MyCity » Ambulanta -> Arhiva Ambulante » USB i recycler

USB i recycler

Napisano na dan: 18.7.2008

Strana:
1
2

USB i recycler

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Ričard Poslao: 18 Jul 2008 16:54 Idi na vrh
offline Ričard Lavlje srce Supermoderator Zver! Electro maintenance engineer Pridružio: 28 Nov 2006 Poruke: 13745 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisam siguran da li je ovo tema za ovde ili za ambulantu. Na flash memoriji mi se pojavio folder RECYCLER i autorun.ini fajl sa sledecim sadrzajem [autorun] open=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe icon=%SystemRoot%\system32\SHELL32.dll,4 action=Open folder to view files shell\open=Open shell\open\command=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe shell\open\default=1 Kada kliknem dvostruko na flash, u okviru prozora my computer otvori mi se prozor da odaberem sa kojim programom da fajl. Takodje i kada ga ubacim u usb port u autorun prozoru prva opcija je da odaberem program za pokretanje koji bi otvorio specificni fajl, pa ond sve ostalo. Desnim klikom i odabirom explore sve radi ok. Gore pomenute fajlove ne mogu izbrisati, jer se odmah nakon brisanja generisu.

Profil

Rogi Poslao: 18 Jul 2008 16:58 Idi na vrh
offline Rogi Mod u pemziji Najbolji košarkaš koji je ikada igrao ovu igru Pridružio: 31 Avg 2005 Poruke: 11687	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kad naidjem na ovakve stvari ja konsultujem Google. http://www.google.com/search?hl=sr&q=exe32.exe.....B0&lr= Iz nadjenih linkova se moze zakljuciti u cemu je problem. BTW, imas li instaliran neki Anti-Virus i Anti-Spy Program?

Profil

Ričard Poslao: 18 Jul 2008 17:11 Idi na vrh
offline Ričard Lavlje srce Supermoderator Zver! Electro maintenance engineer Pridružio: 28 Nov 2006 Poruke: 13745 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zaista google nisam konsultovao jer je u okviru foldrea recycle bila je ikona recycle byna, to me je malo zbunilo. Sada vidim u cemu je problem. Na racunaru na kome radim je instaliran simantec, u pitanju je internet kafe. Kuci nemam internet konekciju pa i nemam instaliranu nikakvu zastitu. Hvala na odgovoru.

Profil

bobby Poslao: 18 Jul 2008 17:17 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Taj USB stick je zarazen, i zarazice najverovatnije svaki racunar u koji bude bio ubacen. Ja prebacujem ovu temu u Ambulantu, a ti postavi HijackThis log kao sto je opisano u ovoj temi: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Odmah nakon toga uradi i sledece: Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Rogi Poslao: 18 Jul 2008 17:18 Idi na vrh
offline Rogi Mod u pemziji Najbolji košarkaš koji je ikada igrao ovu igru Pridružio: 31 Avg 2005 Poruke: 11687	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne znam kakav je Norton ili Symantec, ali probaj da proskeniras Windows njime, naravo skini mu poslednje definicije (update). Pa ako on ne resi problem, instaliraj Kaspersky (prethodno deinstaliraj Nortona ovim alatom http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039). Kaspersky je potpuno funkciolnalan 30 dana, znaci ne moras da kupis licencu. I proskeniraj Windows Kaspersky AV-om. Pa ako i on ne resi problem, zna se...Ambulanta.

Profil

bobby Poslao: 18 Jul 2008 17:20 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! @Rogi Norton ima aktivaciju slicnu Windowsovoj, mozda nece hteti da se aktivira ako je jednom vec bio aktiviran (za slucaj da ga vrati nakon isteka trial verzije Kasperskog).

Profil

Rogi Poslao: 18 Jul 2008 17:22 Idi na vrh
offline Rogi Mod u pemziji Najbolji košarkaš koji je ikada igrao ovu igru Pridružio: 31 Avg 2005 Poruke: 11687	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! bobby ::@Rogi Norton ima aktivaciju slicnu Windowsovoj, mozda nece hteti da se aktivira ako je jednom vec bio aktiviran (za slucaj da ga vrati nakon isteka trial verzije Kasperskog). Jbg. to nisma znao. Nisam koristio Nortona... Fala za info.

Profil

Ričard Poslao: 19 Jul 2008 07:40 Idi na vrh
offline Ričard Lavlje srce Supermoderator Zver! Electro maintenance engineer Pridružio: 28 Nov 2006 Poruke: 13745 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala lepo na svim savetima, ali kao sto rekoh radi se o racunaru koji je u internet kafeu, znaci nikakve instalacije ne dolaze u obzir. Skinucu hijackthis i combofix, pa sve to kuci. Ovde ne vredi nista. Dopuna: 19 Jul 2008 7:40 Hijackthis log. Logfile of HijackThis v1.99.1 Scan saved at 7:10:48, on 19.7.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\Siemens\Common\S7ubtoox\s7ubtstx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MESSEN~1\Msmsgs.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe D:\PROGRAMI\ObjectDock\ObjectDock\ObjectDock.exe C:\Siemens\Common\Sqlany\dbsrv50.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Novum\Desktop\New Folder (2)\kraj.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web-entrance.com/main.cgi?ID=215 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - Startup: Stardock ObjectDock.lnk = D:\PROGRAMI\ObjectDock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe Combofix log ComboFix 08-07-17.4 - Novum 2008-07-19 7:28:49.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.104 [GMT 2:00] Running from: C:\Documents and Settings\Novum\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))) . 2008-07-19 07:27 . 2008-07-19 07:27 9,378 --a------ C:\runmgr.exe 2008-07-19 06:54 . 2008-07-19 06:54 <DIR> d-------- C:\Program Files\Avira 2008-07-19 06:54 . 2008-07-19 06:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-12 07:11 . 2008-07-13 17:19 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-07-11 08:20 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-07-11 08:20 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-07-11 08:00 . 2008-07-11 08:00 <DIR> d-------- C:\Program Files\Avanquest update 2008-07-11 08:00 . 2008-07-11 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-07-11 07:59 . 2008-07-11 07:59 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-07-11 07:59 . 2008-07-11 07:59 <DIR> d-------- C:\Documents and Settings\Novum\Application Data\InstallShield 2008-07-11 07:59 . 2008-07-11 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-07-07 10:24 . 2008-07-07 10:24 <DIR> d-------- C:\games 2008-07-06 08:12 . 2008-07-06 08:12 <DIR> d-------- C:\Program Files\MOSoft 2008-07-06 08:12 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe 2008-07-03 17:03 . 2008-07-03 17:03 <DIR> d-------- C:\Documents and Settings\Novum\Application Data\Autodesk 2008-07-03 17:03 . 2008-07-12 07:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk 2008-06-23 16:22 . 2008-06-30 15:52 38 --a------ C:\WINDOWS\avisplitter.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 05:24 --------- d-----w C:\Program Files\Sony Setup 2008-07-15 10:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-30 15:05 --------- d-----w C:\Documents and Settings\Novum\Application Data\XnView 2008-05-20 10:12 --------- d-----w C:\Program Files\OMRON 2008-04-18 13:22 46,552 ----a-w C:\Documents and Settings\Novum\Application Data\GDIPFONTCACHEV1.DAT 2007-03-20 12:26 106 ----a-w C:\Documents and Settings\Novum\Application Data\wklnhst.dat 1998-04-27 19:15 570,128 ------w C:\Program Files\Common Files\dao350.dll 1998-04-26 23:00 570,128 ----a-w C:\Program Files\DAO350.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MSMSGS"="c:\PROGRA~1\MESSEN~1\Msmsgs.exe" [2005-08-31 21:27 1658592] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "S7UB Start"="C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" [2000-10-26 00:02 102400] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-23 11:47 180269] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 19:32 132760] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "SoundMan"="SOUNDMAN.EXE" [2005-08-01 08:28 77824 C:\WINDOWS\SOUNDMAN.EXE] "SMSERIAL"="sm56hlpr.exe" [2005-07-06 04:47 544768 C:\WINDOWS\sm56hlpr.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\Novum\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - D:\PROGRAMI\ObjectDock\ObjectDock\ObjectDock.exe [2006-03-12 08:51:37 1802309] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Messenger\\Msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12759:TCP"= 12759:TCP:NortonAV "13972:TCP"= 13972:TCP:NortonAV "17450:TCP"= 17450:TCP:NortonAV "18174:TCP"= 18174:TCP:NortonAV "18302:TCP"= 18302:TCP:NortonAV "12122:TCP"= 12122:TCP:NortonAV "18271:TCP"= 18271:TCP:NortonAV "18545:TCP"= 18545:TCP:NortonAV "12506:TCP"= 12506:TCP:NortonAV "15488:TCP"= 15488:TCP:NortonAV "14631:TCP"= 14631:TCP:NortonAV "18514:TCP"= 18514:TCP:NortonAV "12775:TCP"= 12775:TCP:NortonAV "14325:TCP"= 14325:TCP:NortonAV "14113:TCP"= 14113:TCP:NortonAV "12537:TCP"= 12537:TCP:NortonAV "15710:TCP"= 15710:TCP:NortonAV "12093:TCP"= 12093:TCP:NortonAV "16681:TCP"= 16681:TCP:NortonAV "13757:TCP"= 13757:TCP:NortonAV "15273:TCP"= 15273:TCP:NortonAV "17090:TCP"= 17090:TCP:NortonAV "13761:TCP"= 13761:TCP:NortonAV "17206:TCP"= 17206:TCP:NortonAV "14505:TCP"= 14505:TCP:NortonAV "15409:TCP"= 15409:TCP:NortonAV "14585:TCP"= 14585:TCP:NortonAV "17310:TCP"= 17310:TCP:NortonAV "17230:TCP"= 17230:TCP:NortonAV "13686:TCP"= 13686:TCP:NortonAV "17052:TCP"= 17052:TCP:NortonAV "17163:TCP"= 17163:TCP:NortonAV "17613:TCP"= 17613:TCP:NortonAV "17243:TCP"= 17243:TCP:NortonAV "12684:TCP"= 12684:TCP:NortonAV "15025:TCP"= 15025:TCP:NortonAV "14334:TCP"= 14334:TCP:NortonAV "12696:TCP"= 12696:TCP:NortonAV "16658:TCP"= 16658:TCP:NortonAV "17612:TCP"= 17612:TCP:NortonAV "15831:TCP"= 15831:TCP:NortonAV "13314:TCP"= 13314:TCP:NortonAV "17020:TCP"= 17020:TCP:NortonAV "14354:TCP"= 14354:TCP:NortonAV "17424:TCP"= 17424:TCP:NortonAV "15295:TCP"= 15295:TCP:NortonAV "18485:TCP"= 18485:TCP:NortonAV "15167:TCP"= 15167:TCP:NortonAV "14047:TCP"= 14047:TCP:NortonAV "15057:TCP"= 15057:TCP:NortonAV "18850:TCP"= 18850:TCP:NortonAV "12020:TCP"= 12020:TCP:NortonAV "17434:TCP"= 17434:TCP:NortonAV "12443:TCP"= 12443:TCP:NortonAV "18433:TCP"= 18433:TCP:NortonAV "15727:TCP"= 15727:TCP:NortonAV "17745:TCP"= 17745:TCP:NortonAV "14863:TCP"= 14863:TCP:NortonAV "13211:TCP"= 13211:TCP:NortonAV "16450:TCP"= 16450:TCP:NortonAV "16023:TCP"= 16023:TCP:NortonAV "15618:TCP"= 15618:TCP:NortonAV "14183:TCP"= 14183:TCP:NortonAV R2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2001-06-27 10:59] R2 s7osmcax;s7osmcax;C:\WINDOWS\system32\Drivers\s7osmcax.sys [2004-12-23 11:24] R2 s7otranx;s7otranx;C:\WINDOWS\system32\Drivers\S7otranx.sys [2004-12-23 11:24] R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-08-01 08:29] S3 <NtDriverName>;<NtDriverName>;C:\WINDOWS\system32\Drivers\<NtDriverName>.sys [] S3 C745PROG;C745PROG;C:\WINDOWS\system32\drivers\c745prog.sys [2004-06-12 00:04] S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2000-03-28 12:05] S3 S7OUPC2X;SIMATIC PC Adapter USB Driver;C:\WINDOWS\system32\DRIVERS\s7oupc2x.sys [2005-01-14 13:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\Auto\command - F:\AdobeR.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe41d73e-53b4-11dc-99f5-0002e34a0ee9}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs Newly Created Service - CATCHME Newly Created Service - PROCEXP90 Newly Created Service - SSMDRV . Contents of the 'Scheduled Tasks' folder "2006-10-01 05:34:33 C:\WINDOWS\Tasks\Low Battery Alarm Program.job" . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-19 07:31:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-19 7:34:38 ComboFix-quarantined-files.txt 2008-07-19 05:34:31 Pre-Run: 4,960,776,192 bytes free Post-Run: 4,944,236,544 bytes free 165

Profil

bobby Poslao: 19 Jul 2008 08:36 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi na proveru sledece fajlove: C:\WINDOWS\system32\Drivers\<NtDriverName>.sys C:\runmgr.exe F:\AdobeR.exe Najverovatnije ces prvo morati da ih spakujes u jedan ZIP. Upload ces uraditi preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Javi kada odradis upload. Dok ovo ne zavrsimo, zamolio bih te da ne koristis USB flash drive koji ti je zarazen.

Profil

Ričard Poslao: 22 Jul 2008 13:34 Idi na vrh
offline Ričard Lavlje srce Supermoderator Zver! Electro maintenance engineer Pridružio: 28 Nov 2006 Poruke: 13745 Gde živiš: Vršac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na racunaru ne postoje takvi fajlovi. Pretraga nije dala nikakve rezultate iako je ukljucena da trazi po svim kriterijumima. F:\ je inace flash koji u momentu skeniranja nije bio ukljucen. Adobera sam se ranije resio. Dopuna: 19 Jul 2008 11:20 @ bobby, izvinjavam se, ali izmedju prvih logova i tvog posta uradio sam scan sa avirom i ona je runmgr.exe prepoznala kao trojanca i poslala ga u karantin, odatle sam ga izbrisao. Dok <NtDriverName>.sys ne postoji nigde. Ako moze evo novih logova, nakon praznjenja karantina. Logfile of HijackThis v1.99.1 Scan saved at 10:58:31, on 19.7.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\Siemens\Common\S7ubtoox\s7ubtstx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MESSEN~1\Msmsgs.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe D:\PROGRAMI\ObjectDock\ObjectDock\ObjectDock.exe C:\Siemens\Common\Sqlany\dbsrv50.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Novum\Desktop\New Folder (2)\kraj.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web-entrance.com/main.cgi?ID=215 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - Startup: Stardock ObjectDock.lnk = D:\PROGRAMI\ObjectDock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe ComboFix 08-07-17.4 - Novum 2008-07-19 11:02:28.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.119 [GMT 2:00] Running from: C:\Documents and Settings\Novum\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))) . 2008-07-19 06:54 . 2008-07-19 06:54 <DIR> d-------- C:\Program Files\Avira 2008-07-19 06:54 . 2008-07-19 06:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-12 07:11 . 2008-07-13 17:19 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-07-11 08:20 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2008-07-11 08:20 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2008-07-11 08:00 . 2008-07-11 08:00 <DIR> d-------- C:\Program Files\Avanquest update 2008-07-11 08:00 . 2008-07-11 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-07-11 07:59 . 2008-07-11 07:59 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-07-11 07:59 . 2008-07-11 07:59 <DIR> d-------- C:\Documents and Settings\Novum\Application Data\InstallShield 2008-07-11 07:59 . 2008-07-11 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-07-07 10:24 . 2008-07-07 10:24 <DIR> d-------- C:\games 2008-07-06 08:12 . 2008-07-06 08:12 <DIR> d-------- C:\Program Files\MOSoft 2008-07-06 08:12 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe 2008-07-03 17:03 . 2008-07-03 17:03 <DIR> d-------- C:\Documents and Settings\Novum\Application Data\Autodesk 2008-07-03 17:03 . 2008-07-12 07:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk 2008-06-23 16:22 . 2008-06-30 15:52 38 --a------ C:\WINDOWS\avisplitter.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 05:24 --------- d-----w C:\Program Files\Sony Setup 2008-07-15 10:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-30 15:05 --------- d-----w C:\Documents and Settings\Novum\Application Data\XnView 2008-05-20 10:12 --------- d-----w C:\Program Files\OMRON 2008-04-18 13:22 46,552 ----a-w C:\Documents and Settings\Novum\Application Data\GDIPFONTCACHEV1.DAT 2007-03-20 12:26 106 ----a-w C:\Documents and Settings\Novum\Application Data\wklnhst.dat 1998-04-27 19:15 570,128 ------w C:\Program Files\Common Files\dao350.dll 1998-04-26 23:00 570,128 ----a-w C:\Program Files\DAO350.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MSMSGS"="c:\PROGRA~1\MESSEN~1\Msmsgs.exe" [2005-08-31 21:27 1658592] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "S7UB Start"="C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" [2000-10-26 00:02 102400] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-23 11:47 180269] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 19:32 132760] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "SoundMan"="SOUNDMAN.EXE" [2005-08-01 08:28 77824 C:\WINDOWS\SOUNDMAN.EXE] "SMSERIAL"="sm56hlpr.exe" [2005-07-06 04:47 544768 C:\WINDOWS\sm56hlpr.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\Novum\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - D:\PROGRAMI\ObjectDock\ObjectDock\ObjectDock.exe [2006-03-12 08:51:37 1802309] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Messenger\\Msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12759:TCP"= 12759:TCP:NortonAV "13972:TCP"= 13972:TCP:NortonAV "17450:TCP"= 17450:TCP:NortonAV "18174:TCP"= 18174:TCP:NortonAV "18302:TCP"= 18302:TCP:NortonAV "12122:TCP"= 12122:TCP:NortonAV "18271:TCP"= 18271:TCP:NortonAV "18545:TCP"= 18545:TCP:NortonAV "12506:TCP"= 12506:TCP:NortonAV "15488:TCP"= 15488:TCP:NortonAV "14631:TCP"= 14631:TCP:NortonAV "18514:TCP"= 18514:TCP:NortonAV "12775:TCP"= 12775:TCP:NortonAV "14325:TCP"= 14325:TCP:NortonAV "14113:TCP"= 14113:TCP:NortonAV "12537:TCP"= 12537:TCP:NortonAV "15710:TCP"= 15710:TCP:NortonAV "12093:TCP"= 12093:TCP:NortonAV "16681:TCP"= 16681:TCP:NortonAV "13757:TCP"= 13757:TCP:NortonAV "15273:TCP"= 15273:TCP:NortonAV "17090:TCP"= 17090:TCP:NortonAV "13761:TCP"= 13761:TCP:NortonAV "17206:TCP"= 17206:TCP:NortonAV "14505:TCP"= 14505:TCP:NortonAV "15409:TCP"= 15409:TCP:NortonAV "14585:TCP"= 14585:TCP:NortonAV "17310:TCP"= 17310:TCP:NortonAV "17230:TCP"= 17230:TCP:NortonAV "13686:TCP"= 13686:TCP:NortonAV "17052:TCP"= 17052:TCP:NortonAV "17163:TCP"= 17163:TCP:NortonAV "17613:TCP"= 17613:TCP:NortonAV "17243:TCP"= 17243:TCP:NortonAV "12684:TCP"= 12684:TCP:NortonAV "15025:TCP"= 15025:TCP:NortonAV "14334:TCP"= 14334:TCP:NortonAV "12696:TCP"= 12696:TCP:NortonAV "16658:TCP"= 16658:TCP:NortonAV "17612:TCP"= 17612:TCP:NortonAV "15831:TCP"= 15831:TCP:NortonAV "13314:TCP"= 13314:TCP:NortonAV "17020:TCP"= 17020:TCP:NortonAV "14354:TCP"= 14354:TCP:NortonAV "17424:TCP"= 17424:TCP:NortonAV "15295:TCP"= 15295:TCP:NortonAV "18485:TCP"= 18485:TCP:NortonAV "15167:TCP"= 15167:TCP:NortonAV "14047:TCP"= 14047:TCP:NortonAV "15057:TCP"= 15057:TCP:NortonAV "18850:TCP"= 18850:TCP:NortonAV "12020:TCP"= 12020:TCP:NortonAV "17434:TCP"= 17434:TCP:NortonAV "12443:TCP"= 12443:TCP:NortonAV "18433:TCP"= 18433:TCP:NortonAV "15727:TCP"= 15727:TCP:NortonAV "17745:TCP"= 17745:TCP:NortonAV "14863:TCP"= 14863:TCP:NortonAV "13211:TCP"= 13211:TCP:NortonAV "16450:TCP"= 16450:TCP:NortonAV "16023:TCP"= 16023:TCP:NortonAV "15618:TCP"= 15618:TCP:NortonAV "14183:TCP"= 14183:TCP:NortonAV R2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2001-06-27 10:59] R2 s7osmcax;s7osmcax;C:\WINDOWS\system32\Drivers\s7osmcax.sys [2004-12-23 11:24] R2 s7otranx;s7otranx;C:\WINDOWS\system32\Drivers\S7otranx.sys [2004-12-23 11:24] R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-08-01 08:29] S3 <NtDriverName>;<NtDriverName>;C:\WINDOWS\system32\Drivers\<NtDriverName>.sys [] S3 C745PROG;C745PROG;C:\WINDOWS\system32\drivers\c745prog.sys [2004-06-12 00:04] S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2000-03-28 12:05] S3 S7OUPC2X;SIMATIC PC Adapter USB Driver;C:\WINDOWS\system32\DRIVERS\s7oupc2x.sys [2005-01-14 13:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\Auto\command - F:\AdobeR.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe41d73e-53b4-11dc-99f5-0002e34a0ee9}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . Contents of the 'Scheduled Tasks' folder "2006-10-01 05:34:33 C:\WINDOWS\Tasks\Low Battery Alarm Program.job" . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-19 11:05:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-19 11:06:53 ComboFix-quarantined-files.txt 2008-07-19 09:06:46 Pre-Run: 4,954,345,472 bytes free Post-Run: 4,944,117,760 bytes free 159 Dopuna: 22 Jul 2008 13:34 Ja se izvinjavam, ali samo da osvezim temu ukoliko je na nju zaboravljno.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » USB i recycler

Ko je trenutno na forumu

Ukupno su 1006 korisnika na forumu :: 37 registrovanih, 5 sakrivenih i 964 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Alibaba1981, asdfjklc, bbogdan, Bobrock1, brundo65, cikadeda, colji, Dannyboy, djboj, Djokkinen, FileFinder, GAGI, goxin, Griffon vulture, ivan1973, Koridor, Krusarac, ladro, lcc, mean_machine, Milos ZA, nebkv, Neutral-M, Prašinar, royst33, ruger357, S-lash, SD izvidjac, skvara, Smiljke, Trpe Grozni, trutcina, Tvrtko I, Volkhov-M, wolf431, Wrangler, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by