MyCity » Ambulanta -> Arhiva Ambulante » problem sa kompom zarazenim flash karticom

problem sa kompom zarazenim flash karticom

Napisano na dan: 16.4.2008

Strana:
1
2
3

problem sa kompom zarazenim flash karticom

Pagination

Prethodna strana

Odgovori

Strana:
1
2
3

gogi100 Poslao: 29 Apr 2008 20:32 Idi na vrh
offline gogi100 Građanin Pridružio: 26 Jan 2006 Poruke: 233	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! log je: ComboFix 08-04-20.2 - gogi 2008-04-29 20:27:25.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.316 [GMT 2:00] Running from: C:\Documents and Settings\gogi\Desktop\virusi\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\2DED3ED8.EXE . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_9BC11C18 -------\Service_9BC11C18 ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))) . 2008-04-28 21:10 . 2008-04-28 21:20 209,340,416 --a------ C:\kasp.iso 2008-04-21 15:53 . 2008-04-21 15:53 <DIR> d-------- C:\MISA 2008-04-21 07:53 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-04-21 07:53 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-04-16 13:30 . 2008-04-21 07:14 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-04-16 10:15 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys 2008-04-16 10:15 . 2001-08-17 13:47 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys 2008-04-16 10:14 . 2004-08-03 22:58 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys 2008-04-16 10:14 . 2004-08-03 22:58 207,360 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys 2008-04-16 10:14 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys 2008-04-16 10:14 . 2001-08-17 13:47 23,808 --a--c--- C:\WINDOWS\system32\dllcache\dot4usb.sys 2008-04-16 09:16 . 2008-04-16 09:16 <DIR> d-------- C:\WINDOWS\system32\EFFA9C20.DLL 2008-04-11 14:49 . 2008-04-11 14:49 4,226,353 --a------ C:\WINDOWS\REGBK01.ZIP 2008-04-01 13:10 . 2008-04-01 13:10 <DIR> d-------- C:\WINDOWS\PIF 2008-03-31 14:02 . 2008-03-31 14:02 <DIR> d-------- C:\Program Files\Stonisa . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-29 18:25 --------- d-----w C:\Documents and Settings\gogi\Application Data\SolidDocuments 2008-04-29 10:47 --------- d-----w C:\Program Files\FreeCap 2008-04-21 05:55 --------- d-----w C:\Program Files\ffdshow 2008-04-12 06:14 --------- d-----w C:\Program Files\Common Files\Real 2008-04-12 06:13 --------- d-----w C:\Program Files\Online TV Player 3 2008-04-01 04:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-31 12:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-31 08:54 --------- d-----w C:\Program Files\Evidencija Gradjana 2008-03-29 13:56 180,999 ----a-w C:\Program Files\firebird.log 2008-03-26 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-03-19 17:08 --------- d-----w C:\Program Files\Java 2008-03-11 17:04 4,224,123 ----a-w C:\WINDOWS\REGBK00.ZIP 2008-03-05 06:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-05 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-05 06:05 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-29 06:09 --------- d-----w C:\Program Files\SolidDocuments 2008-02-29 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidDocuments . ((((((((((((((((((((((((((((( snapshot@2008-04-16_13.37.01.46 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-16 11:33:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-29 18:29:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24 86016] "SoundMan"="SOUNDMAN.EXE" [2003-07-23 18:19 56832 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 12:21 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-03-03 04:39 6144 C:\Program Files\Unlocker\UnlockerAssistant.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\totalcmd\\TOTALCMD.EXE"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d25b4bc3-15ca-11dd-88da-000d6119bd1a}] \Shell\Auto\command - G:\auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-29 20:29:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe . ************************************************************************ . Completion time: 2008-04-29 20:31:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-29 18:30:53 ComboFix2.txt 2008-04-25 10:03:23 ComboFix3.txt 2008-04-25 05:08:35 ComboFix4.txt 2008-04-23 06:08:02 ComboFix5.txt 2008-04-22 05:26:10 Pre-Run: 105,629,941,760 bytes free Post-Run: 105,623,392,256 bytes free 112

Profil

helen1 Poslao: 29 Apr 2008 21:28 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. Otvoriti Notepad i iskopirati sledeci tekst: `Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d25b4bc3-15ca-11dd-88da-000d6119bd1a}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

gogi100 Poslao: 30 Apr 2008 07:13 Idi na vrh
offline gogi100 Građanin Pridružio: 26 Jan 2006 Poruke: 233	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! log ComboFix-a izgleda ovako ComboFix 08-04-20.2 - gogi 2008-04-30 7:10:54.10 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.267 [GMT 2:00] Running from: C:\Documents and Settings\gogi\Desktop\virusi\ComboFix.exe Command switches used :: C:\Documents and Settings\gogi\Desktop\virusi\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))) . 2008-04-28 21:10 . 2008-04-28 21:20 209,340,416 --a------ C:\kasp.iso 2008-04-21 15:53 . 2008-04-21 15:53 <DIR> d-------- C:\MISA 2008-04-21 07:53 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-04-21 07:53 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-04-16 13:30 . 2008-04-21 07:14 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-04-16 10:15 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys 2008-04-16 10:15 . 2001-08-17 13:47 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys 2008-04-16 10:14 . 2004-08-03 22:58 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys 2008-04-16 10:14 . 2004-08-03 22:58 207,360 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys 2008-04-16 10:14 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys 2008-04-16 10:14 . 2001-08-17 13:47 23,808 --a--c--- C:\WINDOWS\system32\dllcache\dot4usb.sys 2008-04-16 09:16 . 2008-04-16 09:16 <DIR> d-------- C:\WINDOWS\system32\EFFA9C20.DLL 2008-04-11 14:49 . 2008-04-11 14:49 4,226,353 --a------ C:\WINDOWS\REGBK01.ZIP 2008-04-01 13:10 . 2008-04-01 13:10 <DIR> d-------- C:\WINDOWS\PIF 2008-03-31 14:02 . 2008-03-31 14:02 <DIR> d-------- C:\Program Files\Stonisa 2008-03-11 19:04 . 2008-03-11 19:04 4,224,123 --a------ C:\WINDOWS\REGBK00.ZIP 2008-03-11 10:22 . 2008-03-11 10:22 <DIR> d-a------ C:\WINDOWS\zts2.exe 2008-03-11 10:22 . 2008-03-11 10:22 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll 2008-03-11 10:22 . 2008-03-11 10:22 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll 2008-03-11 10:22 . 2008-03-11 10:22 <DIR> d-a------ C:\WINDOWS\rundll16.exe 2008-03-11 10:22 . 2008-03-11 10:22 <DIR> d-a------ C:\WINDOWS\rundl132.dll 2008-03-11 10:22 . 2008-03-11 10:22 <DIR> d-a------ C:\WINDOWS\logo1_.exe 2008-03-05 09:59 . 2002-12-31 14:00 146,432 --a------ C:\WINDOWS\R.COM 2008-03-05 09:59 . 2002-12-31 14:00 135,680 --a------ C:\WINDOWS\system32\T.COM 2008-03-05 09:59 . 2008-04-17 12:08 50 --a------ C:\WINDOWS\Lic.xxx 2008-03-05 08:08 . 2008-03-05 08:05 691,545 --a------ C:\WINDOWS\unins000.exe 2008-03-05 08:08 . 2008-03-05 08:08 2,542 --a------ C:\WINDOWS\unins000.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-29 18:36 --------- d-----w C:\Documents and Settings\gogi\Application Data\SolidDocuments 2008-04-29 10:47 --------- d-----w C:\Program Files\FreeCap 2008-04-21 05:55 --------- d-----w C:\Program Files\ffdshow 2008-04-12 06:14 --------- d-----w C:\Program Files\Common Files\Real 2008-04-12 06:13 --------- d-----w C:\Program Files\Online TV Player 3 2008-04-01 04:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-31 12:17 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-31 08:54 --------- d-----w C:\Program Files\Evidencija Gradjana 2008-03-29 13:56 180,999 ----a-w C:\Program Files\firebird.log 2008-03-26 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-03-19 17:08 --------- d-----w C:\Program Files\Java 2008-03-05 06:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-03-05 06:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-29 06:09 --------- d-----w C:\Program Files\SolidDocuments 2008-02-29 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidDocuments . ((((((((((((((((((((((((((((( snapshot@2008-04-16_13.37.01.46 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-16 11:33:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-30 05:02:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24 86016] "SoundMan"="SOUNDMAN.EXE" [2003-07-23 18:19 56832 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 12:21 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-03-03 04:39 6144 C:\Program Files\Unlocker\UnlockerAssistant.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\totalcmd\\TOTALCMD.EXE"= Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-30 07:11:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-30 7:12:38 ComboFix-quarantined-files.txt 2008-04-30 05:12:33 ComboFix2.txt 2008-04-29 18:31:05 ComboFix3.txt 2008-04-25 10:03:23 ComboFix4.txt 2008-04-25 05:08:35 ComboFix5.txt 2008-04-23 06:08:02 Pre-Run: 105,606,787,072 bytes free Post-Run: 105,597,677,568 bytes free 107

Profil

helen1 Poslao: 02 Maj 2008 22:19 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

gogi100 Poslao: 03 Maj 2008 01:04 Idi na vrh
offline gogi100 Građanin Pridružio: 26 Jan 2006 Poruke: 233	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! izvini ja sam opet dosadan. da li mi mozes reci kojim virusima, trojancima, malware i spyware je bio zarazen moj racunar

Profil

helen1 Poslao: 03 Maj 2008 20:13 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To je sve zbog onog flasha. I trebalo bi da instaliras neki normalan AV. Tipa Avire, AVG... Inace ces se vrlo brzo ponovo zaraziti. Pravo da ti kazem, ni ja ne znam sta si imao . Provera se radi tako sto svaki fajl iz loga proveravam na googlu i specijalizovanim sajtovim. Proveri neki od onih fajlova iz skripte na googlu. I videces da google izlistava samo Mycity. A. to znaci da je 99% malware.

Profil

gogi100 Poslao: 05 Maj 2008 15:39 Idi na vrh
offline gogi100 Građanin Pridružio: 26 Jan 2006 Poruke: 233	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! poenta je sto sam ja na pojedinim racunarima imao instaliran antivirus avg,ali on nije nista registrovao

Profil

MyCity » Ambulanta -> Arhiva Ambulante » problem sa kompom zarazenim flash karticom

Ko je trenutno na forumu

Ukupno su 1037 korisnika na forumu :: 31 registrovanih, 4 sakrivenih i 1002 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, bobomicek, bojan_t, bokisha253, Boris BM, ccoogg123, drimer, elenemste, FOX, hyla, ivan1973, JohnnyBoii, krasta, Kriglord, lord sir giga, Milos1389, milutin134, moldway, nenad81, niksa517, opt1, panzerwaffe, pein, Povratak1912, raptorsi, shone34, Simon simonović, Sirius, Vatreni Zmaj, vladaa012, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by