C:\resycled\boot.com is not valid Win32 application. SHTA???

2

C:\resycled\boot.com is not valid Win32 application. SHTA???

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Imas jos uvek par inficiranih USB memorija.
Ako su ti priruci (nisu u pitanju uredjaji pozajmljeni od drugih osoba), onda uradi sledece:

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 27 Jan 2009
  • Poruke: 41

a shta je sa tudjim USB uredjajima, hoce mi opet ubaciti ta sr*nja?

i da li ce mi npr. ako ubacim mp3 plejer obrisati neshto sa njega, mislim i na samu muziku a i na software taj njegov?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

1. Hoce ako su zarazeni
2. USBNoRisk juri samo autorun fajlove, nece da brise muziku niti bilo sta drugo.

offline
  • Pridružio: 27 Jan 2009
  • Poruke: 41

hvala, e uradicu sad... e da li da uradim to sa svakim narednim usb-om koji mi neko donese ili slichno? a predpostavljam da su zarazeni skoro svi iz mog okruzenja Smile

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

U sustini mozes da uradis i sa svim stickovima koji ti pristignu, s tim sto USBNoRisk ne cisti USB stickove, vec samo blokira autostart i pravi log koji treba da pogleda neko ko je upoznat sa tim programom.

offline
  • Pridružio: 27 Jan 2009
  • Poruke: 41

evo ga log

USBNoRisk by bobby

Started at 2009-01-28 19:30:02

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
I: {a764a870-63db-11dd-bbcc-806d6172696f}
C: {eeeb7b53-63e3-11dd-a9ca-806d6172696f}
E: {eeeb7b54-63e3-11dd-a9ca-806d6172696f}
F: {eeeb7b56-63e3-11dd-a9ca-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for eeeb7b53-63e3-11dd-a9ca-806d6172696f
========================================

Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for E:
No key found for eeeb7b54-63e3-11dd-a9ca-806d6172696f
========================================

Autorun.inf on F: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for F:
No key found for eeeb7b56-63e3-11dd-a9ca-806d6172696f
========================================

Autorun.inf on I: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for I:
No key found for a764a870-63db-11dd-bbcc-806d6172696f
========================================

========================================



New device connected at 2009-01-28 19:31:18

Scanning for connected USB mass storage...
----------------------------------------
J: {3ddd1560-6481-11dd-bbd0-000c6ebca499}
Added J:
========================================

Scanning USB mass storage for files...
----------------------------------------
autorun.inf found on J:
----------------------------------------
File J:\autorun.inf renamed successfully

Content of J:\autorun.inf.blocked
----------------------------------------
[autorun]
;fgyuovwvneqtnutxvyinfgyyhevwtzxqedzawqvszrxjqviuzavpazegzrrpqirrfelkogniqoctonmqhbkutienalgcvyaoic
shellexecute="resycled\boot.com j:"
;xpedftcooqlfekzzacadkdcphlvh
shell\Open\command="resycled\boot.com j:"
;mglirbkommzllajbmrzptsjbhfypjor
----------------------------------------

Files referenced from J:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Possible references from J:\autorun.inf.blocked
(beware, these are possible false detections)
----------------------------------------
J:\resycled dr-hs 0
J:\resycled\boot.com -r-hs 0
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
Sanitized 3ddd1560-6481-11dd-bbd0-000c6ebca499
========================================

----------------------------------------

desktop.ini found on J:
----------------------------------------

Content of J:\Recycled\desktop.ini
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------

Files referenced from J:\Recycled\desktop.ini
----------------------------------------
None
----------------------------------------

========================================

========================================
Removed J:
========================================

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pokreni ponovo USBNoRisk i prebaci se na Script tab.
Tu unesi sledeci skript (iskopiraj odavde):
{3ddd1560-6481-11dd-bbd0-000c6ebca499}
delete_blocked:
delete: %DRIVE%resycled\boot.com


Ukoliko ti je inficirani USB stick jos uvek prikljucen na racunar, onda klikni na Run script.
Ukoliko nije prikljucen, onda ga sada ponovo prikjuci i skript ce biti izvrsen automatski.
Nakon zavrsenog skeniranje ponovo snimi log (log je na Monitor tabu) i postavi ga u sledecoj poruci.

offline
  • Pridružio: 27 Jan 2009
  • Poruke: 41

evo ga, ovo mi je mp3 koji je trenutno tu ostali nisu moji ili nisu uvek tu... tako da... inache muzika je uzasna sho ima ovaj usb no risk Smile
sha dalje?

USBNoRisk by bobby

Started at 2009-01-28 20:12:07

Scanning for connected USB Mass storage...
----------------------------------------
J: {3ddd1560-6481-11dd-bbd0-000c6ebca499}
========================================

Scanning for other storage...
----------------------------------------
I: {a764a870-63db-11dd-bbcc-806d6172696f}
C: {eeeb7b53-63e3-11dd-a9ca-806d6172696f}
E: {eeeb7b54-63e3-11dd-a9ca-806d6172696f}
F: {eeeb7b56-63e3-11dd-a9ca-806d6172696f}
========================================

Scanning removable storage for autorun.inf and desktop.ini files...
----------------------------------------
Autorun.inf on J: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for 3ddd1560-6481-11dd-bbd0-000c6ebca499
========================================

========================================

desktop.ini found on J:
----------------------------------------

Content of J:\Recycled\desktop.ini
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------

Files referenced from J:\Recycled\desktop.ini
----------------------------------------
None
----------------------------------------

========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for eeeb7b53-63e3-11dd-a9ca-806d6172696f
========================================

Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for E:
No key found for eeeb7b54-63e3-11dd-a9ca-806d6172696f
========================================

Autorun.inf on F: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for F:
No key found for eeeb7b56-63e3-11dd-a9ca-806d6172696f
========================================

Autorun.inf on I: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for I:
No key found for a764a870-63db-11dd-bbcc-806d6172696f
========================================

========================================


Processing script
----------------------------------------
Drive letter for GUID: J:\
3ddd1560-6481-11dd-bbd0-000c6ebca499
SectionStart = 0
SectionEnd = 2
----------------------------------------
Deleting blocked files:
----------------------------------------
Delete: J:\autorun.inf.blocked > Done!
Delete: J:\resycled\boot.com > Error!
----------------------------------------


Processing script
----------------------------------------
Drive letter for GUID: J:\
3ddd1560-6481-11dd-bbd0-000c6ebca499
SectionStart = 0
SectionEnd = 2
----------------------------------------
Deleting blocked files:
----------------------------------------
None
Delete: J:\resycled\boot.com > Error!
----------------------------------------

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ostavi stick prikljucen i pusti ponovo ComboFix, pa mi postavi log na kraju skeniranja.

offline
  • Pridružio: 27 Jan 2009
  • Poruke: 41

ComboFix 09-01-21.04 - Microsoft 2009-01-28 22:53:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1536.933 [GMT 1:00]
Running from: c:\documents and settings\Microsoft\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

J:\resycled
j:\resycled\boot.com
.
---- Previous Run -------
.
c:\documents and settings\Microsoft\Start Menu\Programs\videosoft
c:\documents and settings\Microsoft\Start Menu\Programs\videosoft\Uninstall.lnk
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\program files\videosoft
c:\program files\videosoft\Uninstall.exe
C:\resycled
c:\resycled\boot.com
c:\windows\system32\drivers\gaopdxserv.sys
c:\windows\system32\drivers\msqpdxanuvqnpn.sys
c:\windows\system32\drivers\msqpdxktvkwlwx.sys
c:\windows\system32\drivers\msqpdxmkatvhre.sys
c:\windows\system32\drivers\msqpdxyxxuctuc.sys
c:\windows\system32\msqpdxqvvknemv.dll
E:\resycled
e:\resycled\boot.com
F:\resycled
f:\resycled\boot.com
I:\resycled
i:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_msqpdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.

2009-01-27 19:53 . 2003-02-28 18:26 139,536 --a------ c:\windows\system32\javaee.dll
2009-01-27 19:41 . 2009-01-28 20:14 <DIR> d-------- C:\USBNoRisk
2009-01-27 04:55 . 2009-01-28 22:43 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-27 04:27 . 2009-01-27 13:53 233 --a------ C:\autorun.inf.blocked
2009-01-26 13:04 . 2009-01-28 09:43 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-26 13:04 . 2009-01-26 13:04 <DIR> d-------- c:\program files\AVG
2009-01-26 13:04 . 2009-01-26 13:04 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-26 13:04 . 2009-01-26 13:04 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-26 13:04 . 2009-01-26 13:04 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-25 14:32 . 2009-01-25 14:32 <DIR> d-------- c:\program files\XviD
2009-01-23 21:21 . 2009-01-23 21:24 <DIR> d-------- c:\program files\Valve

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 23:32 --------- d-----w c:\documents and settings\Microsoft\Application Data\PC Suite
2009-01-26 12:04 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-01-26 00:17 --------- d-----w c:\program files\Common Files\Adobe
2009-01-23 20:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 20:18 --------- d-----w c:\documents and settings\Microsoft\Application Data\Nokia
2009-01-01 03:27 --------- d-----w c:\program files\sXe Injected
2008-12-23 18:57 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-23 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2008-12-11 14:15 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-11 14:14 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 22:31 --------- d-----w c:\program files\VST
2008-12-10 22:31 --------- d-----w c:\program files\Common Files\Digidesign
2008-12-10 22:31 --------- d-----w c:\program files\Antares Audio Technologies
2008-12-09 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-07 13:58 --------- d-----w c:\program files\VirtualDJ
2008-11-02 23:41 155,995 ----a-w c:\windows\java\Packages\RZ7HJXZT.ZIP
.

((((((((((((((((((((((((((((( snapshot@2009-01-27_20.06.59.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2008-12-02 21:26:30 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-09 16:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-05-20 23:43 1526296 --a------ c:\program files\TorrentMan\tbTorr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 --a------ c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-25 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-26 1261336]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2008-08-06 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-26 13:04 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"aux"= ctwdm32.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-26 97928]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2008-08-06 349184]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-26 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-26 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-26 76040]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-09-02 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-09-02 8320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d8b55cd-a804-11dd-bc01-000c6ebca499}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com l:
\Shell\Open\command - l:\resycled\boot.com l:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ddd1561-6481-11dd-bbd0-000c6ebca499}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ddd1565-6481-11dd-bbd0-000c6ebca499}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5db39923-977b-11dd-bbf6-000c6ebca499}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7974d79b-66ef-11dd-bbd3-000c6ebca499}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f01ca2b-7c33-11dd-bbe2-000c6ebca499}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84991aa0-e4cb-11dd-bc3a-000c6ebca499}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com j:
\Shell\Open\command - j:\resycled\boot.com j:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3f5087d-cd0d-11dd-bc26-000c6ebca499}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Microsoft\Application Data\Mozilla\Firefox\Profiles\011qkgvh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Microsoft\Application Data\Mozilla\Firefox\Profiles\011qkgvh.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-28 22:56:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768-)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-28 22:58:01
ComboFix-quarantined-files.txt 2009-01-28 21:57:49

Pre-Run: 16,220,205,056 bytes free
Post-Run: 16,214,720,512 bytes free

218 --- E O F --- 2009-01-28 02:07:29

Ko je trenutno na forumu
 

Ukupno su 639 korisnika na forumu :: 40 registrovanih, 5 sakrivenih i 594 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aboris, Apok, Atenjanin89, cetka, crnitrn, Dannyboy, darkangel, Fisherman, Georgius, goxin, kaptain, ladro, maiden6657, Marko Marković, Mauzer91, Mercury, MrNo, NemanjaSt, Outis, pceklic, pein, Polemarchoi, raso76, RiV, Rocker, ruseskij, S-lash, S2M, Sr.Stat., theNedjeljko, Toni, Van, vathra, Vlada1389, vobo, vrlenija, Wrangler, zlaya011, zziko