Problem sa pretraživačem i particijama

2

Problem sa pretraživačem i particijama

offline
  • Pridružio: 03 Jan 2011
  • Poruke: 997

ComboFix 11-01-02.04 - в 03.01.2011 20:07:13.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.1023.525 [GMT 1:00]
Running from: c:\documents and settings\в\Desktop\App\ComboFix.exe
Command switches used :: c:\documents and settings\в\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2011-01-03 15:11 . 2011-01-03 15:16 -------- d-----w- C:\USBNoRisk
2011-01-03 14:59 . 2010-12-31 20:00 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-03 14:59 . 2010-12-31 19:56 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-03 14:59 . 2010-12-31 19:56 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-03 14:59 . 2010-12-31 19:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-03 14:59 . 2010-12-31 19:59 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-03 14:59 . 2010-12-31 19:59 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-03 14:59 . 2010-12-31 19:56 29264 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-03 14:59 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
2011-01-03 14:59 . 2010-12-31 20:06 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-02 18:51 . 2011-01-03 13:05 7925792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- c:\documents and settings\в\Application Data\Malwarebytes
2011-01-02 18:04 . 2011-01-02 18:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-01-02 15:09 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-01-02 14:33 . 2011-01-02 14:33 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\MFAData
2011-01-02 10:58 . 2011-01-03 14:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2011-01-02 09:07 . 2004-01-09 10:13 380928 ----a-w- c:\windows\system32\actskin4.ocx
2011-01-02 09:07 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2011-01-02 09:07 . 2011-01-02 10:59 -------- d-----w- c:\program files\Alwil Software
2011-01-02 08:23 . 2011-01-02 12:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-02 08:23 . 2011-01-02 12:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-12-29 17:11 . 2010-12-29 17:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2010-12-06 13:49 . 2010-12-06 13:49 -------- d-----w- c:\documents and settings\в\Local Settings\Application Data\Sports Interactive
2010-12-04 19:11 . 2010-12-04 19:11 -------- d-----w- c:\program files\Megaupload Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-04 19:12 . 2010-12-04 18:44 155648 ----a-w- c:\windows\system32\libssl32.dll
2010-11-12 17:53 . 2010-06-21 14:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-06-21 14:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2007-11-07 01:19 . 2010-12-10 17:40 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-07 01:19 . 2010-12-10 17:40 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-03_13.13.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-03 18:49 . 2011-01-03 18:49 16384 c:\windows\Temp\Perflib_Perfdata_594.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dfabc5b5-039b-4865-979a-de31cdf3e351}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\Media_Star\tbMedi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dfabc5b5-039b-4865-979a-de31cdf3e351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DFABC5B5-039B-4865-979A-DE31CDF3E351}"= "c:\program files\Media_Star\tbMedi.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{dfabc5b5-039b-4865-979a-de31cdf3e351}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programi\DAEMON tool\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Fraps"="d:\programi\FRAPS 3.2.3\FRAPS.EXE" [2010-06-15 2176944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-31 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ModemListener"="d:\programi\Mobilni Internet\ModemListener.exe" [2010-07-12 98304]
"WinampAgent"="d:\programi\WinAmp\winampa.exe" [2010-07-12 74752]
"Adobe Reader Speed Launcher"="d:\programi\Adobe Reader 9\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - d:\programi\WinZip\WZQKPICK.EXE [2010-5-9 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\IGRE\\Manager 2011\\fm.exe"=
"d:\\IGRE\\PES 2010\\pes2010.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.5.2010 23:13 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.1.2011 15:59 293968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.1.2011 15:59 17744]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [5.10.2010 13:56 103552]
R3 Winacpci;Winacpci;c:\windows\system32\drivers\winacpci.sys [9.5.2010 21:55 602128]
S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start --> c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [11.7.2010 10:27 23456]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20.6.2010 08:10 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20.6.2010 08:10 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [25.6.2010 15:00 32377]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-01-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-823518204-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2011-01-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-823518204-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2463487
IE: &Download All using 4shared Desktop - d:\programi\4shared\4shared Desktop\down_all.htm
IE: E&xport to Microsoft Excel - d:\programi\OFFICE~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 20:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(612)
c:\windows\system32\msi.dll
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-03 20:11:20
ComboFix-quarantined-files.txt 2011-01-03 19:11
ComboFix2.txt 2011-01-03 15:07
ComboFix3.txt 2011-01-03 13:14

Pre-Run: 5.503.512.576 bytes free
Post-Run: 5.495.377.920 bytes free

- - End Of File - - 01C18F2F182BD2B2EF95B858D8A5A105









USBNoRisk 2.6 (08 September 2010) by bobby

Started at 3.1.2011 20:11:47

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {1ad92d99-5b6e-11df-94ca-806d6172696f}
C: {644a2580-5b63-11df-892f-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 644a2580-5b63-11df-892f-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 1ad92d99-5b6e-11df-94ca-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[autorun]
open=b9v.exe
shell\open\command=b9v.exe
----------------------------------------
Content of C:\QooBox\Quarantine\D\autorun.inf.vir
----------------------------------------
[autorun]
open=b9v.exe
shell\open\command=b9v.exe
----------------------------------------
========================================
Initial scan finished!
========================================


New device connected at 3.1.2011 20:12:01

Scanning for connected USB mass storage...
----------------------------------------
G: {5f635877-5bae-11df-8853-e1cf190b6236}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
autorun.inf found on G:
----------------------------------------
File G:\autorun.inf renamed successfully

Content of G:\autorun.inf.blocked
----------------------------------------
[autorun]
open=yveqsh93.exe
shell\open\command=yveqsh93.exe
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
G:\yveqsh93.exe -r-hs 182784
----------------------------------------

No mountpoint found for 5f635877-5bae-11df-8853-e1cf190b6236
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================


Processing script
----------------------------------------

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{dab28fde-e044-11df-8a43-001d926a11ab}
f_delete:%DRIVE%f662sjd.exe
f_delete:C:\b9v.exe
f_delete:D:\b9v.exe
folder_list:%DRIVE%
no_sh:

{5f635877-5bae-11df-8853-e1cf190b6236}
f_delete:%DRIVE%yveqsh93.exe
folder_list:%DRIVE%
no_sh:


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

offline
  • Pridružio: 03 Jan 2011
  • Poruke: 997

USBNoRisk 2.6 (08 September 2010) by bobby

Started at 3.1.2011 21:35:07

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {1ad92d99-5b6e-11df-94ca-806d6172696f}
C: {644a2580-5b63-11df-892f-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 644a2580-5b63-11df-892f-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 1ad92d99-5b6e-11df-94ca-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[autorun]
open=b9v.exe
shell\open\command=b9v.exe
----------------------------------------
Content of C:\QooBox\Quarantine\D\autorun.inf.vir
----------------------------------------
[autorun]
open=b9v.exe
shell\open\command=b9v.exe
----------------------------------------
========================================
Initial scan finished!
========================================


New device connected at 3.1.2011 21:35:17

Scanning for connected USB mass storage...
----------------------------------------
G: {5f635877-5bae-11df-8853-e1cf190b6236}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: G:\autorun.inf.blocked
----------------------------------------
Content of G:\autorun.inf.blocked
----------------------------------------
[autorun]
open=yveqsh93.exe
shell\open\command=yveqsh93.exe
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No autorun.inf files found on G:
No mountpoint found for 5f635877-5bae-11df-8853-e1cf190b6236
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================


Processing script
----------------------------------------
5f635877-5bae-11df-8853-e1cf190b6236
Drive letter for GUID: G:
SectionStart = 7
SectionEnd = 10
f_delete: G:\yveqsh93.exe > File does not exist!
----------------------------------------
Folder list for G:\:
----------------------------------------

d--hs   0   G:\NOKIA_~1   G:\nokia_unprocessed_images_
d-a--   0   G:\AUDIOS~1   G:\Audio snimci
d-a--   0   G:\FOTOGR~1   G:\Fotografije
d-a--   0   G:\PLAYLI~1   G:\Playlists
dr-hs   0   G:\RECYCLER   G:\RECYCLER
d-a--   0   G:\VIDEOS~1   G:\Video snimci
d-a--   0   G:\App   G:\App
-r-hs   175616   G:\b9v.exe   G:\b9v.exe
d----   0   G:\Muzika   G:\Muzika
--a--   63   G:\AUTORU~1.BL~   G:\aut[b][/b]orun.inf.blocked
d----   0   G:\PFCMUZ~1   G:\PFC muzika
-rahs   178176   G:\dwh.exe   G:\dwh.exe
-r-hs   177664   G:\et3ypes.exe   G:\et3ypes.exe
-r-hs   115200   G:\f662sjd.exe   G:\f662sjd.exe

----------------------------------------
Unhide superhidden for G:\
----------------------------------------
d-a-- G:\nokia_unprocessed_images_ > unhidden
dra-- G:\RECYCLER > unhidden
dra-- G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 > unhidden
-ra-- G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx > unhidden
-ra-- G:\b9v.exe > unhidden
-ra-- G:\dwh.exe > unhidden
-ra-- G:\et3ypes.exe > unhidden
-ra-- G:\f662sjd.exe > unhidden
----------------------------------------

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow

Prikljuci telefon i rucno obrisi (desni klik -> Delete) sledece fajlove sa njega:

b9v.exe
autorun.inf.blocked
dwh.exe
et3ypes.exe
f662sjd.exe


Takodje i folder:

RECYCLER



Arrow

Pokusaj sada da instaliras ovu zakrpu:
http://www.microsoft.com/downloads/en/details.aspx.....laylang=en







-------------------


Kakvo je stanje racunara?








goran9888 (AMF Tim)

offline
  • Pridružio: 03 Jan 2011
  • Poruke: 997

Ne može da uđe. Ne morate više da mi pomažete oko ovog problema. Pokušali ste da mi pomognete i uspeli ste, jedino ne mogu na microsoft da uđem ali OK. Ionako su ovo praznični dani a izgubili ste ceo dan na mom problemu. Hvala vam na utrošenom vremenu i čestitam vam božićne praznike. Ziveli

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Nisi ni prvi ni poslednji kome pomazemo i kome cemo pomoci. Oko toga nemoj nista da brines. Samo je potrebno da detaljno pratis Uputstva koje ti dajemo.



Slucaj jos uvek nije gotov ...


Arrow

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow

Pozeljno je da resetujes System Restore (iskljucis, pa ponovo ukljucis) prateci Uputstvo sa link-a:
http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html





--------------------------------------------


- Preporucujem ti da instaliras Service Pack 3. Necu govoriti o njegovim prednostima u odnosu na Service Pack 2. Te informacije mozes naci na internetu, na "svakom koraku". Uglavnom, MS je prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru i to je jos jedan od problema.


- Za zastitu USB memorijskih uredjaja, predlazem ti da koristis program MCShield.

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html
Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/




-------------------------------------

offline
  • Pridružio: 03 Jan 2011
  • Poruke: 997

Rešeno... Deinstalirao Combo Fx, resetovao system restore i skinuo mc shield.

Ko je trenutno na forumu
 

Ukupno su 487 korisnika na forumu :: 2 registrovanih, 0 sakrivenih i 485 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: nenad81, Rumba King