Poslao: 25 Jan 2010 17:21
|
offline
- Blue
- Elitni građanin
- Pridružio: 06 Avg 2003
- Poruke: 2214
|
Napisano: 25 Jan 2010 17:17
Na flashu mi je bio vidljiv autorun.inf ,posle instaliranja i skeniranja programom usb drive antivirus 2.3 on je sklonio autorun.inf kao hidden,i kad god ga skenira on nalazi infekciju threads,medjutim kada otvorim free commanderom flash on mi pored autorun.inf prikazuje driver folder pa u njemu ikonicu recycle bin-a i u njoj jos neki fajl –¼‡‘Š•†‘Í€ŒŽ i desktop.ini ,kada ga ocisti ovako izgleda
Scan completed successfully
C:\ no threat found
D:\ no threat found
G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ cleaned
G:\Autorun.inf cleaned
G:\ cleaned completed.
symantec i super antyspyware ne nalaze nista. Nisam siguran da li je infekcija sada ,pre je bila jer mi je kada sam nakacio n96 mass memory bio pretvoren u exe ,svaki folder pa sam formatirao mob. ali to je druga prica,.... da li je neka infekcija i kako da je uklonim,sve sam pokusao uradi mi format normalno kada restartujem komp ali mi i dalje u hidden kada otvaram free commanderom stoje ti fajlovi
kapacitet je 7.44gb ,ti fajlovi zauzimaju 140kb ,da li je to normalno
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
Dopuna: 25 Jan 2010 17:21
e jbg. tek sada videh da je upustvo izmenjeno...sorry
|
|
|
|
|
Poslao: 25 Jan 2010 18:23
|
offline
- Blue
- Elitni građanin
- Pridružio: 06 Avg 2003
- Poruke: 2214
|
ja mislim da sam oslepeo,ne vidim ga nigde
ili iz win32 rndll.exe
|
|
|
|
|
Poslao: 25 Jan 2010 19:39
|
offline
- Blue
- Elitni građanin
- Pridružio: 06 Avg 2003
- Poruke: 2214
|
All processes killed
Error: Unable to interpret <processes> in the current context!
Error: Unable to interpret <C:\WINDOWS\rndll.exe> in the current context!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Firevall Administrating not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\npad_ql deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Taskman not found.
========== FILES ==========
File/Folder C:\WINDOWS\rndll.exe not found.
c:\windows\system32\Npad.exe moved successfully.
File/Folder c:\documents and settings\ratko\application data\uyugq.exe not found.
File/Folder C:\123ds.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: Ratko
->Temp folder emptied: 17944616 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 2765919 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36782 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 3348 bytes
Total Files Cleaned = 22.00 mb
OTM by OldTimer - Version 3.1.6.0 log created on 01252010_193335
Files moved on Reboot...
Registry entries deleted on Reboot...
|
|
|
|
Poslao: 25 Jan 2010 20:01
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Napisano: 25 Jan 2010 20:00
Pusti ponovo DDS i postavi DDS.txt file
Zatim, preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.
Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.
Dopuna: 25 Jan 2010 20:01
Pusti ponovo DDS i postavi DDS.txt file
Zatim, preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.
Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.
|
|
|
|
Poslao: 25 Jan 2010 20:53
|
offline
- Blue
- Elitni građanin
- Pridružio: 06 Avg 2003
- Poruke: 2214
|
Napisano: 25 Jan 2010 20:23
e skrljo mi se sistem bio ,sve sam podigao ponovo,formatirao sam sve i podigao novi sistem,dakle sad ostaje samo taj usb za proveru samo njega imam nista drugo
Dopuna: 25 Jan 2010 20:53
uh napokon sam ga ocistio,sad je kao suza ,hvala puno diarno
|
|
|
|
|
Poslao: 25 Jan 2010 21:51
|
offline
- Blue
- Elitni građanin
- Pridružio: 06 Avg 2003
- Poruke: 2214
|
USBNoRisk 2.5 (26 July 2009) by bobby
Started at 1/25/2010 9:48:29 PM
Searching for connected USB Mass storage...
----------------------------------------
G: {6c39f9a2-09df-11df-91ff-806d6172696f}
========================================
Searching for other storage...
----------------------------------------
D: {6c39f9a4-09df-11df-91ff-806d6172696f}
C: {6c39f9a6-09df-11df-91ff-806d6172696f}
========================================
Scanning removable storage...
----------------------------------------
No blocked files found on G:
No Autorun.inf files found on G:
Sanitized mountpoint for 6c39f9a2-09df-11df-91ff-806d6172696f
No Desktop.ini files found on G:
No mimics found on drive G:
----------------------------------------
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 6c39f9a6-09df-11df-91ff-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 6c39f9a4-09df-11df-91ff-806d6172696f
No Desktop.ini files found on D:
----------------------------------------
========================================
Initial scan finished!
========================================
|
|
|
|
Poslao: 25 Jan 2010 22:44
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
To je samo inicijalni sken, tj sken particija... meni treba ono posle kad ubacujes usb uredjaje... No ako ti smatras da je problem resen mozemo privoditi kraju, al cisto da znas infekcija je dosla sa usb-a.
|
|
|
|