Sality OMG!!!

Sality OMG!!!

offline
  • Nihlist
  • Pridružio: 28 Maj 2009
  • Poruke: 725
  • Gde živiš: Beograd

Napisano: 15 Nov 2011 19:56

Kuku ljudi nosio sam neki flesh u skolu (vakcinisan je sa pandom) i kad dodjo kuci htedo nesto da pogledam sa njega i reko da da ga preskeniram sta znam kad imam sta da vidim 2 SALITYA pa me sad strah posto ja nisam otvarao usb samo sam ga skenirao,imam mnogo bitne podatke na kompjuteru pa nesmem da radem reinstall.A ja budala necu da instaliram MC SHIELD,sad cu postaviti logove za 15 min Sad Sad

Dopuna: 15 Nov 2011 20:36

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Neo at 19:51:13 on 2011-11-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1024.201 [GMT 1:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET licni zaštitni zid *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Neo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.rs/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [TNOD UP] "c:\program files\tnod user & password finder\TNODUP.exe" /i
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{ED068AE7-3165-4C8F-9E74-603602E789A8} : DhcpNameServer = 89.216.1.40 89.216.1.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
Hosts: 173.212.255.178 embedded.garena.com
Hosts: 173.212.255.178 embedded.garenanow.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\neo\appdata\roaming\mozilla\firefox\profiles\z7wy2dkg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - App Deck Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\users\neo\appdata\roaming\mozilla\firefox\profiles\z7wy2dkg.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
FF - component: c:\users\neo\appdata\roaming\mozilla\firefox\profiles\z7wy2dkg.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.71\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\neo\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\neo\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\neo\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2011-10-13 21624]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-4-17 21992]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-5-27 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-4 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-2 22216]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-5 230912]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [2009-10-21 433920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-24 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-2-1 20328]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-24 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-2 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-2 52224]
.
=============== Created Last 30 ================
.
2011-11-15 18:48:28 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{109c0c6c-667e-427b-b797-3e7ef97679b2}\offreg.dll
2011-11-15 09:26:46 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{109c0c6c-667e-427b-b797-3e7ef97679b2}\mpengine.dll
2011-11-12 19:40:47 -------- d-----w- c:\users\neo\appdata\roaming\Qualys
2011-11-10 09:32:03 -------- d-----w- c:\program files\Hard Disk Sentinel
2011-11-09 09:02:52 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:02:50 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 09:02:48 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 07:41:07 -------- d-----w- c:\windows\system32\appmgmt
2011-11-04 07:33:23 -------- d-----w- c:\program files\Red Alert 2 Yuri's Revenge
2011-10-29 12:34:21 -------- d-----w- C:\Virtual
2011-10-28 10:19:25 -------- d-----w- c:\users\neo\appdata\roaming\Sports Interactive
2011-10-28 09:20:07 -------- d-----w- c:\program files\Mortal Kombat Armageddon PC
2011-10-20 17:32:45 -------- d-----w- c:\users\neo\.system32
2011-10-20 10:32:17 -------- d-----w- c:\program files\DotAlicious Gaming Client
.
==================== Find3M ====================
.
2011-10-10 19:09:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-09-22 18:15:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-08 21:48:39 8704 ----a-w- c:\windows\system32\SpOrder.dll
2011-09-08 21:48:36 73728 ----a-w- c:\windows\system32\VistaInfo32.dll
2011-09-04 10:10:45 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
.
============= FINISH: 19:53:09.18 ===============

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3898
  • Gde živiš: Novi Sad,Klisa

Pozdrav AreoNN


- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.


NIx Car (AMF Tim)

offline
  • Nihlist
  • Pridružio: 28 Maj 2009
  • Poruke: 725
  • Gde živiš: Beograd

Napisano: 15 Nov 2011 21:21

Da li je neophodno bas sve,jer na jednom usb-u imam vrlo vrlo vazne podatke pa me strah da se ne izgube (flesh je prazan 100% nema virusa)

Dopuna: 15 Nov 2011 21:22

mislim flesh je skoro prazan imam samo neke dokumenta kad kazem prazan mislim na fajlove programe ...

Dopuna: 15 Nov 2011 21:50

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 15/11/2011 21:47:23

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {9cd27831-f65b-11df-81e0-806e6f6e6963}
D: {9cd27832-f65b-11df-81e0-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 9cd27831-f65b-11df-81e0-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
Sanitized mountpoint for 9cd27832-f65b-11df-81e0-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 15/11/2011 21:48:05

Scanning for connected USB mass storage...
----------------------------------------
G: {7af63d43-f6a3-11df-80fe-001d7d36777d}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
autorun.inf found on G:
----------------------------------------
File G:\autorun.inf renamed successfully

Content of G:\autorun.inf.blocked
----------------------------------------
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Sanitized mountpoint for 7af63d43-f6a3-11df-80fe-001d7d36777d
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
----------------------------------------

.lnk/.pif/.com/.scr files found on drive G:
========================================

========================================
Removed G:
========================================

Dopuna: 15 Nov 2011 21:55

Mogu da ti dam ss kad skeniram usb sa ess 4

Dopuna: 15 Nov 2011 22:13

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 15/11/2011 22:09:34

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {9cd27831-f65b-11df-81e0-806e6f6e6963}
D: {9cd27832-f65b-11df-81e0-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 9cd27831-f65b-11df-81e0-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 9cd27832-f65b-11df-81e0-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 15/11/2011 22:10:07

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================


New device connected at 15/11/2011 22:10:25

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================


New device connected at 15/11/2011 22:10:42

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================


New device connected at 15/11/2011 22:10:53

Scanning for connected USB mass storage...
----------------------------------------
G: {e3925100-f42f-11e0-ac50-001d7d36777d}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------

Dopuna: 15 Nov 2011 23:25

Evo novog ISPRAVNOG LOGA:USBNoRisk 2.7 (28 December 2010) by bobby

Started at 15/11/2011 23:22:06

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {9cd27831-f65b-11df-81e0-806e6f6e6963}
D: {9cd27832-f65b-11df-81e0-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 9cd27831-f65b-11df-81e0-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 9cd27832-f65b-11df-81e0-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 15/11/2011 23:22:23

Scanning for connected USB mass storage...
----------------------------------------
G: {7af63d43-f6a3-11df-80fe-001d7d36777d}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: G:\autorun.inf.blocked
----------------------------------------
Content of G:\autorun.inf.blocked
----------------------------------------
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No autorun.inf files found on G:
Sanitized mountpoint for 7af63d43-f6a3-11df-80fe-001d7d36777d
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
----------------------------------------

.lnk/.pif/.com/.scr files found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 15/11/2011 23:22:44

Scanning for connected USB mass storage...
----------------------------------------
H: {c5033dda-f65c-11df-a201-001d7d36777d}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No autorun.inf files found on H:
Sanitized mountpoint for c5033dda-f65c-11df-a201-001d7d36777d
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================

========================================
Removed H:
========================================


New device connected at 15/11/2011 23:23:11

Scanning for connected USB mass storage...
----------------------------------------
G: {b7d204e4-e03d-11e0-9d12-806e6f6e6963}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
Sanitized mountpoint for b7d204e4-e03d-11e0-9d12-806e6f6e6963
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 15/11/2011 23:23:33

Scanning for connected USB mass storage...
----------------------------------------
G: {e3925100-f42f-11e0-ac50-001d7d36777d}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: G:\autorun.inf.blocked
----------------------------------------
Content of G:\autorun.inf.blocked
----------------------------------------
[autorun]
open=ActivateWarranty(JF).exe
Action="Transcend Service"
Icon=ActivateWarranty(JF).exe
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No autorun.inf files found on G:
Sanitized mountpoint for e3925100-f42f-11e0-ac50-001d7d36777d
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive G:
========================================

========================================
Removed G:
========================================

Dopuna: 16 Nov 2011 8:01

Evo i log mc shield-a: 16/11/2011 08:00:47 > Scanning drive G: (ANONYMOUS ~1 GB, FAT flash drive )...


>>> G:\kapef.exe - Malware > Deleted. (11.11.16. 08.00 kapef.exe.127682; MD5: X)

>>> G:\kapef.scr - Malware > Deleted. (11.11.16. 08.00 kapef.scr.578910; MD5: X)

>>> G:\Documents.lnk - Suspicious > Renamed. (MD5: bf94d796d6ac902449cbb2f7a2ac77e6)

>>> G:\New Folder.lnk - Suspicious > Renamed. (MD5: 274deb44aff52b638010723954366334)

>>> G:\Passwords.lnk - Suspicious > Renamed. (MD5: 0f01a6f46510906a5312fb9359bcdf17)

>>> G:\Pictures.lnk - Suspicious > Renamed. (MD5: d411af8e7e035a097d63892a547f8d45)

>>> G:\Music.lnk - Suspicious > Renamed. (MD5: 81e6050dcdf0a76da97107cef0ecebba)

>>> G:\Video.lnk - Suspicious > Renamed. (MD5: c6a558092f7e7a887302110aa9890ae6)


=> Malicious files : 2/2 deleted.
=> Suspicious files : 6/6 renamed.

Dopuna: 16 Nov 2011 8:04



Dopuna: 16 Nov 2011 20:04

Moze li neko da mi odgovri zato sto ne znam da li su zarazeni fajlovi a imam nekog posla?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav AreoNN.




Izvinjavam se sto kasnimo sa odgovorom - kolega je izgleda imao nekih obaveza pa nije mogao da odgovori.




Sto se tice tog memorijskog uredjaja na kome se nalazio Sality, uradi sledece (da bi smo bili sigurni da je MCShield odradio posao kako treba):



Arrow


- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{7af63d43-f6a3-11df-80fe-001d7d36777d}
delete_blocked:
folder_list:%DRIVE%
no_sh:


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.





Arrow


Prikljuci Transcend memorijski uredjaj koji imas, pronadji fajl autorun.inf.blocked i ukloni mu ekstenziju .blocked.












goran9888 (AMF Tim)

offline
  • Nihlist
  • Pridružio: 28 Maj 2009
  • Poruke: 725
  • Gde živiš: Beograd

Napisano: 16 Nov 2011 22:11

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 16/11/2011 22:09:16

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {9cd27831-f65b-11df-81e0-806e6f6e6963}
D: {9cd27832-f65b-11df-81e0-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 9cd27831-f65b-11df-81e0-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 9cd27832-f65b-11df-81e0-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 16/11/2011 22:09:28

Scanning for connected USB mass storage...
----------------------------------------
G: {7af63d43-f6a3-11df-80fe-001d7d36777d}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: G:\autorun.inf.blocked
----------------------------------------
Content of G:\autorun.inf.blocked
----------------------------------------
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No autorun.inf files found on G:
Sanitized mountpoint for 7af63d43-f6a3-11df-80fe-001d7d36777d
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive G:
========================================


Processing script
----------------------------------------
7af63d43-f6a3-11df-80fe-001d7d36777d
Drive letter for GUID: G:
SectionStart = 0
SectionEnd = 3
----------------------------------------
Deleting blocked files:
----------------------------------------
Delete: G:\autorun.inf.blocked > Done!
----------------------------------------
Folder list for G:\:
----------------------------------------

--a--   533868   G:\MALIRE~1.PDF   G:\Mali recnik zastite.pdf
-----   287   G:\NEWFOL~1.VIR   G:\New Folder.lnk.vir
-----   287   G:\MUSICL~1.VIR   G:\Music.lnk.vir
-----   287   G:\VIDEOL~1.VIR   G:\Video.lnk.vir
-----   287   G:\DOCUME~1.VIR   G:\Documents.lnk.vir
-----   287   G:\PASSWO~1.VIR   G:\Passwords.lnk.vir
-----   287   G:\PICTUR~1.VIR   G:\Pictures.lnk.vir

----------------------------------------
Unhide superhidden for G:\
----------------------------------------
----------------------------------------

Dopuna: 16 Nov 2011 22:13

Izvni sto sam dosadan moze samo jos jedno pitanje?Da li da postavim sveze dds i gmer logove?Da li na kompjuteru imam infekciju sality?Da li je ESS 4 sve odradio kako treba i zastitio moj sistem od sality-a?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

AreoNN ::Izvni sto sam dosadan moze samo jos jedno pitanje?Da li da postavim sveze dds i gmer logove?Da li na kompjuteru imam infekciju sality?Da li je ESS 4 sve odradio kako treba i zastitio moj sistem od sality-a?


Nema potrebe postavljati sveze izvestaje. Tvoj sistem nije bio zarazen, vec usb memorijski uredjaj. Najveci posao je tu obavio MCShield - obrisao je maliciozne fajlove. Nemoj ga deinstalirati sa sistema jer AV nije dovoljan za zastitu od crva koji se sire putem usb memorijskih uredjaja - a MCShield ne smeta AV-u.




Ono sto jos treba uraditi je da obrises sledece fajlove sa tog usb mem. uredjaja:

New Folder.lnk.vir
Music.lnk.vir
Video.lnk.vir
Documents.lnk.vir
Passwords.lnk.vir
Pictures.lnk.vir







USB memorijski uredjaj, kao i tvoj sistem su cisti sto se malware-a tice.





Ono sto ti ja mogu predloziti je sledece:



- koristis nelegalan ESET Smart Security, pa ti je moj predlog da, ako vec ne zelis da kupis licencu, predjes na neku besplatnu zastitu;

- Poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj. Imas prastaru verziju Jave koju moras nadograditi zbog sigurnosnih propusta u njoj. U svakom slucaju, bilo koji dodatak da je stare verzije, bilo bi pozeljno nadograditi ga na najnoviju. Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html









offline
  • Nihlist
  • Pridružio: 28 Maj 2009
  • Poruke: 725
  • Gde živiš: Beograd

Puno ti hvala gore,nesto me uvek ineresovalo.Da li kr@ckovani av i onaj legalan (mislim na komercijalne av) pruzaju isti zastitu.I koja je razlika medju njima.Pozz i puno ti hvala!

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

AreoNN ::Da li kr@ckovani av i onaj legalan (mislim na komercijalne av) pruzaju isti zastitu.I koja je razlika medju njima.Pozz i puno ti hvala!



Moguce je da pruzaju istu zastitu - zavisno sta taj krek/patch radi. U svakom slucaju, od originalnog software se razlikuju u tome sto to uopste nije originalan software. Ti, ne smes ni na koji nacin menjati kod programa, a to krek/patch upravo radi. O pirateriji na ovom forumu ne diskutujemo - s'toga ti predlazem da poslusas moj predlog iz prethodne poruke.







Pozdrav,
goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 813 korisnika na forumu :: 22 registrovanih, 4 sakrivenih i 787 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: airsuba, avijacija, DejanSt, DPera, JimmyNapoli, Koridor, krkalon, kunktator, kuntalo, m0nstrum_, mercedesamg, Metanoja, milenko crazy north, Milos ZA, mkukoleca, Neutral-M, radionica1, Romibrat, savaskytec, Stanlio, trutcina, šumar bk2