Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Virus - ne radi USB

[es] :: Zaštita :: Virus - ne radi USB
(Zaključana tema (lock), by Nemanja Živanović)

[ Pregleda: 2741 | Odgovora: 15 ] > FB > Twit

Postavi temu

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

gleb
statistika
bgd

Član broj: 185972
Poruke: 44
217.24.17.*



+3 Profil

icon Virus - ne radi USB14.04.2009. u 21:12 - pre 182 meseci
Imam problem. USB sljakao svakodnevno i odjednom nece vise. Svasta sam probao, reinstalirao driver-e, proveravao u Device manager-u pokazuje - 'device working properly', gasio opciju da ga komp iskljuci 'to save power' ali ne radi.

Ne znam da li je virus i spada li tema ovde. Evo hijackthis.

hvala unapred,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:37 PM, on 4/14/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vlada\Desktop\HiJackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ImageFox.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl99bd.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{506F836B-3EE1-4FD7-8E50-6F0F068425C3}: NameServer = 217.24.17.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{506F836B-3EE1-4FD7-8E50-6F0F068425C3}: NameServer = 217.24.17.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 4186 bytes


[Ovu poruku je menjao Nemanja Živanović dana 14.04.2009. u 23:14 GMT+1]
gleb
 
0

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Virus - ne radi USB14.04.2009. u 21:20 - pre 182 meseci
gleb, fix
F3 - REG:win.ini: run=
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl99bd.cab

Vasa podesavanja -
O17 - HKLM\System\CCS\Services\Tcpip\..\{506F836B-3EE1-4FD7-8E50-6F0F068425C3}: NameServer = 217.24.17.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{506F836B-3EE1-4FD7-8E50-6F0F068425C3}: NameServer = 217.24.17.17
?

Ako nisu, onda i njih izbrisite.
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Virus - ne radi USB14.04.2009. u 22:18 - pre 182 meseci
Pozdrav gleb,
Ako ti nije najjasnije sta je Dashkes napisao, potrebno je da ponovo pokrenes HijackThis, da odaberes Do a systam scan only i da stikliras sledece linije:

F3 - REG:win.ini: run=
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl99bd.cab

Zatim restartuj racunar i postavi novi HijackThis izvestaj u sledecoj poruci i javi kakvo je sada stanje.
 
0

gleb
statistika
bgd

Član broj: 185972
Poruke: 44
*.151.17.bitsyu.net.



+3 Profil

icon Re: Virus - ne radi USB15.04.2009. u 20:36 - pre 182 meseci
Uradio sam ali ne znam da li pravilno.

- Startovao HijackThis,
- odabrao 'Do a systam scan only'
- stiklirao navedene linije kad zavrsi scan. (ili sam trebao u toku skeniranja, ovde nisam siguran?)
- pa onda save log file
- restart

Posle toga USB nista, dok mi Mozilla pobrisa sve bookmarks.

evo loga,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:53 PM, on 4/15/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HiJackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ImageFox.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl99bd.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 3960 bytes
gleb
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Virus - ne radi USB15.04.2009. u 20:53 - pre 182 meseci
Izvini, nisam ti napisao do kraja, posto sam bio u zurbi. Otvoris HijackThis, uradis Do a system scan only, kada se zavrsi skeniranje (posle 20ak sekundi) sa spiska stikliras sledece linije:

F3 - REG:win.ini: run=
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl99bd.cab

Kad ih stikliras klikni na Fix checked i restartuj racunar. Posle toga uradi novo skeniranje i sacuvaj izvestaj, pa ga iskopiraj u sledecoj poruci. Ne znam zasto ti nema Bookmarksa u Firefox-u, ali sam prilicno siguran da nema veze sa ovim programom. Nije prvi put da radim sa njim.
 
0

gleb
statistika
bgd

Član broj: 185972
Poruke: 44
*.151.17.bitsyu.net.



+3 Profil

icon Re: Virus - ne radi USB15.04.2009. u 21:37 - pre 182 meseci
Pretpostavio sam da je to sledeci korak - Fix checked, ali rekoh prvo da pitam, i tako se vec metar dana mlatim pokusavajuci sam da resim problem, tako da sve ok.
A zasto nema bookmarksa ne znam, naveo sam samo kao primer prve promene koju vidim. Nije mi vazno.

evo loga,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:12 PM, on 4/15/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\hijackthis\HiJackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ImageFox.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 3707 bytes


gleb
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Virus - ne radi USB15.04.2009. u 21:42 - pre 182 meseci
Ok. Predpostavljam da ti i dalje ne radi USB? Ako ne radi idemo dalje...Privremeno ugasi svi zastitu koju imas: NOD i ZoneAlarm.

Skini ComboFix na Desktop. Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva koja ti program zadaje. Kada se zavrsi proces skeniranja pojavice se izvestaj koji ces ovde iskopirati. Ako slucajno ugasis izvestaj on se nalazi na C:\ComboFix.txt.

Napomena: Ukoliko ti upustvo nije najjasnije pogledaj ovaj link.
 
0

gleb
statistika
bgd

Član broj: 185972
Poruke: 44
*.158.17.bitsyu.net.



+3 Profil

icon Re: Virus - ne radi USB16.04.2009. u 20:10 - pre 182 meseci
Uradio kako si naveo.
Ali,
2 prozora se pojavljuju

prvi:
Error - Win32 only
Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP

drugi:

Query -Recovery Console
CoboFix has detected that this machin does not have the "Winows recovery Console"
It would be in your best interest to have it instaled. Would you like to do so now?


znaci da instaliram konzolu i onda ponovo?
gleb
 
0

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Virus - ne radi USB16.04.2009. u 20:26 - pre 182 meseci
Ja se izvinjavam, tek sam sada primetio. Vi koristite SP1, a odavno je izasao SP3.
Zamolio bih vas da instalirate SP3.
http://www.softwarepatch.com/w...windows-xp-service-pack-3.html
 
0

gleb
statistika
bgd

Član broj: 185972
Poruke: 44
*.158.17.bitsyu.net.



+3 Profil

icon Re: Virus - ne radi USB16.04.2009. u 21:22 - pre 182 meseci
Ok, znam za to i probacu, mada nisam siguran da ovaj moj matori komp to moze da podrzi.
Ili gresim?

a na SP1 je radio USB godinama bez problema.
poz,
gleb
 
0

Dashkes

Član broj: 90973
Poruke: 845



+27 Profil

icon Re: Virus - ne radi USB16.04.2009. u 21:24 - pre 182 meseci
Sa SP1 ste podlozniji virusima. Trebalo bi da update-ujete Windows.
Podrzace, nemojte da se brinete.

[Ovu poruku je menjao Dashkes dana 16.04.2009. u 23:02 GMT+1]
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Virus - ne radi USB16.04.2009. u 22:36 - pre 182 meseci
Ako ne mozes/zelis da update-ujes SP predlazem ti da ignorises poruku koju ti javlja ComboFix, zatim da odgovoris sa No kad te upita za Recovery Console-u. Sacekaj da izvrsi svoje skeniranje i postavi izvestaj.
 
0

gleb
statistika
bgd

Član broj: 185972
Poruke: 44
*.175.17.bitsyu.net.



+3 Profil

icon Re: Virus - ne radi USB22.04.2009. u 20:58 - pre 182 meseci
Uradio sam po uputstvu.
Instalirao SP3, ugasio NOD i Zonealarm, pokrenuo Combofix i opet se pojavilo

Query -Recovery Console
CobmoFix has detected that this machin does not have the "Winows recovery Console"

Kliknuo sam NO, Combo je odradio svoje i evo loga,


ComboFix 09-04-23.02 - Vlada 04/22/2009 21:35.1 - [color=red]FAT32[/color]x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.191.40 [GMT 2:00]
Running from: c:\documents and settings\Vlada\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Vlada\Local Settings\Tempmetasploit.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
.

2009-04-22 18:09 . 2008-04-14 03:42 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-22 17:49 . 2008-04-14 03:42 786432 ------w c:\windows\system32\dllcache\migrate.exe
2009-04-22 17:48 . 2008-04-14 03:41 870784 ------w c:\windows\system32\ati3d1ag.dll
2009-04-22 17:47 . 2009-04-22 17:47 -------- d-----w c:\windows\l2schemas
2009-04-22 17:47 . 2009-04-22 17:47 -------- d-----w c:\windows\system32\en
2009-04-22 17:47 . 2009-04-22 17:47 -------- d-----w c:\windows\system32\bits
2009-04-22 17:47 . 2009-04-22 17:47 -------- d-----w c:\windows\peernet
2009-04-22 17:35 . 2009-04-22 17:35 -------- d-----w c:\windows\ServicePackFiles
2009-04-22 17:35 . 2008-04-14 03:41 33792 ------w c:\windows\system32\dllcache\custsat.dll
2009-04-22 17:26 . 2008-04-14 03:41 15423 ------w c:\windows\system32\drivers\ch7xxnt5.dll
2009-04-22 17:19 . 2006-12-28 22:31 19569 ----a-w c:\windows\002746_.tmp
2009-04-22 17:18 . 2007-08-10 18:46 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-22 17:11 . 2009-04-22 17:11 -------- d-----w c:\windows\EHome
2009-04-22 16:54 . 2009-04-21 08:38 331805736 ------w c:\program files\windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe
2009-04-15 19:18 . 2009-04-15 19:18 -------- d-sh--w C:\FOUND.094
2009-04-11 06:51 . 2009-04-11 06:51 -------- d-----w c:\program files\Skype
2009-04-11 06:51 . 2009-04-11 06:51 -------- d-----w c:\program files\Common Files\Skype
2009-04-10 09:54 . 2008-04-13 22:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-08 17:47 . 2009-04-08 17:47 -------- d-sh--w C:\FOUND.093
2009-04-02 19:27 . 2008-04-13 22:10 149376 ----a-w c:\windows\system32\drivers\tffsport.sys
2009-04-02 19:06 . 2009-04-02 19:06 -------- d-sh--w C:\FOUND.092

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 18:12 . 2006-10-07 16:35 42368 ----a-w c:\documents and settings\Vlada\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 17:56 . 2006-08-24 10:15 80007 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-22 17:25 . 2003-03-31 10:00 250048 --sha-r C:\ntldr
2009-04-03 20:36 . 2009-04-04 17:27 1621504 ------w c:\windows\Internet Logs\xDB14.tmp
2009-03-05 19:35 . 2009-03-05 19:35 -------- d-----w c:\program files\Microsoft USB Flash Drive Manager
2007-03-11 18:29 . 2007-03-11 18:29 128 ----a-w c:\documents and settings\Vlada\Local Settings\Application Data\fusioncache.dat
2007-02-27 21:22 . 2007-02-27 21:21 6006304 ----a-w c:\program files\Firefox Setup 2.0.0.2.exe
2006-08-27 20:56 . 2006-08-27 20:56 6064640 ----a-w c:\program files\icq5_1_setup.exe
2006-08-27 20:28 . 2006-08-27 20:28 4086856 ----a-w c:\program files\icq5_rambler.exe
2008-04-23 13:2007-02-27 22:06 56:38 . c:\program files\mozilla firefox\components\jar50.dll
2008-04-23 13:2007-02-27 22:06 56:38 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-23 13:2007-02-27 22:06 56:38 . c:\program files\mozilla firefox\components\myspell.dll
2008-04-23 13:2007-02-27 22:06 56:50 . c:\program files\mozilla firefox\components\spellchk.dll
2008-04-23 13:2007-02-27 22:06 56:50 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-08-31 22879528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-08-29 980736]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-28 949376]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-06-29 88203]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-10-16 49254]
ImageFox.lnk - c:\windows\Installer\{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe [2006-10-21 45056]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\System32\DRIVERS\tffsport.sys [2008-04-13 149376]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-03-28 15424]
S3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [2001-08-17 72192]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\DRIVERS\NtApm.sys [2001-08-17 9344]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\System32\imon.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
FF - ProfilePath - c:\documents and settings\Vlada\Application Data\Mozilla\Firefox\Profiles\2rbaftxq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 21:44
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(540)
c:\windows\System32\imon.dll
.
Completion time: 2009-04-22 21:48
ComboFix-quarantined-files.txt 2009-04-22 19:47

Pre-Run: 1,195,393,024 bytes free
Post-Run: 1,344,995,328 bytes free

119
gleb
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Virus - ne radi USB22.04.2009. u 21:27 - pre 182 meseci
Da li ti je NOD update-ovan? Ako ti ne radi update, predlazem ti da ga obrises i instaliras neki besplatni (Avast ili Avira). Taman uradi to, dok ne pogledam izvestaj. A i nisi ga ugasio, ostao je aktivan. Trebalo je da ga otvoris pa da kliknes na Quit (x) ikonicu na dnu programa i da potvrdis sa Yes, pa tek onda da pokrenes ComboFix.

Javi kakvo je sada stanje na racunaru i sta si sve uradio.

[Ovu poruku je menjao Nemanja Živanović dana 22.04.2009. u 23:05 GMT+1]
 
0

gleb
statistika
bgd

Član broj: 185972
Poruke: 44
*.151.17.bitsyu.net.



+3 Profil

icon Re: Virus - ne radi USB22.04.2009. u 22:46 - pre 182 meseci
Gasio sam NOD na X pa Yes, ali nema veze, deinstaliran sada.

Log u prilogu, a pomozi mi oko dve stvari:

- link ka Avast ili Avira
- sta da radim sa ikonicom koja se pojavljuje posle instalacije SP3 - 30 days left for activation - u donjem cosku (iskreno nisam ni citao dalje)

evo loga,

pozz


ComboFix 09-04-23.02 - Vlada 04/22/2009 23:33.2 - [color=red]FAT32[/color]x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.191.70 [GMT 2:00]
Running from: c:\documents and settings\Vlada\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
.

2009-04-22 18:09 . 2008-04-14 03:42 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-22 17:49 . 2008-04-14 03:42 786432 ------w c:\windows\system32\dllcache\migrate.exe
2009-04-22 17:48 . 2008-04-14 03:41 870784 ------w c:\windows\system32\ati3d1ag.dll
2009-04-22 17:47 . 2009-04-22 17:47 -------- d-----w c:\windows\l2schemas
2009-04-22 17:47 . 2009-04-22 17:47 -------- d-----w c:\windows\system32\en
2009-04-22 17:47 . 2009-04-22 17:47 -------- d-----w c:\windows\system32\bits
2009-04-22 17:47 . 2009-04-22 17:47 -------- d-----w c:\windows\peernet
2009-04-22 17:35 . 2009-04-22 17:35 -------- d-----w c:\windows\ServicePackFiles
2009-04-22 17:35 . 2008-04-14 03:41 33792 ------w c:\windows\system32\dllcache\custsat.dll
2009-04-22 17:26 . 2008-04-14 03:41 15423 ------w c:\windows\system32\drivers\ch7xxnt5.dll
2009-04-22 17:19 . 2006-12-28 22:31 19569 ----a-w c:\windows\002746_.tmp
2009-04-22 17:18 . 2007-08-10 18:46 26488 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-22 17:11 . 2009-04-22 17:11 -------- d-----w c:\windows\EHome
2009-04-22 16:54 . 2009-04-21 08:38 331805736 ------w c:\program files\windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe
2009-04-15 19:18 . 2009-04-15 19:18 -------- d-sh--w C:\FOUND.094
2009-04-11 06:51 . 2009-04-11 06:51 -------- d-----w c:\program files\Skype
2009-04-11 06:51 . 2009-04-11 06:51 -------- d-----w c:\program files\Common Files\Skype
2009-04-10 09:54 . 2008-04-13 22:17 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-08 17:47 . 2009-04-08 17:47 -------- d-sh--w C:\FOUND.093
2009-04-02 19:27 . 2008-04-13 22:10 149376 ----a-w c:\windows\system32\drivers\tffsport.sys
2009-04-02 19:06 . 2009-04-02 19:06 -------- d-sh--w C:\FOUND.092

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 18:12 . 2006-10-07 16:35 42368 ----a-w c:\documents and settings\Vlada\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-22 17:56 . 2006-08-24 10:15 80007 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-22 17:25 . 2003-03-31 10:00 250048 --sha-r C:\ntldr
2009-04-03 20:36 . 2009-04-04 17:27 1621504 ------w c:\windows\Internet Logs\xDB14.tmp
2009-03-05 19:35 . 2009-03-05 19:35 -------- d-----w c:\program files\Microsoft USB Flash Drive Manager
2007-03-11 18:29 . 2007-03-11 18:29 128 ----a-w c:\documents and settings\Vlada\Local Settings\Application Data\fusioncache.dat
2007-02-27 21:22 . 2007-02-27 21:21 6006304 ----a-w c:\program files\Firefox Setup 2.0.0.2.exe
2006-08-27 20:56 . 2006-08-27 20:56 6064640 ----a-w c:\program files\icq5_1_setup.exe
2006-08-27 20:28 . 2006-08-27 20:28 4086856 ----a-w c:\program files\icq5_rambler.exe
2008-04-23 13:2007-02-27 22:06 56:38 . c:\program files\mozilla firefox\components\jar50.dll
2008-04-23 13:2007-02-27 22:06 56:38 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-23 13:2007-02-27 22:06 56:38 . c:\program files\mozilla firefox\components\myspell.dll
2008-04-23 13:2007-02-27 22:06 56:50 . c:\program files\mozilla firefox\components\spellchk.dll
2008-04-23 13:2007-02-27 22:06 56:50 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-08-31 22879528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-08-29 980736]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-06-29 88203]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-10-16 49254]
ImageFox.lnk - c:\windows\Installer\{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe [2006-10-21 45056]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\System32\DRIVERS\tffsport.sys [2008-04-13 149376]
S3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [2001-08-17 72192]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\DRIVERS\NtApm.sys [2001-08-17 9344]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
FF - ProfilePath - c:\documents and settings\Vlada\Application Data\Mozilla\Firefox\Profiles\2rbaftxq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 23:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3620)
c:\program files\ACD Systems\ImageFox\IFOXDLL.dll
.
Completion time: 2009-04-22 23:43
ComboFix-quarantined-files.txt 2009-04-22 21:43
ComboFix2.txt 2009-04-22 19:48

Pre-Run: 1,365,811,200 bytes free
Post-Run: 1,360,109,568 bytes free

110
gleb
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Virus - ne radi USB22.04.2009. u 23:45 - pre 182 meseci
Linkovi za antiviruse:

Avast
Avira

Instaliraj jedan od ta dva. Ali mi prvo odgovori na ono sto sam ti rekao u privatnim porukama, da vidimo da li da nastavljamo dalje.
 
0

[es] :: Zaštita :: Virus - ne radi USB
(Zaključana tema (lock), by Nemanja Živanović)

[ Pregleda: 2741 | Odgovora: 15 ] > FB > Twit

Postavi temu

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.