MyCity » Ambulanta -> Arhiva Ambulante » Slike.exe, hux i ostalo

Slike.exe, hux i ostalo

Napisano na dan: 10.11.2010

Strana:
1
2

Slike.exe, hux i ostalo

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Cranky Poslao: 10 Nov 2010 23:42 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Imam manji problem sa necim da li virus sta je vec. Zarazio sam se preko usb-a. Manifestuje se preko autorun-a i fajla sa nazivom zapalicu.exe. Nije pravio neke posebne probleme ali mogao bi, malware bytes ga ne moze obrisati probao sam, niti USB no Risk, prikacicu i log iz No riska. Hvala DDS (Ver_10-11-09.01) - NTFSx86 Run by Djordje at 6:53:31.10 on Wed 11/10/2010 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3206 [GMT 1:00] AV: avast! antivirus 4.8.1368 [VPS 100125-0] On-access scanning disabled (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ActiveArmor Firewall disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Djordje\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mWinlogon: Taskman=c:\recycler\s-1-5-21-9605814097-4333645079-854008847-7454\nissan.exe BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.16\AsRunHelp.exe IE: E&xport to Microsoft Excel - d:\programi\micros~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programi\micros~1\office11\REFIEBAR.DLL LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {311B75C7-2DAD-4E59-B7E8-2F56878D4955} = 79.143.173.161 79.143.172.3 Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\djordje\applic~1\mozilla\firefox\profiles\w7nu42xq.default\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-4 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-4 20560] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-4 138680] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-4 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-4 352920] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2010-11-10 05:35:16 -------- d-----w- C:\USBNoRisk 2010-11-05 16:36:22 839680 ----a-w- c:\windows\system32\lameACM.acm 2010-11-05 16:36:22 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-11-05 16:36:22 165376 ----a-w- c:\windows\system32\unrar.dll 2010-11-05 16:36:22 151552 ----a-w- c:\windows\system32\ac3acm.acm 2010-11-05 16:36:21 790528 ----a-w- c:\windows\system32\xvidcore.dll 2010-11-05 16:36:21 134144 ----a-w- c:\windows\system32\xvidvfw.dll 2010-11-05 16:36:21 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-11-05 16:36:20 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-10-24 22:42:13 57344 ----a-w- c:\windows\system32\ECBTEG.DLL 2010-10-24 22:42:13 -------- d-----w- c:\program files\common files\EPSON 2010-10-24 22:41:37 61598 ----a-w- c:\windows\system32\E_SL2359.DLL 2010-10-24 22:41:37 102400 ----a-w- c:\windows\system32\EBPEHP.DLL 2010-10-24 22:13:00 -------- d-----w- c:\docume~1\djordje\applic~1\GetRightToGo ==================== Find3M ==================== ============= FINISH: 6:53:38.01 =============== Ovo je log iz usb no risk-a USBNoRisk 2.6 (08 September 2010) by bobby Started at 11/10/2010 6:50:00 AM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {368c4815-e2a1-11de-a94a-806d6172696f} E: {368c4816-e2a1-11de-a94a-806d6172696f} C: {368c4817-e2a1-11de-a94a-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 368c4817-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 368c4815-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on D: ---------------------------------------- No blocked files found on E: No Autorun.inf files found on E: No mountpoint found for E: No mountpoint found for 368c4816-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on E: ---------------------------------------- ======================================== Initial scan finished! ======================================== ======================================== ======================================== New device connected at 11/10/2010 6:50:14 AM Scanning for connected USB mass storage... ---------------------------------------- G: {d50ccc7c-e492-11de-b42e-001bfc3f3fe0} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- autorun.inf found on G: ---------------------------------------- File G:\autorun.inf renamed successfully Content of G:\autorun.inf.blocked ---------------------------------------- ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- Sanitized mountpoint for d50ccc7c-e492-11de-b42e-001bfc3f3fe0 ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 11 Nov 2010 20:45 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav Cranky! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi sledeci fajl na Desktop; AntiNissan.vbs download link: https://www.mycity.rs/must-login.png Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Pokreni fajl dvoklikom; Na svaki upit, klikni Ok i sačekaj da se pojavi log Antinissan.txt koji ćeš mi iskopirati ovde u poruci. - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{d50ccc7c-e492-11de-b42e-001bfc3f3fe0} delete_blocked: f_delete:%DRIVE%ZAPALICU\sveslike.exe folder_list:%DRIVE% no_sh:` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. Okaci Malwarebytes log-ove da pogledam: Start -> Run -> %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> Enter goran9888 (AMF Tim)

Profil

Cranky Poslao: 11 Nov 2010 21:51 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 11 Nov 2010 21:49 Pozdrav Prvi log Fix started @ 9:42:42 PM, 11/11/2010 Checking loading points... Traces found! Checking files... Win32/Rimecud detected! Deleting C:\RECYCLER\S-1-5-21-9605814097-4333645079-854008847-7454\nissan.exe >>> Failed Attempting to deactivate... Success! Rechecking loading points... Traces found! Checking files... OK. Global loading point removed. »»»»»» Finished! »»»»»» Anti-nissan v1.1 by dr_Bora ================================== Log od No riska USBNoRisk 2.6 (08 September 2010) by bobby Started at 11/11/2010 9:45:52 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {368c4815-e2a1-11de-a94a-806d6172696f} E: {368c4816-e2a1-11de-a94a-806d6172696f} C: {368c4817-e2a1-11de-a94a-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 368c4817-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 368c4815-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on D: ---------------------------------------- No blocked files found on E: No Autorun.inf files found on E: No mountpoint found for E: No mountpoint found for 368c4816-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on E: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 11/11/2010 9:46:36 PM Scanning for connected USB mass storage... ---------------------------------------- G: {d50ccc7c-e492-11de-b42e-001bfc3f3fe0} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: G:\autorun.inf.blocked ---------------------------------------- Content of G:\autorun.inf.blocked ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- autorun.inf found on G: ---------------------------------------- File G:\autorun.inf renamed successfully Content of G:\autorun(1).inf.blocked ---------------------------------------- ---------------------------------------- Files referenced from G:\autorun(1).inf.blocked ---------------------------------------- None ---------------------------------------- Sanitized mountpoint for d50ccc7c-e492-11de-b42e-001bfc3f3fe0 ---------------------------------------- ---------------------------------------- Desktop.ini found at G:\ZAPALICU\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive G: ======================================== Processing script ---------------------------------------- d50ccc7c-e492-11de-b42e-001bfc3f3fe0 Drive letter for GUID: G: SectionStart = 0 SectionEnd = 4 ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: G:\autorun.inf.blocked > Done! Delete: G:\autorun(1).inf.blocked > Done! f_delete: file "G:\ZAPALICU\sveslike.exe" deleted successfully ---------------------------------------- Folder list for G:\: ---------------------------------------- `dr-hs 0 G:\ZAPALICU G:\ZAPALICU` ---------------------------------------- Unhide superhidden for G:\ ---------------------------------------- dra-- G:\ZAPALICU > unhidden --a-- G:\ZAPALICU\Desktop.ini > unhidden ---------------------------------------- logove od malware bytesa ne mogu dostaviti jer na ovom racunaru nemam malware bytes, pokusano je ciscenje na drugom racunaru koji nije kod mene Dopuna: 11 Nov 2010 21:51 ako je potrebno instaliracu i odraditi skeniranje i dostaviti log

Profil

1l padr1n0 Poslao: 11 Nov 2010 22:47 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Okaci mi svez DDS log da pogledam. - Aktiviraj prikaz skrivenih foldera i fajlova u Windows-u: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html - Prikljuci USB memorijski uredjaj i sa njega obrisi sledeci folder: ZAPALICU -------------------------------------------- Kakvo je sada stanje racunara? goran9888 (AMF Tim)

Profil

Cranky Poslao: 11 Nov 2010 23:47 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! DDS (Ver_10-11-09.01) - NTFSx86 Run by Djordje at 23:38:22.39 on Thu 11/11/2010 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3133 [GMT 1:00] AV: avast! antivirus 4.8.1368 [VPS 100125-0] On-access scanning disabled (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ActiveArmor Firewall disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Djordje\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mWinlogon: Taskman=c:\recycler\s-1-5-21-4986793853-4599860817-456321132-4287\nissan.exe BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.16\AsRunHelp.exe IE: E&xport to Microsoft Excel - d:\programi\micros~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programi\micros~1\office11\REFIEBAR.DLL LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {311B75C7-2DAD-4E59-B7E8-2F56878D4955} = 79.143.173.161 79.143.172.3 Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\djordje\applic~1\mozilla\firefox\profiles\w7nu42xq.default\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-4 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-4 20560] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-4 138680] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-4 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-4 352920] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2010-11-10 05:35:16 -------- d-----w- C:\USBNoRisk 2010-11-05 16:36:22 839680 ----a-w- c:\windows\system32\lameACM.acm 2010-11-05 16:36:22 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-11-05 16:36:22 165376 ----a-w- c:\windows\system32\unrar.dll 2010-11-05 16:36:22 151552 ----a-w- c:\windows\system32\ac3acm.acm 2010-11-05 16:36:21 790528 ----a-w- c:\windows\system32\xvidcore.dll 2010-11-05 16:36:21 134144 ----a-w- c:\windows\system32\xvidvfw.dll 2010-11-05 16:36:21 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-11-05 16:36:20 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-10-24 22:42:13 57344 ----a-w- c:\windows\system32\ECBTEG.DLL 2010-10-24 22:42:13 -------- d-----w- c:\program files\common files\EPSON 2010-10-24 22:41:37 61598 ----a-w- c:\windows\system32\E_SL2359.DLL 2010-10-24 22:41:37 102400 ----a-w- c:\windows\system32\EBPEHP.DLL 2010-10-24 22:13:00 -------- d-----w- c:\docume~1\djordje\applic~1\GetRightToGo ==================== Find3M ==================== ============= FINISH: 23:38:37.03 =============== sto se tice racunara ne pravi neke probleme na usb-u obrisem onaj zapalicu folder medjutim nema efekta cim ga ponovo ubacim opet je tu a autorun ne mogu da izbrisem jer ga koristi neki program isao sam preko disk managmenta force format ni on nije imao efekta opet se pojavi pri ponovnom ukljucivanju znaci da mi je racunar jos uvek zarazen kakva je ovo napast

Profil

1l padr1n0 Poslao: 12 Nov 2010 00:29 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisi ispratio kako treba moje prethodno uputstvo ... Idemo opet, samo malo detaljnije; prati svaki korak onako kako je napisano: Izvadi USB memorijski uredja iz racunara Pokreni AntiNissan.vbs koji si skinuo na Deskop; Okaci mi sadrzaj log-a koji tu bude izbacio. Prvo pokreni USBNoRisk, sačekaj da se izvrši inicijalno skeniranje pa onda ubodi USB memorijski uređaj u računar; Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{d50ccc7c-e492-11de-b42e-001bfc3f3fe0} delete_blocked: f_delete:%DRIVE%ZAPALICU\sveslike.exe folder_list:%DRIVE% no_sh:` Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. Postavi mi svez DDS log (pokreni DDS nakon uspesno ispracenih koraka iz ove poruke). goran9888 (AMF Tim)

Profil

Cranky Poslao: 12 Nov 2010 18:13 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo loga od anti nissana Fix started @ 6:03:37 PM, 11/12/2010 Checking loading points... Traces found! Checking files... Win32/Rimecud detected! Deleting C:\RECYCLER\S-1-5-21-4986793853-4599860817-456321132-4287\nissan.exe >>> Failed Attempting to deactivate... Success! Rechecking loading points... Traces found! Checking files... OK. Global loading point removed. »»»»»» Finished! »»»»»» Anti-nissan v1.1 by dr_Bora ================================== kao i prosli put detektovao je win/rimecud i morao sam restart pokrenuo usbnorisk posle inicijalnog skeniranja stavio sam usb i izvrsio scriptu gdje mi je na 10 tak sekundi usbnorisk bio no responding sacekao i dobio ovaj log: USBNoRisk 2.6 (08 September 2010) by bobby Started at 11/12/2010 6:07:30 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {368c4815-e2a1-11de-a94a-806d6172696f} E: {368c4816-e2a1-11de-a94a-806d6172696f} C: {368c4817-e2a1-11de-a94a-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 368c4817-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 368c4815-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on D: ---------------------------------------- No blocked files found on E: No Autorun.inf files found on E: No mountpoint found for E: No mountpoint found for 368c4816-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on E: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 11/12/2010 6:07:46 PM Scanning for connected USB mass storage... ---------------------------------------- G: {d50ccc7c-e492-11de-b42e-001bfc3f3fe0} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- autorun.inf found on G: ---------------------------------------- File G:\autorun.inf renamed successfully Content of G:\autorun.inf.blocked ---------------------------------------- ---------------------------------------- Files referenced from G:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- Sanitized mountpoint for d50ccc7c-e492-11de-b42e-001bfc3f3fe0 ---------------------------------------- ---------------------------------------- Desktop.ini found at G:\ZAPALICU\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive G: ======================================== Processing script ---------------------------------------- d50ccc7c-e492-11de-b42e-001bfc3f3fe0 Drive letter for GUID: G: SectionStart = 0 SectionEnd = 4 ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: G:\autorun.inf.blocked > Done! f_delete: file "G:\ZAPALICU\sveslike.exe" deleted successfully ---------------------------------------- Folder list for G:\: ---------------------------------------- `dr-hs 0 G:\ZAPALICU G:\ZAPALICU` ---------------------------------------- Unhide superhidden for G:\ ---------------------------------------- dra-- G:\ZAPALICU > unhidden --a-- G:\ZAPALICU\Desktop.ini > unhidden ---------------------------------------- zatim odradjeno skeniranje sa ddsom i dobio sam ovaj log: DDS (Ver_10-11-09.01) - NTFSx86 Run by Djordje at 18:10:58.73 on Fri 11/12/2010 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3076 [GMT 1:00] AV: avast! antivirus 4.8.1368 [VPS 100125-0] On-access scanning disabled (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ActiveArmor Firewall disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Djordje\My Documents\Downloads\usbnorisk.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Djordje\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mWinlogon: Taskman=c:\recycler\s-1-5-21-0542423734-8852482711-864208423-3853\nissan.exe BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.16\AsRunHelp.exe IE: E&xport to Microsoft Excel - d:\programi\micros~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programi\micros~1\office11\REFIEBAR.DLL LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {311B75C7-2DAD-4E59-B7E8-2F56878D4955} = 79.143.173.161 79.143.172.3 Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\djordje\applic~1\mozilla\firefox\profiles\w7nu42xq.default\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-4 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-4 20560] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-4 138680] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-4 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-4 352920] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2010-11-10 05:35:16 -------- d-----w- C:\USBNoRisk 2010-11-05 16:36:22 839680 ----a-w- c:\windows\system32\lameACM.acm 2010-11-05 16:36:22 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-11-05 16:36:22 165376 ----a-w- c:\windows\system32\unrar.dll 2010-11-05 16:36:22 151552 ----a-w- c:\windows\system32\ac3acm.acm 2010-11-05 16:36:21 790528 ----a-w- c:\windows\system32\xvidcore.dll 2010-11-05 16:36:21 134144 ----a-w- c:\windows\system32\xvidvfw.dll 2010-11-05 16:36:21 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-11-05 16:36:20 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-10-24 22:42:13 57344 ----a-w- c:\windows\system32\ECBTEG.DLL 2010-10-24 22:42:13 -------- d-----w- c:\program files\common files\EPSON 2010-10-24 22:41:37 61598 ----a-w- c:\windows\system32\E_SL2359.DLL 2010-10-24 22:41:37 102400 ----a-w- c:\windows\system32\EBPEHP.DLL 2010-10-24 22:13:00 -------- d-----w- c:\docume~1\djordje\applic~1\GetRightToGo ==================== Find3M ==================== ============= FINISH: 18:11:14.87 =============== primetio sam da mi je racunar malo usporio tj za neke ne zahtevne operacije jednostavno aplikacija koju koristim zamrzne na 2-3 sekunde i onda krene normalno

Profil

1l padr1n0 Poslao: 12 Nov 2010 20:16 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Opet si reinfektovao OS. Sada cemo promeniti prvi korak. Preuzmi The Avenger na Desktop. Raspakuj arhivu u neki folder Dvoklikom pokreni avenger.exe Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa: `Folders to delete: c:\recycler\s-1-5-21-4986793853-4599860817-456321132-4287 Registry values to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon \| Taskman` Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u Iskopiraj sadržaj dobijenog loga u temu na forumu. Izgleda da ne pratis detaljno Uputstvo za USBNoRisk. Skini opet USBNoRisk i sacuvaj ga na Destkop, pokreni i sacekaj. Ubaci USB memorijski uredjaj i ubaci skriptu iz prethodne poruke. Postavi svez DDS log. goran9888 (AMF Tim)

Profil

Cranky Poslao: 13 Nov 2010 00:15 Idi na vrh
offline Cranky Građanin Pridružio: 02 Feb 2009 Poruke: 32	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo avenger Logfile of The Avenger Version 2.0, (c) by Swandog46 swandog46.geekstogo.com Platform: Windows XP ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Error: folder "c:\recycler\s-1-5-21-4986793853-4599860817-456321132-4287" not found! Deletion of folder "c:\recycler\s-1-5-21-4986793853-4599860817-456321132-4287" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\|Taskman" deleted successfully. Completed script processing. ***************** Finished! Terminate. evo usb no risk USBNoRisk 2.6 (08 September 2010) by bobby Started at 11/13/2010 12:10:25 AM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {368c4815-e2a1-11de-a94a-806d6172696f} E: {368c4816-e2a1-11de-a94a-806d6172696f} C: {368c4817-e2a1-11de-a94a-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 368c4817-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 368c4815-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on D: ---------------------------------------- No blocked files found on E: No Autorun.inf files found on E: No mountpoint found for E: No mountpoint found for 368c4816-e2a1-11de-a94a-806d6172696f No Desktop.ini files found on E: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 11/13/2010 12:11:30 AM Scanning for connected USB mass storage... ---------------------------------------- G: {d50ccc7c-e492-11de-b42e-001bfc3f3fe0} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- No Autorun.inf files found on G: Sanitized mountpoint for d50ccc7c-e492-11de-b42e-001bfc3f3fe0 ---------------------------------------- ---------------------------------------- Desktop.ini found at G:\ZAPALICU\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive G: ======================================== Processing script ---------------------------------------- d50ccc7c-e492-11de-b42e-001bfc3f3fe0 Drive letter for GUID: G: SectionStart = 0 SectionEnd = 4 ---------------------------------------- Deleting blocked files: ---------------------------------------- None f_delete: G:\ZAPALICU\sveslike.exe > File does not exist! ---------------------------------------- Folder list for G:\: ---------------------------------------- `dra-- 0 G:\ZAPALICU G:\ZAPALICU` ---------------------------------------- Unhide superhidden for G:\ ---------------------------------------- ---------------------------------------- evo dds log DDS (Ver_10-11-09.01) - NTFSx86 Run by Djordje at 0:13:56.29 on Sat 11/13/2010 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3146 [GMT 1:00] AV: avast! antivirus 4.8.1368 [VPS 100125-0] On-access scanning disabled (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: ActiveArmor Firewall disabled {EDC10449-64D1-46c7-A59A-EC20D662F26D} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Djordje\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.16\AsRunHelp.exe IE: E&xport to Microsoft Excel - d:\programi\micros~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programi\micros~1\office11\REFIEBAR.DLL LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {311B75C7-2DAD-4E59-B7E8-2F56878D4955} = 79.143.173.161 79.143.172.3 Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\djordje\applic~1\mozilla\firefox\profiles\w7nu42xq.default\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-4 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-4 20560] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-4 138680] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-4 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-4 352920] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2010-11-10 05:35:16 -------- d-----w- C:\USBNoRisk 2010-11-05 16:36:22 839680 ----a-w- c:\windows\system32\lameACM.acm 2010-11-05 16:36:22 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-11-05 16:36:22 165376 ----a-w- c:\windows\system32\unrar.dll 2010-11-05 16:36:22 151552 ----a-w- c:\windows\system32\ac3acm.acm 2010-11-05 16:36:21 790528 ----a-w- c:\windows\system32\xvidcore.dll 2010-11-05 16:36:21 134144 ----a-w- c:\windows\system32\xvidvfw.dll 2010-11-05 16:36:21 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-11-05 16:36:20 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-10-24 22:42:13 57344 ----a-w- c:\windows\system32\ECBTEG.DLL 2010-10-24 22:42:13 -------- d-----w- c:\program files\common files\EPSON 2010-10-24 22:41:37 61598 ----a-w- c:\windows\system32\E_SL2359.DLL 2010-10-24 22:41:37 102400 ----a-w- c:\windows\system32\EBPEHP.DLL 2010-10-24 22:13:00 -------- d-----w- c:\docume~1\djordje\applic~1\GetRightToGo ==================== Find3M ==================== ============= FINISH: 0:14:12.18 ===============

Profil

1l padr1n0 Poslao: 13 Nov 2010 00:25 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dvoklikom pokreni avenger.exe Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa: `Folders to delete: c:\recycler\s-1-5-21-0542423734-8852482711-864208423-3853 Registry values to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon \| Taskman` Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u Iskopiraj sadržaj dobijenog loga u temu na forumu. - Aktiviraj prikaz skrivenih foldera i fajlova; - Prikljuci USB memorijski uredjaj i sa njega obrisi sledeci folder: ZAPALICU Kakvo je sada stanje racunara? goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Slike.exe, hux i ostalo

Ko je trenutno na forumu

Ukupno su 935 korisnika na forumu :: 16 registrovanih, 3 sakrivenih i 916 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: brundo65, dragoljub11987, goxin, havoc995, Insan, JOntra, Koridor, kovac9mm, Krvava Devetka, kybonacci, mikki jons, pein, radionica1, sasa76, wizzardone, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by