Poslao: 03 Jan 2011 11:31
|
offline
- Jovo93
- Počasni građanin
- Pridružio: 03 Jan 2011
- Poruke: 997
|
Srećna nova svima! Pozdrav svima upravo sam se registrovao i da opišem moje probleme:
1. Problem:
Problem je u tome da ne mogu ući na nekim sajtovima preko bilo kog pretraživača već duže vreme(microsoft, avast, kaspersky), a mogao sam na samom početku korišćenja interneta ili posle reinstalacije sistema. Koristio sam avast 4.8 i 5 i on je pronašao preko 1000 inficiranih fajlova koje sam prebacio u kovčeg (kasnije sam oba antivirusa obrisao što je verovatno i dovelo do problema br.2) a sada koristim kaspersky virus removal tool i malwarebyts . Pokušavao sam brisanjem cookies-a da rešim problem i ništa. Koristi sam dial-up internet sada mts mobilni internet.
2.Problem:
Drugi problem je u tome da je ne mogu direkto ući na obe particije (c i d) već moram opcioni klik pa explore. Kada pokušam direktno sa dvoklikom izbaci mi prozor za "open with" kao kada pokrećem neku ekstenziju za koju nemam program. A smatram da sam problem ja napravio kada sam inficiran fajl (koji je verovatno služio za pokretanje particija) prebacio u kovčeg avasta a kasnije i obrisao avast (od kako sam fajlove prebacio u kovčeg javlja mi se ovaj problem)
DDS (Ver_10-12-12.02) - NTFSx86
Run by ë at 10:55:55,76 on ØÖÔ 03.01.2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.1023.468 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRAMI\Mobilni Internet\ModemListener.exe
D:\PROGRAMI\WinAmp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMI\DAEMON tool\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\PROGRAMI\FRAPS 3.2.3\FRAPS.EXE
D:\PROGRAMI\WinZip\WZQKPICK.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\â\Desktop\Virus Removal Tool\is-VFP4E\is-VFP4E.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\PROGRAMI\Mobilni Internet\Hspa USB Modem.exe
D:\Pretrazivaci\FireFox 3.6\firefox.exe
D:\Pretrazivaci\FireFox 3.6\plugin-container.exe
C:\Program Files\NCH Software\PlayPad\playpad.exe
C:\Documents and Settings\â\Desktop\App\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2463487
uURLSearchHooks: Media Star Toolbar: {dfabc5b5-039b-4865-979a-de31cdf3e351} - c:\program files\media_star\tbMedi.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Media Star Toolbar: {dfabc5b5-039b-4865-979a-de31cdf3e351} - c:\program files\media_star\tbMedi.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Media Star Toolbar: {dfabc5b5-039b-4865-979a-de31cdf3e351} - c:\program files\media_star\tbMedi.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "d:\programi\daemon tool\daemon tools lite\daemon.exe" -autorun
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RegistryBooster] "d:\programi\registrybooster\launcher.exe" delay 20000
uRun: [Fraps] d:\programi\fraps 3.2.3\FRAPS.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ModemListener] d:\programi\mobilni internet\ModemListener.exe start
mRun: [WinampAgent] d:\programi\winamp\winampa.exe
mRun: [Adobe Reader Speed Launcher] "d:\programi\adobe reader 9\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\2340~1\startm~1\programs\startup\is-vfp4e.lnk - c:\documents and settings\â\desktop\virus removal tool\is-vfp4e\startup.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - d:\programi\winzip\WZQKPICK.EXE
IE: &Download All using 4shared Desktop - d:\programi\4shared\4shared desktop\down_all.htm
IE: E&xport to Microsoft Excel - d:\programi\office~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programi\office~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: {51B1FE67-57FD-4203-9BF2-2D0C17A4DB98} = 195.178.38.3 195.178.38.8
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 is-VFP4Edrv;is-VFP4Edrv;c:\windows\system32\drivers\40773340.sys [2011-1-2 148496]
R2 DeviceManager;DeviceManager;c:\program files\common files\devicehelper\devicemanager.exe -start --> c:\program files\common files\devicehelper\DeviceManager.exe -start [?]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2010-10-5 103552]
R3 Winacpci;Winacpci;c:\windows\system32\drivers\winacpci.sys [2010-5-9 602128]
S2 bsatqqsu;Server Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-7-11 23456]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-6-20 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-6-20 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-6-25 32377]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
=============== Created Last 30 ================
2011-01-02 18:51:10 4098080 --sha-w- c:\windows\system32\drivers\fidbox.dat
2011-01-02 18:51:04 148496 ----a-w- c:\windows\system32\drivers\40773340.sys
2011-01-02 18:04:21 -------- d-----w- c:\docume~1\2340~1\applic~1\Malwarebytes
2011-01-02 18:04:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-02 18:04:13 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2011-01-02 18:04:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-02 18:04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-02 15:09:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-01-02 14:33:13 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\MFAData
2011-01-02 10:58:24 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software
2011-01-02 09:07:51 1060864 ----a-w- c:\windows\system32\MFC71.dll
2011-01-02 08:23:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-02 08:23:29 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2010-12-06 13:49:07 -------- d-----w- c:\docume~1\2340~1\locals~1\applic~1\Sports Interactive
2010-12-04 19:11:52 -------- d-----w- c:\program files\Megaupload Downloader
2010-12-04 18:44:15 155648 ----a-w- c:\windows\system32\libssl32.dll
2010-12-04 18:03:18 -------- d-----w- c:\docume~1\2340~1\applic~1\GetRightToGo
==================== Find3M ====================
2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
============= FINISH: 10:56:14,12 ===============
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
|
|
|
|
Poslao: 03 Jan 2011 13:59
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
Pozdrav paokjowanpfc!
U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK
-------------------------------------------------------------------------------------
Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:
Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.
Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.
Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
goran9888 (AMF Tim)
|
|
|
|
Poslao: 03 Jan 2011 14:17
|
offline
- Jovo93
- Počasni građanin
- Pridružio: 03 Jan 2011
- Poruke: 997
|
Problem br.2 rešen Hvala!
https://www.mycity.rs/must-login.png
ComboFix 11-01-02.04 - â 03.01.2011 14:11:07.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.1023.596 [GMT 1:00]
Running from: c:\documents and settings\â\My Documents\Ïðè¼åìè\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\â\Application Data\PriceGong
c:\documents and settings\â\Application Data\PriceGong\Data\1.xml
c:\documents and settings\â\Application Data\PriceGong\Data\a.xml
c:\documents and settings\â\Application Data\PriceGong\Data\b.xml
c:\documents and settings\â\Application Data\PriceGong\Data\c.xml
c:\documents and settings\â\Application Data\PriceGong\Data\d.xml
c:\documents and settings\â\Application Data\PriceGong\Data\e.xml
c:\documents and settings\â\Application Data\PriceGong\Data\f.xml
c:\documents and settings\â\Application Data\PriceGong\Data\g.xml
c:\documents and settings\â\Application Data\PriceGong\Data\h.xml
c:\documents and settings\â\Application Data\PriceGong\Data\i.xml
c:\documents and settings\â\Application Data\PriceGong\Data\J.xml
c:\documents and settings\â\Application Data\PriceGong\Data\k.xml
c:\documents and settings\â\Application Data\PriceGong\Data\l.xml
c:\documents and settings\â\Application Data\PriceGong\Data\m.xml
c:\documents and settings\â\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\â\Application Data\PriceGong\Data\n.xml
c:\documents and settings\â\Application Data\PriceGong\Data\o.xml
c:\documents and settings\â\Application Data\PriceGong\Data\p.xml
c:\documents and settings\â\Application Data\PriceGong\Data\q.xml
c:\documents and settings\â\Application Data\PriceGong\Data\r.xml
c:\documents and settings\â\Application Data\PriceGong\Data\s.xml
c:\documents and settings\â\Application Data\PriceGong\Data\t.xml
c:\documents and settings\â\Application Data\PriceGong\Data\u.xml
c:\documents and settings\â\Application Data\PriceGong\Data\v.xml
c:\documents and settings\â\Application Data\PriceGong\Data\w.xml
c:\documents and settings\â\Application Data\PriceGong\Data\x.xml
c:\documents and settings\â\Application Data\PriceGong\Data\y.xml
c:\documents and settings\â\Application Data\PriceGong\Data\z.xml
c:\windows\system32\Thumbs.db
D:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.
2011-01-02 18:51 . 2011-01-03 13:05 7925792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- c:\documents and settings\â\Application Data\Malwarebytes
2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-01-02 15:09 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-01-02 14:33 . 2011-01-02 14:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-01-02 10:58 . 2011-01-02 18:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2011-01-02 09:07 . 2004-01-09 10:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-01-02 09:07 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2011-01-02 09:07 . 2011-01-02 10:59 -------- d-----w- c:\program files\Alwil Software
2011-01-02 08:23 . 2011-01-02 12:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-02 08:23 . 2011-01-02 12:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-12-29 17:11 . 2010-12-29 17:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2010-12-06 13:49 . 2010-12-06 13:49 -------- d-----w- c:\documents and settings\â\Local Settings\Application Data\Sports Interactive
2010-12-04 19:11 . 2010-12-04 19:11 -------- d-----w- c:\program files\Megaupload Downloader
2010-12-04 18:44 . 2010-12-04 19:12 155648 ----a-w- c:\windows\system32\libssl32.dll
2010-12-04 18:03 . 2011-01-02 16:55 -------- d-----w- c:\documents and settings\â\Application Data\GetRightToGo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 17:53 . 2010-06-21 14:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-06-21 14:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2007-11-07 01:19 . 2010-12-10 17:40 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-07 01:19 . 2010-12-10 17:40 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\Media_Star\tbMedi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DFABC5B5-039B-4865-979A-DE31CDF3E351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programi\DAEMON tool\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Fraps"="d:\programi\FRAPS 3.2.3\FRAPS.EXE" [2010-06-15 2176944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-31 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ModemListener"="d:\programi\Mobilni Internet\ModemListener.exe" [2010-07-12 98304]
"WinampAgent"="d:\programi\WinAmp\winampa.exe" [2010-07-12 74752]
"Adobe Reader Speed Launcher"="d:\programi\Adobe Reader 9\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - d:\programi\WinZip\WZQKPICK.EXE [2010-5-9 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\IGRE\\Manager 2011\\fm.exe"=
"d:\\IGRE\\PES 2010\\pes2010.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6577:TCP"= 6577:TCP:uevwmpl
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.5.2010 23:13 721904]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [5.10.2010 13:56 103552]
R3 Winacpci;Winacpci;c:\windows\system32\drivers\winacpci.sys [9.5.2010 21:55 602128]
S2 bsatqqsu;Server Boot;c:\windows\system32\svchost.exe -k netsvcs [3.8.2004 23:56 14336]
S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start --> c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [11.7.2010 10:27 23456]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.6.2010 08:10 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.6.2010 08:10 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [25.6.2010 15:00 32377]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bsatqqsu
.
Contents of the 'Scheduled Tasks' folder
2011-01-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-823518204-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2011-01-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-823518204-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2463487
IE: &Download All using 4shared Desktop - d:\programi\4shared\4shared Desktop\down_all.htm
IE: E&xport to Microsoft Excel - d:\programi\OFFICE~1\OFFICE11\EXCEL.EXE/3000
TCP: {51B1FE67-57FD-4203-9BF2-2D0C17A4DB98} = 195.178.38.3 195.178.38.8
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
HKCU-Run-RegistryBooster - d:\programi\RegistryBooster\launcher.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-KLiteCodecPack_is1 - d:\programi\K-Lite Codec Pack\unins000.exe
AddRemove-Mozilla Firefox (4.0b1) - d:\pretrazivaci\FireFox 4.0 beta\uninstall\helper.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 14:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bsatqqsu]
"ServiceDll"="c:\windows\system32\crxucnly.dll"
.
Completion time: 2011-01-03 14:14:35
ComboFix-quarantined-files.txt 2011-01-03 13:14
Pre-Run: 5.420.736.512 bytes free
Post-Run: 5.611.073.536 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - C6047607C4BBDAA0253E52610CCE515F
|
|
|
|
Poslao: 03 Jan 2011 15:39
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
- Zamolio bih te da detaljno citas Uputstva koja ti dajem i da radis iskljucivo po njima
Korak 1
Skini i instaliraj sledecu zakrpu:
http://www.microsoft.com/downloads/en/details.aspx.....laylang=en
Korak 2
Otvoriti Notepad i iskopirati sledeci tekst:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6577:TCP"=-
Driver::
bsatqqsu
NetSvc::
bsatqqsu
File::
c:\windows\system32\crxucnly.dll
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
Korak 3
Instaliraj AntiVirus. Ukoliko nemas licencu za neki komercijalni AV, preporucujem ti da instaliras jedan od dosta besplatnih, tipa: Avast, Avira, AVG, Microsoft Security Essentials, Panda Cloud, itd.
Korak 4
- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.
Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.
goran9888 (AMF Tim)
|
|
|
|
Poslao: 03 Jan 2011 15:45
|
offline
- Jovo93
- Počasni građanin
- Pridružio: 03 Jan 2011
- Poruke: 997
|
Sve je to ok, ali ja ne mogu da uđem na microsoft.com piše na početku opisivanja mog problema.
|
|
|
|
Poslao: 03 Jan 2011 15:55
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
Predji na Korak 2.
Kada zavrsis sa CF-om, najverovatnije ces moci uraditi Korak 1.
Ako ni tada ne moze, zaobidji trenutno taj korak, obavesti me u sledecoj poruci i nastavi dalje sa resavanjem slucaja.
|
|
|
|
Poslao: 03 Jan 2011 16:28
|
offline
- Jovo93
- Počasni građanin
- Pridružio: 03 Jan 2011
- Poruke: 997
|
Napisano: 03 Jan 2011 16:08
ComboFix 11-01-02.04 - в 03.01.2011 16:01:11.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.1023.501 [GMT 1:00]
Running from: c:\documents and settings\в\Desktop\App\ComboFix.exe
Command switches used :: c:\documents and settings\в\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\crxucnly.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\crxucnly.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BSATQQSU
-------\Service_bsatqqsu
((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.
2011-01-03 14:59 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-03 14:59 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-03 14:59 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-03 14:59 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-03 14:59 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-03 14:59 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-03 14:59 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-03 14:59 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2011-01-03 14:59 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-02 18:51 . 2011-01-03 13:05 7925792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- c:\documents and settings\в\Application Data\Malwarebytes
2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-01-02 15:09 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-01-02 14:33 . 2011-01-02 14:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-01-02 10:58 . 2011-01-03 14:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2011-01-02 09:07 . 2004-01-09 10:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-01-02 09:07 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2011-01-02 09:07 . 2011-01-02 10:59 -------- d-----w- c:\program files\Alwil Software
2011-01-02 08:23 . 2011-01-02 12:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-02 08:23 . 2011-01-02 12:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-12-29 17:11 . 2010-12-29 17:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2010-12-06 13:49 . 2010-12-06 13:49 -------- d-----w- c:\documents and settings\в\Local Settings\Application Data\Sports Interactive
2010-12-04 19:11 . 2010-12-04 19:11 -------- d-----w- c:\program files\Megaupload Downloader
2010-12-04 18:44 . 2010-12-04 19:12 155648 ----a-w- c:\windows\system32\libssl32.dll
2010-12-04 18:03 . 2011-01-02 16:55 -------- d-----w- c:\documents and settings\в\Application Data\GetRightToGo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 17:53 . 2010-06-21 14:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-06-21 14:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2007-11-07 01:19 . 2010-12-10 17:40 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-07 01:19 . 2010-12-10 17:40 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-03_13.13.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-03 15:06 . 2011-01-03 15:06 16384 c:\windows\Temp\Perflib_Perfdata_5bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\Media_Star\tbMedi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DFABC5B5-039B-4865-979A-DE31CDF3E351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programi\DAEMON tool\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Fraps"="d:\programi\FRAPS 3.2.3\FRAPS.EXE" [2010-06-15 2176944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-31 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ModemListener"="d:\programi\Mobilni Internet\ModemListener.exe" [2010-07-12 98304]
"WinampAgent"="d:\programi\WinAmp\winampa.exe" [2010-07-12 74752]
"Adobe Reader Speed Launcher"="d:\programi\Adobe Reader 9\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - d:\programi\WinZip\WZQKPICK.EXE [2010-5-9 118784]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\IGRE\\Manager 2011\\fm.exe"=
"d:\\IGRE\\PES 2010\\pes2010.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6577:TCP"= 6577:TCP:uevwmpl
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.5.2010 23:13 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.1.2011 15:59 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.1.2011 15:59 17744]
R2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start --> c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start [?]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [5.10.2010 13:56 103552]
R3 Winacpci;Winacpci;c:\windows\system32\drivers\winacpci.sys [9.5.2010 21:55 602128]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [11.7.2010 10:27 23456]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.6.2010 08:10 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.6.2010 08:10 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [25.6.2010 15:00 32377]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2011-01-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-823518204-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2011-01-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-823518204-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2463487
IE: &Download All using 4shared Desktop - d:\programi\4shared\4shared Desktop\down_all.htm
IE: E&xport to Microsoft Excel - d:\programi\OFFICE~1\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 16:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\DeviceHelper\DeviceManager.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-01-03 16:07:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-03 15:07
ComboFix2.txt 2011-01-03 13:14
Pre-Run: 5.460.598.784 bytes free
Post-Run: 5.393.248.256 bytes free
- - End Of File - - 041FC5C906E6ADB0CAF226DD8E27575C
Dopuna: 03 Jan 2011 16:16
USBNoRisk 2.6 (08 September 2010) by bobby
Started at 3.1.2011 16:15:55
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
D: {1ad92d99-5b6e-11df-94ca-806d6172696f}
C: {644a2580-5b63-11df-892f-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 644a2580-5b63-11df-892f-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 1ad92d99-5b6e-11df-94ca-806d6172696f
No Desktop.ini files found on D:
----------------------------------------
autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[autorun]
open=b9v.exe
shell\open\command=b9v.exe
----------------------------------------
Content of C:\QooBox\Quarantine\D\autorun.inf.vir
----------------------------------------
[autorun]
open=b9v.exe
shell\open\command=b9v.exe
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 3.1.2011 16:16:04
Scanning for connected USB mass storage...
----------------------------------------
========================================
New drive connected, but USBNoRisk can't find it
========================================
New device connected at 3.1.2011 16:16:06
Scanning for connected USB mass storage...
----------------------------------------
========================================
New drive connected, but USBNoRisk can't find it
========================================
New device connected at 3.1.2011 16:16:06
Scanning for connected USB mass storage...
----------------------------------------
========================================
New drive connected, but USBNoRisk can't find it
========================================
New device connected at 3.1.2011 16:16:06
Scanning for connected removable storage...
----------------------------------------
========================================
New drive connected, but USBNoRisk can't find it
========================================
========================================
========================================
New device connected at 3.1.2011 16:16:10
Scanning for connected USB mass storage...
----------------------------------------
H: {dab28fde-e044-11df-8a43-001d926a11ab}
Added H:
========================================
Scanning USB mass storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun]
open=f662sjd.exe
shell\open\command=f662sjd.exe
----------------------------------------
Files referenced from H:\autorun.inf.blocked
----------------------------------------
H:\f662sjd.exe -r-hs 115200
----------------------------------------
----------------------------------------
No autorun.inf files found on H:
No mountpoint found for dab28fde-e044-11df-8a43-001d926a11ab
----------------------------------------
No Desktop.ini files found on H:
----------------------------------------
No mimics found on drive H:
========================================
========================================
Removed H:
========================================
========================================
========================================
========================================
========================================
Dopuna: 03 Jan 2011 16:25
I dalje ne mogu da uđem na sajt smo zablokira kao da učitava a ne ulazi na sajt probao sam da se diskonektujem pa ponovo i ništa. Kao usb koristio sam prvo mobilni internet pa mob. telefon (ukoliko vam bude potrebno).
Dopuna: 03 Jan 2011 16:28
Sad sam ušao na avstov sajt kao i kaspersky-ev a nisam mogao. Dok na microsoftov ne može.
|
|
|
|
|
Poslao: 03 Jan 2011 19:20
|
offline
- Jovo93
- Počasni građanin
- Pridružio: 03 Jan 2011
- Poruke: 997
|
Napisano: 03 Jan 2011 19:16
Izvinite zbog čekanja imao sam problem sa strujom. Uploadovao sa ovaj drugi fajl a prvi još uploaduje obavestiću vas preko pp kad i to završi.
Dopuna: 03 Jan 2011 19:20
Evo sad sam uploadovao i prvi fajl.
|
|
|
|
|