 Poslao: 11 Jan 2010 20:08 |
|
|
|
|
Poštovani,
Pre mesec dana prilikom startovanja računara, dešavalo se da se otvori Mozilla prikazujući neku "biznis" stranu. Tada sam startovala Spybot koji je otkrio neke MyWeb Search fajlove, koje sam po završetku skeniranja obrisala. Inače, prilikom svakog skeniranja računara od strane AVG-a, nije se javljao nikakav problem. Mislila sam da je time sve završeno. Međutim, jutros se, prilikom startovanja računara konstantno nekih par minuta otvarao "dosoliki" prozor, ali nisam uspela da pročitam šta je bilo napisano. Nakon toga, startovala sam AVG, i prijavio je trojanca SHeur2.CFK (2 fajla). Nakon toga, startovala sam Spybot, gde su izašli nanovo MyWeb search fajlovi, ali nisu svi mogli da se obrišu. Kako ceo dan nisam bila u prilici da se obratim Ambulanti, to činim sada. Raspolažem kablovskom konekcijom (SBB) 6 Mbps.
Nisam uspela da izvršim skeniranje Gmer-om, tako da prilažem RootRepeal izveštaj.
Još jedna napomena, nisam "napredan" korisnik računara. Unapred se zahvaljujem.
Sledi DDS:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Deca at 19:25:23.29 on Mon 01/11/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1314 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\713xRMTMon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\WINDOWS\713xRMT.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Deca\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mWinlogon: Taskman=c:\recycler\s-1-5-21-2565977379-6415044609-369197376-9052\nissan.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [LREC75DND7] c:\docume~1\deca\locals~1\temp\d.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TV Card Remote Control Device Monitor] c:\windows\713xRMTMon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AGRSMMSG] AGRSMMSG.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\schedu~1.lnk - c:\program files\honestech\honestech tvr\scheduleTV.exe
IE: &Search - ?p=ZKfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\deca\applic~1\mozilla\firefox\profiles\4nr9n9ro.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\deca\application data\mozilla\firefox\profiles\4nr9n9ro.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\deca\application data\mozilla\firefox\profiles\4nr9n9ro.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\deca\application data\mozilla\firefox\profiles\4nr9n9ro.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-18 108552]
R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2009-4-25 279552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-18 297752]
R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2009-4-25 25984]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [2005-2-24 162176]
S2 gupdate1c9ecdce5af182c;Google Update Service (gupdate1c9ecdce5af182c);c:\program files\google\update\GoogleUpdate.exe [2009-6-14 133104]
S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2009-4-25 906368]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-12-6 102656]
=============== Created Last 30 ================
2010-01-03 19:24:41 0 d-----w- c:\windows\Mystery Case Files Huntsville
2009-12-29 20:02:10 0 d---a-w- C:\xampp
2009-12-26 13:31:51 281 ----a-w- C:\Shortcut to Podaci (D).lnk
2009-12-23 16:54:15 0 d-----w- c:\program files\MyWebSearch
==================== Find3M ====================
2009-10-31 12:24:30 304160 ----a-w- C:\StiImg.dat
============= FINISH: 19:25:43.90 ===============
http://www.mycity.rs/Uploads/182654_1223578463_Attach.txt
http://www.mycity.rs/Uploads/182654_2044401226_Roo.....-55%29.txt |
|
|
|
|
|
| Poslao: 11 Jan 2010 20:30 |
|
|
|
|
pozdrav i dobrodosla na forum 
Isprati sledeće...
Preuzmi file na Desktop sa dole navedenog linka;
Pokreni ga dvoklikom;
Na svaki upit klikni Ok i sačekaj da se pojavi log Antinissan.txt
koji ćeš mi iskopirati ovde u poruci.
http://www.mycity.rs/Uploads/64525_1703785282_AntiNissan.vbs
- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.
Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd. |
|
|
|
|
|
| Poslao: 11 Jan 2010 20:42 |
|
|
|
|
Evo ovako. Ubacila sam prvo fleš, a zatim fotoaparat. Postojao je i eksterni hard, koji nije moj, tako da njega ne mogu proveriti. Izveštaji slede:
Fix started @ 8:30:45 PM, 1/11/2010
Checking loading points... Traces found!
Checking files... OK.
»»»»»» Finished!
»»»»»» Anti-nissan v1.0 by dr_Bora
==================================
USBNoRisk 2.5 (26 July 2009) by bobby
Started at 1/11/2010 8:32:00 PM
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
D: {177a200d-fdee-11dd-a8fc-806d6172696f}
C: {177a200f-fdee-11dd-a8fc-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 177a200f-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 177a200d-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on D:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 1/11/2010 8:33:31 PM
Scanning for connected USB mass storage...
----------------------------------------
F: {acf31ace-e498-11de-a10b-001485dee0db}
Added F:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for acf31ace-e498-11de-a10b-001485dee0db
----------------------------------------
----------------------------------------
Desktop.ini found at F:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
No mimics found on drive F:
========================================
========================================
Removed F:
========================================
New device connected at 1/11/2010 8:35:30 PM
Scanning for connected USB mass storage...
----------------------------------------
F: {4db7e3a6-ba8a-11de-a095-001485dee0db}
Added F:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
autorun.inf found on F:
----------------------------------------
File F:\autorun.inf renamed successfully
Content of F:\autorun.inf.blocked
----------------------------------------
;M=õs???èt??té?ì?üFLíwú?d????L??ð???y/??sÉÖÖd?ðseAc???Â??è?dE-X?e?Ïí?àm????l?ú???Òb?éEeÁF?}ÃÇ
[autorun
;kÜE?ñ<ýI,ýµ%ì\?
;ø???Ø$?Þm$??r?ù?Ê??^?|æÏrW?dv?+??þÿá-Jw?ò?ÃõCò?M?wÍ?ås
open=SLATKO/torta.exe
;ñ?v?$Vt?úý
;??Z??N?xòF?<Z&?vYK?ð?x?aL??wT%?ô?wJ?>wröZ???mbñ?bL@???ÊEð?rÔ?Ú?s?QÈ`??j(?è??ì?ð?a?Fm???yst?
icon=%SystemRoot%\system32\SHELL32.dll,4
;QåRta??v?:ñts+/ÒÊ?ñ?µ
action=Open folder to view files using Windows Explorer
;?åÚ?r?Â?Äú?dM
shell\\open\\command=SLATKO/torta.exe
;?TQ?ØXòàmx?AÖà??wÿ?Â?}?C|fìÖ?ìùoLa?ÁOev?µ??Ý????ùýyv??Xlñ??Rx?è??ë??XIMB?W??
shell\\explore\\command=SLATKO/torta.exe
;ÀìmJdO?dm?ðñ????
useautoplay=1
;ø???Ø$?Þm$??r?=K.??<nà÷
----------------------------------------
Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------
Sanitized mountpoint for 4db7e3a6-ba8a-11de-a095-001485dee0db
----------------------------------------
----------------------------------------
Desktop.ini found at F:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
No mimics found on drive F:
========================================
========================================
Removed F:
========================================
New device connected at 1/11/2010 8:36:16 PM
Scanning for connected USB mass storage...
----------------------------------------
F: {4db7e3a6-ba8a-11de-a095-001485dee0db}
Added F:
========================================
Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
----------------------------------------
Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------
----------------------------------------
No Autorun.inf files found on F:
----------------------------------------
No Desktop.ini files found on F:
----------------------------------------
No mimics found on drive F:
========================================
========================================
Removed F:
======================================== |
|
|
|
|
|
| Poslao: 12 Jan 2010 01:26 |
|
|
|
|
 obrisi antinissan.vbs koji si koristila i skini ovaj
http://www.mycity.rs/Uploads/64525_1898331988_AntiNissan.vbs
isprati uputstva i okaci mi log
- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.
- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.
- Kliknuti na karticu Script;
U beli okvir prozora iskopirati sledeći tekst:
| Kod: | {4db7e3a6-ba8a-11de-a095-001485dee0db}
delete_blocked:
f_delete:%DRIVE%SLATKO/torta.exe
folder_list:%DRIVE% |
- Izvršiti komandu klikom na taster Run Script;
Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;
- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;
Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. |
|
|
|
|
|
| Poslao: 12 Jan 2010 01:33 |
|
|
|
|
Pozdrav jos jednom! Nadam se da sam sve dobro uradila. Slede izvestaji:
Fix started @ 1:26:07 AM, 1/12/2010
Checking loading points... Traces found!
Checking files... OK.
Global loading point removed.
»»»»»» Finished!
»»»»»» Anti-nissan v1.0 by dr_Bora
==================================
USBNoRisk 2.5 (26 July 2009) by bobby
Started at 1/12/2010 1:27:21 AM
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
D: {177a200d-fdee-11dd-a8fc-806d6172696f}
C: {177a200f-fdee-11dd-a8fc-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 177a200f-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 177a200d-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on D:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 1/12/2010 1:27:44 AM
Scanning for connected USB mass storage...
----------------------------------------
F: {acf31ace-e498-11de-a10b-001485dee0db}
Added F:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for acf31ace-e498-11de-a10b-001485dee0db
----------------------------------------
----------------------------------------
Desktop.ini found at F:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
No mimics found on drive F:
========================================
Processing script
---------------------------------------- |
|
|
|
|
|
| Poslao: 12 Jan 2010 01:48 |
|
|
|
|
| Ovako.. POkreni USbnorisk..sacekaj da se zavrsi ono pocetno skeniranje pa onda prikljuci fotoaparat...Kada prikljucis fotoarat klikni na karticu Script i odradi ono sto sam ti napisao... Moja greska... nisam naglasio da ubacis fotoaparat posto je on zarazen. |
|
|
|
|
|
| Poslao: 12 Jan 2010 01:53 |
|
|
|
|
Evo izvestaja sa fotoaparata:
USBNoRisk 2.5 (26 July 2009) by bobby
Started at 1/12/2010 1:46:36 AM
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
D: {177a200d-fdee-11dd-a8fc-806d6172696f}
C: {177a200f-fdee-11dd-a8fc-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 177a200f-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 177a200d-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on D:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 1/12/2010 1:48:04 AM
Scanning for connected USB mass storage...
----------------------------------------
F: {4db7e3a6-ba8a-11de-a095-001485dee0db}
Added F:
========================================
Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
;M=õs???èt??té?ì?üFLíwú?d????L??ð???y/??sÉÖÖd?ðseAc???Â??è?dE-X?e?Ïí?àm????l?ú???Òb?éEeÁF?}ÃÇ
[autorun
;kÜE?ñ<ýI,ýµ%ì\?
;ø???Ø$?Þm$??r?ù?Ê??^?|æÏrW?dv?+??þÿá-Jw?ò?ÃõCò?M?wÍ?ås
open=SLATKO/torta.exe
;ñ?v?$Vt?úý
;??Z??N?xòF?<Z&?vYK?ð?x?aL??wT%?ô?wJ?>wröZ???mbñ?bL@???ÊEð?rÔ?Ú?s?QÈ`??j(?è??ì?ð?a?Fm???yst?
icon=%SystemRoot%\system32\SHELL32.dll,4
;QåRta??v?:ñts+/ÒÊ?ñ?µ
action=Open folder to view files using Windows Explorer
;?åÚ?r?Â?Äú?dM
shell\\open\\command=SLATKO/torta.exe
;?TQ?ØXòàmx?AÖà??wÿ?Â?}?C|fìÖ?ìùoLa?ÁOev?µ??Ý????ùýyv??Xlñ??Rx?è??ë??XIMB?W??
shell\\explore\\command=SLATKO/torta.exe
;ÀìmJdO?dm?ðñ????
useautoplay=1
;ø???Ø$?Þm$??r?=K.??<nà÷
----------------------------------------
Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 4db7e3a6-ba8a-11de-a095-001485dee0db
----------------------------------------
----------------------------------------
Desktop.ini found at F:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
No mimics found on drive F:
========================================
========================================
Removed F:
========================================
Processing script
---------------------------------------- |
|
|
|
|
|
| Poslao: 12 Jan 2010 11:59 |
|
|
|
|
Ajmo jos jednom
Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.
- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.
- Kliknuti na karticu Script;
U beli okvir prozora iskopirati sledeći tekst:
| Kod: | {4db7e3a6-ba8a-11de-a095-001485dee0db}
no_sh:
f_delete:%DRIVE%SLATKO/torta.exe
folder_list:%DRIVE%
|
- Izvršiti komandu klikom na taster Run Script;
Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;
- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;
Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.
Okaci mi log ovde i proveri dal je ceo selektovan i kopiran na forum
Zatim :
Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe
Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
- Update Malwarebytes' Anti-Malware;
- Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.
Nakon završenog ažuriranja program će se pokrenuti.
Izaberi opciju Perform Quick Scan i klikni Scan.
Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.
Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.
Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). |
|
|
|
|
|
| Poslao: 12 Jan 2010 19:15 |
|
|
|
|
USBNoRisk 2.5 (26 July 2009) by bobby
Started at 1/12/2010 6:56:01 PM
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
D: {177a200d-fdee-11dd-a8fc-806d6172696f}
C: {177a200f-fdee-11dd-a8fc-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 177a200f-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 177a200d-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on D:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 1/12/2010 6:57:02 PM
Scanning for connected USB mass storage...
----------------------------------------
F: {4db7e3a6-ba8a-11de-a095-001485dee0db}
Added F:
========================================
Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
;M=õs???èt??té?ì?üFLíwú?d????L??ð???y/??sÉÖÖd?ðseAc???Â??è?dE-X?e?Ïí?àm????l?ú???Òb?éEeÁF?}ÃÇ
[autorun
;kÜE?ñ<ýI,ýµ%ì\?
;ø???Ø$?Þm$??r?ù?Ê??^?|æÏrW?dv?+??þÿá-Jw?ò?ÃõCò?M?wÍ?ås
open=SLATKO/torta.exe
;ñ?v?$Vt?úý
;??Z??N?xòF?<Z&?vYK?ð?x?aL??wT%?ô?wJ?>wröZ???mbñ?bL@???ÊEð?rÔ?Ú?s?QÈ`??j(?è??ì?ð?a?Fm???yst?
icon=%SystemRoot%\system32\SHELL32.dll,4
;QåRta??v?:ñts+/ÒÊ?ñ?µ
action=Open folder to view files using Windows Explorer
;?åÚ?r?Â?Äú?dM
shell\\open\\command=SLATKO/torta.exe
;?TQ?ØXòàmx?AÖà??wÿ?Â?}?C|fìÖ?ìùoLa?ÁOev?µ??Ý????ùýyv??Xlñ??Rx?è??ë??XIMB?W??
shell\\explore\\command=SLATKO/torta.exe
;ÀìmJdO?dm?ðñ????
useautoplay=1
;ø???Ø$?Þm$??r?=K.??<nà÷
----------------------------------------
Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 4db7e3a6-ba8a-11de-a095-001485dee0db
----------------------------------------
----------------------------------------
Desktop.ini found at F:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
No mimics found on drive F:
========================================
========================================
Removed F:
========================================
Processing script
----------------------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3549
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
1/12/2010 7:12:03 PM
mbam-log-2010-01-12 (19-12-03).txt
Scan type: Quick Scan
Objects scanned: 126030
Time elapsed: 10 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lrec75dnd7 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. |
|
|
|
|
|
| Poslao: 12 Jan 2010 20:04 |
|
|
|
|
| Ok... sad samo kad ubacis fotoaparat udji i obrisi folder sa nazivom SLATKO |
|
|
|
|
|
| Poslao: 12 Jan 2010 20:58 |
|
|
|
|
Postoji problem, folder SLATKO, ne moze da se izbrise.  |
|
|
|
|
|
| Poslao: 12 Jan 2010 22:07 |
|
|
|
|
Postoji jos jedan problem... Ti iskljucujes Fotoaparat pre nego sto se skripta izvrsi
Znaci
| Kod: | 4db7e3a6-ba8a-11de-a095-001485dee0db}
delete_blocked:
f_delete:%DRIVE%SLATKO\torta.exe
folder_list:%DRIVE% |
pa pritisnes Script.... i ne vadis fotoaparat dok mi ne kopiras ovde log...Nemoj se brinuti... Ne mozes se vise zaraziti drzanjem fotoaparata prikljucenog za komp. |
|
|
|
|
|
| Poslao: 12 Jan 2010 23:20 |
|
|
|
|
E, dakle, tu je problem. On se iskljucivao sam, nesto je bilo do kontakta. Mislim da sam sad uspela da sredim. Izvinjavam se na kasnijem odgovoru.
USBNoRisk 2.5 (26 July 2009) by bobby
Started at 1/12/2010 11:15:00 PM
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
D: {177a200d-fdee-11dd-a8fc-806d6172696f}
C: {177a200f-fdee-11dd-a8fc-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 177a200f-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 177a200d-fdee-11dd-a8fc-806d6172696f
No Desktop.ini files found on D:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 1/12/2010 11:15:34 PM
Scanning for connected USB mass storage...
----------------------------------------
F: {4db7e3a6-ba8a-11de-a095-001485dee0db}
Added F:
========================================
Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
;M=õs???èt??té?ì?üFLíwú?d????L??ð???y/??sÉÖÖd?ðseAc???Â??è?dE-X?e?Ïí?àm????l?ú???Òb?éEeÁF?}ÃÇ
[autorun
;kÜE?ñ<ýI,ýµ%ì\?
;ø???Ø$?Þm$??r?ù?Ê??^?|æÏrW?dv?+??þÿá-Jw?ò?ÃõCò?M?wÍ?ås
open=SLATKO/torta.exe
;ñ?v?$Vt?úý
;??Z??N?xòF?<Z&?vYK?ð?x?aL??wT%?ô?wJ?>wröZ???mbñ?bL@???ÊEð?rÔ?Ú?s?QÈ`??j(?è??ì?ð?a?Fm???yst?
icon=%SystemRoot%\system32\SHELL32.dll,4
;QåRta??v?:ñts+/ÒÊ?ñ?µ
action=Open folder to view files using Windows Explorer
;?åÚ?r?Â?Äú?dM
shell\\open\\command=SLATKO/torta.exe
;?TQ?ØXòàmx?AÖà??wÿ?Â?}?C|fìÖ?ìùoLa?ÁOev?µ??Ý????ùýyv??Xlñ??Rx?è??ë??XIMB?W??
shell\\explore\\command=SLATKO/torta.exe
;ÀìmJdO?dm?ðñ????
useautoplay=1
;ø???Ø$?Þm$??r?=K.??<nà÷
----------------------------------------
Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 4db7e3a6-ba8a-11de-a095-001485dee0db
----------------------------------------
----------------------------------------
Desktop.ini found at F:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
No mimics found on drive F:
========================================
Processing script
----------------------------------------
4db7e3a6-ba8a-11de-a095-001485dee0db
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 3
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
dra-- F:\SLATKO > unhidden
--a-- F:\SLATKO\Desktop.ini > unhidden
-ra-- F:\SLATKO\torta.exe > unhidden
f_delete:
delete file error: F:\SLATKO/torta.exe, The filename, directory name, or volume label syntax is incorrect.
----------------------------------------
Folder list for F:\:
----------------------------------------
| Kod: |
d---- 0 F:\DCIM F:\DCIM
dra-- 0 F:\SLATKO F:\SLATKO
--a-- 667 F:\AUTORU~1.BLO F:\autorun.inf.blocked
|
---------------------------------------- |
|
|
|
|
|
| Poslao: 12 Jan 2010 23:51 |
|
|
|
|
Unela si pogresnu skriptu... ne ponavljam skripte ja bezveze
kopiraj ovu
| Kod: | 4db7e3a6-ba8a-11de-a095-001485dee0db}
delete_blocked:
f_delete:%DRIVE%SLATKO\torta.exe
folder_list:%DRIVE% |
|
|
|
|
|
|
| Poslao: 13 Jan 2010 01:04 |
|
|
|
|
Da li treba ovoliko da trake procesuiranje skripte koju sam konacno ispravno unela?  |
|
|
|
|
|
| Poslao: 13 Jan 2010 01:17 |
|
|
|
|
| Koliko dugo... Tebi je sada racunar cist... Problem je samo taj jedan folder na fotoaparatu... U sustini i taj malware onesposobljen od samostalnog pokretanja pri ubacivanju fotoaparata u komp..problem je samo da neko ne otvori taj folder i ne pokrene maliciozni fajl...Zato ovo ovoliko dugo traje... pa jel zavrsilo...ima li kakvog loga? |
|
|
|
|
|
| Poslao: 13 Jan 2010 01:21 |
|
|
|
|
| Sve vreme (skoro jedan sat), pise "processing script", no, obrisala sam "SLATKO" na fotoaparatu. |
|
|
|
|
|
| Poslao: 13 Jan 2010 01:24 |
|
|
|
|
| Ok ..to bi bilo to... Izvini sto je ovoliko trajalo... Malo dosadnija verzija usb crva.. |
|
|
|
|
|
| Poslao: 13 Jan 2010 01:27 |
|
|
|
|
| Ja se tebi izvinjavam na nemarnosti. Veliko hvala za ovoliki trud! |
|
|
|
|
|
  |
Strana 1 od 1
|
(Registrovanim korisnicima se NE prikazuju reklame)
 |
|
 |
Ukupno su 176 korisnika na forumu :: 12 Registrovanih, 2 Sakriven i 162 Gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije
Najviše korisnika na forumu ikad bilo je 972 - dana 26 Okt 2008 13:06
Korisnici trenutno na forumu: Da vam Bata nešto kaže..., dr_Bora, helen1, Lav_staford, magna86, nemanja_066, NoOneEver Dreams, plavii, Rumba King, vlada_14, x-Death-x, Žan Klod vam dam |
|
Turista 
