Tikovnica na laptopu podivljala

1

Tikovnica na laptopu podivljala

offline
  • Pridružio: 28 Maj 2010
  • Poruke: 40

Naime imam laptop HP 6720 i unatrag zadnjih nekoliko dana tipkovnica mi je počela raditi čudne stvari...
Kad uključim velika slova tj. Caps lock, on meni počne pisati malim slovima i obratno, kad su mala on nekad pise velika...
I kad brže pišem brka mi slova...na primjer kad hocu napisati riječ laptop on meni napiše palpto....
Ovo se ne dešava samo u wordu nego svugdje gdje pišem:mail, google..

Inače, ima perioda kad se tipkovnica normalizira, kao sada kad piše normalno, pa poslije opet podivlja...

Problem se počeo ispoljavati prije 10ak dana...

Nisam ništa poduzeo osim vizualnog pregleda tipkovnice dali je nešto upalo između tipki, ali čini se da nije...

Na internet sam spojen preko LANa brzine 100 Mbps...






DDS (Ver_10-03-17.01) - NTFSx86
Run by Dunjich at 21:32:08,81 on sri 09.06.2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.385 [GMT 2:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\csrcs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webshots\3.1.5.7617\webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dunjich\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://flvdirect.iamwired.net/
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
uURLSearchHooks: Yeahhhh Toolbar: {c019fb40-27bc-4db1-a42b-0634cf92b190} - c:\program files\yeahhhh\tbYeah.dll
mWinlogon: Shell=Explorer.exe csrcs.exe
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Yeahhhh Toolbar: {c019fb40-27bc-4db1-a42b-0634cf92b190} - c:\program files\yeahhhh\tbYeah.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} - c:\program files\webshots\3.1.5.7617\WSToolbar4IE.dll
TB: Yeahhhh Toolbar: {c019fb40-27bc-4db1-a42b-0634cf92b190} - c:\program files\yeahhhh\tbYeah.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [run32] c:\win\lsass.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [csrcs] c:\windows\system32\csrcs.exe
StartupFolder: c:\docume~1\dunjich\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7617\Launcher.exe
IE: &Webshots Photo Search - c:\program files\webshots\3.1.5.7617\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dunjich\applic~1\mozilla\firefox\profiles\0gofcvzx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-29 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-29 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-29 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-29 108552]
R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10753\AGCoreService.exe [2010-4-29 20480]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2010-4-29 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2010-4-29 297752]

=============== Created Last 30 ================

2010-06-05 12:41:09 440 --sha-r- c:\windows\system32\autorun.inf
2010-06-02 19:06:40 0 d-----w- C:\printer - Canon
2010-05-29 17:01:46 0 d-sh--r- C:\Win
2010-05-26 19:04:33 421888 ----a-w- c:\windows\system32\ac3filter.acm
2010-05-26 19:04:20 0 d-----w- c:\program files\XP Codec Pack
2010-05-24 17:22:13 0 --sha-r- C:\khq
2010-05-23 18:13:42 0 d-----w- C:\Webshots Data
2010-05-23 18:09:39 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-23 18:09:39 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-23 18:09:35 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-23 18:09:35 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-18 12:56:08 0 d-----w- c:\program files\Conduit
2010-05-18 12:56:07 0 d-----w- c:\program files\Yeahhhh
2010-05-12 18:41:39 106496 ----a-w- c:\windows\system32\cnco510.dll
2010-05-12 18:41:38 57344 ----a-w- c:\windows\system32\CNCI510.DLL
2010-05-12 18:41:38 135168 ----a-w- c:\windows\system32\CNCL510.DLL
2010-05-12 18:41:38 1298432 ----a-w- c:\windows\system32\CNCC510.DLL

==================== Find3M ====================

2010-04-29 06:37:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-29 06:37:34 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-29 06:37:29 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-29 06:37:23 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-29 06:31:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-28 22:08:11 249856 ------w- c:\windows\Setup1.exe
2010-04-28 22:08:08 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-28 21:58:11 87280 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-04-28 21:58:11 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-04-28 21:54:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-04-28 21:54:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-28 21:25:03 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-15 09:31:48 165376 ----a-w- c:\windows\system32\unrar.dll
2008-04-14 17:21:52 1014812 --sha-r- c:\windows\system32\csrcs.exe

============= FINISH: 21:32:28,14 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 28 Maj 2010
  • Poruke: 40

ComboFix 10-06-09.02 - Dunjich 10.06.2010 10:31:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.604 [GMT 2:00]
Running from: c:\documents and settings\Dunjich\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\khq
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin7.dll
C:\Win
c:\win\lsass.exe
c:\win\names.txt
c:\windows\system32\AutoRun.inf
c:\windows\system32\csrcs.exe
D:\khq

.
((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-02 19:06 . 2010-06-02 19:06 -------- d-----w- C:\printer - Canon
2010-05-26 19:04 . 2010-05-26 19:04 -------- d-----w- c:\program files\XP Codec Pack
2010-05-26 19:02 . 2010-05-26 19:07 -------- d-----w- c:\documents and settings\Dunjich\Application Data\Media Player Classic
2010-05-23 18:13 . 2010-05-23 18:13 -------- d-----w- C:\Webshots Data
2010-05-23 18:09 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-23 18:09 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-23 18:09 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-05-23 18:09 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-05-18 12:56 . 2010-05-18 12:56 -------- d-----w- c:\documents and settings\Dunjich\Local Settings\Application Data\Conduit
2010-05-18 12:56 . 2010-05-27 20:17 -------- d-----w- c:\documents and settings\Dunjich\Local Settings\Application Data\Yeahhhh
2010-05-18 12:56 . 2010-05-18 12:56 -------- d-----w- c:\program files\Conduit
2010-05-18 12:56 . 2010-05-18 12:56 -------- d-----w- c:\program files\Yeahhhh
2010-05-16 14:27 . 2010-05-16 14:27 69256 ----a-w- c:\documents and settings\Dunjich\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-12 18:41 . 2010-05-12 18:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-05-12 18:41 . 2010-05-12 18:41 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-05-12 18:41 . 2006-06-29 12:29 106496 ----a-w- c:\windows\system32\cnco510.dll
2010-05-12 18:41 . 2006-07-20 13:51 1298432 ----a-w- c:\windows\system32\CNCC510.DLL
2010-05-12 18:41 . 2006-07-20 13:51 57344 ----a-w- c:\windows\system32\CNCI510.DLL
2010-05-12 18:41 . 2006-05-26 08:54 135168 ----a-w- c:\windows\system32\CNCL510.DLL
2010-05-12 18:41 . 2010-05-12 18:41 -------- d--h--w- c:\program files\CanonBJ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 21:41 . 2010-04-29 06:20 -------- d-----w- c:\documents and settings\Dunjich\Application Data\uTorrent
2010-05-26 19:05 . 2010-04-29 07:30 -------- d-----w- c:\documents and settings\Dunjich\Application Data\vlc
2010-05-11 18:22 . 2010-04-29 09:22 -------- d-----w- c:\documents and settings\Dunjich\Application Data\AGI
2010-05-09 15:43 . 2010-04-29 07:26 -------- d-----w- c:\documents and settings\Dunjich\Application Data\Ahead
2010-05-05 07:48 . 2010-05-05 07:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-02 17:23 . 2010-04-28 21:27 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-01 17:28 . 2010-04-29 05:57 -------- d-----w- c:\program files\MSBuild
2010-05-01 17:27 . 2010-05-01 17:27 -------- d-----w- c:\program files\Reference Assemblies
2010-04-29 09:22 . 2010-04-29 09:22 -------- d-----w- c:\documents and settings\Dunjich\Application Data\Webshots
2010-04-29 09:22 . 2010-04-29 09:22 -------- d-----w- c:\program files\Webshots
2010-04-29 09:22 . 2010-04-29 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\agi
2010-04-29 09:22 . 2010-04-29 09:22 -------- d-----w- c:\program files\AGI
2010-04-29 08:29 . 2010-04-29 07:34 -------- d-----w- c:\program files\hp deskjet 845c series
2010-04-29 07:35 . 2010-04-29 07:35 376 ----a-w- c:\windows\mozregistry.dat
2010-04-29 07:34 . 2010-04-28 21:50 -------- d-----w- c:\program files\Hewlett-Packard
2010-04-29 07:33 . 2010-04-29 07:33 -------- d-----w- c:\program files\GPLGS
2010-04-29 07:31 . 2010-04-29 07:31 -------- d-----w- c:\program files\Acro Software
2010-04-29 07:29 . 2010-04-29 07:29 -------- d-----w- c:\program files\VideoLAN
2010-04-29 07:27 . 2010-04-29 07:25 -------- d-----w- c:\program files\Common Files\Ahead
2010-04-29 07:25 . 2010-04-29 07:25 -------- d-----w- c:\program files\Nero
2010-04-29 06:56 . 2010-04-29 06:56 -------- d-----w- c:\documents and settings\Dunjich\Application Data\oald7
2010-04-29 06:55 . 2010-04-29 06:54 -------- d-----w- c:\program files\QuickTime
2010-04-29 06:54 . 2010-04-29 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2010-04-29 06:53 . 2010-04-29 06:53 -------- d-----w- c:\program files\Oxford
2010-04-29 06:52 . 2010-04-29 06:52 -------- d-----w- c:\documents and settings\Dunjich\Application Data\cald3
2010-04-29 06:52 . 2010-04-29 06:52 -------- d-----w- c:\program files\IDM
2010-04-29 06:51 . 2010-04-29 06:51 -------- d-----w- c:\program files\Cambridge
2010-04-29 06:50 . 2010-04-29 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-29 06:46 . 2010-04-29 06:31 -------- d-----w- c:\documents and settings\Dunjich\Application Data\DAEMON Tools Lite
2010-04-29 06:46 . 2010-04-28 21:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-29 06:37 . 2010-04-28 22:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-29 06:37 . 2010-04-28 22:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-29 06:37 . 2010-04-28 22:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-29 06:37 . 2010-04-28 22:01 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-29 06:37 . 2010-04-28 22:01 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-29 06:31 . 2010-04-29 06:31 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-29 06:31 . 2010-04-29 06:31 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-29 06:31 . 2010-04-29 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-04-29 06:26 . 2010-04-29 06:26 0 ----a-w- c:\windows\nsreg.dat
2010-04-29 06:23 . 2010-04-29 06:22 -------- d-----w- c:\documents and settings\Dunjich\Application Data\BSplayer
2010-04-29 06:23 . 2010-04-29 06:22 -------- d-----w- c:\program files\BS.Player ControlBar
2010-04-29 06:22 . 2010-04-29 06:22 -------- d-----w- c:\program files\Webteh
2010-04-29 06:22 . 2010-04-29 06:22 -------- d-----w- c:\documents and settings\Dunjich\Application Data\BSplayer Pro
2010-04-29 06:20 . 2010-04-29 06:20 -------- d-----w- c:\program files\uTorrent
2010-04-29 06:19 . 2010-04-29 06:10 -------- d-----w- c:\program files\Winamp
2010-04-29 06:11 . 2010-04-29 06:11 -------- d-----w- c:\program files\IrfanView
2010-04-29 06:06 . 2010-04-29 06:03 -------- d-----w- c:\program files\TIRH2006
2010-04-29 05:57 . 2010-04-29 05:57 -------- d-----w- c:\program files\Microsoft Works
2010-04-28 22:09 . 2010-04-28 22:08 -------- d-----w- c:\program files\Rjecnik
2010-04-28 22:08 . 2010-04-28 22:08 249856 ------w- c:\windows\Setup1.exe
2010-04-28 22:08 . 2010-04-28 22:08 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-04-28 22:03 . 2010-04-28 22:03 -------- d-----w- c:\program files\Alfa & Ariss
2010-04-28 22:01 . 2010-04-28 22:01 -------- d-----w- c:\program files\AVG
2010-04-28 22:01 . 2010-04-28 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-04-28 21:59 . 2010-04-28 21:59 -------- d-----w- c:\program files\Intel
2010-04-28 21:58 . 2010-04-28 21:58 -------- d-----w- c:\program files\Broadcom
2010-04-28 21:58 . 2010-04-28 21:58 87280 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-04-28 21:58 . 2010-04-28 21:58 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-04-28 21:55 . 2010-04-28 21:55 -------- d-----w- c:\program files\Synaptics
2010-04-28 21:54 . 2010-04-28 21:50 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-28 21:54 . 2010-04-28 21:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-04-28 21:54 . 2010-04-28 21:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-28 21:50 . 2010-04-28 21:50 -------- d-----w- c:\program files\Analog Devices
2010-04-28 21:28 . 2010-04-28 21:28 -------- d-----w- c:\program files\microsoft frontpage
2010-04-28 21:25 . 2010-04-28 21:25 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-15 09:31 . 2010-04-29 06:24 165376 ----a-w- c:\windows\system32\unrar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2008-07-25 282112]
"{c019fb40-27bc-4db1-a42b-0634cf92b190}"= "c:\program files\Yeahhhh\tbYeah.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]

[HKEY_CLASSES_ROOT\clsid\{c019fb40-27bc-4db1-a42b-0634cf92b190}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c019fb40-27bc-4db1-a42b-0634cf92b190}]
2010-04-15 10:33 2515552 ----a-w- c:\program files\Yeahhhh\tbYeah.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c019fb40-27bc-4db1-a42b-0634cf92b190}"= "c:\program files\Yeahhhh\tbYeah.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{c019fb40-27bc-4db1-a42b-0634cf92b190}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C019FB40-27BC-4DB1-A42B-0634CF92B190}"= "c:\program files\Yeahhhh\tbYeah.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{c019fb40-27bc-4db1-a42b-0634cf92b190}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-04-29 2046816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-04-29 98304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Dunjich\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\3.1.5.7617\Launcher.exe [2010-4-29 157088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-29 06:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [29.4.2010 0:01 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.4.2010 0:01 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.4.2010 0:01 108552]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10753\AGCoreService.exe [29.4.2010 11:22 20480]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [29.4.2010 8:37 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29.4.2010 8:37 297752]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.4.2010 8:31 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flvdirect.iamwired.net/
IE: &Webshots Photo Search - c:\program files\Webshots\3.1.5.7617\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dunjich\Application Data\Mozilla\Firefox\Profiles\0gofcvzx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-run32 - c:\win\lsass.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-06-10 10:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-10 10:35:46
ComboFix-quarantined-files.txt 2010-06-10 08:35

Pre-Run: 17.643.384.832 bytes free
Post-Run: 18.361.995.264 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C6979BC20502F30A09F68D5CE84CAAC3

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 28 Maj 2010
  • Poruke: 40

Napisano: 10 Jun 2010 15:23

argus ::- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.


Hej meni ti baš nije sad jasno zašto ti ovdje spominješ USB uređaje za proveru...
Ne trebam ja proveravati nikakve USB uređaje...

Inače sad mi tipkovnica radi ispravno već drugi dan...da ne ureknem...

Al mislim da bi svakako trebao provjeriti laptop zbog tog malicioznog softvera, jer ako se jednom javio, može i opet.

Dopuna: 10 Jun 2010 15:26

A sad kad malo bolje razmislim, vjerojatno si mislio na provjeru mojih USB uređaja zbog tog malicioznog softvera...
Pardon...
Evo sad ću to napraviti...

Dopuna: 10 Jun 2010 15:34

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 10.6.2010 15:31:13

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {dc2f4e56-5318-11df-b60e-806d6172696f}
C: {dc2f4e58-5318-11df-b60e-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for dc2f4e58-5318-11df-b60e-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for dc2f4e56-5318-11df-b60e-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\WINDOWS\system32\autorun.inf.vir
----------------------------------------
;kaXywQYUGXtWQZFKUXdQDHkQNRbBSDPSiPSEbXSHjSsHRheDBANUUfrhzfTbq
[AuTOrUn
;gCdsNMBXHmaPDIHjoyrtKEAWRaJgJX
open=atplvh.exe
;vmxyTrslRUpBRnzHTslyEOKUrmtEyrpNeVAeneAaePAmLJesAxdahUjikKFXtloLUmVtrHvvQMCPT
shell\open\Command=atplvh.exe
;WxNnztBuyvhFyoxIVtMVLoHcpcjEyurFZaYTkKzRmIMG
shell\open\Default=1
;45F27A231FB5BAE1D91A01280841BEDD8FF80F9CB727D2C7BFC81571
;FVoHMEJDZ
;fWrkrMqkPSQYYsMOdNPunZVwwMVCFIazyfEWrqLiCAXofGtMxcroQFJrPqvaOH
----------------------------------------
========================================
Initial scan finished!
========================================


New device connected at 10.6.2010 15:32:05

Scanning for connected USB mass storage...
----------------------------------------
F: {8e66fc60-7494-11df-b87d-001a73ae4a90}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 8e66fc60-7494-11df-b87d-001a73ae4a90
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 10.6.2010 15:32:10

Scanning for connected USB mass storage...
----------------------------------------
F: {8e66fc60-7494-11df-b87d-001a73ae4a90}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 8e66fc60-7494-11df-b87d-001a73ae4a90
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 10.6.2010 15:32:11

Scanning for connected USB mass storage...
----------------------------------------
F: {8e66fc60-7494-11df-b87d-001a73ae4a90}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 8e66fc60-7494-11df-b87d-001a73ae4a90
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 10.6.2010 15:32:42

Scanning for connected USB mass storage...
----------------------------------------
F: {c6c07b2a-5c45-11df-b7f0-001a4b6afc58}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
autorun.inf found on F:
----------------------------------------
File F:\autorun.inf renamed successfully

Content of F:\autorun.inf.blocked
----------------------------------------
;QoVHakcXV
[AutoRun]
;qtcjyLhYZFtlmusfaCgjokHpWSBlRDvQsqFHnwaOZvSwgmwLR
open=dmfguh.exe
;ilDkltnhqfqxIUimPQDUEiWElmMbavvUCJQJlSWIgSaZaUh
shell\open\Command=dmfguh.exe
;oUehGCGQLlKDRcGChguMhEvPUMVTpLchhqiAonUJJnPcYqrtQhssyWftBzEjzRMXgwNO
shell\open\Default=1
;45F27A231FB5BAE1D91D005A0B3CBEA98F820F9CB727D2C7BFC81571
;JEWmfBZcLDRaUmZOUbsLFkPjsiVRaipoqsrPARoCvFaiNlVT
shell\explore\Command=dmfguh.exe
;AEKwSpyZciSbhsWaJRmWJeP
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
F:\dmfguh.exe -rahs 1014812
----------------------------------------

Sanitized mountpoint for c6c07b2a-5c45-11df-b7f0-001a4b6afc58
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

Mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 10.6.2010 15:33:04

Scanning for connected USB mass storage...
----------------------------------------
F: {b1908d0e-530d-11df-b7c3-d08aefb35ee3}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for b1908d0e-530d-11df-b7c3-d08aefb35ee3
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj - cetvrti po redosledu kako si ih priključivao.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{c6c07b2a-5c45-11df-b7f0-001a4b6afc58}
f_delete: %DRIVE%dmfguh.exe
no_sh:
delete_mimics:
folder_list: %DRIVE%


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;[/quote]

offline
  • Pridružio: 28 Maj 2010
  • Poruke: 40

argus ::- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj - cetvrti po redosledu kako si ih priključivao.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{c6c07b2a-5c45-11df-b7f0-001a4b6afc58}
f_delete: %DRIVE%dmfguh.exe
no_sh:
delete_mimics:
folder_list: %DRIVE%


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;
[/quote]


Ej al ja sam priključio samo 3 USBa, a ne 4 kako si napisao...
Valjda si mislio na 3 po redosljedu, odnosno zadnji koji sam spojio?

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Mislio sam na predzadnji Razz

offline
  • Pridružio: 28 Maj 2010
  • Poruke: 40

Evo ga predzadnji stik od 3 koja sam spojio...






USBNoRisk 2.5 (26 July 2009) by bobby

Started at 10.6.2010 18:19:38

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {dc2f4e56-5318-11df-b60e-806d6172696f}
C: {dc2f4e58-5318-11df-b60e-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for dc2f4e58-5318-11df-b60e-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for dc2f4e56-5318-11df-b60e-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\WINDOWS\system32\autorun.inf.vir
----------------------------------------
;kaXywQYUGXtWQZFKUXdQDHkQNRbBSDPSiPSEbXSHjSsHRheDBANUUfrhzfTbq
[AuTOrUn
;gCdsNMBXHmaPDIHjoyrtKEAWRaJgJX
open=atplvh.exe
;vmxyTrslRUpBRnzHTslyEOKUrmtEyrpNeVAeneAaePAmLJesAxdahUjikKFXtloLUmVtrHvvQMCPT
shell\open\Command=atplvh.exe
;WxNnztBuyvhFyoxIVtMVLoHcpcjEyurFZaYTkKzRmIMG
shell\open\Default=1
;45F27A231FB5BAE1D91A01280841BEDD8FF80F9CB727D2C7BFC81571
;FVoHMEJDZ
;fWrkrMqkPSQYYsMOdNPunZVwwMVCFIazyfEWrqLiCAXofGtMxcroQFJrPqvaOH
----------------------------------------
========================================
Initial scan finished!
========================================


New device connected at 10.6.2010 18:20:04

Scanning for connected USB mass storage...
----------------------------------------
F: {c6c07b2a-5c45-11df-b7f0-001a4b6afc58}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
;QoVHakcXV
[AutoRun]
;qtcjyLhYZFtlmusfaCgjokHpWSBlRDvQsqFHnwaOZvSwgmwLR
open=dmfguh.exe
;ilDkltnhqfqxIUimPQDUEiWElmMbavvUCJQJlSWIgSaZaUh
shell\open\Command=dmfguh.exe
;oUehGCGQLlKDRcGChguMhEvPUMVTpLchhqiAonUJJnPcYqrtQhssyWftBzEjzRMXgwNO
shell\open\Default=1
;45F27A231FB5BAE1D91D005A0B3CBEA98F820F9CB727D2C7BFC81571
;JEWmfBZcLDRaUmZOUbsLFkPjsiVRaipoqsrPARoCvFaiNlVT
shell\explore\Command=dmfguh.exe
;AEKwSpyZciSbhsWaJRmWJeP
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
F:\dmfguh.exe -rahs 1014812
----------------------------------------

----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for c6c07b2a-5c45-11df-b7f0-001a4b6afc58
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

Mimics found on drive F:
========================================


Processing script
----------------------------------------
c6c07b2a-5c45-11df-b7f0-001a4b6afc58
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 4
f_delete:
file "F:\dmfguh.exe" deleted successfully
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
dra-- F:\Extras > unhidden
dra-- F:\Office11 - Disc 2 - FrontPage > unhidden
dra-- F:\Office11 - Disc 1 - Professional > unhidden
dra-- F:\Office11 - Disc 4 - Project > unhidden
dra-- F:\Office11 - Disc 3 - Visio > unhidden
dra-- F:\Office11 - Disc 5 - OneNote > unhidden
----------------------------------------
Deleting mimics:
----------------------------------------
f_delete: C:\Win\lsass.exe > File does not exist!
----------------------------------------
Folder list for F:\:
----------------------------------------

dra--   0   F:\Extras   F:\Extras
dra--   0   F:\OFFICE~1   F:\Office11 - Disc 2 - FrontPage
dra--   0   F:\OFFICE~2   F:\Office11 - Disc 1 - Professional
dra--   0   F:\OFFICE~3   F:\Office11 - Disc 4 - Project
dra--   0   F:\OFFICE~4   F:\Office11 - Disc 3 - Visio
--a--   2056   F:\_Serial.txt   F:\_Serial.txt
--a--   1101824   F:\AutoRun.exe   F:\AutoRun.exe
--a--   766   F:\AutoRun.ico   F:\AutoRun.ico
--a--   4688   F:\AutoRun.apm   F:\AutoRun.apm
dra--   0   F:\OF7005~1   F:\Office11 - Disc 5 - OneNote
d----   0   F:\AutoRun   F:\AutoRun
--a--   625397   F:\Extras.exe   F:\Extras.exe
--a--   625397   F:\OFFICE~1.EXE   F:\Office11 - Disc 2 - FrontPage.exe
--a--   625397   F:\OFFICE~2.EXE   F:\Office11 - Disc 1 - Professional.exe
--a--   625397   F:\OFFICE~3.EXE   F:\Office11 - Disc 4 - Project.exe
--a--   625397   F:\OFFICE~4.EXE   F:\Office11 - Disc 3 - Visio.exe
--a--   625397   F:\OF9CB6~1.EXE   F:\Office11 - Disc 5 - OneNote.exe
--a--   436   F:\AUTORU~1.BL~   F:\autorun.inf.blocked

----------------------------------------

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{c6c07b2a-5c45-11df-b7f0-001a4b6afc58}
f_delete: %DRIVE%dmfguh.exe
f_delete: %DRIVE%Extras.exe
f_delete: %DRIVE%OFFICE~1.EXE
f_delete: %DRIVE%OFFICE~2.EXE
f_delete: %DRIVE%OFFICE~3.EXE
f_delete: %DRIVE%OFFICE~4.EXE
f_delete: %DRIVE%OF9CB6~1.EXE
f_delete: %DRIVE%FrontPage.exe
f_delete: %DRIVE%Professional.exe
f_delete: %DRIVE%Project.exe
f_delete: %DRIVE%Visio.exe
f_delete: %DRIVE%OneNote.exe
delete_blocked:
folder_list %DRIVE%


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

-------------------------

Imas na flashu fajl AutoRun.exe

Uploaduj ga preko ovog linka http://www.mycity.rs/ambulanta-upload.php

Da li si nekada kreirao neki autorun meni na tom flashu

Ko je trenutno na forumu
 

Ukupno su 607 korisnika na forumu :: 15 registrovanih, 2 sakrivenih i 590 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, croato, Drug pukovnik, galijot, Georgius, helen1, ladro, shaja1, Smd, sokars, Trpe Grozni, vathra, wolverined4, yrraf, zlaya011