Problem sa USB Fleskom

1

Problem sa USB Fleskom

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

Napisano: 01 Apr 2013 15:47

Evo otvaram i ovde temu kao sto je i trazeno. Radi se o problemu sa fleskom kojoj se nemoze pristupiti niti formatirati i gdje je BD nakon skeniranja pronasao lijepu kolekciju raznog malvera ukljucujuci i fajl infektore. Ako nesto znaci :
Procesor- intel pentium D945 3,4
RAM- 3 gige
OS-windovs XP Profesional SP3 sa svim apdejtima
AV- Bitdefender IS legalna licenca
MC Shield
MBAM
A evo i logova koji se traze:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Pulja at 15:37:22 on 2013-04-01
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.3070.2339 [GMT 2:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Bitdefender Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MCShield\MCShieldRTM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -
uRun: [MCShield Monitor] c:\program files\mcshield\MCShieldRTM.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5BA81D3E-5758-4F00-810D-86900B4F4CF6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{94DDB4E9-EAF0-45C8-9DA1-74358BB4E42E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9FCC486A-CBD2-4A26-BD50-A129853ADF66} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EDD15AF2-C28F-4712-96C7-3C7634173911} : DHCPNameServer = 192.168.1.1
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pulja\application data\mozilla\firefox\profiles\61q8vhoc.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\pulja\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-02-22 13:52; fmdownloader@gmail.com; c:\program files\freemake\freemake video downloader\browserplugin\firefox\fmdownloader@gmail.com
FF - ExtSQL: 2013-02-22 13:52; ytfmdownloader@gmail.com; c:\program files\freemake\freemake video downloader\browserplugin\firefox\ytfmdownloader@gmail.com
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-1-26 625128]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-3-18 162976]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-11-29 21992]
R2 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2013-2-22 101376]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2012-12-1 9216]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2013-3-18 55984]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-1-26 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-1-26 482928]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2013-3-18 116248]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-5-21 13224]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\pulja\locals~1\temp\gpu-z.sys --> c:\docume~1\pulja\locals~1\temp\GPU-Z.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\NPF.sys [?]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-5-17 155320]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2013-3-18 62688]
.
=============== Created Last 30 ================
.
2013-03-31 18:56:18 -------- d-----w- c:\program files\HDDGURU LLF Tool
2013-03-27 07:28:31 56992 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2013-03-26 11:49:18 813672 ------w- c:\windows\system32\SET188.tmp
2013-03-26 11:48:58 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2013-03-26 11:46:04 2293194 ----a-w- c:\windows\system32\nvdata.bin
2013-03-26 11:30:55 240124 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-03-26 11:30:55 240124 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-03-26 11:30:55 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-03-26 11:30:42 -------- d-----w- c:\program files\NVIDIA Corporation
2013-03-26 08:25:46 141056 -c--a-w- c:\windows\system32\dllcache\ks.sys
2013-03-26 08:25:46 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2013-03-26 08:25:45 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2013-03-26 08:25:45 4096 ----a-w- c:\windows\system32\ksuser.dll
2013-03-26 08:25:45 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2013-03-26 08:25:45 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-03-26 08:25:44 49408 -c--a-w- c:\windows\system32\dllcache\stream.sys
2013-03-26 08:25:44 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2013-03-26 08:25:44 129536 ----a-w- c:\windows\system32\ksproxy.ax
2013-03-26 08:21:05 892704 ------w- c:\windows\system32\SET65.tmp
2013-03-26 08:21:05 1012512 ------w- c:\windows\system32\SET62.tmp
2013-03-26 08:21:02 4079104 ------w- c:\windows\system32\SET45.tmp
2013-03-26 08:11:38 892856 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-03-25 19:21:31 1012512 ------w- c:\windows\system32\SET61.tmp
2013-03-25 19:21:28 2490368 ------w- c:\windows\system32\SET48.tmp
2013-03-18 20:56:58 4368720 ----a-w- c:\windows\system32\mfc100u.dll
2013-03-18 20:56:36 -------- d-----w- c:\documents and settings\all users\application data\Logs
2013-03-18 20:42:10 55747 ----a-w- c:\documents and settings\all users\application data\1363639323.bdinstall.bin
2013-03-18 20:40:54 535612 ----a-w- c:\documents and settings\all users\application data\1363638567.bdinstall.bin
2013-03-18 20:40:19 -------- d-----w- c:\documents and settings\pulja\application data\Bitdefender
2013-03-18 20:30:10 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
2013-03-18 20:30:09 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-03-18 20:30:02 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-03-12 15:04:01 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-12 15:03:54 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-03 08:15:01 -------- d-----w- c:\program files\HD Tune
.
==================== Find3M ====================
.
2013-03-13 13:56:43 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 13:56:43 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 15:03:38 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-12 15:03:38 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-26 10:02:48 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-26 10:02:16 6066176 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec
2013-02-02 16:48:40 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-01-30 07:55:07 625128 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-01-30 07:54:54 482928 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-01-26 09:31:29 1409345 ----a-w- c:\documents and settings\all users\application data\1359191648.bdinstall.bin
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 15:38:37,26 ===============

mycity.rs/must-login.png
Naravno ovo su logovi sistema bez prikljucene sporne Fleske

Dopuna: 01 Apr 2013 18:25

samo da dodam link od teme koja je otvorena u drugom dijelu foruma jer tamo ima i slika sta BD detektuje mycity.rs/Storage-hardware/USB-zasticen-od-upisivanja.html

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Pozdrav.




Korak 1:

Arrow Preuzmi AVG Remover sa sledeće adrese:
http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2013_2706.exe
Pokreni, i nakon završenog procesa restartuj računar.



Korak 2:

Preuzmi program OTM na Desktop.

Dvoklikom pokreni OTM.exe

U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:
Files:
c:\windows\wc98pp.dll

Reg:
[HKEY_CLASSES_ROOT\PROTOCOLS\Handler\ic32pp]               
"BBCA9F81-8F4F-11D2-90FF-0080C83D3571"=-

Klikni MoveIt!

Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?


kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.




Korak 3:

Arrow Ubodi problematični flash, i šačekaj da MCShield završi skeniranje. Zatim idi u Start - All Programs - MCShield. Otvori AllScans.txt, sačuvaj izveštaj na desktop-u, i prikači ga uz poruku.




Korak 4:

Ponovo pokreni DDS i dostavi mi DDS.txt log.




Ivance95 (AMF Tim)

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

Pokrenuo AVG Remover i odradio kako je trazeno, nakon toga odradio OTL i tom prilikom mi se javio BD da je pronasao malver nesto vezano za OTL al je bilo nakrakto i nestalo je obavjestenje.Nista nisam radio povodom toga i evo loga od OTL-a Error: Unable to interpret <Files:> in the current context!
Error: Unable to interpret <c:\windows\wc98pp.dll> in the current context!
I evo DDS Loga
Error: Unable to interpret <Reg:> in the current context!
Error: Unable to interpret <[HKEY_CLASSES_ROOT\PROTOCOLS\Handler\ic32pp] > in the current context!
Error: Unable to interpret <"BBCA9F81-8F4F-11D2-90FF-0080C83D3571"=-> in the current context!

OTM by OldTimer - Version 3.1.21.0 log created on 04012013_210606
Nakon toga ubo problematicnu flesku ali MC shield izbacuje gresku kao sa slike (druga tema u drugom dijelu foruma)a evo loga od MCS-a
mycity.rs/must-login.png
I evo DDS loga
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
Run by Pulja at 21:11:23 on 2013-04-01
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.3070.2595 [GMT 2:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MCShield\MCShieldRTM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -
uRun: [MCShield Monitor] c:\program files\mcshield\MCShieldRTM.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5BA81D3E-5758-4F00-810D-86900B4F4CF6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{94DDB4E9-EAF0-45C8-9DA1-74358BB4E42E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9FCC486A-CBD2-4A26-BD50-A129853ADF66} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EDD15AF2-C28F-4712-96C7-3C7634173911} : DHCPNameServer = 192.168.1.1
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pulja\application data\mozilla\firefox\profiles\61q8vhoc.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\pulja\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-02-22 13:52; fmdownloader@gmail.com; c:\program files\freemake\freemake video downloader\browserplugin\firefox\fmdownloader@gmail.com
FF - ExtSQL: 2013-02-22 13:52; ytfmdownloader@gmail.com; c:\program files\freemake\freemake video downloader\browserplugin\firefox\ytfmdownloader@gmail.com
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-1-26 625128]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-3-18 162976]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-11-29 21992]
R2 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2013-2-22 101376]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2012-12-1 9216]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2013-3-18 55984]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-1-26 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-1-26 482928]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2013-3-18 116248]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-5-21 13224]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\pulja\locals~1\temp\gpu-z.sys --> c:\docume~1\pulja\locals~1\temp\GPU-Z.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\NPF.sys [?]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-5-17 155320]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2013-3-18 62688]
.
=============== Created Last 30 ================
.
2013-04-01 19:06:06 -------- d-----w- C:\_OTM
2013-03-31 18:56:18 -------- d-----w- c:\program files\HDDGURU LLF Tool
2013-03-27 07:28:31 56992 ----a-w- c:\windows\system32\drivers\nvhda32.sys
2013-03-26 11:49:18 813672 ------w- c:\windows\system32\SET188.tmp
2013-03-26 11:48:58 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2013-03-26 11:46:04 2293194 ----a-w- c:\windows\system32\nvdata.bin
2013-03-26 11:30:55 240124 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-03-26 11:30:55 240124 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-03-26 11:30:55 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-03-26 11:30:42 -------- d-----w- c:\program files\NVIDIA Corporation
2013-03-26 08:25:46 141056 -c--a-w- c:\windows\system32\dllcache\ks.sys
2013-03-26 08:25:46 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2013-03-26 08:25:45 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2013-03-26 08:25:45 4096 ----a-w- c:\windows\system32\ksuser.dll
2013-03-26 08:25:45 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2013-03-26 08:25:45 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-03-26 08:25:44 49408 -c--a-w- c:\windows\system32\dllcache\stream.sys
2013-03-26 08:25:44 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2013-03-26 08:25:44 129536 ----a-w- c:\windows\system32\ksproxy.ax
2013-03-26 08:21:05 892704 ------w- c:\windows\system32\SET65.tmp
2013-03-26 08:21:05 1012512 ------w- c:\windows\system32\SET62.tmp
2013-03-26 08:21:02 4079104 ------w- c:\windows\system32\SET45.tmp
2013-03-26 08:11:38 892856 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-03-25 19:21:31 1012512 ------w- c:\windows\system32\SET61.tmp
2013-03-25 19:21:28 2490368 ------w- c:\windows\system32\SET48.tmp
2013-03-18 20:56:58 4368720 ----a-w- c:\windows\system32\mfc100u.dll
2013-03-18 20:56:36 -------- d-----w- c:\documents and settings\all users\application data\Logs
2013-03-18 20:42:10 55747 ----a-w- c:\documents and settings\all users\application data\1363639323.bdinstall.bin
2013-03-18 20:40:54 535612 ----a-w- c:\documents and settings\all users\application data\1363638567.bdinstall.bin
2013-03-18 20:40:19 -------- d-----w- c:\documents and settings\pulja\application data\Bitdefender
2013-03-18 20:30:10 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
2013-03-18 20:30:09 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-03-18 20:30:02 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-03-12 15:04:01 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-12 15:03:54 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-03 08:15:01 -------- d-----w- c:\program files\HD Tune
.
==================== Find3M ====================
.
2013-03-13 13:56:43 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 13:56:43 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 15:03:38 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-12 15:03:38 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-26 10:02:48 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-26 10:02:16 6066176 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec
2013-02-02 16:48:40 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-01-30 07:55:07 625128 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-01-30 07:54:54 482928 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-01-26 09:31:29 1409345 ----a-w- c:\documents and settings\all users\application data\1359191648.bdinstall.bin
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 21:12:00,14 ===============

NAPOMENA: kad sam ubo problematicni fles iskocila mi je poruka dole desno da je Autorun korupt ili tako nesto i da pokrenem CHKDSK komandu sada je nisam pokretao ali jesam prije postavljanja ove teme i nije se nista desilo osim o0nog skeniranja

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Arrow Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Files to delete:
c:\windows\wc98pp.dll
 
Registry keys to delete:
HKEY_CLASSES_ROOT\PROTOCOLS\Handler\ic32pp\BBCA9F81-8F4F-11D2-90FF-0080C83D3571


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.




Arrow Klikni desnim tasterom miša na BitDefender ikonicu ( ) u donjem desnom uglu ekrana i odaberi Show.

U prozoru koji se otvori klikni Antivirus (na crno beli štit). U sledećem prozoru,u delu On-access scanning Settings klikni dugme ON (koje će se posle klika prebaciti na OFF).

U prozoru koji se pojavi odaberi Permanently i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.




Arrow Ponovo priključi flash i dostavi mi AllScans.txt izveštaj MCShield-a.





Ivance95 (AMF Team)

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Mon Apr 01 23:02:30 2013

23:02:06: Error: Invalid registry syntax in command:
"HKEY_CLASSES_ROOT\PROTOCOLS\Handler\ic32pp\BBCA9F81-8F4F-11D2-90FF-0080C83D3571"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\wc98pp.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Odradio po uputstvu(iskljucio BD) ali ponovo MCS ne skenira nego izbacuje poruku a evo i slika SS


a evo i loga MCS

mycity.rs/must-login.png

Da napomenem da sam nakon svega ponovo ukljucio BD

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Da li na flash-u imaš neki prekidač? Ukoliko imaš, pomeri ga u suprotan položaj, i ponovi postupak sa MCShield-om.



Ivance95 (AMF Tim)

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

Prijatelju nema nikakav prekidac a i ako neide nije bas ni toliko bitno moze se i drugi kupiti ako je "crko" jer je rijec o Fleski koju su ovde u R.Srpskoj djeca dobivala na poklon od NATO-a i na kojem ima znak NATO-a a vec mu je jedan isti na slican nacin dusu ispustio (ko sto ce i NATO jednog dana) pa reko ako ne ide nije ni steta .
Bitno mi je da mi je sistem u redu (ako jest u redu sto se nadam)

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Potrebno je da izvršimo dodatnu proveru sistema kako bi bio siguran da je sve u redu.


Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.



Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.





Ivance95 (AMF Tim)

offline
  • Pridružio: 14 Maj 2012
  • Poruke: 89

Napisano: 02 Apr 2013 20:10

Evo nakon 3 blue screena napokom uspjesno obavljeno i dostavljam trazene izvjestaje.

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 03 Apr 2013 13:05

Samo da napomenem jutros sam pustio MBAM da uradi full scan i to je trajalo punih 4 sata i 25 minuta (do sada je to bilo do 1 sat i 30 min max)i nije nasao nista al u toku skeniranja racunar je bio toliko usporen da je za neku banalnu komandu kao minimiziranje taba trebalo 3-4 sekunde. I jos jedna napomena ako nesto znaci unazad 5-6 dana (Prije nego mi je dosao problematicni USB) mi na trenutak blicne kao neki prozor da se otvori i zatvori to traje samo djelic sekunde i uopste se nemoze nista vidjeti ni dali sta pise niti sta i nestane te se ponovo pojavi ponekad 2-3 puta u toku dana al je nemoguce vidjeti ista.

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzni i pokreni ovaj fajl, zatim klikni Yes i retartuj racunar.

https://www.mycity.rs/must-login.png




Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt





Sto se tice Flash drajva, probaj da ga formatiras ovim alatom:
http://www.mycity.rs/Storage-hardware/Povratite-iz.....diska.html


Nema opasnosti po sistem, takodje nista sa problematicnog drajva nije inficiralo sistem.

Ko je trenutno na forumu
 

Ukupno su 512 korisnika na forumu :: 7 registrovanih, 0 sakrivenih i 505 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, BlaCkMilK, celik, Drug pukovnik, ivan979, mnn2, tomigun