MyCity » Ambulanta -> Arhiva Ambulante » Izdvojeno iz druge teme (2)

Izdvojeno iz druge teme (2)

Napisano na dan: 1.12.2008

Strana:
1
2

Izdvojeno iz druge teme (2)

Sledeća strana

Pagination

Odgovori

Strana:
1
2

cover2580 Poslao: 01 Dec 2008 18:18 Idi na vrh
offline cover2580 Novi MyCity građanin Pridružio: 01 Dec 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav, Imam isti problem kao i blagojer. Znači na svakom disku i sticku pojavljuje mi se RECYCLER folder i autorun.inf Oba su naravno pod hidden ili protected system file. Unutra RECYCLER foldera zna biti ikona od smeća sa ovim nazivom : S-1-5-21-823518204-842925246-682003330-1003 i unutra nekad bude i file klass. Nekad sam imao problem sa RaVMon.exe i Autorun.inf i riješio ih i sad imam sa ovim novim sranjima neznam di sam ih pokupio. Problem je velik, imam ga na poslu na 2kompa,svih nas 13 radnika isto doma na kompu i na stikovima. Reinstalirao bi ja najlakše Windowse, ali kad obrišem na jednom disku vrati se i javi se na drugom pa nisam siguran dali bi to pomoglo... Molim Vas spasite mi život jer ovog se već 2 tjedna nemogu riješit obrišem te file-ove i autorun.inf se pojavi ponovo nakon 4sekunde i ovaj drugi. Probao sam bezbroj anti ovo anti ono,antivirusa i svašta i nikako da se riješim. Unaprijed Hvala, molim Vas za pomoć Lp Evo i logova: mycity.rs/must-login.png mycity.rs/must-login.png ComboFix 08-11-30.02 - COVER 2008-12-01 17:36:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.962 [GMT 1:00] Running from: c:\documents and settings\COVER\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - system32: deleted 414093 bytes in 2 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\COVER\Application Data\addons.dat c:\windows\system32\bitcometres.dll D:\install.exe . ((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 ))))))))))))))))))))))))))))))) . 2008-12-01 16:54 . 2008-12-01 17:06 96,976 --a------ c:\windows\system32\drivers\klin.dat 2008-12-01 16:54 . 2008-12-01 16:54 87,855 --a------ c:\windows\system32\drivers\klick.dat 2008-12-01 16:53 . 2008-12-01 16:53 <DIR> d-------- c:\program files\Kaspersky Lab 2008-12-01 16:53 . 2008-12-01 17:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2008-12-01 16:53 . 2008-12-01 17:46 4,515,872 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-12-01 16:53 . 2008-12-01 17:46 352,288 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2008-12-01 16:53 . 2008-12-01 17:46 38,456 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-12-01 16:53 . 2008-12-01 17:46 2,284 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2008-12-01 16:51 . 2008-12-01 16:51 <DIR> d-------- c:\program files\Kaspersky Internet Security 2008-11-30 18:34 . 2008-11-30 18:34 <DIR> d-------- c:\program files\USB Disk Security 2008-11-29 22:49 . 2008-11-29 22:49 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-29 22:49 . 2008-11-29 22:49 1,409 --a------ c:\windows\QTFont.for 2008-11-28 08:39 . 2008-11-28 08:39 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-11-24 12:31 . 2008-11-24 12:31 <DIR> d-------- c:\program files\Canon 2008-11-23 18:57 . 2008-11-23 18:58 <DIR> d-------- c:\program files\Error Repair Professional 2008-11-23 18:22 . 2008-11-23 18:22 <DIR> d-------- c:\program files\Webteh 2008-11-22 18:43 . 2008-11-22 18:43 <DIR> d-------- c:\documents and settings\Administrator 2008-11-22 18:27 . 2008-11-23 19:07 <DIR> d-------- c:\documents and settings\COVER\Application Data\BSplayer PRO 2008-11-22 07:33 . 2008-11-22 07:33 3,524 --a------ c:\windows\system32\tmp.reg 2008-11-22 07:27 . 2007-09-06 00:22 289,144 --a------ c:\windows\system32\VCCLSID.exe 2008-11-22 07:27 . 2006-04-27 17:49 288,417 --a------ c:\windows\system32\SrchSTS.exe 2008-11-22 07:27 . 2003-06-05 21:13 53,248 --a------ c:\windows\system32\Process.exe 2008-11-22 07:27 . 2004-07-31 18:50 51,200 --a------ c:\windows\system32\dumphive.exe 2008-11-22 07:14 . 2008-11-22 07:14 <DIR> d-------- c:\program files\Trend Micro 2008-11-21 18:34 . 2008-11-22 02:00 <DIR> d-------- C:\!KillBox 2008-11-21 15:36 . 2008-11-21 15:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-11-20 22:16 . 2008-11-20 22:25 <DIR> d-------- c:\documents and settings\COVER\Application Data\GetRight Pro 2008-11-20 21:11 . 2005-09-23 07:29 626,688 --a------ c:\windows\system32\msvcr80.dll 2008-11-19 20:20 . 2008-11-19 20:20 <DIR> d-------- c:\documents and settings\COVER\Application Data\NASA 2008-11-19 20:18 . 2008-11-19 20:18 <DIR> d-------- c:\program files\NASA 2008-11-19 18:33 . 2007-06-29 09:59 108,552 -ra------ c:\windows\system32\drivers\s716mdm.sys 2008-11-19 18:33 . 2007-06-29 09:59 15,112 -ra------ c:\windows\system32\drivers\s716mdfl.sys 2008-11-19 18:33 . 2007-06-29 09:59 12,424 -ra------ c:\windows\system32\drivers\s716cmnt.sys 2008-11-19 18:33 . 2007-06-29 09:59 12,424 -ra------ c:\windows\system32\drivers\s716cm.sys 2008-11-19 18:30 . 2007-06-29 09:59 83,208 -ra------ c:\windows\system32\drivers\s716bus.sys 2008-11-19 18:30 . 2007-06-29 09:59 12,424 -ra------ c:\windows\system32\drivers\s716whnt.sys 2008-11-19 18:30 . 2007-06-29 09:59 12,424 -ra------ c:\windows\system32\drivers\s716wh.sys 2008-11-19 16:46 . 2008-11-29 12:01 183,112 --a------ c:\windows\system32\PnkBstrB.exe 2008-11-19 16:46 . 2008-11-29 12:01 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-11-19 16:46 . 2008-11-23 23:34 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-11-19 16:23 . 2008-11-19 16:23 <DIR> d-------- c:\program files\DAEMON Tools 2008-11-18 16:39 . 2008-11-18 16:39 <DIR> d-------- c:\windows\system32\LogFiles 2008-11-15 11:26 . 2008-11-15 11:26 4 --a------ C:\timestmp.tmp 2008-11-10 13:34 . 2008-11-10 13:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\KONAMI 2008-11-08 17:52 . 2008-11-08 17:52 220,331 --a------ c:\windows\ProgDVB Uninstaller.exe 2008-11-08 17:31 . 2008-11-08 17:55 <DIR> d-------- c:\program files\ProgDVB 2008-11-08 16:47 . 2008-11-08 16:47 <DIR> d-------- c:\program files\DVBViewerTE 2008-11-08 16:44 . 2008-11-08 16:44 <DIR> d-------- c:\program files\TechniSat DVB 2008-11-08 16:44 . 2004-03-10 23:37 368,912 --a------ c:\windows\system32\vbar332.dll 2008-11-08 16:44 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\SkyDll.dll 2008-11-08 16:44 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\Sky2PCUI.dll 2008-11-08 16:44 . 2004-04-13 13:15 102,400 --a------ c:\windows\system32\libbz2.dll 2008-11-08 16:27 . 2008-11-08 16:27 <DIR> d-------- c:\program files\DVBViewer TE2 2008-11-06 23:37 . 2008-11-06 23:37 <DIR> d--hs---- c:\windows\ftpcache 2008-11-02 23:42 . 2008-11-02 23:42 <DIR> d-------- c:\windows\Easy Rapidshare Points 2008-11-02 19:58 . 2008-11-02 19:58 <DIR> d-------- c:\program files\MSBuild 2008-11-02 19:55 . 2008-11-06 20:02 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-02 19:55 . 2008-11-02 19:55 <DIR> d-------- c:\program files\Reference Assemblies 2008-11-02 19:54 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-11-02 17:57 . 2008-11-02 17:57 <DIR> d-------- c:\program files\Rar Repair Tool 2008-11-02 12:47 . 2008-11-02 12:47 <DIR> d-------- c:\windows\system32\xlive 2008-11-01 18:55 . 2008-11-01 18:55 <DIR> d-------- c:\program files\Common Files\DirectX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-01 16:47 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2008-12-01 16:47 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2008-12-01 16:15 --------- d-----w c:\program files\Firefox 3 2008-12-01 15:52 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-01 15:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-01 15:08 --------- d-----w c:\documents and settings\COVER\Application Data\uTorrent 2008-11-28 07:04 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-11-26 09:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-24 11:31 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-22 18:01 --------- d-----w c:\program files\Lisica 2.0.16 2008-11-21 16:02 --------- d-----w c:\program files\videofixer 2008-11-21 16:00 --------- d-----w c:\program files\All Media Fixer 2008-11-21 15:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-20 14:53 --------- d-----w c:\program files\XoftSpySE 2008-11-19 06:19 --------- d-----w c:\program files\TeamViewer3 2008-11-17 15:00 --------- d-----w c:\program files\ESET 2008-11-17 05:16 --------- d-----w c:\program files\BitComet 2008-11-15 17:55 --------- d-----w c:\documents and settings\COVER\Application Data\LimeWire 2008-10-30 11:39 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia 2008-10-30 11:21 --------- d-----w c:\program files\JLC's Software 2008-10-30 11:21 --------- d-----w c:\documents and settings\COVER\Application Data\JLC's Software 2008-10-29 00:43 3,264 ----a-w C:\drmHeader.bin 2008-10-26 17:55 --------- d-----w c:\documents and settings\COVER\Application Data\Canon 2008-10-24 13:47 --------- d-----w c:\program files\Word Translator 2008-10-22 10:21 --------- d-----w c:\program files\Alcohol Soft 2008-10-22 07:43 --------- d-----w c:\documents and settings\COVER\Application Data\Nero 2008-10-22 07:42 --------- d-----w c:\program files\Nero 9 2008-10-22 07:42 --------- d-----w c:\program files\Common Files\Nero 2008-10-21 23:29 --------- d-----w c:\program files\Common Files\Ahead 2008-10-21 23:29 --------- d-----w c:\program files\Ahead 2008-10-18 15:21 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters 2008-10-17 00:46 --------- d-----w c:\program files\FastStone Image Viewer 2008-10-17 00:38 --------- d-----w c:\program files\Electronic Arts 2008-10-14 22:31 --------- d-----w c:\documents and settings\COVER\Application Data\Touchstone 2008-10-14 22:09 --------- d-----w c:\program files\AGEIA Technologies 2008-10-14 13:34 --------- d-----w c:\documents and settings\COVER\Application Data\CyberLink 2008-10-13 10:28 --------- d-----w c:\documents and settings\COVER\Application Data\Disney Interactive Studios 2008-10-09 22:58 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-10-09 11:33 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2008-10-09 11:33 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2008-10-09 11:33 --------- d-----w c:\program files\OpenAL 2008-10-09 11:01 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2008-10-09 10:57 --------- d-----w c:\program files\ATI Technologies 2008-10-09 10:55 --------- d-----w c:\program files\Common Files\ATI Technologies 2008-10-09 00:43 --------- d-----w c:\program files\Common Files\Adobe 2008-10-09 00:41 --------- d-----w c:\program files\Common Files\Control Panels 2008-10-09 00:40 --------- d-----w c:\documents and settings\All Users\Application Data\ALM 2008-10-09 00:14 --------- d-----w c:\program files\Bonjour 2008-10-09 00:09 --------- d-----w c:\program files\Common Files\Macrovision Shared 2008-10-08 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd 2008-10-07 10:55 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-07 10:55 --------- d-----w c:\documents and settings\COVER\Application Data\DAEMON Tools 2008-10-06 11:00 --------- d-----w c:\program files\++HideAnyWindow 2008-10-06 10:01 --------- d-----w c:\program files\Common Files\LogiShrd 2008-10-06 09:58 --------- d-----w c:\program files\Logitech 2008-10-06 07:01 --------- d-----w c:\program files\AVI MPEG RM WMV Splitter 2008-10-05 20:01 --------- d-----w c:\program files\wLite 2008-10-03 22:51 3,969,144 ----a-w c:\documents and settings\COVER\$TEMP.dat 2008-10-01 07:04 --------- d-----w c:\program files\++OpenVideoCapture 2008-09-15 14:04 921,632 ----a-w C:\PA7302.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RCApp"="c:\program files\gigabyte\RCApp\U7000RCApp.exe" [2007-04-24 625152] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] "Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-06 185896] "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-08-16 798720] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl] c:\documents and settings\COVER\Start Menu\Programs\Startup\ Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-02-13 493832] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2008-11-08 430080] TMMonitor.lnk - c:\program files\MSI\ArcSoft\TotalMedia\TMMonitor.exe [2008-09-21 249856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll [HKLM\~\startupfolder\C:^Documents and Settings^COVER^Start Menu^Programs^Startup^BitComet Acceleration Patch.lnk] backup=c:\windows\pss\BitComet Acceleration Patch.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^COVER^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^COVER^Start Menu^Programs^Startup^Logitech . Product Registration.lnk] path=c:\documents and settings\COVER\Start Menu\Programs\Startup\Logitech . Product Registration.lnk backup=c:\windows\pss\Logitech . Product Registration.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-12-11 11:10 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "helpsvc"=2 (0x2) "Ati HotKey Poller"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent 1.8\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "d:\\GAMES\\GAMES INSTALL\\PES 2009\\pes2009.exe"= "d:\\GAMES\\GAMES INSTALL\\FAR CRY 2\\bin\\FarCry2.exe"= "d:\\GAMES\\GAMES INSTALL\\FAR CRY 2\\bin\\FC2Launcher.exe"= "d:\\GAMES\\GAMES INSTALL\\FAR CRY 2\\bin\\FC2Editor.exe"= "d:\\GAMES\\GAMES INSTALL\\COD 5\\CoDWaWmp.exe"= "d:\\GAMES\\GAMES INSTALL\\COD 5\\CoDWaW.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10589:TCP"= 10589:TCP:BitComet 10589 TCP "10589:UDP"= 10589:UDP:BitComet 10589 UDP "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R2 TeamViewer;TeamViewer 3;"c:\program files\TeamViewer3\TeamViewer_Host.exe" -service [2008-02-19 176128] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-10-09 93696] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-10-06 628760] R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2006-05-08 13056] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\DRIVERS\RMSPPPOE.SYS [2002-10-02 31504] R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2008-09-04 451816] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2001-08-23 3584] S3 PAC7302;i-Look 317;c:\windows\system32\DRIVERS\PAC7302.SYS [2008-09-15 457856] S3 RKH;RKH;c:\docume~1\COVER\LOCALS~1\Temp\RKH.exe [] S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2008-11-19 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2008-11-19 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2008-11-19 108552] S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [] S3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\Drivers\usbvm323.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c80fed2-7996-11dd-b0e2-001d7da7023a}] \Shell\AutoRun\command - h:\wd_windows_tools\setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{07AD01B9-2286-596D-9CC7-916F9933591B}] c:\program files\windowssecurity\security.exe s [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81GH8C654712}] c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\klass.exe . Contents of the 'Scheduled Tasks' folder 2008-12-01 c:\windows\Tasks\XoftSpySE 2.job - c:\program files\XoftSpySE\XoftSpy.exe [2008-03-05 11:13] 2008-11-17 c:\windows\Tasks\XoftSpySE.job - c:\program files\XoftSpySE\XoftSpy.exe [2008-03-05 11:13] . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\COVER\Application Data\Mozilla\Firefox\Profiles\t7il0la5.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.24sata.hr/ FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll FF -: plugin - c:\program files\Firefox 3\plugins\npDivxPlayerPlugin.dll FF -: plugin - c:\program files\Firefox 3\plugins\npnul32.dll FF -: plugin - c:\program files\Firefox 3\plugins\npqtplugin.dll FF -: plugin - c:\program files\Firefox 3\plugins\npqtplugin2.dll FF -: plugin - c:\program files\Firefox 3\plugins\npqtplugin3.dll FF -: plugin - c:\program files\Firefox 3\plugins\npqtplugin4.dll FF -: plugin - c:\program files\Firefox 3\plugins\npqtplugin5.dll FF -: plugin - c:\program files\Firefox 3\plugins\npqtplugin6.dll FF -: plugin - c:\program files\Firefox 3\plugins\npqtplugin7.dll FF -: plugin - c:\program files\Firefox 3\plugins\NPSWF32.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-12-01 17:48:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1792) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(7768-) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\shdoclc.dll c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\PnkBstrA.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\windows\system32\wdfmgr.exe c:\program files\TeamViewer3\TeamViewer.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe c:\windows\system32\imapi.exe . ************************************************************************ . Completion time: 2008-12-01 17:53:42 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-01 16:53:24 Pre-Run: 1.897.598.976 bytes free Post-Run: 2,621,812,736 bytes free 308 USB_blocker by bobby Started at 1.12.2008 17:56:29 Scanning for connected USB Mass storage... ======================================== ======================================== Scanning for other storage... ======================================== D: 7e7c5a46-6351-11dd-a1c4-806d6172696f C: 7e7c5a47-6351-11dd-a1c4-806d6172696f E: 7e7c5a48-6351-11dd-a1c4-806d6172696f ======================================== Scanning fixed storage for autorun.inf files... ======================================== ======================================== New device connected at 1.12.2008 17:56:44 Scanning for connected USB Mass storage... ======================================== I: 5e56880a-634d-11dd-b0d2-001d7da7023a ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== ======================================== New device connected at 1.12.2008 17:58:30 Scanning for connected USB Mass storage... ======================================== H: 9ab154a4-6346-11dd-b0d1-001d7da7023a ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== autorun.inf found on H: Error renaming file H:\autorun.inf desktop.ini found on H: Sanitizing Shell Menu... No key for GUID: 9ab154a4-6346-11dd-b0d1-001d7da7023a ======================================== New device connected at 1.12.2008 17:59:24 Scanning for connected USB Mass storage... ======================================== H: d0aa45fc-804a-11dd-b0e7-001d7da7023a ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... Sanitized d0aa45fc-804a-11dd-b0e7-001d7da7023a ========================================

Profil

bobby Poslao: 01 Dec 2008 19:06 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nemoj pogresno da me shvatis, ali ti si vec drugi u zadnjih pola sata, a mozda deseti ove nedelje, koji nije ispostovao pravila otvaranja teme u Ambulanti. Svaki dan se pitam zasto one teme stoje obelezene crvenom bojom i ispred pise Vazno: http://www.mycity.rs/Ambulanta/ 1. Nisi smeo bez naseg nadzora pokretati ComboFix. 2. Manje vazno, ali ne smes pisati u tudjim temama, vec moras otvoriti svoju temu. Jedna tema = jedan slucaj = jednako 1 clan AMF tima resava taj slucaj. Pogledacu sada logove, da vidim da li je ostalo nesto od tragova infekcije, pa da vidim da li je ostalo jos nesto od materijala koji je nama potreban za analizu... Dopuna: 01 Dec 2008 18:39 Drugi uredjaj po redu koji si skenirao USB_blockerom je inficiran i USB_blocker nije uspeo da sredi taj USB uredjaj posto je najverovatnije infekcija vec aktivna. Kazi mi koji je to uredjaj bio i kako je formatiran (FAT32 ili NTFS). Dopuna: 01 Dec 2008 19:06 Mislim da znam zasto USB_blocker nije uspeo da obavi posao. Iskljuci USB Guard i probaj ponovo. Dalje, u ComboFix logu vidim USB uredjaje koji su inficirani, a nisi probao da ih sredis USB_blockerom. Da li te uredjaje mozda nemas tu pri ruci?

Profil

cover2580 Poslao: 01 Dec 2008 19:23 Idi na vrh
offline cover2580 Novi MyCity građanin Pridružio: 01 Dec 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Izvinjavam se moderatorima, iskreno nisam čitao pravila jer sam bio sretan, u nadi da sam našao nekoga tko je voljan pomoći rješiti moje probleme. Izvinjavam se šta sam stavio u krivu temu. Stick je sony usm4gr 4gb formatiran u fat32 Nemam ih pri ruci koji su to? Hvala Evo novi log i gledajte kako mi izgleda task manager, zašto? lp Puno hvala mycity.rs/must-login.png

Profil

bobby Poslao: 01 Dec 2008 20:01 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni na skroz desnu ivicu Task Managera, to bi trebalo da ga vrati u normalan oblik. Dao si mi stari log USB_blockera (onaj sto ima 1 u zagradi je stari log). Trebao bi mi nov log, ali da iskljucis USB Guard tako da USB_blocker uspe da obavi svoj posao. Vidi, svaki uredjaj ima svoju identifikacioni broj. U ComboFix logu vidi tri uredjaja (3 razlicite identifikacije), a u USB_blocker logu vidim neka druga 3 uredjaja.

Profil

cover2580 Poslao: 01 Dec 2008 21:03 Idi na vrh
offline cover2580 Novi MyCity građanin Pridružio: 01 Dec 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo uspio sam vratit u normalu task manager (neznam kako je došao onakav). Hvala evo i novi log: mycity.rs/must-login.png USB_blocker by bobby Started at 1.12.2008 20:53:33 Scanning for connected USB Mass storage... ======================================== I: 5e56880a-634d-11dd-b0d2-001d7da7023a ======================================== Scanning for other storage... ======================================== D: 7e7c5a46-6351-11dd-a1c4-806d6172696f C: 7e7c5a47-6351-11dd-a1c4-806d6172696f E: 7e7c5a48-6351-11dd-a1c4-806d6172696f ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== ======================================== Scanning fixed storage for autorun.inf files... ======================================== ======================================== New device connected at 1.12.2008 20:55:14 Scanning for connected USB Mass storage... ======================================== H: 9ab154a4-6346-11dd-b0d1-001d7da7023a ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== desktop.ini found on H: File H:\Portable.Everest.4.60.1562.Beta.g3n\Portable.Everest.4.60.1562.Beta.g3n\desktop.ini renamed successfully Sanitizing Shell Menu... No key for GUID: 9ab154a4-6346-11dd-b0d1-001d7da7023a ======================================== New device connected at 1.12.2008 20:56:46 Scanning for connected USB Mass storage... ======================================== H: d0aa45fc-804a-11dd-b0e7-001d7da7023a ======================================== Scanning USB mass storage for autorun.inf and desktop.ini files... ======================================== Sanitizing Shell Menu... No key for GUID: d0aa45fc-804a-11dd-b0e7-001d7da7023a ======================================== lp

Profil

bobby Poslao: 01 Dec 2008 21:23 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c80fed2-7996-11dd-b0e2-001d7da7023a}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{07AD01B9-2286-596D-9CC7-916F9933591B}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81GH8C654712}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

cover2580 Poslao: 02 Dec 2008 00:49 Idi na vrh
offline cover2580 Novi MyCity građanin Pridružio: 01 Dec 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo napokon... mycity.rs/must-login.png lp

Profil

bobby Poslao: 02 Dec 2008 21:46 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Rekao bih da je infekcija sada uklonjena. Deinstaliraj ComboFix prema sledecem uputstvu: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore USB_blocker nastavi dalje da koristis ukoliko USB stic i dalje koristis na vise racunara. Folder koji ranije nije mogao da se izbrise sada bi trebao da moze rucno da se izbrise.

Profil

cover2580 Poslao: 03 Dec 2008 01:31 Idi na vrh
offline cover2580 Novi MyCity građanin Pridružio: 01 Dec 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Puno hvala... ali onaj folder RECYCLER mi se opet pojavljuje na svim diskovima (dali mora?), unutra tog foldera je ikonica sa smećem sa nekin čudnim nazivom i sve šta brišem na kompu baca u taj folder u ikonicu sa smećem. da opet pokrenem combofix (koji sam izbrisao) ili kako , autorun-a više nema na sreću. Unaprijed Hvala evo screen-ova lp Dopuna: 03 Dec 2008 1:31 i da... taj folder kompletni RECYCLER obrišem (jedino sa unlocker-om) ali se opet nakon par sekundi ili minuta vrati, dali on mora bit tamo, ima li veze sa ikonom smeća sa desktopa? lp

Profil

bobby Poslao: 03 Dec 2008 06:25 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Taj folder mora biti tu. To ti je folder koji na desktopu vidis kao Recycle Bin (korpu za otpatke). Na svakoj particiji ima po jedan takav folder.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Izdvojeno iz druge teme (2)

Ko je trenutno na forumu

Ukupno su 928 korisnika na forumu :: 23 registrovanih, 4 sakrivenih i 901 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, ajo baba, aramis s, babaroga, ccoogg123, comi_pfc, djuradj, Frunze, Komentator, Lieutenant, Metanoja, Miki01, milenko crazy north, moldway, Niko Bitan, ozzy, ruso, Shinobi, solic, tomigun, voja64, wizzardone, Yellow Pinky

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by