Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

problem sa usb diskovima

[es] :: Zaštita :: problem sa usb diskovima

Strane: 1 2

[ Pregleda: 4550 | Odgovora: 23 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

dek

Član broj: 162438
Poruke: 10
82.114.82.*



Profil

icon problem sa usb diskovima19.04.2010. u 01:18 - pre 170 meseci
Od pre par dana comp mi javlja da mi je usb disk write protected. Mislio sam da je problem do usb-a pa sam probao da ga formatiram i iz windowsa i pomocu raznih programa. Na kraju sam ga bacio i kupio novi,pa menjao i njega dok je pod garancijom, ali opet isti problem.
Skenirao sam comp sa avirom premium koju imam instaliranu i dr.webom i nisu nasli nista. Kada probam da skeniram sa Malwarebytes'om comp se odmah restartuje, a spybot S&D odmakne nekih 10% i opet restart. Probao sam i iz safe moda i opet isto. Hijachthis log je cist.
Cime da ocistim ovu gamad ( barem mislim da je gamad u pitanju)?
OS: Windows XP SP3
AV: Avira PSS + MBAM
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: problem sa usb diskovima19.04.2010. u 10:07 - pre 170 meseci
Skini ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe , pokreni ga, na sve sto te pita odgovori sa Yes...verovatno ce zahtevati jedan restart, da te to ne buni...kada zavrsi scan tj kada predje stage 50, izbacice ti log u C:/...taj log kopiraj nama ovde...
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

dek

Član broj: 162438
Poruke: 10
82.114.82.*



Profil

icon Re: problem sa usb diskovima19.04.2010. u 11:24 - pre 170 meseci
ComboFix 10-04-17.07 - opstina 04/19/2010 11:59:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.446.141 [GMT 2:00]
Running from: c:\documents and settings\opstina\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira FireWall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\LINKMAGIC.lnk
c:\recycler\S-1-5-21-1343024091-73586283-1644491937-1003
c:\recycler\S-1-5-21-1343024091-73586283-1644491937-1005
c:\recycler\S-1-5-21-1343024091-73586283-1644491937-500
c:\recycler\S-1-5-21-839522115-2000478354-1801674531-1003

.
((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-16 07:43 . 2010-04-16 08:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-16 07:43 . 2010-04-16 08:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Spybot - Search & Destroy
2010-04-16 07:17 . 2010-04-16 07:17 -------- d-----w- c:\documents and settings\Administrator.OPSTINA-CAD2D4F\Application Data\Malwarebytes
2010-04-14 12:48 . 2010-04-14 12:49 -------- d-----w- c:\windows.1\system32\NtmsData
2010-04-14 06:55 . 2010-04-14 06:55 -------- d-----w- c:\documents and settings\opstina\Local Settings\Application Data\Readon_Technology
2010-04-14 06:54 . 2010-04-14 06:54 -------- d-----w- c:\program files\Readon Technology
2010-04-13 05:41 . 2010-04-13 05:46 -------- d-----w- c:\program files\USBAntiVirus
2010-04-06 09:49 . 2010-04-06 09:49 439816 ----a-w- c:\documents and settings\opstina\Application Data\Real\Update\setup3.10\setup.exe
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Common Files\Real
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Real
2010-04-01 10:41 . 2010-04-01 10:41 -------- d-----w- c:\documents and settings\opstina\Application Data\Avira
2010-04-01 05:13 . 2010-04-01 05:13 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 09:54 . 2009-08-10 08:22 530 ----a-w- c:\windows.1\system32\SP701ASM.dat
2010-04-15 11:25 . 2010-03-02 06:48 -------- d-----w- c:\documents and settings\opstina\Application Data\vlc
2010-04-14 10:19 . 2009-08-10 06:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft Help
2010-04-13 06:02 . 2009-12-14 10:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Zbshareware Lab
2010-04-01 11:01 . 2009-06-17 07:26 -------- d-----w- c:\program files\Opera
2010-03-26 07:00 . 2009-12-14 12:01 -------- d-----w- c:\program files\USB Disk Security
2010-03-24 12:42 . 2009-08-10 06:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Avira
2010-03-24 12:35 . 2009-11-05 10:56 79432 ----a-w- c:\windows.1\system32\drivers\avfwim.sys
2010-03-24 12:35 . 2009-11-05 10:56 124784 ----a-w- c:\windows.1\system32\drivers\avipbb.sys
2010-03-24 12:35 . 2009-11-05 10:56 102856 ----a-w- c:\windows.1\system32\drivers\avfwot.sys
2010-03-24 12:35 . 2009-06-17 05:45 60936 ----a-w- c:\windows.1\system32\drivers\avgntflt.sys
2010-03-22 06:19 . 2010-03-05 07:31 -------- d-----w- c:\program files\Download Direct
2010-03-16 07:41 . 2010-03-16 07:41 -------- d-----w- c:\program files\Telbo.com
2010-03-16 06:26 . 2010-03-16 06:26 -------- d-----w- c:\program files\Common Files\DirectX
2010-03-10 06:15 . 2008-04-14 02:42 420352 ----a-w- c:\windows.1\system32\vbscript.dll
2010-03-02 06:47 . 2010-03-02 06:47 -------- d-----w- c:\program files\VideoLAN
2010-02-25 06:24 . 2008-04-14 02:42 916480 ----a-w- c:\windows.1\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 21:47 455680 ----a-w- c:\windows.1\system32\drivers\mrxsmb.sys
2010-02-19 07:48 . 2010-02-19 07:48 -------- d-----w- c:\program files\PoivY.com
2010-02-17 08:13 . 2009-08-10 06:03 69128 ----a-w- c:\documents and settings\opstina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 14:08 . 2008-04-13 21:54 2146304 ----a-w- c:\windows.1\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows.1\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 02:41 100864 ----a-w- c:\windows.1\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-13 21:30 226880 ----a-w- c:\windows.1\system32\drivers\tcpip6.sys
2010-01-25 13:56 . 2009-06-24 10:16 115712 ----a-w- c:\windows.1\system32\drivers\cxbu0wdm.sys
.

------- Sigcheck -------

[-] 2008-05-05 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows.1\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" [2007-06-11 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-03-26 819200]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-06-29 811008]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows.1\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.1^Start Menu^Programs^Startup^Reboot.exe]
path=c:\documents and settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Reboot.exe
backup=c:\windows.1\pss\Reboot.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^opstina^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\opstina\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows.1\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows.1\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PoivY]
2009-11-12 15:00 9189152 ----a-w- c:\program files\PoivY.com\PoivY\PoivY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telbo]
2009-11-12 13:58 9094432 ----a-w- c:\program files\Telbo.com\Telbo\Telbo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-06 09:40 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
2009-10-15 11:25 106544 ----a-w- c:\windows.1\system32\TWEAKUI.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipZoom]
2009-11-11 11:18 9066800 ----a-w- c:\program files\VoipZoom.com\VoipZoom\VoipZoom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"NMSAccessU"=2 (0x2)
"MBAMService"=2 (0x2)
"idsvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PoivY"="c:\program files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
"Telbo"="c:\program files\Telbo.com\Telbo\Telbo.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"vspdfprsrv.exe"=c:\program files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSConfig"=c:\windows.1\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"=
"c:\\Program Files\\VoipZoom.com\\VoipZoom\\VoipZoom.exe"=
"c:\\Program Files\\Telbo.com\\Telbo\\Telbo.exe"=

R0 ViBus;ViBus;c:\windows.1\system32\drivers\ViBus.sys [8/10/2009 08:39 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows.1\system32\drivers\ViPrt.sys [8/10/2009 08:39 52224]
R1 avfwot;avfwot;c:\windows.1\system32\drivers\avfwot.sys [11/5/2009 12:56 102856]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [11/5/2009 12:55 536232]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [11/5/2009 12:55 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/5/2009 12:56 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11/5/2009 12:55 405672]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows.1\system32\drivers\avfwim.sys [11/5/2009 12:56 79432]
R3 cxbu0wdm;OMNIKEY 3x21;c:\windows.1\system32\drivers\cxbu0wdm.sys [6/24/2009 12:16 115712]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-19 c:\windows.1\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Caffe-Client - c:\antamedia\Caffe\Client.exe
MSConfigStartUp-Caffe-ICHelper - c:\antamedia\Caffe\ICHelper.exe
MSConfigStartUp-InternetCaffeHelper - ICHelper.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 12:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-884357618-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*]
@Class="Shell"

[HKEY_USERS\S-1-5-21-725345543-884357618-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\OpenWithList]
@Class="Shell"
"a"="WINWORD.EXE"
"MRUList"="a"

[HKEY_LOCAL_MACHINE\software\zbshareware]
@DACL=(02 0000)
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1464)
c:\windows.1\system32\wbem\fastprox.dll

- - - - - - - > 'lsass.exe'(1544)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2010-04-19 12:11:17
ComboFix-quarantined-files.txt 2010-04-19 10:11

Pre-Run: 6,838,669,312 bytes free
Post-Run: 6,903,533,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9FDD3B45693EC2C2CD894FE9AD1DDF2E
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: problem sa usb diskovima19.04.2010. u 11:49 - pre 170 meseci
c:\documents and settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Reboot.exe

Pronadji ovaj file i posalji na analizu preko ovog linka http://www.virustotal.com/
Postavi link sa izvestalem da vidim o cemu se radi.
 
Odgovor na temu

dek

Član broj: 162438
Poruke: 10
82.114.82.*



Profil

icon Re: problem sa usb diskovima19.04.2010. u 12:18 - pre 170 meseci
U startup folderu nema Reboot.exe fajla (ukljuceni i skriveni i sistemski fajlovi). Folder je velicine samo 1kb.
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: problem sa usb diskovima19.04.2010. u 12:28 - pre 170 meseci
Pokusaj ovako...skini ovaj cloud scanner http://www.surfright.nl/en/products/ ,odradi scan pa nam javi da li je nesto pronasao...
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

dek

Član broj: 162438
Poruke: 10
82.114.82.*



Profil

icon Re: problem sa usb diskovima19.04.2010. u 13:51 - pre 170 meseci
Opet nista. Sta sad?
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: problem sa usb diskovima19.04.2010. u 14:28 - pre 170 meseci
Skini ovaj file na desktop i raspakuj ga.
Prevuci misem na ikonicu Combofixa



Postavi log posle ciscenja.
Prikačeni fajlovi
CFScript.zip CFScript.zip - 0.28k
 
Odgovor na temu

dek

Član broj: 162438
Poruke: 10
82.114.82.*



Profil

icon Re: problem sa usb diskovima19.04.2010. u 19:24 - pre 170 meseci
Posto mi je to sluzbeni comp ne mogu ovo danas odraditi. A ni sutra. Javljam prekosutra sta sam uradio.
Nadam se da ce upaliti jer ga ne mogu formatirati, prepun je sluzbenih dokumenata.
Pozdrav do tad.
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: problem sa usb diskovima20.04.2010. u 07:20 - pre 170 meseci
Skini ovu skriptu, ako vec nisi radio sa onom gore.
Prikačeni fajlovi
CFScript.zip CFScript.zip - 0.43k
 
Odgovor na temu

dek

Član broj: 162438
Poruke: 10
82.114.82.*



Profil

icon Re: problem sa usb diskovima21.04.2010. u 13:13 - pre 170 meseci
Probao sam sa skriptom i opet isto. Probao sam jos sa par programa da skeniram comp ali uvek kada skener dodje do registry baze comp se restartuje. Izgleda da cu ipak morati da ga formatiram.
 
Odgovor na temu

Mirage
Budva

Član broj: 51167
Poruke: 24
*.crnagora.net.



Profil

icon Re: problem sa usb diskovima21.04.2010. u 13:25 - pre 170 meseci
instaliraj TotalCommander, activiraj da prikaze skrivene fajlove i izbrisi c:\documents and settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Reboot.exe
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: problem sa usb diskovima21.04.2010. u 13:49 - pre 170 meseci
Mirage je u pravu, Total Commander vidi sve kada se ukljuci opcija Show Hidden System Files...pokusaj tako, mozda ce se isplatiti rucni rad... :)))
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: problem sa usb diskovima21.04.2010. u 16:42 - pre 170 meseci
Citat:
dek: Probao sam sa skriptom i opet isto. Probao sam jos sa par programa da skeniram comp ali uvek kada skener dodje do registry baze comp se restartuje. Izgleda da cu ipak morati da ga formatiram.


Zasto nisi postavio log posle skripte?
 
Odgovor na temu

dek

Član broj: 162438
Poruke: 10
82.114.82.*



Profil

icon Re: problem sa usb diskovima22.04.2010. u 09:12 - pre 170 meseci
Evo loga koji je combofix izbacio posle skripte.





ComboFix 10-04-20.01 - opstina 04/21/2010 7:54.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.446.131 [GMT 2:00]
Running from: c:\documents and settings\opstina\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\opstina\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira FireWall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
* Created a new restore point

FILE ::
"c:\documents and settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Reboot.exe"
"c:\windows.1\pss\Reboot.exeCommon Startup"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows.1\system32\dllcache\mspmsnsv.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-19 12:46 . 2010-04-19 12:46 15944 ----a-w- c:\windows.1\system32\drivers\hitmanpro35.sys
2010-04-19 12:46 . 2010-04-19 12:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Hitman Pro
2010-04-19 12:46 . 2010-04-19 12:46 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-16 07:43 . 2010-04-16 08:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-16 07:43 . 2010-04-16 08:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Spybot - Search & Destroy
2010-04-16 07:17 . 2010-04-16 07:17 -------- d-----w- c:\documents and settings\Administrator.OPSTINA-CAD2D4F\Application Data\Malwarebytes
2010-04-14 12:48 . 2010-04-14 12:49 -------- d-----w- c:\windows.1\system32\NtmsData
2010-04-14 06:55 . 2010-04-14 06:55 -------- d-----w- c:\documents and settings\opstina\Local Settings\Application Data\Readon_Technology
2010-04-14 06:54 . 2010-04-14 06:54 -------- d-----w- c:\program files\Readon Technology
2010-04-13 05:41 . 2010-04-13 05:46 -------- d-----w- c:\program files\USBAntiVirus
2010-04-06 09:49 . 2010-04-06 09:49 439816 ----a-w- c:\documents and settings\opstina\Application Data\Real\Update\setup3.10\setup.exe
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Common Files\Real
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Real
2010-04-01 10:41 . 2010-04-01 10:41 -------- d-----w- c:\documents and settings\opstina\Application Data\Avira
2010-04-01 05:13 . 2010-04-01 05:13 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 05:32 . 2009-08-10 08:22 530 ----a-w- c:\windows.1\system32\SP701ASM.dat
2010-04-15 11:25 . 2010-03-02 06:48 -------- d-----w- c:\documents and settings\opstina\Application Data\vlc
2010-04-14 10:19 . 2009-08-10 06:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft Help
2010-04-13 06:02 . 2009-12-14 10:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Zbshareware Lab
2010-04-01 11:01 . 2009-06-17 07:26 -------- d-----w- c:\program files\Opera
2010-03-26 07:00 . 2009-12-14 12:01 -------- d-----w- c:\program files\USB Disk Security
2010-03-24 12:42 . 2009-08-10 06:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Avira
2010-03-24 12:35 . 2009-11-05 10:56 79432 ----a-w- c:\windows.1\system32\drivers\avfwim.sys
2010-03-24 12:35 . 2009-11-05 10:56 124784 ----a-w- c:\windows.1\system32\drivers\avipbb.sys
2010-03-24 12:35 . 2009-11-05 10:56 102856 ----a-w- c:\windows.1\system32\drivers\avfwot.sys
2010-03-24 12:35 . 2009-06-17 05:45 60936 ----a-w- c:\windows.1\system32\drivers\avgntflt.sys
2010-03-22 06:19 . 2010-03-05 07:31 -------- d-----w- c:\program files\Download Direct
2010-03-16 07:41 . 2010-03-16 07:41 -------- d-----w- c:\program files\Telbo.com
2010-03-16 06:26 . 2010-03-16 06:26 -------- d-----w- c:\program files\Common Files\DirectX
2010-03-10 06:15 . 2008-04-14 02:42 420352 ----a-w- c:\windows.1\system32\vbscript.dll
2010-03-02 06:47 . 2010-03-02 06:47 -------- d-----w- c:\program files\VideoLAN
2010-02-25 06:24 . 2008-04-14 02:42 916480 ----a-w- c:\windows.1\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 21:47 455680 ----a-w- c:\windows.1\system32\drivers\mrxsmb.sys
2010-02-17 08:13 . 2009-08-10 06:03 69128 ----a-w- c:\documents and settings\opstina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 14:08 . 2008-04-13 21:54 2146304 ----a-w- c:\windows.1\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows.1\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 02:41 100864 ----a-w- c:\windows.1\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-13 21:30 226880 ----a-w- c:\windows.1\system32\drivers\tcpip6.sys
2010-01-25 13:56 . 2009-06-24 10:16 115712 ----a-w- c:\windows.1\system32\drivers\cxbu0wdm.sys
.

------- Sigcheck -------

[-] 2008-05-05 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows.1\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" [2007-06-11 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-03-26 819200]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-06-29 811008]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows.1\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^opstina^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\opstina\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows.1\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows.1\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PoivY]
2009-11-12 15:00 9189152 ----a-w- c:\program files\PoivY.com\PoivY\PoivY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telbo]
2009-11-12 13:58 9094432 ----a-w- c:\program files\Telbo.com\Telbo\Telbo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-06 09:40 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
2009-10-15 11:25 106544 ----a-w- c:\windows.1\system32\TWEAKUI.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipZoom]
2009-11-11 11:18 9066800 ----a-w- c:\program files\VoipZoom.com\VoipZoom\VoipZoom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"NMSAccessU"=2 (0x2)
"MBAMService"=2 (0x2)
"idsvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PoivY"="c:\program files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
"Telbo"="c:\program files\Telbo.com\Telbo\Telbo.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"vspdfprsrv.exe"=c:\program files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSConfig"=c:\windows.1\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"=
"c:\\Program Files\\VoipZoom.com\\VoipZoom\\VoipZoom.exe"=
"c:\\Program Files\\Telbo.com\\Telbo\\Telbo.exe"=

R0 ViBus;ViBus;c:\windows.1\system32\drivers\ViBus.sys [8/10/2009 08:39 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows.1\system32\drivers\ViPrt.sys [8/10/2009 08:39 52224]
R1 avfwot;avfwot;c:\windows.1\system32\drivers\avfwot.sys [11/5/2009 12:56 102856]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [11/5/2009 12:55 536232]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [11/5/2009 12:55 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/5/2009 12:56 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11/5/2009 12:55 405672]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows.1\system32\drivers\avfwim.sys [11/5/2009 12:56 79432]
R3 cxbu0wdm;OMNIKEY 3x21;c:\windows.1\system32\drivers\cxbu0wdm.sys [6/24/2009 12:16 115712]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-21 c:\windows.1\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-21 08:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\program files\Avira\AntiVir Desktop\checkt.exe [3660] 0x845CA8C0

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-884357618-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*]
@Class="Shell"

[HKEY_USERS\S-1-5-21-725345543-884357618-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\OpenWithList]
@Class="Shell"
"a"="WINWORD.EXE"
"MRUList"="a"

[HKEY_LOCAL_MACHINE\software\zbshareware]
@DACL=(02 0000)
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1496)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2010-04-21 08:06:09
ComboFix-quarantined-files.txt 2010-04-21 06:06
ComboFix2.txt 2010-04-19 10:11

Pre-Run: 6,982,615,040 bytes free
Post-Run: 6,949,765,120 bytes free

- - End Of File - - 2961AD02F7F286874E747A601BFE79D9
 
Odgovor na temu

dek

Član broj: 162438
Poruke: 10
82.114.82.*



Profil

icon Re: problem sa usb diskovima22.04.2010. u 09:19 - pre 170 meseci
Evo i loga od jutros. Nema vise Reboot.exe fajla ali se comp opet restartuje kada pokrenem skeniranje.



ComboFix 10-04-21.01 - opstina 04/22/2010 9:38.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.446.164 [GMT 2:00]
Running from: c:\documents and settings\opstina\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira FireWall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\LINKMAGIC.lnk

.
((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
.

2010-04-21 12:50 . 2010-04-21 12:50 -------- d-----w- c:\documents and settings\opstina\Local Settings\Application Data\GHISLER
2010-04-21 12:41 . 2010-04-21 12:41 -------- d-----w- C:\totalcmd
2010-04-21 12:41 . 2010-04-21 12:41 -------- d-----w- c:\documents and settings\opstina\Application Data\GHISLER
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\UC.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\RAR.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\PKZIP.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\PKUNZIP.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\NOCLOSE.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\LHA.PIF
2010-04-21 12:41 . 2009-09-24 05:50 545 ----a-w- c:\windows.1\ARJ.PIF
2010-04-21 10:32 . 2010-04-21 10:32 -------- d-----w- C:\FBBM
2010-04-21 10:07 . 2010-04-21 12:21 -------- d-----w- c:\windows.1\BDOSCAN8
2010-04-21 06:13 . 2010-03-29 22:46 38224 ----a-w- c:\windows.1\system32\drivers\mbamswissarmy.sys
2010-04-21 06:13 . 2010-04-21 06:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 06:13 . 2010-03-29 22:45 20824 ----a-w- c:\windows.1\system32\drivers\mbam.sys
2010-04-19 12:46 . 2010-04-19 12:46 15944 ----a-w- c:\windows.1\system32\drivers\hitmanpro35.sys
2010-04-19 12:46 . 2010-04-19 12:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Hitman Pro
2010-04-19 12:46 . 2010-04-19 12:46 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-16 07:43 . 2010-04-16 08:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-16 07:43 . 2010-04-16 08:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Spybot - Search & Destroy
2010-04-16 07:17 . 2010-04-16 07:17 -------- d-----w- c:\documents and settings\Administrator.OPSTINA-CAD2D4F\Application Data\Malwarebytes
2010-04-14 12:48 . 2010-04-14 12:49 -------- d-----w- c:\windows.1\system32\NtmsData
2010-04-14 06:55 . 2010-04-14 06:55 -------- d-----w- c:\documents and settings\opstina\Local Settings\Application Data\Readon_Technology
2010-04-14 06:54 . 2010-04-14 06:54 -------- d-----w- c:\program files\Readon Technology
2010-04-13 05:41 . 2010-04-13 05:46 -------- d-----w- c:\program files\USBAntiVirus
2010-04-06 09:49 . 2010-04-06 09:49 439816 ----a-w- c:\documents and settings\opstina\Application Data\Real\Update\setup3.10\setup.exe
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Common Files\Real
2010-04-06 09:40 . 2010-04-06 09:40 -------- d-----w- c:\program files\Real
2010-04-01 10:41 . 2010-04-01 10:41 -------- d-----w- c:\documents and settings\opstina\Application Data\Avira
2010-04-01 05:13 . 2010-04-01 05:13 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 07:25 . 2009-08-10 08:22 530 ----a-w- c:\windows.1\system32\SP701ASM.dat
2010-04-21 10:32 . 2008-11-05 13:06 -------- d-----w- c:\program files\LINKMAGIC
2010-04-15 11:25 . 2010-03-02 06:48 -------- d-----w- c:\documents and settings\opstina\Application Data\vlc
2010-04-14 10:19 . 2009-08-10 06:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Microsoft Help
2010-04-13 06:02 . 2009-12-14 10:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Zbshareware Lab
2010-04-01 11:01 . 2009-06-17 07:26 -------- d-----w- c:\program files\Opera
2010-03-26 07:00 . 2009-12-14 12:01 -------- d-----w- c:\program files\USB Disk Security
2010-03-24 12:42 . 2009-08-10 06:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1\Application Data\Avira
2010-03-24 12:35 . 2009-11-05 10:56 79432 ----a-w- c:\windows.1\system32\drivers\avfwim.sys
2010-03-24 12:35 . 2009-11-05 10:56 124784 ----a-w- c:\windows.1\system32\drivers\avipbb.sys
2010-03-24 12:35 . 2009-11-05 10:56 102856 ----a-w- c:\windows.1\system32\drivers\avfwot.sys
2010-03-24 12:35 . 2009-06-17 05:45 60936 ----a-w- c:\windows.1\system32\drivers\avgntflt.sys
2010-03-22 06:19 . 2010-03-05 07:31 -------- d-----w- c:\program files\Download Direct
2010-03-16 07:41 . 2010-03-16 07:41 -------- d-----w- c:\program files\Telbo.com
2010-03-16 06:26 . 2010-03-16 06:26 -------- d-----w- c:\program files\Common Files\DirectX
2010-03-10 06:15 . 2008-04-14 02:42 420352 ----a-w- c:\windows.1\system32\vbscript.dll
2010-03-02 06:47 . 2010-03-02 06:47 -------- d-----w- c:\program files\VideoLAN
2010-02-25 06:24 . 2008-04-14 02:42 916480 ----a-w- c:\windows.1\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 21:47 455680 ----a-w- c:\windows.1\system32\drivers\mrxsmb.sys
2010-02-17 08:13 . 2009-08-10 06:03 69128 ----a-w- c:\documents and settings\opstina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 14:08 . 2008-04-13 21:54 2146304 ----a-w- c:\windows.1\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows.1\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 02:41 100864 ----a-w- c:\windows.1\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-13 21:30 226880 ----a-w- c:\windows.1\system32\drivers\tcpip6.sys
2010-01-25 13:56 . 2009-06-24 10:16 115712 ----a-w- c:\windows.1\system32\drivers\cxbu0wdm.sys
.

------- Sigcheck -------

[-] 2008-05-05 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows.1\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-19_10.06.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-05 13:44 . 2009-01-05 13:44 53248 c:\windows.1\bdoscandel.exe
+ 2010-04-21 10:07 . 2010-04-21 10:07 86016 c:\windows.1\BDOSCAN8\librtvr.dll
+ 2010-04-21 10:07 . 2010-04-21 10:07 27136 c:\windows.1\BDOSCAN8\avxt.dll
+ 2010-04-21 10:07 . 2010-04-21 10:07 10240 c:\windows.1\BDOSCAN8\avxs.dll
+ 2010-04-21 10:07 . 2010-04-21 10:07 45056 c:\windows.1\BDOSCAN8\avxdisk.dll
+ 2009-01-05 13:44 . 2009-01-05 13:44 741376 c:\windows.1\Downloaded Program Files\ipsupd.dll
+ 2009-01-05 13:44 . 2010-04-21 10:07 142848 c:\windows.1\BDOSCAN8\libfn.dll
+ 2009-01-05 13:44 . 2009-01-05 13:44 741376 c:\windows.1\BDOSCAN8\ipsupd.dll
+ 2009-01-05 13:44 . 2010-04-21 10:28 107800 c:\windows.1\BDOSCAN8\bdcore.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" [2007-06-11 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-24 282792]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-03-26 819200]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-06-29 811008]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS.1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows.1\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^opstina^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\opstina\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows.1\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows.1\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PoivY]
2009-11-12 15:00 9189152 ----a-w- c:\program files\PoivY.com\PoivY\PoivY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telbo]
2009-11-12 13:58 9094432 ----a-w- c:\program files\Telbo.com\Telbo\Telbo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-06 09:40 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
2009-10-15 11:25 106544 ----a-w- c:\windows.1\system32\TWEAKUI.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipZoom]
2009-11-11 11:18 9066800 ----a-w- c:\program files\VoipZoom.com\VoipZoom\VoipZoom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"NMSAccessU"=2 (0x2)
"MBAMService"=2 (0x2)
"idsvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PoivY"="c:\program files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
"Telbo"="c:\program files\Telbo.com\Telbo\Telbo.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"vspdfprsrv.exe"=c:\program files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSConfig"=c:\windows.1\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"=
"c:\\Program Files\\VoipZoom.com\\VoipZoom\\VoipZoom.exe"=
"c:\\Program Files\\Telbo.com\\Telbo\\Telbo.exe"=

R0 ViBus;ViBus;c:\windows.1\system32\drivers\ViBus.sys [8/10/2009 08:39 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows.1\system32\drivers\ViPrt.sys [8/10/2009 08:39 52224]
R1 avfwot;avfwot;c:\windows.1\system32\drivers\avfwot.sys [11/5/2009 12:56 102856]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [11/5/2009 12:55 536232]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [11/5/2009 12:55 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/5/2009 12:56 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11/5/2009 12:55 405672]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/21/2010 08:13 303952]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows.1\system32\drivers\avfwim.sys [11/5/2009 12:56 79432]
R3 cxbu0wdm;OMNIKEY 3x21;c:\windows.1\system32\drivers\cxbu0wdm.sys [6/24/2009 12:16 115712]
R3 MBAMProtector;MBAMProtector;c:\windows.1\system32\drivers\mbam.sys [4/21/2010 08:13 20824]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-22 c:\windows.1\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 09:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-884357618-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*]
@Class="Shell"

[HKEY_USERS\S-1-5-21-725345543-884357618-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*\OpenWithList]
@Class="Shell"
"a"="WINWORD.EXE"
"MRUList"="a"

[HKEY_LOCAL_MACHINE\software\zbshareware]
@DACL=(02 0000)
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1648)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2010-04-22 09:57:28
ComboFix-quarantined-files.txt 2010-04-22 07:57
ComboFix2.txt 2010-04-21 06:06
ComboFix3.txt 2010-04-19 10:11

Pre-Run: 6,529,613,824 bytes free
Post-Run: 6,615,310,336 bytes free

- - End Of File - - 4A6F8B827FD18CA8DAADC89D0D15FE0D
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: problem sa usb diskovima22.04.2010. u 09:37 - pre 170 meseci
Kakav ti je ovo folder c:\windows.1
ja ovo prvi put vidim ovaj folder

Pronadji ovaj fajl i proveri ga na http://www.virustotal.com/

c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

Ako imas vremena skini ovaj program na desktop http://www2.gmer.net/download.php

Pokreni ga i sacekaj da prodje uvodno skeniranje.
Zatim klikni Scan i kad zavrsi skeniranje klikni Save, otvori notepad i klikni Paste, pa okaci ovde log.

[Ovu poruku je menjao kristi1 dana 22.04.2010. u 10:54 GMT+1]
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: problem sa usb diskovima22.04.2010. u 09:53 - pre 170 meseci
Pokusaj ovako...podigni sistem preko Safe moda, udji u Total Commander, ukljuci opciju Show Hidden System Files (Preferences>Configurations>Display>Show Hidden System Files)...zatim rucno obrisi sve te fajlove i foldere koji takoreci nisu normalna pojava, odnosno, te Windows1 itd...takodje, uradi kako ti je Kristi rekao, tada cemo znati o cemu se radi, da li je u pitanju neki malware ili budalastina...
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

dek

Član broj: 162438
Poruke: 10
82.114.82.*



Profil

icon Re: problem sa usb diskovima22.04.2010. u 11:30 - pre 170 meseci
Prosle godine mi je pao sistem a nisam smeo da formatiram hard jer je bio pun dokumenata, pa sam samo uradio novu instalaciju i imao dva sistema c:\windows i c:\windows.1. Onda sam iz starog windowsa povratio sto se povratiti moglo i rucno obrisao stari sistem. Zato imam ovaj Windows.1.

Evo i linka za HDeck.exe

http://www.virustotal.com/rean...156c42fb05a76c13fbb-1271932163

http://www.virustotal.com/anal...156c42fb05a76c13fbb-1271931778
 
Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.



+89 Profil

icon Re: problem sa usb diskovima22.04.2010. u 11:43 - pre 170 meseci
Onda ti je najbolje resenje da bitne podatke spasis, a hard formatiras i spasis sebe muka...napravio si zurku u kompjuteru, ne znam zasto ti je to trebalo...
A wolf is weaker than a lion and a tiger, but doesn't play in the circus.
 
Odgovor na temu

[es] :: Zaštita :: problem sa usb diskovima

Strane: 1 2

[ Pregleda: 4550 | Odgovora: 23 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.