MyCity » Ambulanta -> Arhiva Ambulante » Win32

Win32

Napisano na dan: 6.3.2009

Strana:
1
2

Win32

Sledeća strana

Pagination

Odgovori

Strana:
1
2

bucko28 Poslao: 06 Mar 2009 00:51 Idi na vrh
offline bucko28 Novi MyCity građanin Pridružio: 06 Mar 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:33:06 AM, on 3/6/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\milos\Desktop\New Folder\TR3.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\gg.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 2945 bytes Pocelo je tako sto je racunar sporije radio, onda je poceo da otvara foldere u razlicitom prozoru (iako je podesen da ih otvara u istom, sto i dalje stoji u podesavanjima), kada se dize sistem prijavljuje gresku system win32...nece da prikaze skrivene foldere na komandu... Drug mi je rekao da je verovatno virus i reinstalirao windows, ali nakon toga je poceo da stvara slicne probleme.

Profil

argus Poslao: 06 Mar 2009 11:36 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

bucko28 Poslao: 07 Mar 2009 04:30 Idi na vrh
offline bucko28 Novi MyCity građanin Pridružio: 06 Mar 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-04.01 - milos 2009-03-07 4:23:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.210 [GMT 1:00] Running from: c:\documents and settings\milos\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1169 [VPS 090306-0] On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\windows\system32\mpg4c32.dll D:\Autorun.inf E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 ))))))))))))))))))))))))))))))) . 2009-03-07 04:16 . 2009-03-07 04:16 <DIR> d-------- c:\windows\LastGood 2009-03-07 02:58 . 2009-03-07 02:58 <DIR> d-------- c:\documents and settings\milos\Application Data\CyberLink 2009-03-07 02:56 . 2009-03-07 02:56 <DIR> d-------- c:\program files\CyberLink 2009-03-07 02:56 . 2009-03-07 02:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink 2009-03-07 02:54 . 2009-03-07 02:54 <DIR> d-------- c:\documents and settings\milos\Application Data\Media Player Classic 2009-03-07 00:59 . 2009-03-07 00:59 <DIR> d-------- c:\windows\system32\Lang 2009-03-07 00:59 . 2009-03-07 00:59 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-03-07 00:59 . 2009-03-07 00:59 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-03-07 00:41 . 2009-03-07 00:41 <DIR> d-------- c:\program files\Winamp 2009-03-07 00:41 . 2009-03-07 00:43 <DIR> d-------- c:\documents and settings\milos\Application Data\Winamp 2009-03-06 00:17 . 2006-09-06 17:43 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-03-06 00:11 . 2009-03-07 04:22 <DIR> d--h----- c:\windows\$hf_mig$ 2009-03-06 00:07 . 2008-12-21 00:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-03-06 00:07 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-03-06 00:07 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-03-06 00:07 . 2008-12-21 00:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-03-06 00:07 . 2008-12-21 00:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-03-06 00:07 . 2008-12-21 00:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-03-06 00:07 . 2008-12-21 00:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-03-06 00:07 . 2008-12-21 00:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-03-06 00:07 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-03-05 23:42 . 2009-03-05 23:42 107,134 --a------ c:\windows\UninstallFirefox.exe 2009-03-05 23:42 . 2009-03-05 23:42 2,301 --a------ c:\windows\mozver.dat 2009-03-05 23:42 . 2009-03-05 23:42 0 --a------ c:\windows\nsreg.dat 2009-03-05 23:36 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2009-03-05 23:36 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-05 16:24 . 2009-03-05 16:24 <DIR> d-------- c:\program files\Alwil Software 2009-03-05 16:24 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll 2009-03-05 16:24 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll 2009-03-05 16:20 . 2009-03-05 16:20 <DIR> d-------- c:\program files\Eset 2009-03-05 15:00 . 2009-03-05 15:00 <DIR> d---s---- c:\documents and settings\milos\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-07 01:56 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-07 01:55 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-05 13:35 --------- d-----w c:\program files\Realtek Sound Manager 2009-03-05 13:35 --------- d-----w c:\program files\Realtek AC97 2009-03-05 13:35 --------- d-----w c:\program files\AvRack 2009-03-05 13:34 --------- d-----w c:\program files\AMD 2009-03-05 13:26 --------- d-----w c:\program files\Webteh 2009-03-05 13:25 --------- d-----w c:\program files\K-Lite Codec Pack 2009-03-05 13:21 26,288 ----a-w c:\windows\system32\UninstAvpack.exe 2009-03-05 13:21 --------- d-----w c:\program files\Avpack 2009-03-05 13:07 --------- d-----w c:\program files\microsoft frontpage 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ffdshow.ax "vidc.ffds"= ffdshow.ax "vidc.VP31"= vp31vfw.dll "vidc.VP40"= vp4vfw.dll "vidc.VP50"= vp5vfw.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.l3codecp"= l3codecp.acm "msacm.divxa32"= DivXa32.acm "msacm.CoreFLAC_ACM"= CoreFLAC_ACM.acm "msacm.qmpeg"= qmpeg.acm "vidc.3iv2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService] -ra------ 2004-06-11 04:15 83968 c:\windows\system32\nvraidservice.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-05 75856] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-05 20560] --- Other Services/Drivers In Memory --- NewlyCreated - UDFS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{584a4ea5-098b-11de-8f63-806d6172696f}] \Shell\AutoRun\command - F:\gg.exe 0o \Shell\explore\Command - F:\gg.exe 0e \Shell\open\Command - F:\gg.exe 0o . - - - - ORPHANS REMOVED - - - - HKLM-Run-ctfmon.exe - c:\windows\gg.exe HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe MSConfigStartUp-CTFMON - c:\windows\gg.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ FF - ProfilePath - c:\documents and settings\milos\Application Data\Mozilla\Firefox\Profiles\rvr8sz2x.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-07 04:23:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-03-07 4:24:32 ComboFix-quarantined-files.txt 2009-03-07 03:24:30 Pre-Run: 17,214,238,720 bytes free Post-Run: 17,245,507,584 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NoExecute=AlwaysOff /fastdetect 139 --- E O F --- 2009-03-06 20:46:40 Evo ga! Hvala puno, cekam dalja uputstva...sa nestrpljenjem! ))

Profil

argus Poslao: 07 Mar 2009 10:19 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, reci mi da li imas neki flash drive? Ako imas, nemoj da ga prikljucujes na racunar dok ne zavrsimo sa ciscenjem, posle cu ti dati dalja uputstva. Sada uradi sledece: Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{584a4ea5-098b-11de-8f63-806d6172696f}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bucko28 Poslao: 10 Mar 2009 23:05 Idi na vrh
offline bucko28 Novi MyCity građanin Pridružio: 06 Mar 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-10.01 - milos 2009-03-10 22:55:50.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.86 [GMT 1:00] Running from: c:\documents and settings\milos\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\milos\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090310-0] On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 ))))))))))))))))))))))))))))))) . 2009-03-09 16:55 . 2009-03-09 16:55 <DIR> d-------- c:\program files\Java 2009-03-09 16:55 . 2009-03-10 16:25 <DIR> d-------- c:\documents and settings\milos\Application Data\LimeWire 2009-03-09 16:55 . 2009-03-09 16:55 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-09 16:55 . 2009-03-09 16:55 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-09 16:53 . 2009-03-10 16:25 <DIR> d-------- c:\program files\LimeWire 2009-03-07 04:18 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-03-07 04:17 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-07 04:17 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-07 04:17 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-07 04:17 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-07 02:58 . 2009-03-07 02:58 <DIR> d-------- c:\documents and settings\milos\Application Data\CyberLink 2009-03-07 02:56 . 2009-03-07 02:56 <DIR> d-------- c:\program files\CyberLink 2009-03-07 02:56 . 2009-03-07 02:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink 2009-03-07 02:54 . 2009-03-07 02:54 <DIR> d-------- c:\documents and settings\milos\Application Data\Media Player Classic 2009-03-07 00:59 . 2009-03-07 00:59 <DIR> d-------- c:\windows\system32\Lang 2009-03-07 00:59 . 2009-03-07 00:59 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-03-07 00:59 . 2009-03-07 00:59 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-03-07 00:41 . 2009-03-07 00:41 <DIR> d-------- c:\program files\Winamp 2009-03-07 00:41 . 2009-03-07 00:43 <DIR> d-------- c:\documents and settings\milos\Application Data\Winamp 2009-03-06 00:17 . 2006-09-06 17:43 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-03-06 00:11 . 2009-03-07 06:24 <DIR> d--h----- c:\windows\$hf_mig$ 2009-03-06 00:07 . 2008-12-21 00:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-03-06 00:07 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-03-06 00:07 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-03-06 00:07 . 2008-12-21 00:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-03-06 00:07 . 2008-12-21 00:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-03-06 00:07 . 2008-12-21 00:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-03-06 00:07 . 2008-12-21 00:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-03-06 00:07 . 2008-12-21 00:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-03-06 00:07 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-03-05 23:42 . 2009-03-05 23:42 107,134 --a------ c:\windows\UninstallFirefox.exe 2009-03-05 23:42 . 2009-03-05 23:42 2,301 --a------ c:\windows\mozver.dat 2009-03-05 23:42 . 2009-03-05 23:42 0 --a------ c:\windows\nsreg.dat 2009-03-05 23:36 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys 2009-03-05 23:36 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-05 16:24 . 2009-03-05 16:24 <DIR> d-------- c:\program files\Alwil Software 2009-03-05 16:24 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll 2009-03-05 16:24 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll 2009-03-05 16:20 . 2009-03-05 16:20 <DIR> d-------- c:\program files\Eset 2009-03-05 15:00 . 2009-03-05 15:00 <DIR> d--hs---- c:\documents and settings\milos\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-07 01:56 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-07 01:55 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-05 13:35 --------- d-----w c:\program files\Realtek Sound Manager 2009-03-05 13:35 --------- d-----w c:\program files\Realtek AC97 2009-03-05 13:35 --------- d-----w c:\program files\AvRack 2009-03-05 13:34 --------- d-----w c:\program files\AMD 2009-03-05 13:26 --------- d-----w c:\program files\Webteh 2009-03-05 13:25 --------- d-----w c:\program files\K-Lite Codec Pack 2009-03-05 13:21 26,288 ----a-w c:\windows\system32\UninstAvpack.exe 2009-03-05 13:21 --------- d-----w c:\program files\Avpack 2009-03-05 13:07 --------- d-----w c:\program files\microsoft frontpage 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((( SnapShot@2009-03-07_ 4.24.07.65 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys + 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\updspapi.dll + 2007-08-13 17:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-IE7\vgx.dll + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll + 2007-07-12 23:31:54 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll + 2009-03-09 15:53:24 77,824 ----a-r c:\windows\Installer\{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}\ARPPRODUCTICON.exe - 2009-03-05 13:06:55 8,738 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin + 2009-03-09 02:00:16 8,972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin - 2009-03-05 13:06:53 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat + 2009-03-09 02:00:52 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat - 2009-03-05 13:06:55 2,112 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin + 2009-03-09 02:00:52 2,722 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin - 2004-08-04 12:00:00 100,352 ----a-w c:\windows\system32\6to4svc.dll + 2006-08-16 11:58:05 100,352 ----a-w c:\windows\system32\6to4svc.dll - 2008-03-29 18:45:49 1,146,232 ----a-w c:\windows\system32\aswBoot.exe + 2009-02-05 21:11:35 1,256,296 ----a-w c:\windows\system32\aswBoot.exe - 2008-03-29 18:23:22 95,608 ----a-w c:\windows\system32\AvastSS.scr + 2009-02-05 21:04:45 97,480 ----a-w c:\windows\system32\AvastSS.scr - 2004-08-04 12:00:00 100,352 -c--a-w c:\windows\system32\dllcache\6to4svc.dll + 2006-08-16 11:58:05 100,352 -c--a-w c:\windows\system32\dllcache\6to4svc.dll - 2004-08-04 12:00:00 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys + 2008-08-14 09:51:43 138,368 -c----w c:\windows\system32\dllcache\afd.sys - 2004-08-04 12:00:00 148,480 -c--a-w c:\windows\system32\dllcache\dnsapi.dll + 2008-06-20 17:41:10 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll - 2004-08-04 12:00:00 243,200 -c--a-w c:\windows\system32\dllcache\es.dll + 2008-07-07 20:32:22 253,952 -c--a-w c:\windows\system32\dllcache\es.dll - 2004-08-04 12:00:00 278,016 -c--a-w c:\windows\system32\dllcache\gdi32.dll + 2008-10-23 13:01:36 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll - 2004-08-04 12:00:00 678,400 -c--a-w c:\windows\system32\dllcache\inetcomm.dll + 2008-04-11 18:50:43 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll - 2004-08-04 12:00:00 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe + 2008-06-10 00:31:06 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe - 2004-08-04 12:00:00 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll + 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll - 2004-08-04 12:00:00 73,728 -c--a-w c:\windows\system32\dllcache\mscms.dll + 2008-06-24 16:23:05 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll - 2004-08-04 12:00:00 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll + 2008-06-20 17:41:10 245,248 -c--a-w c:\windows\system32\dllcache\mswsock.dll - 2004-08-04 12:00:00 1,236,480 -c--a-w c:\windows\system32\dllcache\msxml3.dll + 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll - 2004-08-04 12:00:00 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll + 2008-10-15 16:57:55 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll - 2004-08-04 12:00:00 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll + 2008-05-07 05:18:48 1,287,680 -c--a-w c:\windows\system32\dllcache\quartz.dll - 2004-08-04 12:00:00 200,064 -c--a-w c:\windows\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys - 2004-08-04 12:00:00 8,384,000 -c--a-w c:\windows\system32\dllcache\shell32.dll + 2008-07-03 13:16:57 8,454,656 -c--a-w c:\windows\system32\dllcache\shell32.dll - 2004-08-04 12:00:00 336,256 -c--a-w c:\windows\system32\dllcache\srv.sys + 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys - 2004-08-04 12:00:00 246,302 -c--a-w c:\windows\system32\dllcache\strmdll.dll + 2008-10-03 10:15:47 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll - 2004-08-04 12:00:00 359,040 -c--a-w c:\windows\system32\dllcache\tcpip.sys + 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys - 2004-08-04 12:00:00 223,616 -c--a-w c:\windows\system32\dllcache\tcpip6.sys + 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys - 2007-08-13 17:54:10 765,952 -c--a-w c:\windows\system32\dllcache\VGX.dll + 2008-05-27 17:23:58 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll - 2004-08-04 12:00:00 1,835,904 -c--a-w c:\windows\system32\dllcache\win32k.sys + 2008-09-15 11:57:41 1,846,016 -c--a-w c:\windows\system32\dllcache\win32k.sys - 2004-08-04 12:00:00 1,050,624 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll + 2008-06-10 17:18:18 1,053,696 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll - 2004-08-04 12:00:00 2,105,344 -c--a-w c:\windows\system32\dllcache\wmvcore.dll + 2008-11-07 17:32:20 2,109,440 -c--a-w c:\windows\system32\dllcache\WMVCore.dll - 2004-08-04 12:00:00 148,480 ----a-w c:\windows\system32\dnsapi.dll + 2008-06-20 17:41:10 148,992 ----a-w c:\windows\system32\dnsapi.dll - 2008-03-29 18:26:52 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys + 2009-02-05 21:05:11 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys - 2004-08-04 12:00:00 138,496 ----a-w c:\windows\system32\drivers\afd.sys + 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys - 2008-03-29 18:35:49 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys + 2009-02-05 21:07:12 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys - 2008-01-17 16:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys + 2009-02-05 21:08:19 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys - 2008-03-29 18:35:21 94,544 ----a-w c:\windows\system32\drivers\aswmon2.sys + 2009-02-05 21:08:10 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys - 2008-03-29 18:29:08 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys + 2009-02-05 21:06:10 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys - 2008-03-29 18:31:34 75,856 ----a-w c:\windows\system32\drivers\aswSP.sys + 2009-02-05 21:07:23 114,768 ----a-w c:\windows\system32\drivers\aswSP.sys - 2008-03-29 18:27:33 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys + 2009-02-05 21:06:20 51,376 ----a-w c:\windows\system32\drivers\aswTdi.sys - 2004-08-04 12:00:00 451,456 ----a-w c:\windows\system32\drivers\mrxsmb.sys + 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys - 2004-08-04 12:00:00 200,064 ----a-w c:\windows\system32\drivers\RMCast.sys + 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys - 2004-08-04 12:00:00 336,256 ----a-w c:\windows\system32\drivers\srv.sys + 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys - 2004-08-04 12:00:00 359,040 ----a-w c:\windows\system32\drivers\tcpip.sys + 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys - 2004-08-04 12:00:00 223,616 ----a-w c:\windows\system32\drivers\tcpip6.sys + 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys - 2004-08-04 12:00:00 243,200 ----a-w c:\windows\system32\es.dll + 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll - 2009-03-05 13:10:51 90,296 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-03-07 12:52:11 90,296 ----a-w c:\windows\system32\FNTCACHE.DAT - 2004-08-04 12:00:00 278,016 ----a-w c:\windows\system32\gdi32.dll + 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll - 2004-08-04 12:00:00 678,400 ----a-w c:\windows\system32\inetcomm.dll + 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll + 2009-03-09 15:55:12 144,792 ----a-w c:\windows\system32\java.exe + 2009-03-09 15:55:12 144,792 ----a-w c:\windows\system32\javaw.exe + 2009-03-09 15:55:12 148,888 ----a-w c:\windows\system32\javaws.exe - 2004-08-04 12:00:00 103,936 ----a-w c:\windows\system32\logagent.exe + 2008-06-10 00:31:06 103,936 ----a-w c:\windows\system32\logagent.exe + 2006-01-21 15:01:22 25,088 ----a-w c:\windows\system32\Macromed\Flash\genuinst.exe + 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-03-09 15:53:23 85,173 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2006-01-03 23:14:12 20,480 ----a-w c:\windows\system32\Macromed\Flash\UninstFl.exe - 2004-08-04 12:00:00 73,728 ----a-w c:\windows\system32\mscms.dll + 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll - 2004-08-04 12:00:00 245,248 ----a-w c:\windows\system32\mswsock.dll + 2008-06-20 17:41:10 245,248 ----a-w c:\windows\system32\mswsock.dll - 2004-08-04 12:00:00 1,236,480 ----a-w c:\windows\system32\msxml3.dll + 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll - 2004-08-04 12:00:00 332,288 ----a-w c:\windows\system32\netapi32.dll + 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll - 2004-08-04 12:00:00 2,056,832 ----a-w c:\windows\system32\ntkrnlpa.exe + 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe - 2004-08-04 12:00:00 2,180,992 ----a-w c:\windows\system32\ntoskrnl.exe + 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe - 2004-08-04 12:00:00 1,287,680 ----a-w c:\windows\system32\quartz.dll + 2008-05-07 05:18:48 1,287,680 ----a-w c:\windows\system32\quartz.dll - 2004-08-04 12:00:00 8,384,000 ----a-w c:\windows\system32\shell32.dll + 2008-07-03 13:16:57 8,454,656 ----a-w c:\windows\system32\shell32.dll - 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll + 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll - 2004-08-04 12:00:00 246,302 ----a-w c:\windows\system32\strmdll.dll + 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll + 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe - 2004-08-04 12:00:00 1,835,904 ----a-w c:\windows\system32\win32k.sys + 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys - 2004-08-04 12:00:00 1,050,624 ----a-w c:\windows\system32\wmnetmgr.dll + 2008-06-10 17:18:18 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll - 2004-08-04 12:00:00 2,105,344 ----a-w c:\windows\system32\wmvcore.dll + 2008-11-07 17:32:20 2,109,440 ----a-w c:\windows\system32\WMVCore.dll + 2009-03-10 15:23:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_654.dat + 2009-03-10 15:23:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d0.dat + 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 136600] "SoundMan"="SOUNDMAN.EXE" [2005-06-20 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ffdshow.ax "vidc.ffds"= ffdshow.ax "vidc.VP31"= vp31vfw.dll "vidc.VP40"= vp4vfw.dll "vidc.VP50"= vp5vfw.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.l3codecp"= l3codecp.acm "msacm.divxa32"= DivXa32.acm "msacm.CoreFLAC_ACM"= CoreFLAC_ACM.acm "msacm.qmpeg"= qmpeg.acm "vidc.3iv2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService] -ra------ 2004-06-11 04:15 83968 c:\windows\system32\nvraidservice.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-05 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-05 20560] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ FF - ProfilePath - c:\documents and settings\milos\Application Data\Mozilla\Firefox\Profiles\rvr8sz2x.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-10 22:56:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-03-10 22:57:19 ComboFix-quarantined-files.txt 2009-03-10 21:57:17 ComboFix2.txt 2009-03-07 03:24:33 Pre-Run: 16,724,791,296 bytes free Post-Run: 16,722,694,144 bytes free 279 --- E O F --- 2009-03-07 05:24:47 Imam flash, drug Gale (koga ovim putem pozdravljam jer sigurno cita ovo) ga je kao ocistio ali ipak ga ne stavljam u racunar. Pozz

Profil

argus Poslao: 11 Mar 2009 09:13 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

bucko28 Poslao: 12 Mar 2009 17:57 Idi na vrh
offline bucko28 Novi MyCity građanin Pridružio: 06 Mar 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 1.5 by bobby Started at 3/12/2009 5:44:55 PM Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- D: {584a4ea7-098b-11de-8f63-806d6172696f} E: {584a4ea8-098b-11de-8f63-806d6172696f} C: {584a4eaa-098b-11de-8f63-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 584a4eaa-098b-11de-8f63-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for 584a4ea7-098b-11de-8f63-806d6172696f ======================================== Autorun.inf on E: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for E: No key found for 584a4ea8-098b-11de-8f63-806d6172696f ======================================== autorun.inf found in Qoobox ---------------------------------------- Content of C:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Content of C:\QooBox\Quarantine\D\autorun.inf.vir ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Content of C:\QooBox\Quarantine\E\autorun.inf.vir ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- New device connected at 3/12/2009 5:46:12 PM Scanning for connected USB mass storage... ---------------------------------------- G: {584a4ea5-098b-11de-8f63-806d6172696f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- autorun.inf found on G: ---------------------------------------- File G:\autorun.inf renamed successfully Content of G:\autorun.inf.blocked ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- G:\gg.exe -r-hs 65607 ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 584a4ea5-098b-11de-8f63-806d6172696f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== Removed G: ======================================== New device connected at 3/12/2009 5:46:55 PM Scanning for connected USB mass storage... ---------------------------------------- G: {85ddcbac-0b84-11de-9055-001485cbc74f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- autorun.inf found on G: ---------------------------------------- File G:\autorun.inf renamed successfully Content of G:\autorun.inf.blocked ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- G:\gg.exe -r-hs 65607 ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- Sanitized 85ddcbac-0b84-11de-9055-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== Removed G: ======================================== New device connected at 3/12/2009 5:47:43 PM Scanning for connected USB mass storage... ---------------------------------------- G: {0a300de1-0f1d-11de-9060-001485cbc74f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- autorun.inf found on G: ---------------------------------------- File G:\autorun.inf renamed successfully Content of G:\autorun.inf.blocked ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\open\Default=1 shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de1-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== Removed G: ======================================== New device connected at 3/12/2009 5:47:48 PM Scanning for connected USB mass storage... ---------------------------------------- G: {0a300de1-0f1d-11de-9060-001485cbc74f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: G:\autorun.inf.blocked ---------------------------------------- Content of G:\autorun.inf.blocked ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\open\Default=1 shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de1-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== Removed G: ======================================== New device connected at 3/12/2009 5:47:50 PM Scanning for connected USB mass storage... ---------------------------------------- G: {0a300de1-0f1d-11de-9060-001485cbc74f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: G:\autorun.inf.blocked ---------------------------------------- Content of G:\autorun.inf.blocked ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\open\Default=1 shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de1-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== Removed G: ======================================== New device connected at 3/12/2009 5:48:35 PM Scanning for connected USB mass storage... ---------------------------------------- G: {0a300de2-0f1d-11de-9060-001485cbc74f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de2-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== New device connected at 3/12/2009 5:48:47 PM Scanning for connected USB mass storage... ---------------------------------------- ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de2-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== Removed G: ======================================== New device connected at 3/12/2009 5:48:48 PM Scanning for connected USB mass storage... ---------------------------------------- G: {0a300de2-0f1d-11de-9060-001485cbc74f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de2-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== ======================================== New device connected at 3/12/2009 5:48:50 PM Scanning for connected USB mass storage... ---------------------------------------- ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de2-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== Removed G: ======================================== New device connected at 3/12/2009 5:48:53 PM Scanning for connected USB mass storage... ---------------------------------------- G: {0a300de2-0f1d-11de-9060-001485cbc74f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de2-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== ======================================== New device connected at 3/12/2009 5:48:57 PM Scanning for connected USB mass storage... ---------------------------------------- ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de2-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== ======================================== Removed G: ======================================== Pitanje: Ako narezem disk da li je taj disk siguran ili se i na njemu nalazi virus? Juce sam nesto rezao i video sam neki fajl koji tu ne treba da bude. Prikazivao ga je kao skriven fajl...

Profil

argus Poslao: 12 Mar 2009 21:10 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! `Pitanje: Ako narezem disk da li je taj disk siguran ili se i na njemu nalazi virus? Juce sam nesto rezao i video sam neki fajl koji tu ne treba da bude. Prikazivao ga je kao skriven fajl...` Ovo mi nije bas jasno, na koji tacno fajl mislis? Mozes malo bolje da pojasnis? Pokreni USBNoRisk, prebaci se na karticu Script i tamo unesi sledeci tekst: `{0a300de1-0f1d-11de-9060-001485cbc74f} f_delete: %DRIVE%gg.exe delete_blocked: {85ddcbac-0b84-11de-9055-001485cbc74f} f_delete: %DRIVE%gg.exe delete_blocked: {584a4ea5-098b-11de-8f63-806d6172696f} f_delete: %DRIVE%gg.exe delete_blocked: {584a4ea7-098b-11de-8f63-806d6172696f} f_delete: %DRIVE%gg.exe {584a4ea8-098b-11de-8f63-806d6172696f} f_delete: %DRIVE%gg.exe {584a4eaa-098b-11de-8f63-806d6172696f} f_delete: %DRIVE%gg.exe` Prebaci se na karticu Monitor. Sada ubodi problematicni USB stick u komp i dopusti da USBNoRisk obavi svoje (ovaj put ce to da potraje malo duze). Kada zavrsi ponovo snimi log i postavi ga u poruci na forumu.

Profil

bucko28 Poslao: 12 Mar 2009 23:10 Idi na vrh
offline bucko28 Novi MyCity građanin Pridružio: 06 Mar 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 1.5 by bobby Started at 3/12/2009 10:41:49 PM Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- D: {584a4ea7-098b-11de-8f63-806d6172696f} E: {584a4ea8-098b-11de-8f63-806d6172696f} C: {584a4eaa-098b-11de-8f63-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 584a4eaa-098b-11de-8f63-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for 584a4ea7-098b-11de-8f63-806d6172696f ======================================== Autorun.inf on E: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for E: No key found for 584a4ea8-098b-11de-8f63-806d6172696f ======================================== autorun.inf found in Qoobox ---------------------------------------- Content of C:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Content of C:\QooBox\Quarantine\D\autorun.inf.vir ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Content of C:\QooBox\Quarantine\E\autorun.inf.vir ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- New device connected at 3/12/2009 10:43:09 PM Scanning for connected USB mass storage... ---------------------------------------- G: {584a4ea5-098b-11de-8f63-806d6172696f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: G:\autorun.inf.blocked ---------------------------------------- Content of G:\autorun.inf.blocked ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- G:\gg.exe -r-hs 65607 ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 584a4ea5-098b-11de-8f63-806d6172696f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: G:\ 584a4ea5-098b-11de-8f63-806d6172696f SectionStart = 8 SectionEnd = 11 f_delete: file "G:\gg.exe" deleted successfully ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: G:\autorun.inf.blocked > Done! ---------------------------------------- ======================================== ======================================== Removed G: ======================================== New device connected at 3/12/2009 10:44:36 PM Scanning for connected USB mass storage... ---------------------------------------- G: {85ddcbac-0b84-11de-9055-001485cbc74f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: G:\autorun.inf.blocked ---------------------------------------- Content of G:\autorun.inf.blocked ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- G:\gg.exe -r-hs 65607 ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 85ddcbac-0b84-11de-9055-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: G:\ 85ddcbac-0b84-11de-9055-001485cbc74f SectionStart = 4 SectionEnd = 7 f_delete: file "G:\gg.exe" deleted successfully ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: G:\autorun.inf.blocked > Done! ---------------------------------------- ======================================== ======================================== Removed G: ======================================== New device connected at 3/12/2009 10:45:44 PM Scanning for connected USB mass storage... ---------------------------------------- G: {0a300de1-0f1d-11de-9060-001485cbc74f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: G:\autorun.inf.blocked ---------------------------------------- Content of G:\autorun.inf.blocked ---------------------------------------- [autorun] open=gg.exe 0o shell\open=´ò¿ª(&O) shell\open\Command=gg.exe 0o shell\open\Default=1 shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X) shell\explore\Command=gg.exe 0e ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de1-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: G:\ 0a300de1-0f1d-11de-9060-001485cbc74f SectionStart = 0 SectionEnd = 3 f_delete: G:\gg.exe > File does not exist! ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: G:\autorun.inf.blocked > Done! ---------------------------------------- ======================================== ======================================== Removed G: ======================================== New device connected at 3/12/2009 10:48:28 PM Scanning for connected USB mass storage... ---------------------------------------- G: {0a300de2-0f1d-11de-9060-001485cbc74f} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de2-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: G:\ No script to process for G:\ ---------------------------------------- ======================================== New device connected at 3/12/2009 10:48:38 PM Scanning for connected USB mass storage... ---------------------------------------- ======================================== Scanning USB mass storage for files... ---------------------------------------- ---------------------------------------- Autorun.inf on G: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 0a300de2-0f1d-11de-9060-001485cbc74f ======================================== ---------------------------------------- Desktop.ini on G: - None ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: G:\ No script to process for G:\ ---------------------------------------- ======================================== ======================================== Removed G: ======================================== Evo ga, ponovo sam ih ubacivao istim redosledom (ako to nesto znaci). Za ovo sto sam pitao, mozda sam bio malo nerazumljiv... Juce sam narezao disk, samo jedan word document je bio. Kasnije sam hteo da dodam na taj disk jos jedan word doc. Kad sam otvorio nero on je prikazao da je na disku taj jedan fajl koji sam narezao i jos jedan koji se prikazivao bled kao skriven. Mislim da je ikonica tog fajla bila isto word ali nisam siguran. Inace, zanima me da li je sigurno (ako zelim da napravim back-up) da podatke rezem na diskove? Postoji li sansa da ako imam virus na kompu da ga narezem na disk? Dopuna: 12 Mar 2009 23:10 Ej, kad sam zavrsio ovo i hteo da zatvorim usb blocker izbacio mi je: "USB Autorun blocker has encountered a problem and needs to close. We are sorry for the inconvenience" Error signature AppName: usbnorisk.exe AppVer: 1.5.0.0 ModName: usbnorisk.exe ModVer: 1.5.0.0 Offset: 000c4e3a C:\DOCUME~1\milos\LOCALS~1\Temp\33d5_appcompat.txt

Profil

argus Poslao: 12 Mar 2009 23:42 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ajde ponovo unesi isti tekst i klikni na Run Script pa mi daj log `{0a300de1-0f1d-11de-9060-001485cbc74f} f_delete: %DRIVE%gg.exe delete_blocked: {85ddcbac-0b84-11de-9055-001485cbc74f} f_delete: %DRIVE%gg.exe delete_blocked: {584a4ea5-098b-11de-8f63-806d6172696f} f_delete: %DRIVE%gg.exe delete_blocked: {584a4ea7-098b-11de-8f63-806d6172696f} f_delete: %DRIVE%gg.exe {584a4ea8-098b-11de-8f63-806d6172696f} f_delete: %DRIVE%gg.exe {584a4eaa-098b-11de-8f63-806d6172696f} f_delete: %DRIVE%gg.exe` Dopuna: 12 Mar 2009 23:42 Ovaj put nemoj da ubacujes usb stickove.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Win32

Ko je trenutno na forumu

Ukupno su 1103 korisnika na forumu :: 50 registrovanih, 11 sakrivenih i 1042 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., atmel, babaroga, Bojan85, cavatina, cer, cinoeye, darkangel, deimos25, Denaya, djboj, Dovla, dule10savic, FileFinder, FOX, Georgius, goxin, h8propaganda, HrcAk47, ikan, JOntra, kalens021, kihot, Komentator, Krvava Devetka, macak44, marsovac 2, mean_machine, mercedesamg, Mercury, milenko crazy north, mkukoleca, Motocar, Ne doznajem se u oružje, nikoladim, opt1, pein, radoznao, samsung, Sirius, sombrero, styg, Trpe Grozni, Vlada1389, VP6919, vukovi, wizzardone, Zimbabwe, Zoca, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by