MyCity » Ambulanta -> Arhiva Ambulante » Izbrisani folderi se iznova pojavljuju

Izbrisani folderi se iznova pojavljuju

Napisano na dan: 30.8.2010

Izbrisani folderi se iznova pojavljuju
Sledeća strana Pagination

Idi na vrh

Poslao: 30 Avg 2010 16:18
Idi na vrh
offline
  • rade58 
  • Novi MyCity građanin
  • Pridružio: 30 Avg 2010
  • Poruke: 3

Na kompjuteru mi se stalno iznova pojavljuju izbrisani folderi, kad sam ga prikljucio preko lana na kompjuter da bi napravio logove i izasao na internet i taj kompjuter je poceo nenormalno da se ponasa. Izbacuje nekakvu gresku sa Generic host process for win 32 services. Kompjuter sa kojeg saljem logove je laptop a na internet ide preko kucnog pc tako sto dijeli wireless konekciju. Evo logova od DDS i Root repeala posto gmer nije mogao da se pokrene. Izazivao je BSOD:


DDS (Ver_10-03-17.01) - NTFSx86
Run by radivoje at 17:10:49.45 on Mon 08/30/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1014.402 [GMT 4:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\radivoje\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
mRun: [TrackPointSrv] tp4mon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
TCP: {30F8545D-2223-4658-A5AA-196FE47F698D} = 212.103.128.66,213.253.112.8
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\radivoje\applic~1\mozilla\firefox\profiles\cg3hgl65.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - prefs.js: network.proxy.type - 4

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-8-21 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-8-21 59664]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 35168]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-8-21 33552]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-8-7 3584]
S3 usbcamcl;Driver for video Device;c:\windows\system32\drivers\usbcamcl.sys [2010-7-22 31104]

=============== Created Last 30 ================

2010-08-27 18:11:03 7551 ----a-w- c:\windows\SETUP.LST
2010-08-27 17:36:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-08-27 17:16:04 0 d-sha-r- C:\cmdcons
2010-08-27 17:01:42 0 d-----w- c:\program files\trend micro
2010-08-23 19:24:37 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-08-23 19:24:37 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-08-23 19:24:37 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-08-23 19:24:37 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-08-23 19:24:37 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-08-23 19:24:37 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-08-23 19:24:37 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-08-23 19:24:37 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-08-23 19:24:36 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-08-23 19:24:36 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-08-23 19:24:32 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-08-23 19:24:32 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-08-21 14:22:45 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-08-21 14:16:01 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-08-21 14:16:01 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-08-21 14:16:01 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-08-21 14:15:55 0 d-----w- c:\program files\ThreatFire
2010-08-21 14:15:55 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-08-21 12:07:35 71680 ----a-w- c:\windows\ST5UNST.EXE
2010-08-21 12:07:35 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2010-08-21 12:07:35 165376 ----a-w- c:\windows\setup1.exe
2010-08-05 11:24:11 5504 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-08-05 11:24:11 125184 ------w- c:\windows\system32\drivers\imagesrv.sys
2010-08-05 11:23:49 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-08-05 11:23:24 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-08-05 11:23:24 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-08-05 11:23:24 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-08-05 11:23:24 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-08-05 11:23:19 155648 ----a-w- c:\windows\system32\NeroCheck.exe

==================== Find3M ====================

2010-07-25 14:09:37 4100 ----a-w- c:\windows\system32\hdvirffo.dll

============= FINISH: 17:12:40.47 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 30 Avg 2010 18:12
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav i dobro dosao u Ambulantu MyCity foruma.



Objasni detaljnije u cemu je problem.
Koji se to izbrisani folderi pojavljuju?




goran9888 (AMF Tim)

Poslao: 30 Avg 2010 19:23
Idi na vrh
offline
  • rade58 
  • Novi MyCity građanin
  • Pridružio: 30 Avg 2010
  • Poruke: 3

Prije desetak dana kopirao sam neku muziku sa cd-a. Kopiranje nije uspjelo pa sam izbrisao svu muziku sa laptopa. Posle toga sa svakim restartom ili ponovnim ukljucivanjem racunara na desktopu mi se vraca folder u koji sam kopirao muziku CD1. Nod je otkrio prije nekoliko dana
HTML/ScrInject.B.Gen virus i Win32.Autoit.GP worm. Danas kad sam laptop prikljucio preko kucnog pc racunara na internet pc mi je izgubio internet konekciju dok ga nisam restartovao i posle toga ponovo nakon nekih deset minuta od svakog restarta je gubio konekciju. Istovremeno se desavalo da mu GUI bude kao kod windowsa 98. Posto mi je ionako na pc bio XP SP2 oborio sam sistem i podigao windows 7 u medjuvremenu. Sad nemam problema na PC-ju a na laptopu se i dalje vraca cd1 folder pa ne smijem da ga prikljucim u LAN sa PC-jem.

Poslao: 31 Avg 2010 21:32
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Moram da vidim sta je to NOD32 detektovao.

Isprati sledece uputstvo:

Pokreni GUI Nod32 antivirusa: Start -> All Programs -> ESET -> ESET Anti virus
Isprati detaljno sve korake (redom od 1 do 6) sa slike:


Start -> Run -> Notepad -> Edit -> Paste; pojavice se sadrzaj Nod-ovih detekcija u tekstualnom obliku
File -> Save As; snimi .txt file na Desktop pod nazivom nod32log
U sledecoj poruci, opcijom Prikaci fajl, okaci mi fajl nod32log.txt




goran9888 (AMF Tim)

Poslao: 01 Sep 2010 21:25
Idi na vrh
offline
  • rade58 
  • Novi MyCity građanin
  • Pridružio: 30 Avg 2010
  • Poruke: 3

Evo ovo je log od NOD-a


mycity.rs/must-login.png

a ovo je screenshot NOD detekcija u karantinu



mycity.rs/must-login.png

Poslao: 01 Sep 2010 22:59
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Racunar je cist, nema znakova aktivnog malware-a.

Proveri da li postoji folder C:\Win. Ukoliko postoji, obrisi ga (Shift + Delete).
---------------------------------------------------------------------------



Preporuka:

- Preporucujem ti da ne koristis fix-ovane (patch-ovane, craack-ovane) verzije komercijalnih antivirusa.
- Koristis stariju verziju NOD antivirusa pa ti preporucujem da predjes na noviju verziju ili pak da predjes na neku besplatnu alternativu.
---------------------------------------------------------------------------



Ovim mojim post-om zavrsavamo diskusiju u ovoj temi. Ukoliko imas problema sa racunarom, otvori temu u odgovarajucem podforumu jer tvoj problem nije povezan sa malware-om.



Hvala sto verujes AMF Tim-u. Ziveli



Pozdrav,
goran9888 (AMF Tim)

MyCity » Ambulanta -> Arhiva Ambulante » Izbrisani folderi se iznova pojavljuju

Ko je trenutno na forumu
 

Ukupno su 891 korisnika na forumu :: 33 registrovanih, 8 sakrivenih i 850 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., aleksandarbl, Apok, bokisha253, cavatina, djo97, Djokislav, doktor1964, drimer, FileFinder, JimmyNapoli, Kubovac, laki_bb, laurusri, Mercury, milos.cbr, milutin134, Ne doznajem se u oružje, nuke92, powSrb, Ripanjac, Shinobi, Sir Budimir, Sirius, t84dar, vlajkox, W123, wolf431, zdrebac, zillbg, zziko, 125