Spor internet i sam nesto skida

1

Spor internet i sam nesto skida

offline
  • Pridruio: 17 Feb 2010
  • Poruke: 35

Pozdrav


Opet ja! Bas mi se ne da ovih dana. Ne mogu nista da rijesim... Sad

Racunar je uzasno spor na netu, i neprekidno skida (vjerovatno je zato i spor), to vidim na mikrotik ruteru preko kojeg ide net.

Ja sam pokusao sa Norman Malware Cleanerom ali nista...



DDS (Ver_10-03-17.01) - NTFSx86
Run by Middle point at 13:54:28,29 on cet 22.04.2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.177 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\explorer.exe:userini.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\goupi.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\explorer.exe:userini.exe
C:\WINDOWS\explorer.exe:userini.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe:userini.exe
C:\WINDOWS\Temp\wpv671271921046.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\goupi.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Middle point\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mWinlogon: Taskman=c:\documents and settings\middle point\csrss.exe
uWinlogon: Shell=c:\documents and settings\middle point\application data\gkewzr.exe,explorer.exe,c:\documents and settings\middle point\csrss.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [DriverUpdaterPro] c:\program files\ixi tools\driver updater pro\DriverUpdaterPro.exe -t
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSConfig] c:\documents and settings\middle point\ehho.exe \u
uRun: [userini] c:\windows\system32\userini.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [titoukouv] c:\windows\system32\goupi.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [userini] c:\windows\system32\userini.exe
uExplorerRun: [userini] c:\windows\system32\userini.exe
mExplorerRun: [userini] c:\windows\system32\userini.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {EB6F09E0-BC18-476A-AFDC-39CF88000878} = 80.65.162.101
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-12 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-12 56816]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2010-4-12 18864]
S2 ditqpzfbpwa;\??\c:\docu;\??\c:\docume~1\middle~1\locals~1\temp\phrkstqgo.sys --> c:\docume~1\middle~1\locals~1\temp\phrkstqgo.sys [?]
S2 euexiaiiquei;SmartLinkService;c:\windows\system32\tookoquavo.exe [2010-4-14 279040]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 135664]
S2 mgbwmbns;\??\c:\d;\??\c:\docume~1\middle~1\locals~1\temp\nlhgqhfhtxof.sys --> c:\docume~1\middle~1\locals~1\temp\nlhgqhfhtxof.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2010-4-9 27248]
S3 protect;protect;c:\windows\system32\drivers\protect.sys [2010-4-22 18944]

=============== Created Last 30 ================

2010-04-22 06:50:28 40448 ----a-w- c:\windows\system32\userini.exe
2010-04-22 06:04:57 18944 ---ha-w- c:\windows\system32\drivers\protect.sys
2010-04-22 06:03:46 0 ----a-w- c:\documents and settings\middle point\Desktop.ini
2010-04-14 13:21:03 0 d-----w- c:\documents and settings\all users\Uniblue
2010-04-14 13:20:55 0 d-----w- c:\docume~1\middle~1\applic~1\Uniblue
2010-04-14 13:20:43 0 d-----w- c:\program files\Uniblue
2010-04-14 13:00:38 0 d-----w- c:\temp\HP_WebRelease
2010-04-14 06:40:50 279040 ----a-w- c:\windows\system32\tookoquavo.exe
2010-04-14 06:40:01 279040 ----a-w- c:\windows\system32\goupi.exe
2010-04-14 06:18:02 479292 ----a-w- c:\windows\system32\drivers\str.sys
2010-04-13 07:11:56 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-13 07:11:50 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-13 07:11:50 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-13 07:10:04 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-13 07:10:03 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-13 07:10:02 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-13 07:00:05 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-12 14:00:12 0 d-----w- c:\windows\system32\PreInstall
2010-04-12 14:00:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-12 14:00:10 0 d--h--w- c:\windows\$hf_mig$
2010-04-12 12:24:54 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-04-12 12:24:54 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-04-12 12:24:54 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-04-12 12:24:54 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-04-12 12:24:54 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-04-12 12:24:54 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-04-12 12:24:54 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-04-12 12:24:54 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-04-12 12:24:51 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-04-12 12:24:51 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-04-12 12:24:50 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-04-12 12:24:50 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-04-12 12:22:57 0 d-s---w- c:\documents and settings\middle point\UserData
2010-04-12 10:48:44 13646 ----a-w- c:\windows\system32\wpa.bak
2010-04-12 10:17:43 151040 --sha-r- c:\documents and settings\middle point\csrss.exe
2010-04-12 08:15:11 0 d-----w- c:\program files\Ask.com
2010-04-12 08:15:00 0 d-----w- c:\program files\Driver Fetch
2010-04-12 08:04:18 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-04-12 08:02:37 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-12 08:02:36 0 d-----w- c:\program files\Avira
2010-04-12 08:02:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-04-12 07:22:22 0 d-----w- c:\temp\photosmart
2010-04-12 07:05:22 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-04-12 07:05:22 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-04-12 07:05:16 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-04-12 07:05:16 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2010-04-12 07:05:15 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-04-12 07:05:15 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-04-10 11:01:23 376 ----a-w- c:\windows\ODBC.INI
2010-04-10 11:01:21 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-04-10 11:00:57 0 d-----w- c:\program files\Microsoft ActiveSync
2010-04-10 11:00:46 0 d-----w- c:\windows\SHELLNEW
2010-04-10 10:55:30 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-04-10 10:54:16 0 d-----w- C:\DRIVERS
2010-04-10 10:53:12 0 d-----w- c:\program files\Analog Devices
2010-04-10 09:55:24 0 d-----w- C:\IEGD
2010-04-10 07:43:34 0 d-----w- C:\Intel
2010-04-09 15:26:54 0 d-----w- c:\program files\common files\ODBC
2010-04-09 15:26:51 0 d-----w- c:\program files\common files\SpeechEngines
2010-04-09 15:26:28 0 d-----r- c:\documents and settings\all users\Documents
2010-04-09 14:15:39 0 d-----w- c:\program files\iXi Tools
2010-04-09 14:00:16 0 d-----w- c:\program files\Lavalys
2010-04-09 13:36:54 0 d-sh--w- c:\documents and settings\all users\DRM
2010-04-09 13:36:32 0 d--h--w- c:\program files\WindowsUpdate
2010-04-09 13:35:57 0 d-----w- c:\program files\common files\MSSoap
2010-04-09 13:34:27 0 d-----w- c:\program files\Online Services
2010-04-09 13:34:21 0 d-----w- c:\program files\Messenger
2010-04-09 13:34:18 0 d-----w- c:\program files\MSN Gaming Zone
2010-04-09 13:33:46 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-04-22 06:05:53 1033728 ----a-w- c:\windows\explorer.exe
2010-04-09 13:34:47 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

============= FINISH: 13:55:00,31 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridruio: 15 Jun 2007
  • Poruke: 5572

Kako i ne bi bio spor kad si ljudski zarazen.


Preuzmi sUBs-ov ComboFix sa sledee adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slinu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sauvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude zavreno:
deaktiviraj zatitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix e:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponueno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati odreeni broj upita/obavetenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (vie puta);
na kraju rada, otvoriti Notepad sa izvetajem o skeniranju.


Iskopiraj izvetaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom mia u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom mia na obeleeni tekst i izaberi Copy;
klikni desnim tasterom mia u polje za pisanje poruke i izaberi Paste.


Napomena:Izvetaj e biti sauvan pod nazivom ComboFix.txt na sistemskoj particiji (tipina lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primeti da izvetaj nije kompletan, iskoristi opciju Prikai fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridruio: 17 Feb 2010
  • Poruke: 35

WOU! Odmah je bri. Imam dva pitanja, ako nije problem:

1. Je li problem to sam ubacio i jedan USB da i njega preisti?
2. Koji antivirus da koristi, ne mogu da vjerujem da ni Avira ni Norman nita nisu nali???


ComboFix 10-04-21.01 - Middle point 22.04.2010 15:16:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.207 [GMT 2:00]
Running from: c:\documents and settings\Middle point\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - explorer.exe: deleted 40448 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Middle point\Application Data\wiaservg.log
c:\documents and settings\Middle point\csrss.exe
c:\recycler\S-1-5-21-0718029325-5946055546-388922546-7577
c:\recycler\S-1-5-21-1473825949-8185305178-302202417-0053
c:\recycler\S-1-5-21-2485985334-7822241281-786834486-8690
c:\recycler\S-1-5-21-5784680990-5693546944-599084886-1975
c:\recycler\S-1-5-21-7247340424-3126094606-884413755-1616
c:\windows\system32\drivers\protect.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\userini.exe
c:\windows\system32\wbem\grpconv.exe

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\system volume information\_restore{8A391B3E-1D62-43F7-ABED-465D82618DBD}\RP15\A0002145.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_protect


((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-22 13:19 . 2008-04-14 12:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-04-19 07:19 . 2010-04-19 07:19 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Help
2010-04-19 07:18 . 2010-04-19 07:18 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Identities
2010-04-14 13:21 . 2010-04-14 13:21 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-04-14 13:20 . 2010-04-14 13:20 -------- d-----w- c:\documents and settings\Middle point\Application Data\Uniblue
2010-04-14 13:20 . 2010-04-14 13:20 -------- d-----w- c:\program files\Uniblue
2010-04-14 13:00 . 2010-04-14 13:00 -------- d-----w- c:\temp\HP_WebRelease
2010-04-14 06:40 . 2010-04-14 06:40 279040 ----a-w- c:\windows\system32\tookoquavo.exe
2010-04-14 06:40 . 2010-04-14 06:40 279040 ----a-w- c:\windows\system32\goupi.exe
2010-04-13 07:11 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-13 07:11 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-13 07:11 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-13 07:10 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-13 07:10 . 2010-02-17 07:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-13 07:10 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-13 07:00 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-13 06:57 . 2010-04-13 06:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-04-12 14:00 . 2007-07-27 21:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-12 14:00 . 2010-04-14 14:06 -------- d--h--w- c:\windows\$hf_mig$
2010-04-12 13:41 . 2010-04-12 13:41 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Temp
2010-04-12 13:36 . 2010-04-12 13:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-04-12 13:29 . 2010-04-14 06:33 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Google
2010-04-12 12:32 . 2010-04-12 13:36 -------- d-----w- c:\program files\Google
2010-04-12 12:24 . 2001-08-17 20:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-04-12 12:24 . 2001-08-17 20:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-04-12 12:24 . 2001-08-17 20:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-04-12 12:24 . 2001-08-17 20:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-04-12 12:24 . 2001-08-17 12:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-04-12 12:24 . 2001-08-17 12:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-04-12 12:24 . 2008-04-14 03:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-04-12 12:24 . 2008-04-14 03:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-04-12 12:22 . 2010-04-12 12:22 -------- d-s---w- c:\documents and settings\Middle point\UserData
2010-04-12 10:54 . 2010-04-22 13:08 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\AskToolbar
2010-04-12 08:28 . 2005-06-06 09:29 110592 ----a-w- c:\documents and settings\Middle point\Application Data\U3\temp\cleanup.exe
2010-04-12 08:15 . 2010-04-12 08:15 -------- d-----w- c:\program files\Ask.com
2010-04-12 08:15 . 2010-04-12 08:15 -------- d-----w- c:\program files\Driver Fetch
2010-04-12 08:02 . 2010-04-12 08:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-12 08:02 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-12 08:02 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-12 08:02 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-12 08:02 . 2010-04-12 08:02 -------- d-----w- c:\program files\Avira
2010-04-12 08:02 . 2010-04-12 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-12 07:31 . 2010-04-12 07:31 17856 ----a-w- c:\documents and settings\Middle point\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-12 07:23 . 2010-04-19 08:57 -------- d-----w- c:\documents and settings\Middle point\Application Data\AdobeUM
2010-04-12 07:23 . 2010-04-12 07:23 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Adobe
2010-04-12 07:18 . 2010-04-20 12:13 -------- d-----w- c:\documents and settings\Middle point\Application Data\U3
2010-04-12 07:05 . 2001-08-17 11:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-04-12 07:05 . 2001-08-17 11:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-04-12 07:05 . 2001-08-17 11:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-04-12 07:05 . 2001-08-17 11:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2010-04-12 07:05 . 2008-04-13 22:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-04-12 07:05 . 2008-04-13 22:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-04-10 11:04 . 2010-04-12 07:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-10 11:01 . 2003-06-18 15:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-04-10 11:01 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-04-10 11:00 . 2010-04-10 11:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-10 11:00 . 2010-04-10 11:00 -------- d-----w- c:\windows\SHELLNEW
2010-04-10 10:56 . 2010-04-10 10:56 -------- d-----r- C:\MSOCache
2010-04-10 10:55 . 2005-09-20 08:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-04-10 10:54 . 2010-04-14 13:20 -------- d-----w- C:\DRIVERS
2010-04-10 09:55 . 2010-04-10 09:55 -------- d-----w- C:\IEGD
2010-04-10 07:43 . 2010-04-10 07:43 -------- d-----w- C:\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 06:05 . 2008-04-14 12:00 1033728 ----a-w- c:\windows\explorer.exe
2010-04-12 07:11 . 2010-04-09 13:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-10 10:53 . 2010-04-10 10:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 10:53 . 2010-04-10 10:53 -------- d-----w- c:\program files\Analog Devices
2010-04-10 10:53 . 2010-04-10 10:53 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-09 14:15 . 2010-04-09 14:15 -------- d-----w- c:\program files\iXi Tools
2010-04-09 14:00 . 2010-04-09 14:00 -------- d-----w- c:\program files\Lavalys
2010-04-09 13:38 . 2010-04-09 13:38 -------- d-----w- c:\program files\microsoft frontpage
2010-04-09 13:34 . 2010-04-09 13:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10 . 2008-04-14 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"titoukouv"="c:\windows\system32\goupi.exe" [2010-04-14 279040]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.4.2010 10:02 108289]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [12.4.2010 9:22 18864]
S2 ditqpzfbpwa;\??\c:\docu;\??\c:\docume~1\MIDDLE~1\LOCALS~1\Temp\phrkstqgo.sys --> c:\docume~1\MIDDLE~1\LOCALS~1\Temp\phrkstqgo.sys [?]
S2 euexiaiiquei;SmartLinkService;c:\windows\system32\tookoquavo.exe [14.4.2010 8:40 279040]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.4.2010 15:36 135664]
S2 mgbwmbns;\??\c:\d;\??\c:\docume~1\MIDDLE~1\LOCALS~1\Temp\nlhgqhfhtxof.sys --> c:\docume~1\MIDDLE~1\LOCALS~1\Temp\nlhgqhfhtxof.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [9.4.2010 16:00 27248]
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\Driver Fetch.job
- c:\program files\Driver Fetch\2.3.0.8\DriverFetch.exe [2010-04-12 14:07]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 13:36]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 13:36]

2010-04-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {EB6F09E0-BC18-476A-AFDC-39CF88000878} = 80.65.162.101
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-userini - c:\windows\system32\userini.exe
HKLM-Run-userini - c:\windows\system32\userini.exe
HKLM-Explorer_Run-userini - c:\windows\system32\userini.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-22 15:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2010-04-22 15:22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-22 13:22

Pre-Run: 11.035.172.864 bytes free
Post-Run: 11.055.550.464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0488D1680C90940F1B731534326374C6

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridruio: 15 Jun 2007
  • Poruke: 5572

Citat:1. Je li problem to sam ubacio i jedan USB da i njega preisti?


Problem je jer je prvo trebalo da me pitas.

Citat:2. Koji antivirus da koristi, ne mogu da vjerujem da ni Avira ni Norman nita nisu nali???

Ne postoji pravilo, isto se moglo desiti i sa nekim drugim AV(na primer neka druga infekcija).

Pozeljno bi bilo da koristis neki free AS program kao sto su :


http://www.malwarebytes.org/
http://www.superantispyware.com/download.html

Oni su sposobniji za detekciju i uklanjanje ovakvih infekcija.


Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\tookoquavo.exe
c:\windows\system32\goupi.exe
c:\docume~1\MIDDLE~1\LOCALS~1\Temp\nlhgqhfhtxof.sys
c:\docume~1\MIDDLE~1\LOCALS~1\Temp\phrkstqgo.sys

Driver::
euexiaiiquei
mgbwmbns
ditqpzfbpwa

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"titoukouv"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

offline
  • Pridruio: 17 Feb 2010
  • Poruke: 35

Izvadio sam USB, izvinjavam se...


ComboFix 10-04-21.01 - Middle point 23.04.2010 8:50.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.308 [GMT 2:00]
Running from: c:\documents and settings\Middle point\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Middle point\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\docume~1\MIDDLE~1\LOCALS~1\Temp\nlhgqhfhtxof.sys"
"c:\docume~1\MIDDLE~1\LOCALS~1\Temp\phrkstqgo.sys"
"c:\windows\system32\goupi.exe"
"c:\windows\system32\tookoquavo.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\goupi.exe
c:\windows\system32\tookoquavo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DITQPZFBPWA
-------\Legacy_EUEXIAIIQUEI
-------\Legacy_MGBWMBNS
-------\Service_ditqpzfbpwa
-------\Service_euexiaiiquei
-------\Service_mgbwmbns


((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-22 13:19 . 2008-04-14 12:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-04-22 13:19 . 2008-04-14 12:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-04-19 07:19 . 2010-04-19 07:19 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Help
2010-04-19 07:18 . 2010-04-19 07:18 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Identities
2010-04-14 13:21 . 2010-04-14 13:21 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-04-14 13:20 . 2010-04-14 13:20 -------- d-----w- c:\documents and settings\Middle point\Application Data\Uniblue
2010-04-14 13:20 . 2010-04-14 13:20 -------- d-----w- c:\program files\Uniblue
2010-04-14 13:00 . 2010-04-14 13:00 -------- d-----w- c:\temp\HP_WebRelease
2010-04-13 07:11 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-13 07:11 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-13 07:11 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-13 07:10 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-13 07:10 . 2010-02-17 07:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-13 07:10 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-13 07:00 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-13 06:57 . 2010-04-13 06:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-04-12 14:00 . 2007-07-27 21:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-12 14:00 . 2010-04-14 14:06 -------- d--h--w- c:\windows\$hf_mig$
2010-04-12 13:41 . 2010-04-12 13:41 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Temp
2010-04-12 13:36 . 2010-04-12 13:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-04-12 13:29 . 2010-04-14 06:33 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Google
2010-04-12 12:32 . 2010-04-12 13:36 -------- d-----w- c:\program files\Google
2010-04-12 12:24 . 2001-08-17 20:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-04-12 12:24 . 2001-08-17 20:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-04-12 12:24 . 2001-08-17 20:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-04-12 12:24 . 2001-08-17 20:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-04-12 12:24 . 2001-08-17 12:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-04-12 12:24 . 2001-08-17 12:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-04-12 12:24 . 2008-04-14 03:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-04-12 12:24 . 2008-04-14 03:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-04-12 12:22 . 2010-04-12 12:22 -------- d-s---w- c:\documents and settings\Middle point\UserData
2010-04-12 10:54 . 2010-04-23 06:42 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\AskToolbar
2010-04-12 08:28 . 2005-06-06 09:29 110592 ----a-w- c:\documents and settings\Middle point\Application Data\U3\temp\cleanup.exe
2010-04-12 08:15 . 2010-04-12 08:15 -------- d-----w- c:\program files\Ask.com
2010-04-12 08:15 . 2010-04-12 08:15 -------- d-----w- c:\program files\Driver Fetch
2010-04-12 08:02 . 2010-04-12 08:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-12 08:02 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-12 08:02 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-12 08:02 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-12 08:02 . 2010-04-12 08:02 -------- d-----w- c:\program files\Avira
2010-04-12 08:02 . 2010-04-12 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-12 07:31 . 2010-04-12 07:31 17856 ----a-w- c:\documents and settings\Middle point\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-12 07:23 . 2010-04-19 08:57 -------- d-----w- c:\documents and settings\Middle point\Application Data\AdobeUM
2010-04-12 07:23 . 2010-04-12 07:23 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Adobe
2010-04-12 07:18 . 2010-04-20 12:13 -------- d-----w- c:\documents and settings\Middle point\Application Data\U3
2010-04-12 07:05 . 2001-08-17 11:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-04-12 07:05 . 2001-08-17 11:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-04-12 07:05 . 2001-08-17 11:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-04-12 07:05 . 2001-08-17 11:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2010-04-12 07:05 . 2008-04-13 22:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-04-12 07:05 . 2008-04-13 22:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-04-10 11:04 . 2010-04-12 07:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-10 11:01 . 2003-06-18 15:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-04-10 11:01 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-04-10 11:00 . 2010-04-10 11:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-10 11:00 . 2010-04-10 11:00 -------- d-----w- c:\windows\SHELLNEW
2010-04-10 10:56 . 2010-04-10 10:56 -------- d-----r- C:\MSOCache
2010-04-10 10:55 . 2005-09-20 08:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-04-10 10:54 . 2010-04-14 13:20 -------- d-----w- C:\DRIVERS
2010-04-10 09:55 . 2010-04-10 09:55 -------- d-----w- C:\IEGD
2010-04-10 07:43 . 2010-04-10 07:43 -------- d-----w- C:\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 06:05 . 2008-04-14 12:00 1033728 ----a-w- c:\windows\explorer.exe
2010-04-12 07:11 . 2010-04-09 13:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-10 10:53 . 2010-04-10 10:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 10:53 . 2010-04-10 10:53 -------- d-----w- c:\program files\Analog Devices
2010-04-10 10:53 . 2010-04-10 10:53 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-09 14:15 . 2010-04-09 14:15 -------- d-----w- c:\program files\iXi Tools
2010-04-09 14:00 . 2010-04-09 14:00 -------- d-----w- c:\program files\Lavalys
2010-04-09 13:38 . 2010-04-09 13:38 -------- d-----w- c:\program files\microsoft frontpage
2010-04-09 13:34 . 2010-04-09 13:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10 . 2008-04-14 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.4.2010 10:02 108289]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [12.4.2010 9:22 18864]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.4.2010 15:36 135664]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [9.4.2010 16:00 27248]
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\Driver Fetch.job
- c:\program files\Driver Fetch\2.3.0.8\DriverFetch.exe [2010-04-12 14:07]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 13:36]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 13:36]

2010-04-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {EB6F09E0-BC18-476A-AFDC-39CF88000878} = 80.65.162.101
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-23 08:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2010-04-23 08:56:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-23 06:56
ComboFix2.txt 2010-04-22 13:22

Pre-Run: 11.035.000.832 bytes free
Post-Run: 11.022.184.448 bytes free

- - End Of File - - 78E3C6D92414909034E3C2EF5F91ED23

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridruio: 15 Jun 2007
  • Poruke: 5572

Uploaduj mi sledeci fajl :

Citat:c:\windows\system32\dllcache\grpconv.exe

Preko sledece forme :

http://www.mycity.rs/ambulanta-upload.php



- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridruio: 17 Feb 2010
  • Poruke: 35

Uploadovao sam fajl!


USBNoRisk 2.5 (26 July 2009) by bobby

Started at 26.4.2010 9:48:49

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {bedaa499-43ea-11df-8411-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for bedaa499-43ea-11df-8411-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 26.4.2010 9:49:04

Scanning for connected USB mass storage...
----------------------------------------
G: {0ce7c87a-43e0-11df-a20a-fcaec0176cf4}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 0ce7c87a-43e0-11df-a20a-fcaec0176cf4
----------------------------------------

----------------------------------------
Desktop.ini found at G:\SEVEBOMBA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at G:\LIJEPA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 26.4.2010 9:49:29

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 26.4.2010 9:49:31

Scanning for connected USB mass storage...
----------------------------------------
H: {833e6a9b-4603-11df-a210-0018f31cc521}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File H:\autorun.inf renamed successfully

Content of H:\autorun.inf.blocked
----------------------------------------
[autorun
"sAюʎl??Dsla??DFAKFP?WQlf?WQKF?WQklWQ?k
open=SEVEBOMBA/gasgas.exe
action=Open folderto view files usingWindowsExplorer
icon=SEVEBOMBA/gasgas.exe
Shell\open\command=SEVEBOMBA/gasgas.exe
shell\open\command=SEVEBOMBA/gasgas.exe
USEAUTOPLAY=1
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Sanitized mountpoint for 833e6a9b-4603-11df-a210-0018f31cc521
----------------------------------------

----------------------------------------
Desktop.ini found at H:\ZAPALICU\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PRIDJI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\SEVEBOMBA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PILULEROZE\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================



New device connected at 26.4.2010 9:49:33

Scanning for connected USB mass storage...
----------------------------------------

========================================

Scanning USB mass storage for files...
----------------------------------------


New device connected at 26.4.2010 9:49:33

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun
"sAюʎl??Dsla??DFAKFP?WQlf?WQKF?WQklWQ?k
open=SEVEBOMBA/gasgas.exe
action=Open folderto view files usingWindowsExplorer
icon=SEVEBOMBA/gasgas.exe
Shell\open\command=SEVEBOMBA/gasgas.exe
shell\open\command=SEVEBOMBA/gasgas.exe
USEAUTOPLAY=1
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for 833e6a9b-4603-11df-a210-0018f31cc521
----------------------------------------

----------------------------------------
Desktop.ini found at H:\ZAPALICU\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PRIDJI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\SEVEBOMBA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PILULEROZE\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================

Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun
"sAюʎl??Dsla??DFAKFP?WQlf?WQKF?WQklWQ?k
open=SEVEBOMBA/gasgas.exe
action=Open folderto view files usingWindowsExplorer
icon=SEVEBOMBA/gasgas.exe
Shell\open\command=SEVEBOMBA/gasgas.exe
shell\open\command=SEVEBOMBA/gasgas.exe
USEAUTOPLAY=1
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for 833e6a9b-4603-11df-a210-0018f31cc521
----------------------------------------

----------------------------------------
Desktop.ini found at H:\ZAPALICU\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PRIDJI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\SEVEBOMBA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PILULEROZE\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================

========================================
Removed H:
========================================


New device connected at 26.4.2010 9:49:53

Scanning for connected USB mass storage...
----------------------------------------
G: {f2b96766-492b-11df-a218-0018f31cc521}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
autorun.inf found on G:
----------------------------------------
File G:\autorun.inf renamed successfully

Content of G:\autorun.inf.blocked
----------------------------------------
[autorun
;}?J??m??X??_vFQh?<??'?,?Ctbe??Nt?d?!?s?.[?cC???s?s???J????^??y??F??t???f??w!?MrI??y???????|???w??|gJe???b?????(Mmr?N?}???Z(J?N?/??\d???????T??I_J???L
;LF:4klfKF$:KOfF$?F$KfO:$kjf4
open=PILULEROZE///againstnervoza.exe
;#Jfrikj34ilf43JF$#
icon=%SystemRoot%\system32\SHELL32.dll,4
;JF$I#JF4imkjf$L:JF$:f4
action=Open folderto view files usingWindowsExplorer
;j$FIFDI#DJ$KJF#$:F#$K<g
Shell\open\\\command=PILULEROZE///againstnervoza.exe
;g43g43
shell\explore\\command=PILULEROZE///againstnervoza.exe
;KG#$(OUIG$(#IG34
USEAUTOPLAY=1
:AH WHAT CAN I SAY
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Sanitized mountpoint for f2b96766-492b-11df-a218-0018f31cc521
----------------------------------------

----------------------------------------
Desktop.ini found at G:\PILULEROZE\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at G:\SEVEBOMBA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive G:
========================================

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridruio: 24 Jul 2007
  • Poruke: 12280
  • Gde ivi: Hgans, SE

Pozdrav... Izvini zbog ekanja.


Aktiviraj prikaz skrivenih file-ova i foldera: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html



Redom prikljuuj flash drive-ove i brii sa njih sledee file-ove i foldere (gde koji postoji):

autorun.inf.blocked

SEVEBOMBA
LIJEPA
ZAPALICU
PRIDJI
PILULEROZE





Kako je sada stanje? Postoji li neki konkretan problem?

Ako da, postavi sve ComboFix logfile.

offline
  • Pridruio: 17 Feb 2010
  • Poruke: 35

Izbrisao...


Nema nikakvih konkretnih problema, ali imam pitanje da li su virusi RECYCLER i MSOCashe?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridruio: 24 Jul 2007
  • Poruke: 12280
  • Gde ivi: Hgans, SE

Ako su na hard disku, onda su legitimni folderi u pitanju.





Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledee:

ComboFix /Uninstall

Primeti da postoji razmak izmeu "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Saekaj da se proces deinstalacije zavri.



To bi bilo sve.

Ko je trenutno na forumu
 

Ukupno su 868 korisnika na forumu :: 50 registrovanih, 6 sakrivenih i 812 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najvie korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: airsuba, amaterSRB, benne, blackjack, Brada i Gibanica, darkangel, dejina811, dejoglina, Frunze, goxin, hurmiza, Igor Antonic, ink, komkom, Kruger, kuntalo, laurusri, Leonov, Lucije Kvint, MarKhan, Markoni29, MB120mm, MIg, Miki01, Milan A. Nikolic, milos.cbr, miodrag, misa2, moldway, nenooo, nobutado, nuke92, pceklic, radoznao, S2M, sasabanjac, solic, stagezin, stalja, Steeeefan, t84dar, taz1cl, TheBeastOfMG, theNedjeljko, Vlad000, Vlada1389, wexy, Zmaj Ognjeni Vuk, Zmaj001, ivi