\profiles\38o9145m.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: d:\programi\opera\program\plugins\np_gp.dll FF - plugin: d:\programi\opera\program\plugins\npdsplay.dll FF - plugin: d:\programi\opera\program\plugins\NPOFFICE.DLL FF - plugin: d:\programi\opera\program\plugins\NPSWF32.dll FF - plugin: d:\programi\opera\program\plugins\npwmsdrm.dll FF - plugin: d:\programi\real player\netscape6\nppl3260.dll FF - plugin: d:\programi\real player\netscape6\nprjplug.dll FF - plugin: d:\programi\real player\netscape6\nprpjplug.dll FF - HiddenExtension: Java Console: No Registry Reference - d:\programi\firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872] R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-9-9 226832] R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2009-5-12 53760] R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 208616] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-19 27632] R3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2009-1-29 476672] R3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [2009-1-29 260224] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S3 aawservice;Ad-Aware 2007 Service;d:\programi\ad-aware 2007\aawservice.exe [2007-10-29 587096] S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [2009-1-30 11648] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys --> c:\windows\system32\drivers\klmouflt.sys [?] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-9-19 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-9-19 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-9-19 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-9-19 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-9-19 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-9-19 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-9-19 115752] S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-7-24 2560] S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 regfile=NOTEPAD.EXE %1 scrfile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2009-09-25 19:51 <DIR> --d----- c:\docume~1\krazay~1\applic~1\GARMIN 2009-09-24 05:07 162,816 a------- c:\windows\system32\fmod.dll 2009-09-21 03:09 <DIR> --d----- c:\program files\Microsoft ActiveSync 2009-09-20 23:22 30,592 -------- c:\windows\system32\drivers\rndismpx.sys 2009-09-20 23:22 12,800 -------- c:\windows\system32\drivers\usb8023x.sys 2009-09-19 19:40 27,632 a------- c:\windows\system32\drivers\seehcri.sys 2009-09-19 19:39 115,752 a------- c:\windows\system32\drivers\s0016unic.sys 2009-09-19 19:39 114,216 a------- c:\windows\system32\drivers\s0016mgmt.sys 2009-09-19 19:39 10,792 a------- c:\windows\system32\drivers\s0016cr.sys 2009-09-19 19:39 120,744 a------- c:\windows\system32\drivers\s0016mdm.sys 2009-09-19 19:39 110,632 a------- c:\windows\system32\drivers\s0016obex.sys 2009-09-19 19:39 25,512 a------- c:\windows\system32\drivers\s0016nd5.sys 2009-09-19 19:39 15,016 a------- c:\windows\system32\drivers\s0016mdfl.sys 2009-09-19 19:39 12,200 a------- c:\windows\system32\drivers\s0016cmnt.sys 2009-09-19 19:39 12,200 a------- c:\windows\system32\drivers\s0016cm.sys 2009-09-19 19:39 89,256 a------- c:\windows\system32\drivers\s0016bus.sys 2009-09-19 19:39 12,200 a------- c:\windows\system32\drivers\s0016whnt.sys 2009-09-19 19:39 12,200 a------- c:\windows\system32\drivers\s0016wh.sys 2009-09-19 02:47 3,245 a------- c:\windows\system32\wbem\Outlook_01ca38c2c2a5544a.mof 2009-09-19 00:40 <DIR> --d----- c:\docume~1\krazay~1\applic~1\ViquaSoft 2009-09-16 01:03 <DIR> --d----- c:\docume~1\krazay~1\applic~1\Dress Up Rush TAC CM 2009-09-16 00:07 <DIR> --d----- c:\program files\temp 2009-09-12 23:11 <DIR> --d----- c:\docume~1\krazay~1\applic~1\BeachPartyCraze 2009-09-09 17:18 107,547 a------- c:\windows\system32\drivers\klin.dat 2009-09-09 17:18 95,259 a------- c:\windows\system32\drivers\klick.dat 2009-09-09 17:17 5,759,520 a--sh--- c:\windows\system32\drivers\fidbox.dat 2009-09-09 17:17 499,744 a--sh--- c:\windows\system32\drivers\fidbox2.dat 2009-09-09 17:17 50,268 a--sh--- c:\windows\system32\drivers\fidbox.idx 2009-09-09 17:17 6,980 a--sh--- c:\windows\system32\drivers\fidbox2.idx 2009-09-09 17:17 <DIR> --d----- c:\program files\Kaspersky Lab 2009-09-09 01:15 18,794 a------- c:\windows\system32\ypev.sys 2009-09-09 01:15 17,972 a------- c:\windows\xyfe.dat 2009-09-09 01:15 15,782 a------- c:\windows\system32\niwe.bat 2009-09-09 01:15 15,154 a------- c:\windows\ijudu.lib 2009-09-09 01:15 14,727 a------- c:\windows\secyruzimi.vbs 2009-09-09 01:15 14,182 a------- c:\windows\system32\gujafusit.scr 2009-09-09 01:15 12,833 a------- c:\windows\unodaneva.sys 2009-09-09 01:15 12,269 a------- c:\program files\common files\wykotidyp.dll 2009-09-09 01:15 11,442 a------- c:\windows\vepudupu.bin 2009-09-09 01:15 10,091 a------- c:\docume~1\krazay~1\applic~1\wiwusupawo.pif 2009-09-08 22:31 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-09-07 00:09 <DIR> --d----- c:\windows\system32\Plugins 2009-09-07 00:09 <DIR> --d----- c:\windows\system32\ocr 2009-09-07 00:09 <DIR> --d----- c:\windows\system32\Data 2009-09-04 19:03 151,050 ----h--- C:\treeinfo.wc 2009-09-04 01:22 <DIR> --d----- c:\docume~1\krazay~1\applic~1\blg 2009-09-04 01:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\blg 2009-09-03 22:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GameHouse 2009-09-03 05:26 <DIR> --d----- c:\program files\common files\xing shared 2009-09-03 05:25 <DIR> --d----- c:\program files\common files\Real ==================== Find3M ==================== 2009-09-09 17:37 33,808 a------- c:\windows\system32\drivers\klbg.sys 2009-09-05 02:03 355,584 a------- c:\windows\system32\TuneUpDefragService.exe 2009-09-03 05:25 348,160 a------- c:\windows\system32\msvcr71.dll 2009-07-24 17:54 48,640 a------- c:\windows\mmfs.dll 2009-07-24 17:54 2,560 a------- c:\windows\Runservice.exe 2009-07-10 22:39 25,992 a------- c:\windows\system32\pgdfgsvc.exe 2009-06-16 01:08 87,608 a------- c:\docume~1\krazay~1\applic~1\inst.exe 2009-06-16 01:08 47,360 a------- c:\docume~1\krazay~1\applic~1\pcouffin.sys 2002-07-01 16:13 224 a--sh--- c:\docume~1\krazay~1\applic~1\maildriver32.dat 2005-06-22 07:37 45,568 a--shr-- c:\windows\system32\cygz.dll ============= FINISH: 18:10:14.59 =============== [Link mogu videti samo ulogovani korisnici] Dopuna: 29 Sep 2009 18:54 Molim vas za pomoc ako je moguca Unapred hvala! [Link mogu videti samo ulogovani korisnici]

Profil

diarno Poslao: 29 Sep 2009 20:03 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav krazo.. uradi sledece : Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

kraza Poslao: 29 Sep 2009 21:42 Idi na vrh
offline kraza Zaslužni građanin Pridružio: 10 Okt 2006 Poruke: 588 Gde živiš: uz kompjuter	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 29 Sep 2009 21:23 evo drugar ComboFix 09-09-28.01 - Kraza yo 09/29/2009 21:04.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.459 [GMT 2:00] Running from: c:\documents and settings\Kraza yo\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus On-access scanning disabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kraza yo\Application Data\inst.exe c:\documents and settings\Kraza yo\Application Data\wiwusupawo.pif c:\documents and settings\Kraza yo\Cookies\ahyxuk.reg c:\documents and settings\Kraza yo\Cookies\jitypa.vbs c:\documents and settings\Kraza yo\Cookies\pite.sys c:\documents and settings\Kraza yo\Cookies\ylesazof.dat c:\documents and settings\Kraza yo\Local Settings\Application Data\iredacijug.sys c:\documents and settings\Kraza yo\Local Settings\Application Data\pacuranywo.dl c:\documents and settings\Kraza yo\Local Settings\Application Data\voxixivy.reg c:\documents and settings\Kraza yo\Local Settings\Application Data\yxon.scr c:\program files\Common Files\wykotidyp.dll c:\recycler\S-1-5-21-3556411021-0126197081-355577831-5008 c:\recycler\S-1-5-21-5813555057-7151793982-903390340-1531 c:\recycler\S-1-5-21-5813555057-7151793982-903390340-1531\Desktop.ini c:\recycler\S-1-5-21-5813555057-7151793982-903390340-1531\nissan.exe c:\recycler\S-1-5-21-8583073009-5762081904-861684205-6723 c:\windows\Installer\35044.msi c:\windows\notepad.tmp2 c:\windows\secyruzimi.vbs c:\windows\system32\dllcache\notepad.tmp2 c:\windows\system32\gujafusit.scr c:\windows\system32\niwe.bat c:\windows\system32\notepad.tmp2 c:\windows\system32\Plugins c:\windows\system32\Plugins\Hoster\aCallbackMethods.dll c:\windows\system32\Plugins\Hoster\archivto.dll c:\windows\system32\Plugins\Hoster\bluehostto.dll c:\windows\system32\Plugins\Hoster\dataupde.dll c:\windows\system32\Plugins\Hoster\fastloadnet.dll c:\windows\system32\Plugins\Hoster\fastshareorg.dll c:\windows\system32\Plugins\Hoster\fileuploadnet.dll c:\windows\system32\Plugins\Hoster\megauploadcom.dll c:\windows\system32\Plugins\Hoster\meinuploadcom.dll c:\windows\system32\Plugins\Hoster\moosharede.dll c:\windows\system32\Plugins\Hoster\myvideode.dll c:\windows\system32\Plugins\Hoster\netloadin.dll c:\windows\system32\Plugins\Hoster\PluginSettings.ini c:\windows\system32\Plugins\Hoster\qsharecom.dll c:\windows\system32\Plugins\Hoster\rapidsharecom.dll c:\windows\system32\Plugins\Hoster\shareonlinebiz.dll c:\windows\system32\Plugins\Hoster\shareplacecom.dll c:\windows\system32\Plugins\Hoster\silofilescom.dll c:\windows\system32\Plugins\Hoster\speedysharecom.dll c:\windows\system32\Plugins\Hoster\uploadedto.dll c:\windows\system32\Plugins\Hoster\yourfilesbiz.dll c:\windows\system32\Plugins\Hoster\youtubecom.dll c:\windows\system32\Plugins\YouCrypt\callbackmethods.dll c:\windows\system32\Plugins\YouCrypt\captcha.dll c:\windows\system32\Plugins\YouCrypt\cineto.dll c:\windows\system32\Plugins\YouCrypt\datenbankorg.dll c:\windows\system32\Plugins\YouCrypt\datenschleuder.dll c:\windows\system32\Plugins\YouCrypt\ddlscene.dll c:\windows\system32\Plugins\YouCrypt\ddl(zabranjeno).dll c:\windows\system32\Plugins\YouCrypt\dreidl.dll c:\windows\system32\Plugins\YouCrypt\dxpdivxvidorg.dll c:\windows\system32\Plugins\YouCrypt\gameblog.dll c:\windows\system32\Plugins\YouCrypt\gamezam.dll c:\windows\system32\Plugins\YouCrypt\gapping.dll c:\windows\system32\Plugins\YouCrypt\g(zabranjeno).dll c:\windows\system32\Plugins\YouCrypt\linkbank.dll c:\windows\system32\Plugins\YouCrypt\linksafe.dll c:\windows\system32\Plugins\YouCrypt\LinkSave.dll c:\windows\system32\Plugins\YouCrypt\lix.dll c:\windows\system32\Plugins\YouCrypt\mirrorit.dll c:\windows\system32\Plugins\YouCrypt\netfolderin.dll c:\windows\system32\Plugins\YouCrypt\onekh.dll c:\windows\system32\Plugins\YouCrypt\rapidfolder.dll c:\windows\system32\Plugins\YouCrypt\rapidlayer.dll c:\windows\system32\Plugins\YouCrypt\rapidsafede.dll c:\windows\system32\Plugins\YouCrypt\rapidsafenet.dll c:\windows\system32\Plugins\YouCrypt\relinkus.dll c:\windows\system32\Plugins\YouCrypt\RScomLinkList.dll c:\windows\system32\Plugins\YouCrypt\rslayer.dll c:\windows\system32\Plugins\YouCrypt\saveraidrush.dll c:\windows\system32\Plugins\YouCrypt\secured.dll c:\windows\system32\Plugins\YouCrypt\securnet.dll c:\windows\system32\Plugins\YouCrypt\serienjunkies.dll c:\windows\system32\Plugins\YouCrypt\shareonall.dll c:\windows\system32\Plugins\YouCrypt\shareprotect.dll c:\windows\system32\Plugins\YouCrypt\stealth.dll c:\windows\system32\Plugins\YouCrypt\tinyurl.dll c:\windows\system32\Plugins\YouCrypt\UndergroundCMS.dll c:\windows\system32\Plugins\YouCrypt\uppicoasis.dll c:\windows\system32\Plugins\YouCrypt\urlcash.dll c:\windows\system32\Plugins\YouCrypt\usercashcom.dll c:\windows\system32\Plugins\YouCrypt\xlinkin.dll c:\windows\system32\tmp93.tmp c:\windows\system32\tmp94.tmp c:\windows\system32\ypev.sys c:\windows\unodaneva.sys c:\windows\vepudupu.bin . ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 ))))))))))))))))))))))))))))))) . 2009-09-29 18:26 . 2009-09-29 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GHISLER 2009-09-29 18:23 . 2009-09-29 18:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software 2009-09-25 17:51 . 2009-09-25 17:51 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\GARMIN 2009-09-24 03:07 . 2009-09-28 01:22 162816 ----a-w- c:\windows\system32\fmod.dll 2009-09-21 01:09 . 2009-09-28 01:06 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-09-20 21:22 . 2005-10-21 01:47 12800 ------w- c:\windows\system32\drivers\usb8023x.sys 2009-09-20 21:22 . 2005-10-21 01:47 30592 ------w- c:\windows\system32\drivers\rndismpx.sys 2009-09-19 17:40 . 2008-01-09 09:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys 2009-09-19 17:39 . 2008-05-16 10:33 115752 ----a-w- c:\windows\system32\drivers\s0016unic.sys 2009-09-19 17:39 . 2008-05-16 10:33 114216 ----a-w- c:\windows\system32\drivers\s0016mgmt.sys 2009-09-19 17:39 . 2008-05-16 10:33 10792 ----a-w- c:\windows\system32\drivers\s0016cr.sys 2009-09-19 17:39 . 2008-05-16 10:33 25512 ----a-w- c:\windows\system32\drivers\s0016nd5.sys 2009-09-19 17:39 . 2008-05-16 10:33 15016 ----a-w- c:\windows\system32\drivers\s0016mdfl.sys 2009-09-19 17:39 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016cmnt.sys 2009-09-19 17:39 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016cm.sys 2009-09-19 17:39 . 2008-05-16 10:33 120744 ----a-w- c:\windows\system32\drivers\s0016mdm.sys 2009-09-19 17:39 . 2008-05-16 10:33 110632 ----a-w- c:\windows\system32\drivers\s0016obex.sys 2009-09-19 17:39 . 2008-05-16 10:33 89256 ----a-w- c:\windows\system32\drivers\s0016bus.sys 2009-09-19 17:39 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016whnt.sys 2009-09-19 17:39 . 2008-05-16 10:33 12200 ----a-w- c:\windows\system32\drivers\s0016wh.sys 2009-09-18 22:40 . 2009-09-18 22:40 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\ViquaSoft 2009-09-15 23:03 . 2009-09-15 23:03 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\Dress Up Rush TAC CM 2009-09-15 22:07 . 2009-09-16 13:53 -------- d-----w- c:\program files\temp 2009-09-12 21:11 . 2009-09-14 19:59 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\BeachPartyCraze 2009-09-10 17:09 . 2009-09-10 17:09 -------- d-----w- c:\documents and settings\Kraza yo\Local Settings\Application Data\Identities 2009-09-09 15:18 . 2009-09-25 17:05 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2009-09-09 15:18 . 2009-09-25 17:05 107547 ----a-w- c:\windows\system32\drivers\klin.dat 2009-09-09 15:17 . 2009-09-29 19:11 5759520 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-09 15:17 . 2009-09-29 19:11 524320 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-09 15:17 . 2009-09-09 15:17 -------- d-----w- c:\program files\Kaspersky Lab 2009-09-08 23:15 . 2009-09-08 23:15 17972 ----a-w- c:\windows\xyfe.dat 2009-09-08 20:31 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-06 22:09 . 2009-09-06 22:09 -------- d-----w- c:\windows\system32\Data 2009-09-06 22:09 . 2009-09-06 22:09 -------- d-----w- c:\windows\system32\ocr 2009-09-03 23:22 . 2009-09-03 23:22 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\blg 2009-09-03 23:22 . 2009-09-03 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\blg 2009-09-03 20:18 . 2009-09-03 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse 2009-09-03 03:26 . 2009-09-03 03:26 -------- d-----w- c:\program files\Common Files\xing shared 2009-09-03 03:25 . 2009-09-03 03:26 -------- d-----w- c:\program files\Common Files\Real . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-29 19:12 . 2009-01-28 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-09-29 19:11 . 2009-09-09 15:17 7064 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-29 19:11 . 2009-09-09 15:17 50268 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-29 18:47 . 2009-08-14 19:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-29 18:47 . 2009-01-29 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-27 19:38 . 2009-01-29 00:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-27 15:07 . 2009-01-30 01:22 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\MyPhoneExplorer 2009-09-24 19:58 . 2009-01-29 23:39 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\Skype 2009-09-24 19:58 . 2009-01-29 23:45 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\skypePM 2009-09-23 20:50 . 2009-02-11 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups 2009-09-21 00:50 . 2009-05-12 01:25 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-19 17:56 . 2009-01-28 22:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-18 17:57 . 2009-08-27 01:06 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\PlayFirst 2009-09-18 17:57 . 2009-08-27 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst 2009-09-09 15:37 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2009-09-08 23:32 . 2009-07-24 15:54 1353 --sha-w- c:\windows\system32\mmf.sys 2009-09-05 00:03 . 2009-08-14 19:37 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-09-03 20:09 . 2009-01-30 01:44 -------- d-----w- c:\program files\IncrediMail 2009-09-03 03:25 . 2009-01-29 01:43 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-08-27 01:15 . 2009-08-27 01:15 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\ERS G-Studio 2009-08-27 01:04 . 2009-08-27 01:04 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\PoBros 2009-08-27 01:04 . 2009-08-27 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PoBros 2009-08-27 00:30 . 2009-08-27 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper 2009-08-25 17:00 . 2009-08-25 17:00 -------- d--h--r- c:\documents and settings\Kraza yo\Application Data\SecuROM 2009-08-24 15:54 . 2009-08-24 15:54 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\ABBYY 2009-08-24 15:47 . 2009-08-24 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY 2009-08-21 17:18 . 2009-08-21 17:08 -------- d-----w- c:\documents and settings\Kraza yo\Application Data\SuperMP3Download 2009-08-21 17:18 . 2009-08-21 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperMP3Download 2009-08-14 19:26 . 2009-02-11 20:00 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-08-11 20:53 . 2009-01-30 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail 2009-07-24 15:54 . 2009-07-24 15:54 48640 ----a-w- c:\windows\mmfs.dll 2009-07-24 15:54 . 2009-07-24 15:54 2560 ----a-w- c:\windows\Runservice.exe 2009-07-10 20:39 . 2009-01-29 18:58 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\system32\cygz.dll . ------- Sigcheck ------- [-] 2008-10-17 . 1FA0C7D29F15A931F0198A8D214A2A6D . 3802112 . . [7.00.6000.16762] . . c:\windows\system32\mshtml.dll [-] 2008-10-17 . 1FA0C7D29F15A931F0198A8D214A2A6D . 3802112 . . [7.00.6000.16762] . . c:\windows\system32\dllcache\mshtml.dll [-] 2008-10-17 . 1FA0C7D29F15A931F0198A8D214A2A6D . 3802112 . . [7.00.6000.16762] . . c:\windows\VIPv3\resources\mshtml.dll [7] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll [7] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll [7] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll [7] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll [-] 2004-08-03 . CDAE6C4376E296E63AC23AA6F43DB5AF . 3380224 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll [7] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\VIPv3\backup\mshtml.dll [7] 2006-10-30 . 29664B5A66F187790006014F87ADCCDF . 2182016 . . [5.1.2600.3023] . . c:\windows\$hf_mig$\KB896256\SP2QFE\ntoskrnl.exe [-] 2006-10-30 . DD3D44A1747CFDD4E1D431799236D935 . 2337664 . . [5.1.2600.3023] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2006-10-30 . DD3D44A1747CFDD4E1D431799236D935 . 2337664 . . [5.1.2600.3023] . . c:\windows\system32\ntoskrnl.exe [-] 2006-10-30 . DD3D44A1747CFDD4E1D431799236D935 . 2337664 . . [5.1.2600.3023] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2006-10-30 . DD3D44A1747CFDD4E1D431799236D935 . 2337664 . . [5.1.2600.3023] . . c:\windows\VIPv3\resources\ntoskrnl.exe [7] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\VIPv3\backup\ntoskrnl.exe [-] 2008-10-16 . 0FB0036ACEA470CC670C4919FE53007F . 78360 . . [7.2.6001.788] . . c:\windows\system32\wuauclt.exe [-] 2008-10-16 . 0FB0036ACEA470CC670C4919FE53007F . 78360 . . [7.2.6001.788] . . c:\windows\system32\dllcache\wuauclt.exe [-] 2008-10-16 . 0FB0036ACEA470CC670C4919FE53007F . 78360 . . [7.2.6001.788] . . c:\windows\VIPv3\resources\wuauclt.exe [7] 2004-08-03 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\VIPv3\backup\wuauclt.exe [7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . 9EC826F53E508B488DB5EBC101DBA7DE . 1403904 . . [6.00.2900.3156] . . c:\windows\explorer.exe [-] 2007-06-13 . 9EC826F53E508B488DB5EBC101DBA7DE . 1403904 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe [-] 2007-06-13 . 9EC826F53E508B488DB5EBC101DBA7DE . 1403904 . . [6.00.2900.3156] . . c:\windows\VIPv3\resources\explorer.exe [-] 2004-08-03 . DD0875A1F0B34140501AA4D0D365D694 . 1402880 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe [7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\VIPv3\backup\explorer.exe c:\windows\system32\drivers\beep.sys ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="d:\programi\Clock Tray Skins\ClockTraySkins.exe" [2009-01-29 1336576] "RAMSaverPro"="d:\programi\Ram Saver pro\ramsaverpro.exe" [2007-10-09 155168] "ToolBar icon can be changed."="d:\programi\YzToolBar\yztbr103\YzToolBar.exe" [2002-09-29 90112] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Vistadrv"="c:\windows\VIPv3\VIPhd\vsdrv.exe" [2006-07-30 121089] "iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 65536] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-09-09 208616] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2005-12-20 21:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ pgdfgsvc C 1\0autocheck autochk lsdelete [HKLM\~\startupfolder\C:^Documents and Settings^Kraza yo^Start Menu^Programs^Startup^nero.bat.lnk] backup=c:\windows\pss\nero.bat.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Kraza yo^Start Menu^Programs^Startup^winword.exe.lnk] backup=c:\windows\pss\winword.exe.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage Setup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conflict Zone HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallShieldSetup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "TuneUp.ProgramStatisticsSvc"=3 (0x3) "TuneUp.Defrag"=3 (0x3) "npggsvc"=3 (0x3) "Lavasoft Ad-Aware Service"=3 (0x3) "idsvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808] R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [5/12/2009 5:16 PM 53760] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [9/19/2009 7:40 PM 27632] R3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [1/29/2009 12:42 AM 476672] R3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [1/29/2009 12:42 AM 260224] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [1/30/2009 3:35 AM 11648] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys --> c:\windows\system32\DRIVERS\klmouflt.sys [?] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [9/19/2009 7:39 PM 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [9/19/2009 7:39 PM 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [9/19/2009 7:39 PM 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [9/19/2009 7:39 PM 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [9/19/2009 7:39 PM 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [9/19/2009 7:39 PM 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [9/19/2009 7:39 PM 115752] S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/24/2009 5:54 PM 2560] S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm uStart Page = [Link mogu videti samo ulogovani korisnici]* mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm mStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyServer = 221.130.193.14:8080 IE: &Search - [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici] FF - ProfilePath - c:\documents and settings\Kraza yo\Application Data\Mozilla\Firefox\Profiles\38o9145m.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: d:\programi\Opera\program\plugins\npdsplay.dll FF - plugin: d:\programi\Opera\program\plugins\NPSWF32.dll FF - plugin: d:\programi\Opera\program\plugins\npwmsdrm.dll FF - plugin: d:\programi\Real player\Netscape6\nppl3260.dll FF - plugin: d:\programi\Real player\Netscape6\nprjplug.dll FF - plugin: d:\programi\Real player\Netscape6\nprpjplug.dll . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-09-29 21:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrllkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347] "1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae, 25 "2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b, c3 "3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48, 8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrllkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\B7F5EA513569EA3E98352E3A3D1D6A3D] "1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,a6,93,a9,25,23,fb,66, 2c,77,d8,5d,6a,fe,59,6e,ef "2"=hex:84,e0,11,4a,54,77,0e,d0 "3"=hex:81,20,8f,ab,28,6a,52,9c "4"=hex:2f,ad,a2,e7,8a,bf,05,5e "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55, 1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\ "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4, 51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20 "7"=hex:58,eb,3b,8d,af,31,32,62,22,1b,23,79,6d,f4,12,c1,db,b4,20,3e,7f,80,2a, 0f,6a,a6,22,9f,10,4c,a5,77,df,44,a4,37,10,4b,bc,75,d7,98,0e,82,a4,8d,85,b3,\ "8"=hex:9e,e4,09,10,dc,f9,e0,bb,ad,b1,2f,7a,0c,bd,eb,cb,16,07,a3,ce,58,38,16, 20,ec,4a,22,77,1a,4f,40,02,e9,7e,a8,01,fd,48,a7,67 "9"=hex:81,20,8f,ab,28,6a,52,9c "18"=hex:b6,dd,00,4d,9d,38,11,d1 "10"=hex:81,20,8f,ab,28,6a,52,9c "11"=hex:81,20,8f,ab,28,6a,52,9c "12"=hex:81,20,8f,ab,28,6a,52,9c "13"=hex:81,20,8f,ab,28,6a,52,9c "14"=hex:81,20,8f,ab,28,6a,52,9c "24"=hex:81,20,8f,ab,28,6a,52,9c "26"=hex:81,20,8f,ab,28,6a,52,9c "27"=hex:81,20,8f,ab,28,6a,52,9c "19"=hex:81,20,8f,ab,28,6a,52,9c "22"=hex:81,20,8f,ab,28,6a,52,9c . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1052) c:\windows\system32\SETUPAPI.dll c:\windows\system32\Ati2evxx.dll c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - - - - - - - > 'lsass.exe'(1108-) c:\windows\system32\SETUPAPI.dll - - - - - - - > 'explorer.exe'(2860) d:\programi\YzToolBar\yztbr103\YzToolBar.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\wscntfy.exe c:\program files\A4Tech\Keyboard\Ikeymain.exe c:\progra~1\MI3AA1~1\rapimgr.exe . ************************************************************************** . Completion time: 2009-09-29 21:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-29 19:15 Pre-Run: 11,133,489,152 bytes free Post-Run: 11,192,516,608 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=ZFCA87 /Kernel=TUKernel.exe 404 Dopuna: 29 Sep 2009 21:42 Diarno mislim da je sada sve u redu, nekoliko puta sam ubacio flesku i ne pojavljuje se vise autorun.inf ako je to sve sto treba da uradim, ja ti se onda zahvaljujem iz sveg srca na pomoci! Pozdrav drugar i hvala ti!

Profil

diarno Poslao: 30 Sep 2009 00:11 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! to bi bilo to...jos samo ovo uradi Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. pozzz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem autorun.inf

Ko je trenutno na forumu

Ukupno su 2434 korisnika na forumu :: 106 registrovanih, 6 sakrivenih i 2322 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 5253 - dana 09 Dec 2025 16:26

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 100ka, 357magnum, 9k38, A.R.Chafee.Jr., ALEXV, Avalon015, Ba4e, Belac91, Bobrock1, Bojan198527, boromir, bpop, CCCP, ccoogg123, Chainsaw, cikadeda, Clouseau, colji, crnirocko, darkojbn, Dixtrix, djonsule, Djota1, Doc, Dogma21, Draganeli, draganl, DrNeoCortex, dusan.l, dzada, Džekson, famoso, Feller, g_g, Hardenberg, jarovitt, Jeremiah, joca83, K a s p e r, K-1A, Kajzer Soze, Kamov, kontrasvijeta, Koridor, kovinacc, Koča, laurusri, Leonov, lindr, malimedo01, Marjan Janevski, markolopin, mat, mikrimaus, milanovic, milanpetkovicv, milenko crazy north, milutin134, Mis uz pusku, mkukoleca, moldway, N.e.m.a.nj.a., Naj-Turs, nebidrag, nsharambasa, opt1, OtacMakarije, Pavel Medved, pein, pera bager, PlayerOne, Povratak1912, procesor, rodoljub, sales, saputnik plavetnila, Sevetar, shlauf, sluga, Solunac na steroidima, SOM, Srky Boy, stalja, styg, tajvankanasta, tanakadzo, Tas011, tooooom, Tribal, tuf, uljmanac, VanZan, Vatreni Zmaj, Veless, vidra boy, VJ, wizzardone, XBMC, Yekaterinburg, zdrebac, zlatkoa987, ZlatniRez, zokizemun, Zoran1959, Žoržo, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by