MyCity » Ambulanta -> Arhiva Ambulante » USB Recicler

USB Recicler

Napisano na dan: 13.7.2009

USB Recicler
Sledeća strana Pagination

Idi na vrh

Poslao: 13 Jul 2009 14:19
Idi na vrh
offline

Pozdrav...Kao zastitu od USB Virusa koristim USB Disk Security i Eset Smart Security.Medjutim oni nisu uopste reagovali kada sam prikljucio USB koji sam donio iz Internet kluba.Kada je desni klik na misu prestao radit kako treba onda sam zakljucio da nesto neštima.Skenirao sam ga kasnije sa USB Disk Security i pokazao dj neki recicler i jos ponesto ali je vec bilo kasno.
Kompjuter sam skenirao sa Kasperski Virus Removal Tool i Malwareboytes AntiMalware ali nisu ništa pronašli.Uglavnom koliko sam primijetio Ikone na desni klik ne mogu otvarat
Evo prvi log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:40, on 7/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\USB Disk Security\USBGuard .exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ss\Desktop\12345678\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link by Dr.Web - drweb.com/online/drweb-online-en.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C461AA1-D710-4D3B-B870-BA1B8A8BD174}: NameServer = 77.78.192.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C461AA1-D710-4D3B-B870-BA1B8A8BD174}: NameServer = 77.78.192.10
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avp - Unknown owner - F:\avp.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - G:\NOD32 PORTABLE\nod32krn.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5806 bytes


A EVO I LOG OD COMBOFIXA


ComboFix 09-07-12.03 - ss 07/13/2009 13:53.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.449 [GMT 2:00]
Running from: c:\documents and settings\ss\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ss\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\windows\desktop
c:\windows\Installer\15768d7.msp
c:\windows\Installer\1a48c9b.msi
c:\windows\Installer\21a16ab.msp
c:\windows\Installer\24d0922.msi
c:\windows\Installer\2901006.msp
c:\windows\Installer\2bfbf.msi
c:\windows\Installer\39199.msi
c:\windows\Installer\41d35.msi
c:\windows\Installer\56dc8.msi
c:\windows\Installer\5ebf83.msi
c:\windows\Installer\8174fd.msp
c:\windows\Installer\9d0e2d.msp
c:\windows\Installer\a9c194.msp
c:\windows\system32\OGACheckControl.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 09:07 . 2009-07-13 09:07 488960 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\Autorun Virus Remover 2.3\%ProgramFilesDir%\AutorunRemover\AutorunRemover.exe
2009-07-12 12:08 . 2009-07-12 12:08 -------- d-----w- c:\program files\Glary Utilities
2009-07-11 13:03 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 13:03 . 2009-07-11 13:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 13:03 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 10:33 . 2009-07-11 10:33 -------- d-----w- c:\documents and settings\ss\Application Data\ESET
2009-07-11 10:30 . 2009-07-11 10:30 -------- d-----w- c:\program files\ESET
2009-07-10 20:41 . 2009-07-11 09:36 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-10 16:57 . 2009-07-10 16:57 -------- d-----w- c:\windows\system32\URTTEMP
2009-07-10 14:41 . 2009-07-10 14:41 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-09 14:50 . 2009-07-10 14:41 -------- d-----w- c:\program files\WinRAR(2)
2009-07-09 12:38 . 2009-07-11 12:48 -------- d-----w- c:\program files\TrojanHunter 5.1
2009-07-08 14:47 . 2009-07-08 14:47 -------- d-----w- c:\windows\Downloaded Installations
2009-07-07 16:06 . 2009-07-07 16:06 -------- d-----w- c:\program files\Driver-Soft
2009-07-06 16:31 . 2009-07-06 16:31 7680 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\Driver Genius Professional Edition\4000005100002i\Liveupdate.exe
2009-07-06 16:29 . 2009-07-06 16:29 7680 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\Driver Genius Professional Edition\40000049b00002i\DriverGenius.exe
2009-07-02 17:13 . 2009-07-02 17:14 -------- d-----w- c:\documents and settings\ss\Local Settings\Application Data\Adobe
2009-06-20 15:41 . 2009-06-20 15:41 7680 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\Malwarebytes' Anti-Malware\40000013c00002i\mbam.exe
2009-06-20 15:41 . 2009-06-20 15:41 7680 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\Malwarebytes' Anti-Malware\4000008000002i\Splash Screen.exe
2009-06-18 14:51 . 2009-06-18 14:51 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-06-17 13:15 . 2001-08-17 11:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-06-17 13:15 . 2001-08-17 11:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-06-17 13:15 . 2009-06-17 13:15 -------- d-----w- c:\program files\CONEXANT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 11:57 . 2009-03-28 10:20 119011360 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-13 11:57 . 2009-03-28 10:20 1869600 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-13 11:46 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf.sys
2009-07-13 11:45 . 2009-03-28 10:20 177056 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-13 11:45 . 2009-03-28 10:20 1396916 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-13 09:07 . 2009-06-06 16:38 43560 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\Autorun Virus Remover 2.3\%ProgramFilesDir%\AutorunRemover\kernel.dll
2009-07-12 10:35 . 2008-05-13 16:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-11 15:27 . 2009-06-07 17:49 117760 ----a-w- c:\documents and settings\ss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-11 13:06 . 2009-03-12 11:24 -------- d-----w- c:\program files\USB Disk Security
2009-07-11 10:30 . 2009-05-11 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-11 09:43 . 2008-04-07 14:20 -------- d-----w- c:\documents and settings\ss\Application Data\IDM
2009-07-11 09:40 . 2008-04-07 14:20 -------- d-----w- c:\documents and settings\ss\Application Data\DMCache
2009-07-10 17:44 . 2008-04-23 16:34 192512 ----a-w- c:\windows\system32\txmlutil.dll
2009-07-09 13:50 . 2008-09-29 17:43 -------- d-----w- c:\documents and settings\ss\Application Data\TrojanHunter
2009-07-08 15:09 . 2008-11-24 10:27 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-07 16:05 . 2009-06-10 18:29 -------- d-----w- c:\documents and settings\ss\Application Data\Uniblue
2009-07-07 16:05 . 2009-06-10 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-07 16:05 . 2009-06-10 18:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-07-03 09:31 . 2008-01-12 21:16 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 17:59 . 2009-06-07 17:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-25 17:58 . 2008-10-03 15:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 15:41 . 2009-05-26 09:47 -------- d-----w- c:\documents and settings\ss\Application Data\Thinstall
2009-06-15 08:58 . 2009-02-09 10:37 -------- d-----w- c:\program files\iStar
2009-06-14 16:47 . 2008-03-13 16:30 -------- d-----w- c:\program files\Windows Live
2009-06-11 17:35 . 2009-06-11 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-06-11 16:38 . 2009-06-11 16:38 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-10 17:46 . 2009-06-10 17:46 -------- d-----w- c:\program files\MSECache
2009-06-09 10:41 . 2009-06-09 10:41 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-07 17:42 . 2009-06-07 17:42 -------- d-----w- c:\documents and settings\ss\Application Data\SUPERAntiSpyware.com
2009-06-04 16:26 . 2009-06-04 16:26 7680 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\NOD32 antivirus system\4000001900003i\pskill.exe
2009-06-04 16:26 . 2009-06-04 16:26 7680 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\NOD32 antivirus system\4ad000006100003i\cmd.exe
2009-06-04 16:26 . 2009-06-04 16:26 7680 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\NOD32 antivirus system\400000f200002i\nod32kui.exe
2009-06-04 16:26 . 2009-06-04 16:26 7680 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\NOD32 antivirus system\4000007e00002i\nod32-killer.exe
2009-06-04 16:25 . 2009-06-04 16:25 7680 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\NOD32 antivirus system\4000008900002i\nod32krn.exe
2009-06-04 16:24 . 2009-06-04 16:24 303104 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\Virus Cleaner\40000035200002i\last MCleaner.exe
2009-06-01 19:35 . 2009-06-01 19:35 -------- d-----w- c:\documents and settings\ss\Application Data\WinPatrol
2009-05-31 17:40 . 2008-08-19 19:09 -------- d-----w- c:\documents and settings\ss\Application Data\URSoft
2009-05-31 12:15 . 2009-05-31 12:13 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-29 17:39 . 2009-05-29 17:39 303104 ----a-w- c:\documents and settings\ss\Application Data\Thinstall\Virus Cleaner\4000008000002i\Splash Screen.exe
2009-05-29 17:37 . 2009-05-29 17:27 -------- d-----w- c:\documents and settings\ss\Application Data\Codemonster
2009-05-29 11:38 . 2009-05-29 11:38 687104 ----a-w- c:\windows\is-NM6M6.exe
2009-05-29 11:25 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(3)(6).sys
2009-05-29 11:19 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(4)(4).sys
2009-05-29 11:15 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(5)(4).sys
2009-05-29 11:01 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(6)(3).sys
2009-05-29 09:42 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(7)(3).sys
2009-05-29 09:31 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(Cool(3).sys
2009-05-29 09:22 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(3)(5).sys
2009-05-28 17:26 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(4)(3).sys
2009-05-28 16:02 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(5)(3).sys
2009-05-28 09:48 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(6)(2).sys
2009-05-27 20:50 . 2009-05-27 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-27 20:41 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(7)(2).sys
2009-05-27 19:06 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(Cool(2).sys
2009-05-27 18:59 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(3)(7).sys
2009-05-27 18:47 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(4)(5).sys
2009-05-27 18:41 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(5)(5).sys
2009-05-27 18:33 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(6)(4).sys
2009-05-27 18:30 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(7)(4).sys
2009-05-27 18:27 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(Cool(4).sys
2009-05-27 18:23 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(9)(4).sys
2009-05-27 18:23 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(26)(2).sys
2009-05-27 16:42 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(10)(2).sys
2009-05-27 16:07 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(11)(2).sys
2009-05-27 15:27 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(12)(2).sys
2009-05-27 15:09 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(13)(2).sys
2009-05-27 15:06 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(14)(2).sys
2009-05-27 15:04 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(15)(2).sys
2009-05-27 15:02 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(16)(2).sys
2009-05-27 14:49 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(17)(2).sys
2009-05-27 14:43 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(1Cool(2).sys
2009-05-27 14:39 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(19)(2).sys
2009-05-27 14:36 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(20)(2).sys
2009-05-27 14:33 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(21)(2).sys
2009-05-27 14:26 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(22)(2).sys
2009-05-27 14:22 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(23)(2).sys
2009-05-27 11:57 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(24)(2).sys
2009-05-27 11:06 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(25)(2).sys
2009-05-26 16:45 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(9)(2).sys
2009-05-26 09:00 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(9)(3).sys
2009-05-25 15:25 . 2009-03-13 11:50 -------- d-----w- c:\program files\Ace Utilities
2009-05-05 09:20 . 2009-05-05 09:20 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-04-27 12:21 . 2009-05-05 09:20 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2006-03-22 22:18 . 2006-03-22 22:18 4720 ----a-w- c:\program files\Readme and Notes.txt
2006-03-22 22:13 . 2006-03-22 22:13 1591808 -c--a-w- c:\program files\Install FreeRAM XP Pro 1.52.exe
2009-07-10 17:43 . 2008-08-13 17:02 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-01-13 22:42 . 2008-01-13 22:42 569 -csha-w- c:\windows\system32\mmf(2).sys
2008-10-14 13:28 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(3)(2).sys
2008-10-15 10:10 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(3)(3).sys
2008-10-15 09:31 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(3)(4).sys
2008-10-15 05:30 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(4)(2).sys
2008-10-15 09:31 . 2008-01-13 22:42 569 --sha-w- c:\windows\system32\mmf(5)(2).sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-07-11 27660]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete\0autocheck autochk *\0crcnat.exe\0lsdelete\0sasnative32

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\documents and settings\ss\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AFPAnsi;CafeSuite File Protector;c:\windows\system32\AFPAnsi.sys [6/1/2003 3:34 39456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 72944]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 8:21 468224]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [1/14/2008 0:42 2560]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/5/2009 11:20 604416]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [8/18/2008 9:55 2831232]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\drivers\fetnd6v.sys [9/22/2008 12:20 43520]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 7408]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [10/18/2007 12:31 98328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-07-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-12 14:55]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1659004503-725345543-1003.job
- c:\documents and settings\ss\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 11:49]

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{BAF528C1-6FA3-4B64-9902-EA7E7FFB898D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uDefault_Search_URL = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scan link by Dr.Web - drweb.com/online/drweb-online-en.html
TCP: {1C461AA1-D710-4D3B-B870-BA1B8A8BD174} = 77.78.192.10
FF - ProfilePath - c:\documents and settings\ss\Application Data\Mozilla\Firefox\Profiles\4j4o5j9d.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-13 13:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:d7,7a,ea,31,a0,f7,22,dd,b6,43,6f,32,07,8b,4a,0a,e2,6f,a8,1b,53,71,0d,
78,d5,ad,68,1b,c8,4a,9b,03
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,aa,6b,6f,c8,5d,d1,dd,
70,c8,0c,a2,71,14,a4,b5,05,7d,2c,84,8d,ff,2b,de,6d,f8,f2,70,94,19,43,ce,bd,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:58,92,5a,34,3f,c6,a5,c5
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,61,5a,c0,6c,22,7e,83,13,6e,44,91,28,69,cc,01,dd
"8"=hex:f5,32,7e,24,e2,7b,5d,33,2f,96,c6,d4,4c,56,cf,34,de,23,28,2b,ea,94,31,
71,af,73,37,99,c0,4a,5a,a2
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1344)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-13 14:00
ComboFix-quarantined-files.txt 2009-07-13 12:00

Pre-Run: 8.630.145.024 bytes free
Post-Run: 8.649.318.400 bytes free

328 --- E O F --- 2008-07-18 17:39

Poslao: 13 Jul 2009 19:44
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

1. Gde piše da treba da postaviš ComboFix log?
2. Zašto nisi ispratio uputstvo za kreiranje HijackThis loga?


Ovo pod 1 i/ili 2 će idući put za rezultat imati brisanje teme i onemogućavanje otvaranja novih.


-------------------------------------------------------------------------------------


Što se tiče malware-a, ovde ga nema.

Citat:Uglavnom koliko sam primijetio Ikone na desni klik ne mogu otvarat

Kakve ikone? Šta pokušavaš da otvoriš, flash drive?

Poslao: 14 Jul 2009 21:04
Idi na vrh
offline

Napisano: 13 Jul 2009 22:21

Desni klik na ikonu od nekog programa ne izbacuje mi prozor otvori,kopiraj,novi folder,send to itt,itd nego otvori mali prozor kao kad hocemo refreš desktopa.Ali nema veze riješio sam to sa Trojan Hunter....Hvala i pozzz

Dopuna: 14 Jul 2009 21:04

Dr.Boro, problem je se vratio.Na desktopu nemogu ni ikone ni foldere brisat desnim klikom miša.Što je još gore zakuje pa nemogu ni lijevim klikom ništa uradit, lijevi dvoklik ne radi.Neki trenutni prozorčić se zalijepi na desktopu i ništa ne mogu dok ne restartujem računar...

Poslao: 14 Jul 2009 21:21
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kao što pomenuh, ovde ne vidim aktivan malware (ne samo sada, već ga nije bilo ni u trenutku otvaranja teme).


Preporučio bih da savete potražiš u Windows forumu.

MyCity » Ambulanta -> Arhiva Ambulante » USB Recicler

Ko je trenutno na forumu
 

Ukupno su 1193 korisnika na forumu :: 49 registrovanih, 6 sakrivenih i 1138 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, 9k38, airsuba, AK - 230, Andrija357, Apok, babaroga, bojanM84, Brana01, cavatina, cifra, darios, Denaya, Dimitrise93, djboj, Dorcolac, dragoljub11987, FileFinder, hyla, ikan, Istman, kikisp, kjkszpj, Kubovac, kunktator, kybonacci, laganini123, Lieutenant, Marko Marković, Mercury, Mi lao shu, milenko crazy north, Miloskec, milutin134, mnn2, mrav pesadinac, nemkea71, novator, panzerwaffe, pein, Pohovani_00, procesor, robertino, theNedjeljko, tubular, Tvrtko I, virked, zillbg, |_MeD_|