Kompjuter mi ne prepoznaje usb flash

1

Kompjuter mi ne prepoznaje usb flash

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Када убацим флеш, компјутер реагује са два сигнализирајућа кратка тона да је нешто убачено у њега и то је све. Дакле, у таскбару има она зелена стрелица и крај приче. Извадим флеш, опет се чује сигнал са једним дугим тоном као да је све нормално. Е није нормално то што али баш нигде не видим тај флеш.
Флеш је HP v125w од 4GB. ОС је Windows XP SP3. Флеш што је занимљиво, на другим рачунарима ради али на овом не од када је Avast пре неки дан алармирао да постоје неки вируси који су лоцирани у C:WindowsTemp. Обришем их, а Avast се после неког времена опет јави са упозорењем све док нисам га покренуо на потпуни преглед компјутера, нешто је нашао, обрисао и од тада ми не приказује да имам вирус, али од тада неће ни флеш да види. Камерица је рецимо са USB прикључком и ради без проблема као и све остало што је повезано преко USB портова.
Може ли ми неко помоћи?
Е, да, заборавих рећи да сам „прочешљао” рачунар и са Trojan Remover и да је по њему све ок

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Извињавам се на брзоплетости. Ево одрадио сам како сам прочитао у упутству



DDS (Ver_10-12-12.02) - NTFSx86
Run by RIP at 16:13:03.17 on Tue 12/21/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2196 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 101221-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~2\Avast4\ashDisp.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Raxco\PerfectDisk10\PerfectDisk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Roland VersaWorks\VersaWorks\Roland VersaWorks.exe
C:\Program Files\Roland VersaWorks\VersaWorks\Roland VersaWorks.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\dmremote.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\mmc.exe
E:\Install\Antivirus\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~2\avast4\ashDisp.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rip\applic~1\mozilla\firefox\profiles\i20q41f1.default\
FF - prefs.js: browser.search.selectedEngine - KickassTorrents
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Serbian Dictionary: sr-RS@dictionaries.addons.mozilla.org - %profile%\extensions\sr-RS@dictionaries.addons.mozilla.org
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-7-24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-24 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-7-24 138680]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-5-18 327064]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2010-7-13 38656]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-7-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-7-24 352920]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 AMService;AMService; [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2009-10-9 3328]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

=============== Created Last 30 ================

2010-12-20 10:19:29 -------- d-----w- c:\program files\ESET
2010-12-18 13:39:35 -------- d-----w- c:\program files\Raxco
2010-12-17 10:15:01 110080 ----a-r- c:\docume~1\rip\applic~1\microsoft\installer\{4fc9da9d-f608-454e-8191-d7effdcc5726}\IconF7A21AF7.exe
2010-12-17 10:15:01 110080 ----a-r- c:\docume~1\rip\applic~1\microsoft\installer\{4fc9da9d-f608-454e-8191-d7effdcc5726}\IconD7F16134.exe
2010-12-17 10:15:00 -------- d-----w- C:\sh4ldr
2010-12-17 09:55:26 -------- d-----w- c:\program files\Enigma Software Group
2010-12-17 09:55:13 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-12-16 14:54:24 -------- d-----w- c:\documents and settings\all users\Immunet
2010-12-16 14:54:24 -------- d-----w- c:\docume~1\rip\applic~1\Immunet
2010-12-16 14:09:02 -------- d-----w- c:\program files\Panda Security
2010-12-15 15:42:17 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-12-15 09:31:16 -------- d-----w- c:\docume~1\rip\applic~1\TuneUp Software
2010-12-15 09:31:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2010-12-15 09:31:02 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-12-15 08:24:14 -------- d-----w- c:\windows\system32\NtmsData
2010-12-14 17:13:36 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-12-14 16:03:11 -------- d-----w- c:\docume~1\rip\locals~1\applic~1\uTorrentBar
2010-12-14 16:00:08 -------- d-----w- c:\docume~1\rip\applic~1\URSoft
2010-12-13 13:39:14 125952 ----a-w- c:\program files\windows media player\run.exe
2010-12-06 12:55:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\IntelliPDF
2010-12-06 12:55:11 737280 ----a-w- c:\windows\iun6002.exe
2010-11-25 14:04:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-11-25 08:58:51 -------- d-----w- c:\docume~1\rip\locals~1\applic~1\Two Worlds II
2010-11-25 08:58:50 -------- d-----w- c:\docume~1\rip\applic~1\NVIDIA
2010-11-25 08:54:42 -------- d-----w- c:\program files\Reality Pump
2010-11-25 08:50:22 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-25 08:28:28 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-25 08:28:28 -------- d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-30 09:47:44 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-30 09:47:44 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-30 09:47:36 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 10:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 10:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 10:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 10:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 10:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 10:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500KS-00MJB0 rev.02.01C03 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-12

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AC00555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8ac067b0]; MOV EAX, [0x8ac0682c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Harddisk0\DR0[0x8AC4F7C8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\00000080[0x8AC4A9E8]
5 ACPI[0xB7E54620] -> ntkrnlpa!IofCallDriver[0x804EF196] -> [0x8AC16D98]
\Driver\atapi[0x8ABC8260] -> IRP_MJ_CREATE -> 0x8AC00555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-12 -> \??\IDE#DiskWDC_WD2500KS-00MJB0_____________________02.01C03#5&5c4ddef&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AC0039B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 16:13:30.85 ===============

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav, lusstrissimuss!








U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------


Arrow

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.







goran9888 (AMF Tim)

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Napisano: 22 Dec 2010 9:03

OK, пратим упутства. Хвала у напред. Од USB прикључака имам повезан штампач, миш, тастатуру и камерицу.
Меморију, тј. USB flash нећу убацивати док ми то не кажете.

Dopuna: 22 Dec 2010 9:53

ComboFix 10-12-21.03 - RIP 12/22/2010 9:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2539 [GMT 1:00]
Running from: c:\documents and settings\RIP\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101221-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Microsoft
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
c:\program files\Windows Media Player\run.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.

2010-12-21 16:19 . 2010-12-21 16:21 -------- d-----w- c:\program files\KaraFun
2010-12-20 10:19 . 2010-12-20 10:19 -------- d-----w- c:\program files\ESET
2010-12-18 13:39 . 2010-12-18 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-12-18 13:39 . 2010-12-18 13:39 -------- d-----w- c:\program files\Raxco
2010-12-17 10:15 . 2010-12-17 10:15 110080 ----a-r- c:\documents and settings\RIP\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2010-12-17 10:15 . 2010-12-17 10:15 110080 ----a-r- c:\documents and settings\RIP\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2010-12-17 10:15 . 2010-12-17 10:15 -------- d-----w- C:\sh4ldr
2010-12-17 09:55 . 2010-12-17 09:55 -------- d-----w- c:\program files\Enigma Software Group
2010-12-17 09:55 . 2010-12-17 10:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-12-16 14:54 . 2010-12-16 15:17 -------- d-----w- c:\documents and settings\All Users\Immunet
2010-12-16 14:54 . 2010-12-16 14:55 -------- d-----w- c:\documents and settings\RIP\Application Data\Immunet
2010-12-16 14:09 . 2010-12-16 14:09 -------- d-----w- c:\program files\Panda Security
2010-12-16 11:33 . 2010-12-16 11:33 -------- d-----w- c:\documents and settings\Administrator
2010-12-15 15:42 . 2010-12-16 08:07 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-12-15 09:31 . 2010-12-15 09:31 -------- d-----w- c:\documents and settings\RIP\Application Data\TuneUp Software
2010-12-15 09:31 . 2010-12-15 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-12-15 09:31 . 2010-12-15 09:31 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-12-15 09:21 . 2008-04-14 03:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-12-15 08:24 . 2010-12-21 10:51 -------- d-----w- c:\windows\system32\NtmsData
2010-12-14 17:13 . 2010-12-14 17:13 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-12-14 16:03 . 2010-12-14 16:03 -------- d-----w- c:\documents and settings\RIP\Local Settings\Application Data\uTorrentBar
2010-12-14 16:00 . 2010-12-14 16:00 -------- d-----w- c:\documents and settings\RIP\Application Data\URSoft
2010-12-14 16:00 . 2010-12-21 16:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-10 11:17 . 2010-12-10 11:17 -------- d-----w- c:\program files\Common Files\Skype
2010-12-06 12:55 . 2010-12-06 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\IntelliPDF
2010-12-06 12:55 . 2010-12-06 12:54 737280 ----a-w- c:\windows\iun6002.exe
2010-11-25 14:04 . 2010-12-17 11:29 -------- d-----w- c:\program files\RegCure
2010-11-25 14:04 . 2010-11-25 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-11-25 08:58 . 2010-11-25 08:58 -------- d-----w- c:\documents and settings\RIP\Local Settings\Application Data\Two Worlds II
2010-11-25 08:58 . 2010-11-25 08:58 -------- d-----w- c:\documents and settings\RIP\Application Data\NVIDIA
2010-11-25 08:54 . 2010-11-25 08:54 -------- d-----w- c:\program files\Reality Pump
2010-11-25 08:50 . 2010-11-25 07:50 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-25 08:28 . 2010-11-25 08:28 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-25 07:50 . 2010-11-25 07:50 436792 ----a-w- c:\windows\system32\drivers\sptd.svs
2010-11-12 17:53 . 2010-07-19 11:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-07-19 11:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-16 18:55 . 2010-10-30 09:46 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55 . 2010-10-30 09:46 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55 . 2010-07-12 18:05 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-16 18:55 . 2010-07-12 18:05 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-07-12 18:05 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55 . 2010-07-12 18:05 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55 . 2010-07-12 18:05 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-07-12 18:05 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-07-12 18:05 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-07-12 18:05 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2010-07-12 18:05 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 10:04 . 2010-10-16 10:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 10:04 . 2010-10-16 10:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 10:04 . 2010-10-16 10:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 10:04 . 2010-10-16 10:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 10:04 . 2010-10-16 10:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 10:04 . 2010-10-16 10:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-13 16132608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^RIP^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\RIP\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 21:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2010-07-23 06:47 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-07-13 03:53 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"gupdate"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BlueSoleilCS"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrobat.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 22:39 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/25/2010 09:50 436792]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/24/2010 12:34 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/24/2010 12:34 20560]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [5/18/2010 17:06 327064]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/13/2010 04:26 38656]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 AMService;AMService; [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 11:44 30088]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/27/2010 18:10 5248]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 13:58 26248]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 21:37 4640000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 10:52]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 10:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\RIP\Application Data\Mozilla\Firefox\Profiles\i20q41f1.default\
FF - prefs.js: browser.search.selectedEngine - KickassTorrents
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Serbian Dictionary: sr-RS@dictionaries.addons.mozilla.org - %profile%\extensions\sr-RS@dictionaries.addons.mozilla.org
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-MCShield - c:\program files\MCShield\MCShieldRTM.exe
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
MSConfigStartUp-Immunet Protect - c:\program files\ClamAV for Windows\2.0.17\iptray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 09:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500KS-00MJB0 rev.02.01C03 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-12

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ABBD555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8abc37b0]; MOV EAX, [0x8abc382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Harddisk0\DR0[0x8AC4A5A8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\00000081[0x8AC469E8]
5 ACPI[0xB7E54620] -> ntkrnlpa!IofCallDriver[0x804EF196] -> [0x8ABD5D98]
\Driver\atapi[0x8ABD5480] -> IRP_MJ_CREATE -> 0x8ABBD555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-12 -> \??\IDE#DiskWDC_WD2500KS-00MJB0_____________________02.01C03#5&5c4ddef&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8ABBD39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3680)
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
.
**************************************************************************
.
Completion time: 2010-12-22 09:52:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-22 08:52

Pre-Run: 41,174,122,496 bytes free
Post-Run: 41,234,829,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B4177C2827F8728E9B26CE1144A2D2E1

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Izvinjavam se sto kasnim sa odgovorom.


---------------------------------------------------

Arrow

Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop:


TDSSKiller

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
preimenuj TDSSKiller.exe u MyCity.exe;
dvoklikom pokreni program MyCity.exe;
klik na dugme Start Scan.


Ukoliko maliciozni (malicious) objekti budu pronadjeni, uveri se da je za njih odabrana akcija "Cure" (primer) i klikni Continue, a zatim klikni Reboot Now.



Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)



goran9888 (AMF Tim)

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Одрађено, а ево и logfile
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Postavi mi svez Combo Fix log.

offline
  • Pridružio: 15 Feb 2006
  • Poruke: 232

Napisano: 23 Dec 2010 14:43

Морао сам да деинсталирам комплетно Аваст јер га једноставно никако нисам могао онемогућити да ради да би Combo могао своје одрадити. Да ли да сада одмах инсталирам неки бесплатни антивирусни програм и који ми препоручујете.

ComboFix 10-12-22.05 - RIP 12/23/2010 14:37:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2659 [GMT 1:00]
Running from: c:\documents and settings\RIP\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-21 16:19 . 2010-12-21 16:21 -------- d-----w- c:\program files\KaraFun
2010-12-20 10:19 . 2010-12-20 10:19 -------- d-----w- c:\program files\ESET
2010-12-18 13:39 . 2010-12-18 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-12-18 13:39 . 2010-12-18 13:39 -------- d-----w- c:\program files\Raxco
2010-12-17 10:15 . 2010-12-17 10:15 110080 ----a-r- c:\documents and settings\RIP\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2010-12-17 10:15 . 2010-12-17 10:15 110080 ----a-r- c:\documents and settings\RIP\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2010-12-17 10:15 . 2010-12-17 10:15 -------- d-----w- C:\sh4ldr
2010-12-17 09:55 . 2010-12-17 09:55 -------- d-----w- c:\program files\Enigma Software Group
2010-12-17 09:55 . 2010-12-17 10:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-12-16 14:54 . 2010-12-16 15:17 -------- d-----w- c:\documents and settings\All Users\Immunet
2010-12-16 14:54 . 2010-12-16 14:55 -------- d-----w- c:\documents and settings\RIP\Application Data\Immunet
2010-12-16 14:09 . 2010-12-16 14:09 -------- d-----w- c:\program files\Panda Security
2010-12-16 11:33 . 2010-12-16 11:33 -------- d-----w- c:\documents and settings\Administrator
2010-12-15 15:42 . 2010-12-16 08:07 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-12-15 09:31 . 2010-12-15 09:31 -------- d-----w- c:\documents and settings\RIP\Application Data\TuneUp Software
2010-12-15 09:31 . 2010-12-15 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-12-15 09:31 . 2010-12-15 09:31 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-12-15 09:21 . 2008-04-14 03:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-12-15 08:24 . 2010-12-21 10:51 -------- d-----w- c:\windows\system32\NtmsData
2010-12-14 17:13 . 2010-12-14 17:13 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-12-14 16:03 . 2010-12-14 16:03 -------- d-----w- c:\documents and settings\RIP\Local Settings\Application Data\uTorrentBar
2010-12-14 16:00 . 2010-12-14 16:00 -------- d-----w- c:\documents and settings\RIP\Application Data\URSoft
2010-12-14 16:00 . 2010-12-23 13:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-10 11:17 . 2010-12-10 11:17 -------- d-----w- c:\program files\Common Files\Skype
2010-12-06 12:55 . 2010-12-06 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\IntelliPDF
2010-12-06 12:55 . 2010-12-06 12:54 737280 ----a-w- c:\windows\iun6002.exe
2010-11-25 14:04 . 2010-12-17 11:29 -------- d-----w- c:\program files\RegCure
2010-11-25 14:04 . 2010-11-25 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-11-25 08:58 . 2010-11-25 08:58 -------- d-----w- c:\documents and settings\RIP\Local Settings\Application Data\Two Worlds II
2010-11-25 08:58 . 2010-11-25 08:58 -------- d-----w- c:\documents and settings\RIP\Application Data\NVIDIA
2010-11-25 08:54 . 2010-11-25 08:54 -------- d-----w- c:\program files\Reality Pump
2010-11-25 08:50 . 2010-11-25 07:50 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-25 08:28 . 2010-11-25 08:28 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-25 07:50 . 2010-11-25 07:50 436792 ----a-w- c:\windows\system32\drivers\sptd.svs
2010-11-12 17:53 . 2010-07-19 11:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-07-19 11:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-16 18:55 . 2010-10-30 09:46 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55 . 2010-10-30 09:46 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55 . 2010-07-12 18:05 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-16 18:55 . 2010-07-12 18:05 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-07-12 18:05 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55 . 2010-07-12 18:05 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55 . 2010-07-12 18:05 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-07-12 18:05 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-07-12 18:05 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-07-12 18:05 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2010-07-12 18:05 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 10:04 . 2010-10-16 10:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 10:04 . 2010-10-16 10:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 10:04 . 2010-10-16 10:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 10:04 . 2010-10-16 10:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 10:04 . 2010-10-16 10:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 10:04 . 2010-10-16 10:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-22_08.49.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-23 13:35 . 2010-12-23 13:35 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat
+ 2010-09-08 10:31 . 2010-12-23 13:28 286720 c:\windows\system32\config\systemprofile\ntuser.dat
- 2010-09-08 10:31 . 2010-09-08 10:31 286720 c:\windows\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-13 16132608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^RIP^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\RIP\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 21:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2010-07-23 06:47 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-07-13 03:53 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"gupdate"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BlueSoleilCS"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrobat.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 22:39 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/25/2010 09:50 436792]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/13/2010 04:26 38656]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 AMService;AMService; [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [5/18/2010 17:06 327064]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 11:44 30088]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/27/2010 18:10 5248]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 13:58 26248]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 21:37 4640000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 10:52]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 10:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\RIP\Application Data\Mozilla\Firefox\Profiles\i20q41f1.default\
FF - prefs.js: browser.search.selectedEngine - KickassTorrents
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Weather Watcher Live: weatherwatcherlive@singerscreations.com - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Serbian Dictionary: sr-RS@dictionaries.addons.mozilla.org - %profile%\extensions\sr-RS@dictionaries.addons.mozilla.org
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 14:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3040)
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\system32\msi.dll
.
Completion time: 2010-12-23 14:42:22
ComboFix-quarantined-files.txt 2010-12-23 13:42
ComboFix2.txt 2010-12-22 08:52

Pre-Run: 39,665,373,184 bytes free
Post-Run: 39,658,496,000 bytes free

- - End Of File - - BD03C7D457FDF4EA758059174C64EDB7

https://www.mycity.rs/must-login.png

Dopuna: 23 Dec 2010 15:01

Скинуо сам програв Avira одавде: http://www.avira.com/en/support-download-free-antivirus
Да ли је то у реду?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow Korak 1


Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
AMService


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.




Arrow

Sto se tice Avire, u redu je. Mozes je slobodno instalirati.





Arrow Korak 2


- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.




Arrow Korak 3

Arhiviraj (zip, rar) folder C:\QooBox\Quarantine i upload-uj ga preko sledećeg link-a: http://www.mycity.rs/ambulanta-upload.php





goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 768 korisnika na forumu :: 44 registrovanih, 10 sakrivenih i 714 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, amaterSRB, Apok, awathorn, babaroga, BlekMen, cemix, cenejac111, cikadeda, crnitrn, damirZR, dankisha, Deneb, Dorcolac, dragon986, Dukelander, goxin, ivan1973, ivan979, kybonacci, madza, mercedesamg, miljenkowow, novator, nuke92, Oluj2.1, operniki, Panter, pedja.st, pera12345, repac, ruso, ssekir75, VanHelsing, VaRvArI 85, VladaKG1980, vlvl, voja64, vranjanac29, Warhawk, wolf431, yrraf, zixmix