MyCity » Ambulanta -> Arhiva Ambulante » Folderi prelaze u aplikacije(.exe) - Win32/Spy.KeyLogger.NHI

Folderi prelaze u aplikacije(.exe) - Win32/Spy.KeyLogger.NHI

Napisano na dan: 15.9.2012

Strana:
1
2
3

Folderi prelaze u aplikacije(.exe) - Win32/Spy.KeyLogger.NHI

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

sake86 Poslao: 16 Sep 2012 17:47 Idi na vrh
offline sake86 Novi MyCity građanin Pridružio: 14 Sep 2012 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav i zaista hvala na ažurnosti Evo rezultati: KORAK 1 Notepad fajl "log.txt" se otvorio prazan, pretpostavljam onda da je to ok KORAK 2 Fajl sa lokacije "C:\Avenger" sam stavio u RAR format i uploadao pod imenom "Avenger.rar" KORAK 3 # AdwCleaner v2.001 - Logfile created 09/16/2012 at 17:22:56 # Updated 09/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Matei - MATEI-HP # Boot Mode : Normal # Running from : C:\Users\Matei\Desktop\adwcleaner.exe # Option [Delete] *** [Services] * * [Files / Folders] * File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js File Deleted : C:\Users\Matei\AppData\Local\funmoods.crx File Deleted : C:\Users\Matei\AppData\Local\funmoods-speeddial.crx File Deleted : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\searchplugins\MyStart Search.xml File Deleted : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\searchplugins\search.xml Folder Deleted : C:\Program Files\DAEMON Tools Toolbar Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Premium Folder Deleted : C:\Users\bluetrainstreet\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\bluetrainstreet\AppData\LocalLow\Conduit Folder Deleted : C:\Users\bluetrainstreet\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\bluetrainstreet\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\bluetrainstreet\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\ferrosaly\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\ferrosaly\AppData\LocalLow\Conduit Folder Deleted : C:\Users\ferrosaly\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\ferrosaly\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\ferrosaly\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\luckystar894\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\luckystar894\AppData\LocalLow\Conduit Folder Deleted : C:\Users\luckystar894\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\luckystar894\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\luckystar894\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\Matei\AppData\Local\Babylon Folder Deleted : C:\Users\Matei\AppData\Local\bearshare Folder Deleted : C:\Users\Matei\AppData\Local\Conduit Folder Deleted : C:\Users\Matei\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Folder Deleted : C:\Users\Matei\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Matei\AppData\LocalLow\ShoppingReport2 Folder Deleted : C:\Users\Matei\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\Matei\AppData\Roaming\Babylon Folder Deleted : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} * [Registry] * Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2 Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKCU\Software\SMTTB2009 Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Somoto Toolbar Key Deleted : HKCU\Software\SweetIm Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\f Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand.1 Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl.1 Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2455325 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3080215 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKLM\Software\Minibar Key Deleted : HKLM\Software\QuestScan Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKLM\Software\SweetIm Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [hblite@hblite.com] * [Internet Browsers] * -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0DyBtC0BtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=817892337 --> hxxp://www.google.com -\\ Mozilla Firefox v15.0 (en-US) Profile name : default File : C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\prefs.js C:\Users\Matei\AppData\Roaming\Mozilla\Firefox\Profiles\sz37guy9.default\user.js ... Deleted ! Deleted : user_pref("backup.old.browser.search.defaultenginename", "MyStart Search"); Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100995"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "9e16d71b000000000000701a04fa5b25"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "9e16d71b000000000000701a04fa5b25"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15344"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100995&babsrc=NT_s[...] Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:12:22"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,info@thebflix.com:1.1,{972ce4c6-7e[...] Deleted : user_pref("extensions.funmoods.aflt", "nv1"); Deleted : user_pref("extensions.funmoods.autoRvrt", false); Deleted : user_pref("extensions.funmoods.cntry", "HR"); Deleted : user_pref("extensions.funmoods.cv", "cv5"); Deleted : user_pref("extensions.funmoods.dfltLng", ""); Deleted : user_pref("extensions.funmoods.dfltSrch", true); Deleted : user_pref("extensions.funmoods.dnsErr", true); Deleted : user_pref("extensions.funmoods.envrmnt", "production"); Deleted : user_pref("extensions.funmoods.excTlbr", false); Deleted : user_pref("extensions.funmoods.hdrMd5", "6BA5E4D09944FAA0FD6079536E0D7FC4"); Deleted : user_pref("extensions.funmoods.hmpg", true); Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...] Deleted : user_pref("extensions.funmoods.id", "D8D38515D6C7D71B"); Deleted : user_pref("extensions.funmoods.instlDay", "15543"); Deleted : user_pref("extensions.funmoods.instlRef", "nv1"); Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true); Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:39:56"); Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Deleted : user_pref("extensions.funmoods.newTab", true); Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...] Deleted : user_pref("extensions.funmoods.prdct", "funmoods"); Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods"); Deleted : user_pref("extensions.funmoods.sg", "none"); Deleted : user_pref("extensions.funmoods.smplGrp", "none"); Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search"); Deleted : user_pref("extensions.funmoods.tlbrId", "base"); Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...] Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:39:56"); Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Deleted : user_pref("extensions.funmoods_i.newTab", true); Deleted : user_pref("extensions.funmoods_i.smplGrp", "none"); Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:39:56"); Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl"); Deleted : user_pref("extensions.incredibar_i.dfltLng", ""); Deleted : user_pref("extensions.incredibar_i.did", "10606"); Deleted : user_pref("extensions.incredibar_i.excTlbr", "false"); Deleted : user_pref("extensions.incredibar_i.hardId", "9e16d71b000000000000701a04fa5b25"); Deleted : user_pref("extensions.incredibar_i.id", "9e16d71b000000000000701a04fa5b25"); Deleted : user_pref("extensions.incredibar_i.installerproductid", "26"); Deleted : user_pref("extensions.incredibar_i.instlDay", "15349"); Deleted : user_pref("extensions.incredibar_i.instlRef", ""); Deleted : user_pref("extensions.incredibar_i.ms_url_id", ""); Deleted : user_pref("extensions.incredibar_i.newTab", false); Deleted : user_pref("extensions.incredibar_i.ppd", ""); Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar"); Deleted : user_pref("extensions.incredibar_i.productid", "26"); Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Deleted : user_pref("extensions.incredibar_i.smplGrp", "none"); Deleted : user_pref("extensions.incredibar_i.tlbrId", "base"); Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OypnqRJNq&loc=IB[...] Deleted : user_pref("extensions.incredibar_i.upn2", "6OypnqRJNq"); Deleted : user_pref("extensions.incredibar_i.upn2n", "92260700927374084"); Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27"); Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2715:43:29"); Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27"); Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6OypnqRJNq&&i=26&search="[...] Profile name : default File : C:\Users\bluetrainstreet\AppData\Roaming\Mozilla\Firefox\Profiles\k4s2rgp3.default\prefs.js [OK] File is clean. -\\ Google Chrome v21.0.1180.89 File : C:\Users\Matei\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\bluetrainstreet\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\luckystar894\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\ferrosaly\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v11.60.1185.0 File : C:\Users\Matei\AppData\Roaming\Opera\Opera\operaprefs.ini Deleted : Home URL=hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0Dzz0DtAzzyDtCyD0DyC0CyB0D[...] File : C:\Users\bluetrainstreet\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. *********************** AdwCleaner[R1].txt - [19430 octets] - [16/09/2012 15:51:24] AdwCleaner[S1].txt - [19813 octets] - [16/09/2012 17:22:56] ########## EOF - C:\AdwCleaner[S1].txt - [19874 octets] ########## Pitao si kakvo je stanje sistema. Pa gle ovako, ne vidim (nisam ni ranije vidio) neke probleme osim toga da kad sam ubacivao USB stick odmah sam primjetio da taj crv (što li već) odmah kreira folder.exe fajl a original folder postane nevidljiv. Sad sam pokušao ubosti USB stick i vidim da folderi ostaju folderi, tj. ne pretvaraju se u aplikacije. Dakle, jedan problem riješen. No, pretpostavljam da sistem nije čist skroz dok kraja, jer vidim da na desktopu imam još jedan "folder.exe" (ima drugačiju ikonu od ostalih + njegov properties govori da je application a ne file folder). Čekam daljnje instrukcije

Profil

Sass Drake Poslao: 16 Sep 2012 17:53 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pitao sam te za stanje sistema, a ne za stanje USB stika. Provjerićemo sada da li ima malicioznih stvari na tom USB disku. Preuzmi MCShield sa sljedeće adrese: http://amf.mycity.rs/mcshield/MCShield-Setup.exe Instaliraj MCShield i sačekaj da se završi uvodno skeniranje. Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani. Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd. Idi na Start -> All Programs -> MCShield -> Logs -> AllScans Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

Profil

sake86 Poslao: 16 Sep 2012 18:34 Idi na vrh
offline sake86 Novi MyCity građanin Pridružio: 14 Sep 2012 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 16 Sep 2012 18:26 Evo skenirao sam sve USB stickove, mobitele i sve ostalo što spajam preko USB porta, te zabilježio redoslijed. Moj stick je ipak čist koliko vidim, kako sam i spomenuo u prošlom postu. Evo cijelog reporta >>> MCShield AllScans.txt <<< >>> MCShield v 2.1.4.13 / DB: 2012.9.15.1 <<< 16.9.2012. 18:12:49 > Drive C: - scan started (no label ~283 GB, NTFS HDD )... => The drive is clean. >>> MCShield v 2.1.4.13 / DB: 2012.9.15.1 <<< 16.9.2012. 18:17:48 > Drive F: - scan started (JUESBI STIK ~3848 MB, FAT32 flash drive )... => The drive is clean. >>> MCShield v 2.1.4.13 / DB: 2012.9.15.1 <<< 16.9.2012. 18:18:10 > Drive F: - scan started (no label ~7647 MB, NTFS flash drive )... >>> F:\Revolver[2005]DvDrip[Eng]-aXXo.exe - Suspicious > Renamed. (MD5: eb0755c12318a6ff18e033ed78d0400d) > Resetting attributes: F:\Revolver[2005]DvDrip[Eng]-aXXo < Successful. => Suspicious files : 1/1 renamed. => Hidden folders : 1/1 unhidden. ____________________________________________ ::::: Scan duration: 1s :::::::::::::::::::: ____________________________________________ >>> MCShield v 2.1.4.13 / DB: 2012.9.15.1 <<< 16.9.2012. 18:19:13 > Drive F: - scan started (no label ~976 MB, FAT32 flash drive )... => The drive is clean. >>> MCShield v 2.1.4.13 / DB: 2012.9.15.1 <<< 16.9.2012. 18:19:30 > Drive F: - scan started (no label ~7670 MB, FAT32 flash drive )... ---> Note: traces of file replicators have been found! ---> Executing generic S&D routine... >>> F:\data.exe - Malware > Deleted. (12.09.16. 18.21 data.exe.469052; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\cities.exe - Malware > Deleted. (12.09.16. 18.21 cities.exe.884727; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\Garmin.exe - Malware > Deleted. (12.09.16. 18.21 Garmin.exe.331975; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\private.exe - Malware > Deleted. (12.09.16. 18.21 private.exe.320660; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\Resource.exe - Malware > Deleted. (12.09.16. 18.21 Resource.exe.931770; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\sys.exe - Malware > Deleted. (12.09.16. 18.21 sys.exe.613287; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\qf.exe - Malware > Deleted. (12.09.16. 18.21 qf.exe.942637; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\Images.exe - Malware > Deleted. (12.09.16. 18.21 Images.exe.266171; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\My Videos.exe - Malware > Deleted. (12.09.16. 18.21 My Videos.exe.731787; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\Nokia.exe - Malware > Deleted. (12.09.16. 18.21 Nokia.exe.584206; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\Dukto.exe - Malware > Deleted. (12.09.16. 18.21 Dukto.exe.400852; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\system.exe - Malware > Deleted. (12.09.16. 18.21 system.exe.465760; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\download.exe - Malware > Deleted. (12.09.16. 18.21 download.exe.582621; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\Games.exe - Malware > Deleted. (12.09.16. 18.21 Games.exe.605940; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\Others.exe - Malware > Deleted. (12.09.16. 18.21 Others.exe.441041; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\Videos.exe - Malware > Deleted. (12.09.16. 18.21 Videos.exe.309640; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\Sounds.exe - Malware > Deleted. (12.09.16. 18.21 Sounds.exe.405641; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\Attachments.exe - Malware > Deleted. (12.09.16. 18.21 Attachments.exe.537545; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\toC.exe - Malware > Deleted. (12.09.16. 18.21 toC.exe.859942; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\SportsTracker2.exe - Malware > Deleted. (12.09.16. 18.21 SportsTracker2.exe.532232; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\Playlists.exe - Malware > Deleted. (12.09.16. 18.21 Playlists.exe.420422; MD5: eb0755c12318a6ff18e033ed78d0400d) >>> F:\DCIM.exe - Malware > Deleted. (12.09.16. 18.21 DCIM.exe.988807; MD5: eb0755c12318a6ff18e033ed78d0400d) > Resetting attributes: F:\data < Successful. > Resetting attributes: F:\cities < Successful. > Resetting attributes: F:\Garmin < Successful. > Resetting attributes: F:\private < Successful. > Resetting attributes: F:\Resource < Successful. > Resetting attributes: F:\sys < Successful. > Resetting attributes: F:\Images < Successful. > Resetting attributes: F:\My Videos < Successful. > Resetting attributes: F:\Nokia < Successful. > Resetting attributes: F:\Dukto < Successful. > Resetting attributes: F:\system < Successful. > Resetting attributes: F:\download < Successful. > Resetting attributes: F:\Games < Successful. > Resetting attributes: F:\Others < Successful. > Resetting attributes: F:\Videos < Successful. > Resetting attributes: F:\Sounds < Successful. > Resetting attributes: F:\Attachments < Successful. > Resetting attributes: F:\toC < Successful. > Resetting attributes: F:\SportsTracker2 < Successful. > Resetting attributes: F:\Playlists < Successful. > Resetting attributes: F:\DCIM < Successful. => Malicious files : 22/22 deleted. => Hidden folders : 21/21 unhidden. ____________________________________________ ::::: Scan duration: 1min 36s :::::::::::::: ____________________________________________ Dopuna: 16 Sep 2012 18:34 Btw. sad sam skužio da mi više browser (Google Chrome) ne pamti tabove. Jebemu. To mi se nimalo ne sviđa, imao sam hrpu važnih stranica otvorenih. Pri otvaranju browsera mi je izbacio neku pogrešku kao da mi je nešto (očigledno skeniranje/čišćenje/brisanje malware svim tim raznim aplikacijama) obrisalo podatke i više se ne mogu vratiti...

Profil

Sass Drake Poslao: 16 Sep 2012 18:44 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat:No, pretpostavljam da sistem nije čist skroz dok kraja, jer vidim da na desktopu imam još jedan "folder.exe" (ima drugačiju ikonu od ostalih + njegov properties govori da je application a ne file folder). Da li si kopirao neki folder sa USB diska na Desktop? Da li si ga pokretao?

Profil

sake86 Poslao: 16 Sep 2012 18:47 Idi na vrh
offline sake86 Novi MyCity građanin Pridružio: 14 Sep 2012 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne, otkad smo zajedno krenuli u rješavanje problema nisam niti kopirao niti pokretao išta sa USB sticka. Ovaj "folder" stoji tu na desktopu zaražen još otkako sam krenuo u rješavanje problema, nisam ga htio dirati dok ne dođe vrijeme (slijedio sam upute).

Profil

Sass Drake Poslao: 16 Sep 2012 18:54 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! sake86 ::Ne, otkad smo zajedno krenuli u rješavanje problema nisam niti kopirao niti pokretao išta sa USB sticka. Ovaj "folder" stoji tu na desktopu zaražen još otkako sam krenuo u rješavanje problema, nisam ga htio dirati dok ne dođe vrijeme (slijedio sam upute). Obriši taj fajl sa Shift + Delete. Korak 1 Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti i 7 koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sljedeće: ComboFix /Uninstall Primjeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Korak 2 Ponovo pokreni AdwCleaner Klikni na dugme Uninstall i pričekaj da se postupak deinstalacije završi. Korak 3 Obriši folder C:\Avenger. Korak 4 Nemaš instaliran AV program i nužno je da instaliraš jedan. Ukoliko nemaš novaca ili ne želiš da ga izdvojiš za neki komercijalni AV program, na raspolaganju ti se nalaze kvalitetni besplatni AV programi poput Avast Free, AVG Free, Avira Free, Microsoft Security Essentials, Panda Cloud AV, itd. Nemoj koristiti piratske verzije AV programa!!! Korak 5 Postavi mi svjež DDS izvještaj i svježe GMER izvještaje. Korak 6 Imao si aktivan keylogger na sistemu pa bih ti savjetovao da promijeniš lozinke za pristup nalozima na webmail servisima (Gmail, Yahoo, itd.), društvenim mrežama (Facebook, Twitter, itd.) i ostalim koje koristiš.

Profil

sake86 Poslao: 16 Sep 2012 20:09 Idi na vrh
offline sake86 Novi MyCity građanin Pridružio: 14 Sep 2012 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Okej, šift-dilitao sam onaj fajl koji je zaražen. Odradio sam i deinstalaciju ComboFix-a i AdwCleaner-a. Zapeo sam na trećem koraku, gdje trebam obrisati folder "C:\Avenger" - nisam ga obrisao jer ga ne mogu naći, tj. nema ga na toj lokaciji. Pronašao sam i obrisao log fajl sa lokacije "C:\avenger.txt" i fajl "C:\Avenger.rar", no foldera pod tim imenom - nema Trenutno skidam besplatni Avira AV, pa ću ga instalirati, a onda ću nakon skeniranja ( ) postaviti svježi DDS izvještaj i svježe GMER izvještaje. Pitanje - što ako mi se ponovno dogodi da mi računalo smrzne pri kreiranju Gmer2 izvještaja

Profil

Sass Drake Poslao: 16 Sep 2012 20:30 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi mi onda samo GMER1, ako se već plašiš postavljanja preostala dva.

Profil

sake86 Poslao: 16 Sep 2012 20:51 Idi na vrh
offline sake86 Novi MyCity građanin Pridružio: 14 Sep 2012 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ma nije da se plašim postaviti ih, nego pitam što ako ih ne budem mogao izgenerirati Nije bed, a?

Profil

Sass Drake Poslao: 16 Sep 2012 20:59 Idi na vrh
offline Sass Drake Anti Malware Fighter Rank 2 Pridružio: 26 Avg 2010 Poruke: 10622 Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! sake86 ::Ma nije da se plašim postaviti ih, nego pitam što ako ih ne budem mogao izgenerirati Nije bed, a? Pokušaj, pa dostavi šta uspiješ. Nadam se da si promijenio lozinke kako sam ti napomenuo.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Folderi prelaze u aplikacije(.exe) - Win32/Spy.KeyLogger.NHI

Ko je trenutno na forumu

Ukupno su 614 korisnika na forumu :: 9 registrovanih, 1 sakriven i 604 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: darios, Dorcolac, Koridor, Mikisha, Motocar, Parker, TBF1D, uruk, voja64

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by