Spor internet i sam nesto skida

1

Spor internet i sam nesto skida

offline
  • Pridruio: 17 Feb 2010
  • Poruke: 35

Pozdrav


Opet ja! Bas mi se ne da ovih dana. Ne mogu nista da rijesim... Sad

Racunar je uzasno spor na netu, i neprekidno skida (vjerovatno je zato i spor), to vidim na mikrotik ruteru preko kojeg ide net.

Ja sam pokusao sa Norman Malware Cleanerom ali nista...



DDS (Ver_10-03-17.01) - NTFSx86
Run by Middle point at 13:54:28,29 on cet 22.04.2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.177 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\explorer.exe:userini.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\goupi.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\explorer.exe:userini.exe
C:\WINDOWS\explorer.exe:userini.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe:userini.exe
C:\WINDOWS\Temp\wpv671271921046.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\goupi.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Middle point\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mWinlogon: Taskman=c:\documents and settings\middle point\csrss.exe
uWinlogon: Shell=c:\documents and settings\middle point\application data\gkewzr.exe,explorer.exe,c:\documents and settings\middle point\csrss.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [DriverUpdaterPro] c:\program files\ixi tools\driver updater pro\DriverUpdaterPro.exe -t
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSConfig] c:\documents and settings\middle point\ehho.exe \u
uRun: [userini] c:\windows\system32\userini.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [titoukouv] c:\windows\system32\goupi.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [userini] c:\windows\system32\userini.exe
uExplorerRun: [userini] c:\windows\system32\userini.exe
mExplorerRun: [userini] c:\windows\system32\userini.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {EB6F09E0-BC18-476A-AFDC-39CF88000878} = 80.65.162.101
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-12 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-12 56816]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2010-4-12 18864]
S2 ditqpzfbpwa;\??\c:\docu;\??\c:\docume~1\middle~1\locals~1\temp\phrkstqgo.sys --> c:\docume~1\middle~1\locals~1\temp\phrkstqgo.sys [?]
S2 euexiaiiquei;SmartLinkService;c:\windows\system32\tookoquavo.exe [2010-4-14 279040]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 135664]
S2 mgbwmbns;\??\c:\d;\??\c:\docume~1\middle~1\locals~1\temp\nlhgqhfhtxof.sys --> c:\docume~1\middle~1\locals~1\temp\nlhgqhfhtxof.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2010-4-9 27248]
S3 protect;protect;c:\windows\system32\drivers\protect.sys [2010-4-22 18944]

=============== Created Last 30 ================

2010-04-22 06:50:28 40448 ----a-w- c:\windows\system32\userini.exe
2010-04-22 06:04:57 18944 ---ha-w- c:\windows\system32\drivers\protect.sys
2010-04-22 06:03:46 0 ----a-w- c:\documents and settings\middle point\Desktop.ini
2010-04-14 13:21:03 0 d-----w- c:\documents and settings\all users\Uniblue
2010-04-14 13:20:55 0 d-----w- c:\docume~1\middle~1\applic~1\Uniblue
2010-04-14 13:20:43 0 d-----w- c:\program files\Uniblue
2010-04-14 13:00:38 0 d-----w- c:\temp\HP_WebRelease
2010-04-14 06:40:50 279040 ----a-w- c:\windows\system32\tookoquavo.exe
2010-04-14 06:40:01 279040 ----a-w- c:\windows\system32\goupi.exe
2010-04-14 06:18:02 479292 ----a-w- c:\windows\system32\drivers\str.sys
2010-04-13 07:11:56 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-13 07:11:50 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-13 07:11:50 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-13 07:10:04 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-13 07:10:03 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-13 07:10:02 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-13 07:00:05 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-12 14:00:12 0 d-----w- c:\windows\system32\PreInstall
2010-04-12 14:00:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-12 14:00:10 0 d--h--w- c:\windows\$hf_mig$
2010-04-12 12:24:54 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-04-12 12:24:54 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-04-12 12:24:54 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-04-12 12:24:54 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-04-12 12:24:54 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-04-12 12:24:54 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-04-12 12:24:54 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-04-12 12:24:54 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-04-12 12:24:51 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-04-12 12:24:51 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-04-12 12:24:50 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-04-12 12:24:50 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-04-12 12:22:57 0 d-s---w- c:\documents and settings\middle point\UserData
2010-04-12 10:48:44 13646 ----a-w- c:\windows\system32\wpa.bak
2010-04-12 10:17:43 151040 --sha-r- c:\documents and settings\middle point\csrss.exe
2010-04-12 08:15:11 0 d-----w- c:\program files\Ask.com
2010-04-12 08:15:00 0 d-----w- c:\program files\Driver Fetch
2010-04-12 08:04:18 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-04-12 08:02:37 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-12 08:02:36 0 d-----w- c:\program files\Avira
2010-04-12 08:02:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-04-12 07:22:22 0 d-----w- c:\temp\photosmart
2010-04-12 07:05:22 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-04-12 07:05:22 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-04-12 07:05:16 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-04-12 07:05:16 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2010-04-12 07:05:15 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-04-12 07:05:15 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-04-10 11:01:23 376 ----a-w- c:\windows\ODBC.INI
2010-04-10 11:01:21 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-04-10 11:00:57 0 d-----w- c:\program files\Microsoft ActiveSync
2010-04-10 11:00:46 0 d-----w- c:\windows\SHELLNEW
2010-04-10 10:55:30 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-04-10 10:54:16 0 d-----w- C:\DRIVERS
2010-04-10 10:53:12 0 d-----w- c:\program files\Analog Devices
2010-04-10 09:55:24 0 d-----w- C:\IEGD
2010-04-10 07:43:34 0 d-----w- C:\Intel
2010-04-09 15:26:54 0 d-----w- c:\program files\common files\ODBC
2010-04-09 15:26:51 0 d-----w- c:\program files\common files\SpeechEngines
2010-04-09 15:26:28 0 d-----r- c:\documents and settings\all users\Documents
2010-04-09 14:15:39 0 d-----w- c:\program files\iXi Tools
2010-04-09 14:00:16 0 d-----w- c:\program files\Lavalys
2010-04-09 13:36:54 0 d-sh--w- c:\documents and settings\all users\DRM
2010-04-09 13:36:32 0 d--h--w- c:\program files\WindowsUpdate
2010-04-09 13:35:57 0 d-----w- c:\program files\common files\MSSoap
2010-04-09 13:34:27 0 d-----w- c:\program files\Online Services
2010-04-09 13:34:21 0 d-----w- c:\program files\Messenger
2010-04-09 13:34:18 0 d-----w- c:\program files\MSN Gaming Zone
2010-04-09 13:33:46 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-04-22 06:05:53 1033728 ----a-w- c:\windows\explorer.exe
2010-04-09 13:34:47 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

============= FINISH: 13:55:00,31 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridruio: 15 Jun 2007
  • Poruke: 5572

Kako i ne bi bio spor kad si ljudski zarazen.


Preuzmi sUBs-ov ComboFix sa sledee adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slinu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sauvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude zavreno:
deaktiviraj zatitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix e:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponueno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati odreeni broj upita/obavetenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (vie puta);
na kraju rada, otvoriti Notepad sa izvetajem o skeniranju.


Iskopiraj izvetaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom mia u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom mia na obeleeni tekst i izaberi Copy;
klikni desnim tasterom mia u polje za pisanje poruke i izaberi Paste.


Napomena:Izvetaj e biti sauvan pod nazivom ComboFix.txt na sistemskoj particiji (tipina lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primeti da izvetaj nije kompletan, iskoristi opciju Prikai fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridruio: 17 Feb 2010
  • Poruke: 35

WOU! Odmah je bri. Imam dva pitanja, ako nije problem:

1. Je li problem to sam ubacio i jedan USB da i njega preisti?
2. Koji antivirus da koristi, ne mogu da vjerujem da ni Avira ni Norman nita nisu nali???


ComboFix 10-04-21.01 - Middle point 22.04.2010 15:16:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.207 [GMT 2:00]
Running from: c:\documents and settings\Middle point\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - explorer.exe: deleted 40448 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Middle point\Application Data\wiaservg.log
c:\documents and settings\Middle point\csrss.exe
c:\recycler\S-1-5-21-0718029325-5946055546-388922546-7577
c:\recycler\S-1-5-21-1473825949-8185305178-302202417-0053
c:\recycler\S-1-5-21-2485985334-7822241281-786834486-8690
c:\recycler\S-1-5-21-5784680990-5693546944-599084886-1975
c:\recycler\S-1-5-21-7247340424-3126094606-884413755-1616
c:\windows\system32\drivers\protect.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\userini.exe
c:\windows\system32\wbem\grpconv.exe

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\system volume information\_restore{8A391B3E-1D62-43F7-ABED-465D82618DBD}\RP15\A0002145.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_protect


((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-22 13:19 . 2008-04-14 12:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-04-19 07:19 . 2010-04-19 07:19 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Help
2010-04-19 07:18 . 2010-04-19 07:18 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Identities
2010-04-14 13:21 . 2010-04-14 13:21 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-04-14 13:20 . 2010-04-14 13:20 -------- d-----w- c:\documents and settings\Middle point\Application Data\Uniblue
2010-04-14 13:20 . 2010-04-14 13:20 -------- d-----w- c:\program files\Uniblue
2010-04-14 13:00 . 2010-04-14 13:00 -------- d-----w- c:\temp\HP_WebRelease
2010-04-14 06:40 . 2010-04-14 06:40 279040 ----a-w- c:\windows\system32\tookoquavo.exe
2010-04-14 06:40 . 2010-04-14 06:40 279040 ----a-w- c:\windows\system32\goupi.exe
2010-04-13 07:11 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-13 07:11 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-13 07:11 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-13 07:10 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-13 07:10 . 2010-02-17 07:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-13 07:10 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-13 07:00 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-13 06:57 . 2010-04-13 06:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-04-12 14:00 . 2007-07-27 21:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-12 14:00 . 2010-04-14 14:06 -------- d--h--w- c:\windows\$hf_mig$
2010-04-12 13:41 . 2010-04-12 13:41 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Temp
2010-04-12 13:36 . 2010-04-12 13:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-04-12 13:29 . 2010-04-14 06:33 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Google
2010-04-12 12:32 . 2010-04-12 13:36 -------- d-----w- c:\program files\Google
2010-04-12 12:24 . 2001-08-17 20:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-04-12 12:24 . 2001-08-17 20:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-04-12 12:24 . 2001-08-17 20:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-04-12 12:24 . 2001-08-17 20:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-04-12 12:24 . 2001-08-17 12:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-04-12 12:24 . 2001-08-17 12:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-04-12 12:24 . 2008-04-14 03:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-04-12 12:24 . 2008-04-14 03:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-04-12 12:22 . 2010-04-12 12:22 -------- d-s---w- c:\documents and settings\Middle point\UserData
2010-04-12 10:54 . 2010-04-22 13:08 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\AskToolbar
2010-04-12 08:28 . 2005-06-06 09:29 110592 ----a-w- c:\documents and settings\Middle point\Application Data\U3\temp\cleanup.exe
2010-04-12 08:15 . 2010-04-12 08:15 -------- d-----w- c:\program files\Ask.com
2010-04-12 08:15 . 2010-04-12 08:15 -------- d-----w- c:\program files\Driver Fetch
2010-04-12 08:02 . 2010-04-12 08:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-12 08:02 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-12 08:02 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-12 08:02 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-12 08:02 . 2010-04-12 08:02 -------- d-----w- c:\program files\Avira
2010-04-12 08:02 . 2010-04-12 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-12 07:31 . 2010-04-12 07:31 17856 ----a-w- c:\documents and settings\Middle point\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-12 07:23 . 2010-04-19 08:57 -------- d-----w- c:\documents and settings\Middle point\Application Data\AdobeUM
2010-04-12 07:23 . 2010-04-12 07:23 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Adobe
2010-04-12 07:18 . 2010-04-20 12:13 -------- d-----w- c:\documents and settings\Middle point\Application Data\U3
2010-04-12 07:05 . 2001-08-17 11:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-04-12 07:05 . 2001-08-17 11:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-04-12 07:05 . 2001-08-17 11:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-04-12 07:05 . 2001-08-17 11:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2010-04-12 07:05 . 2008-04-13 22:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-04-12 07:05 . 2008-04-13 22:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-04-10 11:04 . 2010-04-12 07:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-10 11:01 . 2003-06-18 15:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-04-10 11:01 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-04-10 11:00 . 2010-04-10 11:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-10 11:00 . 2010-04-10 11:00 -------- d-----w- c:\windows\SHELLNEW
2010-04-10 10:56 . 2010-04-10 10:56 -------- d-----r- C:\MSOCache
2010-04-10 10:55 . 2005-09-20 08:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-04-10 10:54 . 2010-04-14 13:20 -------- d-----w- C:\DRIVERS
2010-04-10 09:55 . 2010-04-10 09:55 -------- d-----w- C:\IEGD
2010-04-10 07:43 . 2010-04-10 07:43 -------- d-----w- C:\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 06:05 . 2008-04-14 12:00 1033728 ----a-w- c:\windows\explorer.exe
2010-04-12 07:11 . 2010-04-09 13:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-10 10:53 . 2010-04-10 10:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 10:53 . 2010-04-10 10:53 -------- d-----w- c:\program files\Analog Devices
2010-04-10 10:53 . 2010-04-10 10:53 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-09 14:15 . 2010-04-09 14:15 -------- d-----w- c:\program files\iXi Tools
2010-04-09 14:00 . 2010-04-09 14:00 -------- d-----w- c:\program files\Lavalys
2010-04-09 13:38 . 2010-04-09 13:38 -------- d-----w- c:\program files\microsoft frontpage
2010-04-09 13:34 . 2010-04-09 13:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10 . 2008-04-14 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"titoukouv"="c:\windows\system32\goupi.exe" [2010-04-14 279040]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.4.2010 10:02 108289]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [12.4.2010 9:22 18864]
S2 ditqpzfbpwa;\??\c:\docu;\??\c:\docume~1\MIDDLE~1\LOCALS~1\Temp\phrkstqgo.sys --> c:\docume~1\MIDDLE~1\LOCALS~1\Temp\phrkstqgo.sys [?]
S2 euexiaiiquei;SmartLinkService;c:\windows\system32\tookoquavo.exe [14.4.2010 8:40 279040]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.4.2010 15:36 135664]
S2 mgbwmbns;\??\c:\d;\??\c:\docume~1\MIDDLE~1\LOCALS~1\Temp\nlhgqhfhtxof.sys --> c:\docume~1\MIDDLE~1\LOCALS~1\Temp\nlhgqhfhtxof.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [9.4.2010 16:00 27248]
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\Driver Fetch.job
- c:\program files\Driver Fetch\2.3.0.8\DriverFetch.exe [2010-04-12 14:07]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 13:36]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 13:36]

2010-04-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {EB6F09E0-BC18-476A-AFDC-39CF88000878} = 80.65.162.101
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-userini - c:\windows\system32\userini.exe
HKLM-Run-userini - c:\windows\system32\userini.exe
HKLM-Explorer_Run-userini - c:\windows\system32\userini.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-22 15:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2010-04-22 15:22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-22 13:22

Pre-Run: 11.035.172.864 bytes free
Post-Run: 11.055.550.464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0488D1680C90940F1B731534326374C6

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridruio: 15 Jun 2007
  • Poruke: 5572

Citat:1. Je li problem to sam ubacio i jedan USB da i njega preisti?


Problem je jer je prvo trebalo da me pitas.

Citat:2. Koji antivirus da koristi, ne mogu da vjerujem da ni Avira ni Norman nita nisu nali???

Ne postoji pravilo, isto se moglo desiti i sa nekim drugim AV(na primer neka druga infekcija).

Pozeljno bi bilo da koristis neki free AS program kao sto su :


http://www.malwarebytes.org/
http://www.superantispyware.com/download.html

Oni su sposobniji za detekciju i uklanjanje ovakvih infekcija.


Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\tookoquavo.exe
c:\windows\system32\goupi.exe
c:\docume~1\MIDDLE~1\LOCALS~1\Temp\nlhgqhfhtxof.sys
c:\docume~1\MIDDLE~1\LOCALS~1\Temp\phrkstqgo.sys

Driver::
euexiaiiquei
mgbwmbns
ditqpzfbpwa

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"titoukouv"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

offline
  • Pridruio: 17 Feb 2010
  • Poruke: 35

Izvadio sam USB, izvinjavam se...


ComboFix 10-04-21.01 - Middle point 23.04.2010 8:50.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.308 [GMT 2:00]
Running from: c:\documents and settings\Middle point\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Middle point\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\docume~1\MIDDLE~1\LOCALS~1\Temp\nlhgqhfhtxof.sys"
"c:\docume~1\MIDDLE~1\LOCALS~1\Temp\phrkstqgo.sys"
"c:\windows\system32\goupi.exe"
"c:\windows\system32\tookoquavo.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\goupi.exe
c:\windows\system32\tookoquavo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DITQPZFBPWA
-------\Legacy_EUEXIAIIQUEI
-------\Legacy_MGBWMBNS
-------\Service_ditqpzfbpwa
-------\Service_euexiaiiquei
-------\Service_mgbwmbns


((((((((((((((((((((((((( Files Created from 2010-03-23 to 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-22 13:19 . 2008-04-14 12:00 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-04-22 13:19 . 2008-04-14 12:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-04-19 07:19 . 2010-04-19 07:19 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Help
2010-04-19 07:18 . 2010-04-19 07:18 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Identities
2010-04-14 13:21 . 2010-04-14 13:21 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-04-14 13:20 . 2010-04-14 13:20 -------- d-----w- c:\documents and settings\Middle point\Application Data\Uniblue
2010-04-14 13:20 . 2010-04-14 13:20 -------- d-----w- c:\program files\Uniblue
2010-04-14 13:00 . 2010-04-14 13:00 -------- d-----w- c:\temp\HP_WebRelease
2010-04-13 07:11 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-13 07:11 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-13 07:11 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-13 07:10 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-13 07:10 . 2010-02-17 07:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-13 07:10 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-13 07:00 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-04-13 06:57 . 2010-04-13 06:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-04-12 14:00 . 2007-07-27 21:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-04-12 14:00 . 2010-04-14 14:06 -------- d--h--w- c:\windows\$hf_mig$
2010-04-12 13:41 . 2010-04-12 13:41 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Temp
2010-04-12 13:36 . 2010-04-12 13:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-04-12 13:29 . 2010-04-14 06:33 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Google
2010-04-12 12:32 . 2010-04-12 13:36 -------- d-----w- c:\program files\Google
2010-04-12 12:24 . 2001-08-17 20:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-04-12 12:24 . 2001-08-17 20:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-04-12 12:24 . 2001-08-17 20:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-04-12 12:24 . 2001-08-17 20:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-04-12 12:24 . 2001-08-17 12:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-04-12 12:24 . 2001-08-17 12:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-04-12 12:24 . 2001-08-17 12:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-04-12 12:24 . 2008-04-14 03:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-04-12 12:24 . 2008-04-14 03:39 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-04-12 12:22 . 2010-04-12 12:22 -------- d-s---w- c:\documents and settings\Middle point\UserData
2010-04-12 10:54 . 2010-04-23 06:42 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\AskToolbar
2010-04-12 08:28 . 2005-06-06 09:29 110592 ----a-w- c:\documents and settings\Middle point\Application Data\U3\temp\cleanup.exe
2010-04-12 08:15 . 2010-04-12 08:15 -------- d-----w- c:\program files\Ask.com
2010-04-12 08:15 . 2010-04-12 08:15 -------- d-----w- c:\program files\Driver Fetch
2010-04-12 08:02 . 2010-04-12 08:35 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-12 08:02 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-12 08:02 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-12 08:02 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-12 08:02 . 2010-04-12 08:02 -------- d-----w- c:\program files\Avira
2010-04-12 08:02 . 2010-04-12 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-12 07:31 . 2010-04-12 07:31 17856 ----a-w- c:\documents and settings\Middle point\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-12 07:23 . 2010-04-19 08:57 -------- d-----w- c:\documents and settings\Middle point\Application Data\AdobeUM
2010-04-12 07:23 . 2010-04-12 07:23 -------- d-----w- c:\documents and settings\Middle point\Local Settings\Application Data\Adobe
2010-04-12 07:18 . 2010-04-20 12:13 -------- d-----w- c:\documents and settings\Middle point\Application Data\U3
2010-04-12 07:05 . 2001-08-17 11:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-04-12 07:05 . 2001-08-17 11:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2010-04-12 07:05 . 2001-08-17 11:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2010-04-12 07:05 . 2001-08-17 11:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2010-04-12 07:05 . 2008-04-13 22:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2010-04-12 07:05 . 2008-04-13 22:09 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2010-04-10 11:04 . 2010-04-12 07:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-10 11:01 . 2003-06-18 15:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-04-10 11:01 . 2003-06-18 15:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-04-10 11:00 . 2010-04-10 11:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-04-10 11:00 . 2010-04-10 11:00 -------- d-----w- c:\windows\SHELLNEW
2010-04-10 10:56 . 2010-04-10 10:56 -------- d-----r- C:\MSOCache
2010-04-10 10:55 . 2005-09-20 08:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-04-10 10:54 . 2010-04-14 13:20 -------- d-----w- C:\DRIVERS
2010-04-10 09:55 . 2010-04-10 09:55 -------- d-----w- C:\IEGD
2010-04-10 07:43 . 2010-04-10 07:43 -------- d-----w- C:\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 06:05 . 2008-04-14 12:00 1033728 ----a-w- c:\windows\explorer.exe
2010-04-12 07:11 . 2010-04-09 13:37 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-10 10:53 . 2010-04-10 10:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 10:53 . 2010-04-10 10:53 -------- d-----w- c:\program files\Analog Devices
2010-04-10 10:53 . 2010-04-10 10:53 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-09 14:15 . 2010-04-09 14:15 -------- d-----w- c:\program files\iXi Tools
2010-04-09 14:00 . 2010-04-09 14:00 -------- d-----w- c:\program files\Lavalys
2010-04-09 13:38 . 2010-04-09 13:38 -------- d-----w- c:\program files\microsoft frontpage
2010-04-09 13:34 . 2010-04-09 13:34 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 07:10 . 2008-04-14 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.4.2010 10:02 108289]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [12.4.2010 9:22 18864]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.4.2010 15:36 135664]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [9.4.2010 16:00 27248]
.
Contents of the 'Scheduled Tasks' folder

2010-04-14 c:\windows\Tasks\Driver Fetch.job
- c:\program files\Driver Fetch\2.3.0.8\DriverFetch.exe [2010-04-12 14:07]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 13:36]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-12 13:36]

2010-04-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {EB6F09E0-BC18-476A-AFDC-39CF88000878} = 80.65.162.101
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-23 08:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2010-04-23 08:56:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-23 06:56
ComboFix2.txt 2010-04-22 13:22

Pre-Run: 11.035.000.832 bytes free
Post-Run: 11.022.184.448 bytes free

- - End Of File - - 78E3C6D92414909034E3C2EF5F91ED23

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridruio: 15 Jun 2007
  • Poruke: 5572

Uploaduj mi sledeci fajl :

Citat:c:\windows\system32\dllcache\grpconv.exe

Preko sledece forme :

http://www.mycity.rs/ambulanta-upload.php



- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridruio: 17 Feb 2010
  • Poruke: 35

Uploadovao sam fajl!


USBNoRisk 2.5 (26 July 2009) by bobby

Started at 26.4.2010 9:48:49

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {bedaa499-43ea-11df-8411-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for bedaa499-43ea-11df-8411-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 26.4.2010 9:49:04

Scanning for connected USB mass storage...
----------------------------------------
G: {0ce7c87a-43e0-11df-a20a-fcaec0176cf4}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for 0ce7c87a-43e0-11df-a20a-fcaec0176cf4
----------------------------------------

----------------------------------------
Desktop.ini found at G:\SEVEBOMBA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at G:\LIJEPA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 26.4.2010 9:49:29

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 26.4.2010 9:49:31

Scanning for connected USB mass storage...
----------------------------------------
H: {833e6a9b-4603-11df-a210-0018f31cc521}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File H:\autorun.inf renamed successfully

Content of H:\autorun.inf.blocked
----------------------------------------
[autorun
"sAюʎl??Dsla??DFAKFP?WQlf?WQKF?WQklWQ?k
open=SEVEBOMBA/gasgas.exe
action=Open folderto view files usingWindowsExplorer
icon=SEVEBOMBA/gasgas.exe
Shell\open\command=SEVEBOMBA/gasgas.exe
shell\open\command=SEVEBOMBA/gasgas.exe
USEAUTOPLAY=1
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Sanitized mountpoint for 833e6a9b-4603-11df-a210-0018f31cc521
----------------------------------------

----------------------------------------
Desktop.ini found at H:\ZAPALICU\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PRIDJI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\SEVEBOMBA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PILULEROZE\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================



New device connected at 26.4.2010 9:49:33

Scanning for connected USB mass storage...
----------------------------------------

========================================

Scanning USB mass storage for files...
----------------------------------------


New device connected at 26.4.2010 9:49:33

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun
"sAюʎl??Dsla??DFAKFP?WQlf?WQKF?WQklWQ?k
open=SEVEBOMBA/gasgas.exe
action=Open folderto view files usingWindowsExplorer
icon=SEVEBOMBA/gasgas.exe
Shell\open\command=SEVEBOMBA/gasgas.exe
shell\open\command=SEVEBOMBA/gasgas.exe
USEAUTOPLAY=1
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for 833e6a9b-4603-11df-a210-0018f31cc521
----------------------------------------

----------------------------------------
Desktop.ini found at H:\ZAPALICU\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PRIDJI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\SEVEBOMBA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PILULEROZE\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================

Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun
"sAюʎl??Dsla??DFAKFP?WQlf?WQKF?WQklWQ?k
open=SEVEBOMBA/gasgas.exe
action=Open folderto view files usingWindowsExplorer
icon=SEVEBOMBA/gasgas.exe
Shell\open\command=SEVEBOMBA/gasgas.exe
shell\open\command=SEVEBOMBA/gasgas.exe
USEAUTOPLAY=1
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for 833e6a9b-4603-11df-a210-0018f31cc521
----------------------------------------

----------------------------------------
Desktop.ini found at H:\ZAPALICU\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PRIDJI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\SEVEBOMBA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\PILULEROZE\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================

========================================
Removed H:
========================================


New device connected at 26.4.2010 9:49:53

Scanning for connected USB mass storage...
----------------------------------------
G: {f2b96766-492b-11df-a218-0018f31cc521}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
autorun.inf found on G:
----------------------------------------
File G:\autorun.inf renamed successfully

Content of G:\autorun.inf.blocked
----------------------------------------
[autorun
;}?J??m??X??_vFQh?<??'?,?Ctbe??Nt?d?!?s?.[?cC???s?s???J????^??y??F??t???f??w!?MrI??y???????|???w??|gJe???b?????(Mmr?N?}???Z(J?N?/??\d???????T??I_J???L
;LF:4klfKF$:KOfF$?F$KfO:$kjf4
open=PILULEROZE///againstnervoza.exe
;#Jfrikj34ilf43JF$#
icon=%SystemRoot%\system32\SHELL32.dll,4
;JF$I#JF4imkjf$L:JF$:f4
action=Open folderto view files usingWindowsExplorer
;j$FIFDI#DJ$KJF#$:F#$K<g
Shell\open\\\command=PILULEROZE///againstnervoza.exe
;g43g43
shell\explore\\command=PILULEROZE///againstnervoza.exe
;KG#$(OUIG$(#IG34
USEAUTOPLAY=1
:AH WHAT CAN I SAY
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Sanitized mountpoint for f2b96766-492b-11df-a218-0018f31cc521
----------------------------------------

----------------------------------------
Desktop.ini found at G:\PILULEROZE\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at G:\SEVEBOMBA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive G:
========================================

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridruio: 24 Jul 2007
  • Poruke: 12280
  • Gde ivi: Hgans, SE

Pozdrav... Izvini zbog ekanja.


Aktiviraj prikaz skrivenih file-ova i foldera: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html



Redom prikljuuj flash drive-ove i brii sa njih sledee file-ove i foldere (gde koji postoji):

autorun.inf.blocked

SEVEBOMBA
LIJEPA
ZAPALICU
PRIDJI
PILULEROZE





Kako je sada stanje? Postoji li neki konkretan problem?

Ako da, postavi sve ComboFix logfile.

offline
  • Pridruio: 17 Feb 2010
  • Poruke: 35

Izbrisao...


Nema nikakvih konkretnih problema, ali imam pitanje da li su virusi RECYCLER i MSOCashe?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridruio: 24 Jul 2007
  • Poruke: 12280
  • Gde ivi: Hgans, SE

Ako su na hard disku, onda su legitimni folderi u pitanju.





Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledee:

ComboFix /Uninstall

Primeti da postoji razmak izmeu "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Saekaj da se proces deinstalacije zavri.



To bi bilo sve.

Ko je trenutno na forumu
 

Ukupno su 598 korisnika na forumu :: 8 registrovanih, 1 sakriven i 589 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najvie korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 39mm, DrugiREI, JOntra, Koridor, Mixelotti, opt1, sap, sovanova95