MyCity » Ambulanta -> Arhiva Ambulante » asdsdsd.exe i derivati

asdsdsd.exe i derivati

Napisano na dan: 2.2.2009

Strana:
1
2

asdsdsd.exe i derivati

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Cranky Poslao: 02 Feb 2009 03:38 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Cao, prvo sve da vas pozdravim i da vam se unapred zahvalim na strpljenju sto cete procitati moj post jer se patim sa ovim ima 2 ili 3 nedelje. Pa da krenem. U pocetku se manifestovalo time sto samo izleti prozorce sa porukom da asdsdsd.exe ima problem i mora da se zatvori ae dobro zatvorim ga ali avast ga nije ni vidio pokusao sam na razne nacine da se otarasim tog cuda. Preporuce mi aviru, jer je kao ona otkonila taj problem. I tako ja instaliram aviru nadje neke viruse i djavole obrise i nije se pojavljivalo 2 dana. Ona krene da se u temporary internet folderu nalazi odredjeni exe poslije toga da se u dokumentima nalaze razni exei pretezno exredr.exe i sdsdsd.exe udjem u safe mod pobrisem sve kao o5 samo ovaj put u tezem obliku. Poceli se pojavljivati sdsdxsd.exe, neki exp exe i josh mnogo njih koji su pocinjali brojevima. Josh gore pocelo mi je zezati internet. Imam wireless i kad se konektujem pokrene se proces iskljuci mi net i ja da se ponovo konektujem kad ispise poruku da je uredjaj zauzet. Udarim reset i pokrenem odmah proces explorer da vidim sta se sve dize kad izadje poruka da windows explorer ima problem sa dizanjem i mora da se resetuje pritisnem ok kad sa njim se digne i neki root.exe. Pogledam u temp folder kad tamo bruka nekih exea i perflib....exe neki djavo. Tada odem u safe mod obrisem sve iz prefetcha sve iz temp foldera preko cmd pogledam kad u recycle i reculer folderu nadjem root.exe izbrisem ja to i sve ponovim sa cc cleanerom nekoliko puta jer je stalno nalazio neke djavole po reg bazi kad vise nije nista brisao. Krenem sa normal bootom. Odem na bitdefender online scan nije nista nasao ali kad je dosao na temporary internet files avira se oglasila i root[1].exe je nadjen ja naravno kliknem delete ali sumnjam da je obrisan. Evo najnoviji HT log i da bez obzira koliko puta formatirao usb uvek se pojavi kao folder tj komp mi je zarazen a nece da ga ocisti. Koristio sam i malwarebytes ali slaba vajda. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:36:13, on 2.2.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\Administrator\Desktop\Portable\PortableApps\PortableAppsMenu\PortableAppsMenu.exe C:\Documents and Settings\Administrator\Desktop\Portable\PortableApps\ProcessExplorer\procexp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Administrator\Desktop\New Folder\mojlog2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{20289E75-291D-4615-8A43-12F434C92DE7}: NameServer = 79.143.173.161 79.143.172.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{630EAD48-B813-49BE-84CA-438219256428}: NameServer = 212.200.13.13 O17 - HKLM\System\CCS\Services\Tcpip\..\{E064EEA7-82EF-4689-801B-AB95BF2B0AD0}: NameServer = 212.200.13.13 O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 6103 bytes

Profil

dr_Bora Poslao: 02 Feb 2009 17:59 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... USB drive-ove za sada nemoj da priključuješ. Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Cranky Poslao: 02 Feb 2009 19:44 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo loga od combo fix i da zaboravio sam na ovaj fix.exe i on se pojavljivao ComboFix 09-02-02.01 - Administrator 2009-02-02 19:37:32.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.3582.2792 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents . ((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 ))))))))))))))))))))))))))))))) . 2009-01-31 15:35 . 2009-01-31 15:35 <DIR> d-------- c:\windows\LastGood 2009-01-31 15:35 . 2009-01-31 17:23 <DIR> d-------- c:\windows\BDOSCAN8 2009-01-30 12:03 . 2009-01-30 12:03 268 --ah----- C:\sqmdata14.sqm 2009-01-30 12:03 . 2009-01-30 12:03 244 --ah----- C:\sqmnoopt14.sqm 2009-01-30 11:37 . 2009-01-30 11:37 664 --a------ c:\windows\system32\d3d9caps.dat 2009-01-30 11:05 . 2009-01-30 11:05 268 --ah----- C:\sqmdata13.sqm 2009-01-30 11:05 . 2009-01-30 11:05 244 --ah----- C:\sqmnoopt13.sqm 2009-01-25 19:30 . 2009-01-25 19:30 268 --ah----- C:\sqmdata12.sqm 2009-01-25 19:30 . 2009-01-25 19:30 244 --ah----- C:\sqmnoopt12.sqm 2009-01-23 13:54 . 2009-01-23 16:37 <DIR> d-------- c:\documents and settings\Djole\Contacts 2009-01-22 16:56 . 2009-01-22 16:56 268 --ah----- C:\sqmdata11.sqm 2009-01-22 16:56 . 2009-01-22 16:56 244 --ah----- C:\sqmnoopt11.sqm 2009-01-22 11:40 . 2009-01-22 11:40 <DIR> d-------- c:\documents and settings\Djole\Application Data\Notepad++ 2009-01-22 09:03 . 2009-01-22 09:03 268 --ah----- C:\sqmdata10.sqm 2009-01-22 09:03 . 2009-01-22 09:03 244 --ah----- C:\sqmnoopt10.sqm 2009-01-22 08:25 . 2009-01-22 08:25 <DIR> d-------- c:\documents and settings\Djordje\Application Data\Notepad++ 2009-01-22 08:24 . 2009-01-22 08:24 <DIR> d-------- c:\documents and settings\Djole\Application Data\Malwarebytes 2009-01-22 01:54 . 2009-01-22 01:54 268 --ah----- C:\sqmdata09.sqm 2009-01-22 01:54 . 2009-01-22 01:54 244 --ah----- C:\sqmnoopt09.sqm 2009-01-21 11:53 . 2009-01-21 11:53 268 --ah----- C:\sqmdata08.sqm 2009-01-21 11:53 . 2009-01-21 11:53 244 --ah----- C:\sqmnoopt08.sqm 2009-01-20 21:30 . 2009-01-20 21:30 <DIR> d-------- c:\documents and settings\Djordje\Contacts 2009-01-20 13:38 . 2009-01-20 13:38 <DIR> d-------- c:\documents and settings\Djole\Application Data\ATI 2009-01-20 13:37 . 2009-01-30 11:05 <DIR> d-------- c:\documents and settings\Djole 2009-01-20 01:27 . 2009-01-20 01:27 <DIR> d-------- c:\documents and settings\Vera\Application Data\ATI 2009-01-20 01:27 . 2009-01-28 23:09 <DIR> d-------- c:\documents and settings\Vera 2009-01-20 01:21 . 2009-01-20 01:21 <DIR> d-------- c:\documents and settings\Djordje\Application Data\ATI 2009-01-20 01:21 . 2009-01-22 01:54 <DIR> d-------- c:\documents and settings\Djordje 2009-01-20 01:21 . 2004-08-03 23:56 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-19 23:47 . 2009-01-19 23:47 <DIR> d-------- c:\program files\Avira 2009-01-19 23:47 . 2009-01-19 23:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-18 13:25 . 2009-01-18 13:25 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-18 13:25 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-18 13:25 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-18 12:18 . 2009-01-18 12:18 <DIR> d-------- c:\program files\Common Files\Download Manager 2009-01-18 01:54 . 2009-01-18 12:44 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-18 01:25 . 2009-01-18 14:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-01-17 15:02 . 2009-01-17 15:02 <DIR> dr-hs---- C:\RECYCLE 2009-01-14 02:14 . 2009-01-18 15:21 <DIR> dr-hs---- C:\SYSTEM 2009-01-11 21:00 . 2009-01-11 21:01 <DIR> d-------- c:\program files\Packet Tracer 4.0 2009-01-10 14:17 . 2009-01-10 14:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Thinstall 2009-01-06 22:28 . 2009-01-06 22:28 <DIR> dr-h----- c:\documents and settings\Administrator\Application Data\SecuROM 2009-01-06 22:28 . 2009-01-06 22:28 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2009-01-06 22:25 . 2009-01-06 22:25 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-06 22:25 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll 2009-01-06 22:25 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll 2009-01-06 22:25 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll 2009-01-06 22:25 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll 2009-01-06 22:25 . 2009-01-06 22:25 669,184 --a------ c:\windows\system32\pbsvc.exe 2009-01-06 22:25 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll 2009-01-06 22:25 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll 2009-01-06 22:25 . 2009-01-06 22:25 103,736 --a------ c:\windows\system32\PnkBstrB.exe 2009-01-06 22:25 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll 2009-01-06 22:25 . 2009-01-06 22:25 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2009-01-06 22:25 . 2009-01-06 22:25 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2009-01-06 22:25 . 2009-01-06 22:25 22,328 --a------ c:\documents and settings\Administrator\Application Data\PnkBstrK.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 02:43 --------- d-----w c:\program files\Winamp 2008-12-29 23:43 --------- d-----w c:\program files\EasyPHP1-8 2008-12-11 23:56 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2008-12-11 23:53 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-12-10 23:34 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-10 16:58 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-06-23 847872] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2005-10-28 15:25 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-03 21:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-03 21:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2009-01-08 20:24 1410296 e:\steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2005-11-15 20:31 33792 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Igre\\Valve\\hltv.exe"= "d:\\Igre\\Valve\\hl.exe"= "c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"= "d:\\Igre\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Opera\\opera.exe"= "d:\\Igre\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "d:\\Igre\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] --- Other Services/Drivers In Memory --- Deregistered - PROCEXP111 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57f07ab4-2904-11dd-872e-001bfc3f3fe0}] \Shell\AutoRun\command - h:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe \Shell\open\command - h:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bd415a8-2046-11dd-8729-001bfc3f3fe0}] \Shell\AutoRun\command - h:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe \Shell\open\command - h:\recycle\D-0-060-0000000000-1111111-2222222\fix.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{719671db-c20d-11dd-87ee-001bfc3f3fe0}] \Shell\AutoRun\command - wscript.exe .\.vbs \Shell\open\command - wscript.exe .\.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80122fa4-1b8b-11dd-8725-001bfc3f3fe0}] \Shell\AutoRun\command - G:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8026f7f1-168e-11dd-8718-bd540475c893}] \Shell\AutoOpen\command - g:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6e2d67c-370c-11dd-8744-001bfc3f3fe0}] \Shell\AutoRun\command - ekugb3.bat \Shell\explore\Command - ekugb3.bat \Shell\open\Command - ekugb3.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dddf39d2-9445-11dd-87c0-001bfc3f3fe0}] \Shell\AutoRun\command - h:\recycle\D-0-060-0000000000-1111111-2222222\FiX.exe \Shell\open\command - h:\recycle\D-0-060-0000000000-1111111-2222222\FiX.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{23KLN5J0-4OPM-11WE-AAX5-24EF1F387232}] c:\recycler\k-1-3542-4232123213-7676767-8888886\root.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-24CX1C987132}] c:\recycle\D-0-060-0000000000-1111111-2222222\FiX.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-34CX1C987132}] c:\recycle\D-0-060-0000000000-1111111-2222222\FiX.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {20289E75-291D-4615-8A43-12F434C92DE7} = 79.143.173.161 79.143.172.2 TCP: {630EAD48-B813-49BE-84CA-438219256428} = 212.200.13.13 TCP: {E064EEA7-82EF-4689-801B-AB95BF2B0AD0} = 212.200.13.13 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-02 19:38:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1032) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-02 19:39:05 ComboFix-quarantined-files.txt 2009-02-02 18:39:03 Pre-Run: 32.900.648.960 bytes free Post-Run: 32,890,368,000 bytes free 188

Profil

dr_Bora Poslao: 02 Feb 2009 20:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: Folder:: C:\RECYCLE C:\SYSTEM c:\recycler\k-1-3542-4232123213-7676767-8888886 Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57f07ab4-2904-11dd-872e-001bfc3f3fe0}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bd415a8-2046-11dd-8729-001bfc3f3fe0}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{719671db-c20d-11dd-87ee-001bfc3f3fe0}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8026f7f1-168e-11dd-8718-bd540475c893}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6e2d67c-370c-11dd-8744-001bfc3f3fe0}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dddf39d2-9445-11dd-87c0-001bfc3f3fe0}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{23KLN5J0-4OPM-11WE-AAX5-24EF1F387232}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-24CX1C987132}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-34CX1C987132}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Cranky Poslao: 02 Feb 2009 21:38 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odradio sam to ali sam primetio kad je prilikom otvaranja loga automatski mi otvorilo my documents i posle 3-4 sekunde zatvorilo je li to normalno? Jos jedno pitanje Posto imam nekoliko korisnickih naloga na ovom kompu hocu li morati za svakog posebno ovo raditi? ComboFix 09-02-02.01 - Administrator 2009-02-02 21:29:52.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.3582.2694 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\RECYCLE C:\SYSTEM . ((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 ))))))))))))))))))))))))))))))) . 2009-01-31 15:35 . 2009-01-31 15:35 <DIR> d-------- c:\windows\LastGood 2009-01-31 15:35 . 2009-01-31 17:23 <DIR> d-------- c:\windows\BDOSCAN8 2009-01-30 12:03 . 2009-01-30 12:03 268 --ah----- C:\sqmdata14.sqm 2009-01-30 12:03 . 2009-01-30 12:03 244 --ah----- C:\sqmnoopt14.sqm 2009-01-30 11:37 . 2009-01-30 11:37 664 --a------ c:\windows\system32\d3d9caps.dat 2009-01-30 11:05 . 2009-01-30 11:05 268 --ah----- C:\sqmdata13.sqm 2009-01-30 11:05 . 2009-01-30 11:05 244 --ah----- C:\sqmnoopt13.sqm 2009-01-25 19:30 . 2009-01-25 19:30 268 --ah----- C:\sqmdata12.sqm 2009-01-25 19:30 . 2009-01-25 19:30 244 --ah----- C:\sqmnoopt12.sqm 2009-01-23 13:54 . 2009-01-23 16:37 <DIR> d-------- c:\documents and settings\Djole\Contacts 2009-01-22 16:56 . 2009-01-22 16:56 268 --ah----- C:\sqmdata11.sqm 2009-01-22 16:56 . 2009-01-22 16:56 244 --ah----- C:\sqmnoopt11.sqm 2009-01-22 11:40 . 2009-01-22 11:40 <DIR> d-------- c:\documents and settings\Djole\Application Data\Notepad++ 2009-01-22 09:03 . 2009-01-22 09:03 268 --ah----- C:\sqmdata10.sqm 2009-01-22 09:03 . 2009-01-22 09:03 244 --ah----- C:\sqmnoopt10.sqm 2009-01-22 08:25 . 2009-01-22 08:25 <DIR> d-------- c:\documents and settings\Djordje\Application Data\Notepad++ 2009-01-22 08:24 . 2009-01-22 08:24 <DIR> d-------- c:\documents and settings\Djole\Application Data\Malwarebytes 2009-01-22 01:54 . 2009-01-22 01:54 268 --ah----- C:\sqmdata09.sqm 2009-01-22 01:54 . 2009-01-22 01:54 244 --ah----- C:\sqmnoopt09.sqm 2009-01-21 11:53 . 2009-01-21 11:53 268 --ah----- C:\sqmdata08.sqm 2009-01-21 11:53 . 2009-01-21 11:53 244 --ah----- C:\sqmnoopt08.sqm 2009-01-20 21:30 . 2009-01-20 21:30 <DIR> d-------- c:\documents and settings\Djordje\Contacts 2009-01-20 13:38 . 2009-01-20 13:38 <DIR> d-------- c:\documents and settings\Djole\Application Data\ATI 2009-01-20 13:37 . 2009-01-30 11:05 <DIR> d-------- c:\documents and settings\Djole 2009-01-20 01:27 . 2009-01-20 01:27 <DIR> d-------- c:\documents and settings\Vera\Application Data\ATI 2009-01-20 01:27 . 2009-01-28 23:09 <DIR> d-------- c:\documents and settings\Vera 2009-01-20 01:21 . 2009-01-20 01:21 <DIR> d-------- c:\documents and settings\Djordje\Application Data\ATI 2009-01-20 01:21 . 2009-01-22 01:54 <DIR> d-------- c:\documents and settings\Djordje 2009-01-20 01:21 . 2004-08-03 23:56 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-19 23:47 . 2009-01-19 23:47 <DIR> d-------- c:\program files\Avira 2009-01-19 23:47 . 2009-01-19 23:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-18 13:25 . 2009-01-18 13:25 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-18 13:25 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-18 13:25 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-18 12:18 . 2009-01-18 12:18 <DIR> d-------- c:\program files\Common Files\Download Manager 2009-01-18 01:54 . 2009-01-18 12:44 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-18 01:25 . 2009-01-18 14:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-01-11 21:00 . 2009-01-11 21:01 <DIR> d-------- c:\program files\Packet Tracer 4.0 2009-01-10 14:17 . 2009-01-10 14:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Thinstall 2009-01-06 22:28 . 2009-01-06 22:28 <DIR> dr-h----- c:\documents and settings\Administrator\Application Data\SecuROM 2009-01-06 22:28 . 2009-01-06 22:28 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2009-01-06 22:25 . 2009-01-06 22:25 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-06 22:25 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll 2009-01-06 22:25 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll 2009-01-06 22:25 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll 2009-01-06 22:25 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll 2009-01-06 22:25 . 2009-01-06 22:25 669,184 --a------ c:\windows\system32\pbsvc.exe 2009-01-06 22:25 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll 2009-01-06 22:25 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll 2009-01-06 22:25 . 2009-01-06 22:25 103,736 --a------ c:\windows\system32\PnkBstrB.exe 2009-01-06 22:25 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll 2009-01-06 22:25 . 2009-01-06 22:25 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2009-01-06 22:25 . 2009-01-06 22:25 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2009-01-06 22:25 . 2009-01-06 22:25 22,328 --a------ c:\documents and settings\Administrator\Application Data\PnkBstrK.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 02:43 --------- d-----w c:\program files\Winamp 2008-12-29 23:43 --------- d-----w c:\program files\EasyPHP1-8 2008-12-11 23:56 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2008-12-11 23:53 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-12-10 23:34 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-10 16:58 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-06-23 847872] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2005-10-28 15:25 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-03 21:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-03 21:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2009-01-08 20:24 1410296 e:\steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2005-11-15 20:31 33792 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Igre\\Valve\\hltv.exe"= "d:\\Igre\\Valve\\hl.exe"= "c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"= "d:\\Igre\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Opera\\opera.exe"= "d:\\Igre\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "d:\\Igre\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] --- Other Services/Drivers In Memory --- Deregistered - PROCEXP111 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80122fa4-1b8b-11dd-8725-001bfc3f3fe0}] \Shell\AutoRun\command - G:\LaunchU3.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {20289E75-291D-4615-8A43-12F434C92DE7} = 79.143.173.161 79.143.172.2 TCP: {630EAD48-B813-49BE-84CA-438219256428} = 212.200.13.13 TCP: {E064EEA7-82EF-4689-801B-AB95BF2B0AD0} = 212.200.13.13 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-02 21:30:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1032) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-02 21:31:19 ComboFix-quarantined-files.txt 2009-02-02 20:31:17 ComboFix2.txt 2009-02-02 18:39:06 Pre-Run: 32.868.323.328 bytes free Post-Run: 32,856,104,960 bytes free 164 Dopuna: 02 Feb 2009 21:38 josh jedna stvar prilikom pokretanja scripte pojavilo se da postoji nova verzija comba na netu i pitao me da li hocu da updatujem ja sam odbio valjda nece uticati

Profil

dr_Bora Poslao: 02 Feb 2009 22:00 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hajde da vidimo šta je sa USB-ovima (možeš isključiti AV kako ne bi smetao). Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

Cranky Poslao: 02 Feb 2009 22:39 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga log USBNoRisk by bobby Started at 2.2.2009 22:34:24 Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- D: {07fe0984-169c-11dd-9132-806d6172696f} E: {07fe0985-169c-11dd-9132-806d6172696f} C: {07fe0987-169c-11dd-9132-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 07fe0987-169c-11dd-9132-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for 07fe0984-169c-11dd-9132-806d6172696f ======================================== Autorun.inf on E: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for E: No key found for 07fe0985-169c-11dd-9132-806d6172696f ======================================== ======================================== New device connected at 2.2.2009 22:34:46 Scanning for connected USB mass storage... ---------------------------------------- H: {6bd415a8-2046-11dd-8729-001bfc3f3fe0} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- autorun.inf found on H: ---------------------------------------- File H:\autorun.inf renamed successfully Content of H:\autorun.inf.blocked ---------------------------------------- [autorun] open=RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe icon=%SystemRoot%\system32\SHELL32.dll,4 action=Open folder to view files shell\open=Open shell\open\command=RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe shell\open\default=1 ---------------------------------------- Files referenced from H:\autorun.inf.blocked ---------------------------------------- H:\RECYCLER dr-hs 0 ---------------------------------------- Possible references from H:\autorun.inf.blocked (beware, these are possible false detections) ---------------------------------------- H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.ltk.core.refactoring\.refactorings\BorishaGaraza\2007\7 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.ltk.core.refactoring\.refactorings\Borisha\2007\7 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\ac d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\88 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\86 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\76 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\67 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\54 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\5 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\42 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\3 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\23 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\21 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.ltk.core.refactoring\.refactorings\BorishaGaraza\2007\7 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.ltk.core.refactoring\.refactorings\Borisha\2007\7 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\ac d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\88 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\86 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\76 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\67 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\54 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\5 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\42 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\3 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\23 d---- 0 H:\Java ProjekatIII\Java Projekat\Java Projekat_1\Za projekat iz jave\New Folder\Zadatak5Januar\.metadata\.plugins\org.eclipse.core.resources\.history\21 d---- 0 H:\RECYCLER\k-1-3542-4232123213-7676767-8888886 dr-hs 0 H:\RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe -r-hs 47192 H:\Djole\Apleti\SkolaTest\build\classes\com d---- 0 H:\Djole\Apleti\com d---- 0 ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 6bd415a8-2046-11dd-8729-001bfc3f3fe0 ======================================== ---------------------------------------- Desktop.ini on H: - None ---------------------------------------- ======================================== ======================================== Removed H: ======================================== New device connected at 2.2.2009 22:35:13 Scanning for connected USB mass storage... ---------------------------------------- H: {57f07ab4-2904-11dd-872e-001bfc3f3fe0} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- autorun.inf found on H: ---------------------------------------- File H:\autorun.inf renamed successfully Content of H:\autorun.inf.blocked ---------------------------------------- [autorun] open=RECYCLE\D-0-060-0000000000-1111111-2222222\fix.exe icon=%SystemRoot%\system32\SHELL32.dll,4 action=Open folder to view files shell\open=Open shell\open\command=RECYCLE\D-0-060-0000000000-1111111-2222222\fix.exe shell\open\default=1 ---------------------------------------- Files referenced from H:\autorun.inf.blocked ---------------------------------------- H:\RECYCLE dr-hs 0 ---------------------------------------- Possible references from H:\autorun.inf.blocked (beware, these are possible false detections) ---------------------------------------- H:\RECYCLE\D-0-060-0000000000-1111111-2222222 dr-hs 0 H:\RECYCLE\D-0-060-0000000000-1111111-2222222\fix.exe -r-hs 62976 ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 57f07ab4-2904-11dd-872e-001bfc3f3fe0 ======================================== ---------------------------------------- Desktop.ini on H: - None ---------------------------------------- ======================================== ======================================== Removed H: ========================================

Profil

dr_Bora Poslao: 03 Feb 2009 16:24 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo pokreni USBNoRisk u pređi na Script karticu. Iskopiraj sve što se nalazi unutar Kod polja na Script karticu: `{6bd415a8-2046-11dd-8729-001bfc3f3fe0} delete: %DRIVE%RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe delete_blocked: {57f07ab4-2904-11dd-872e-001bfc3f3fe0} delete: %DRIVE%RECYCLE\D-0-060-0000000000-1111111-2222222\fix.exe delete_blocked:` Privremeno isključi antivirus i zatim priključi sve USB flash drive-ove. Na kraju postupka, sačuvaj i ovde iskopiraj log programa USBNoRisk.

Profil

Cranky Poslao: 03 Feb 2009 18:11 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga USBNoRisk by bobby Started at 3.2.2009 18:05:12 Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- D: {07fe0984-169c-11dd-9132-806d6172696f} E: {07fe0985-169c-11dd-9132-806d6172696f} C: {07fe0987-169c-11dd-9132-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 07fe0987-169c-11dd-9132-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for 07fe0984-169c-11dd-9132-806d6172696f ======================================== Autorun.inf on E: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for E: No key found for 07fe0985-169c-11dd-9132-806d6172696f ======================================== ======================================== New device connected at 3.2.2009 18:05:49 Scanning for connected USB mass storage... ---------------------------------------- H: {6bd415a8-2046-11dd-8729-001bfc3f3fe0} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- Autorun.inf on H: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 6bd415a8-2046-11dd-8729-001bfc3f3fe0 ======================================== ---------------------------------------- Desktop.ini on H: - None ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: H:\ No script to process for H:\ ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: H:\ No script to process for H:\ ---------------------------------------- ======================================== Removed H: ======================================== New device connected at 3.2.2009 18:06:56 Scanning for connected USB mass storage... ---------------------------------------- H: {57f07ab4-2904-11dd-872e-001bfc3f3fe0} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- Autorun.inf on H: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for 57f07ab4-2904-11dd-872e-001bfc3f3fe0 ======================================== ---------------------------------------- Desktop.ini on H: - None ---------------------------------------- ======================================== Processing script ---------------------------------------- Drive letter for GUID: H:\ No script to process for H:\ ---------------------------------------- ======================================== ======================================== Removed H: ========================================

Profil

dr_Bora Poslao: 03 Feb 2009 18:58 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovi prethodni postupak sa sledećim skriptom: `{6bd415a8-2046-11dd-8729-001bfc3f3fe0} delete: %DRIVE%RECYCLER\k-1-3542-4232123213-7676767-8888886\root.exe delete_blocked:` Postavi log koji dobiješ...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » asdsdsd.exe i derivati

Ko je trenutno na forumu

Ukupno su 749 korisnika na forumu :: 44 registrovanih, 8 sakrivenih i 697 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, Apok, babaroga, bankulen, bigfoot, bojank, bojcistv, Boris90, cikadeda, darkangel, Dimitrise93, Djokislav, Frunze, GenZee, goxin, Jahorina, Karla, kybonacci, LUDI, milan.vukovic, milenko crazy north, milimoj, MilosKop, NoOneEver Dreams, oldtimer, ozzy, radionica1, Rogan33, Rogonos, Sale.S, sasakrajina, slonic_tonic, solic, srbijaiznadsvega, Srki94, Srle993, stegonosa, theNedjeljko, tmanda323, Valter071, VP6919, zzapNDjuric99, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by