MyCity » Ambulanta -> Arhiva Ambulante » WORM-FLESKA-VAZNI PODACI

WORM-FLESKA-VAZNI PODACI

Napisano na dan: 19.2.2011

Strana:
1
2

WORM-FLESKA-VAZNI PODACI

Sledeća strana

Pagination

Odgovori

Strana:
1
2

djordjee88 Poslao: 19 Feb 2011 15:35 Idi na vrh
offline djordjee88 Građanin Arhitekta Pridružio: 13 Okt 2009 Poruke: 79	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Na fles-u imam bitne podatke/foldere/, koji su zarazeni sa ,,WORM/AUTOLIT VNQ,, moj anti virus automatski ih registruje kad otvorim fles i prebaci u karantin zarazene foldere koji nemaju ikonicu foldera vec exe. fajla mislim da im je svima velicina 538kb. MOLIM VAS ako ima opcija da ih nekako vratim ...recite veoma mi je bitno -internet konekcija je ADSL -anti virus VGA 9.0.872 DDS (Ver_10-12-12.02) - NTFSx86 Run by Stefan Guslarevic at 19:13:07.32 on Fri 02/18/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2142 [GMT 1:00] AV: AVG Internet Security Enabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall Enabled ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgfws9.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\vsnpstd.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\HBLite\bin\11.0.349.0\HBLiteSA.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\Gigabyte\Gamer HUD Lite\HUD.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Stefan Guslarevic\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.rs/ uSearch Page = uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: ShopperReports: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: ShopperReports – Price Comparison: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [EasyTuneVI] c:\program files\gigabyte\et6\ETcall.exe mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [GBTUpd] c:\program files\gigabyte\gbtupd\PreRun.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [snpstd] c:\windows\vsnpstd.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [AASecuUFD] mRun: [HBLiteSA] "c:\program files\hblite\bin\11.0.349.0\HBLiteSA.exe" StartupFolder: c:\docume~1\stefan~1\startm~1\programs\startup\gigaby~1.lnk - c:\program files\gigabyte\gamer hud lite\HUD.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL LSA: Authentication Packages = msv1_0 nwprovau ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\stefan~1\applic~1\mozilla\firefox\profiles\jq88eb6w.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q= FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll FF - Ext: ResultBar: {34EFA911-B536-4C08-BECE-CD5E55C875B0} - c:\program files\mozilla firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: QuestDns: {C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} - c:\program files\mozilla firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox FF - Ext: ShopperReports: ShopperReports@ShopperReports.com - c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions ============= SERVICES / DRIVERS =============== R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-4-24 25168] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-24 52872] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-24 216400] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-24 29584] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-24 243024] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136] R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-22 2331544] R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808] R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-11-29 68136] R3 AODDriver;AODDriver;c:\program files\gigabyte\et6\i386\AODDriver.sys [2009-2-23 7168] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-4-24 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-4-24 122448] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-4-24 30288] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-4-24 26192] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-24 136176] S2 QuestDns Service;QuestDns Service;c:\documents and settings\all users\application data\questdns\questdns115.exe [2010-8-21 57608] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-4-24 30104] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-10-2 13192] S3 etdrv;etdrv;c:\windows\etdrv.sys [2009-11-29 17488] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-10-2 8456] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 XDva341;XDva341;\??\c:\windows\system32\xdva341.sys --> c:\windows\system32\XDva341.sys [?] SUnknown GVTDrv;GVTDrv; [x] =============== File Associations =============== .scr=AutoCADScriptFile =============== Created Last 30 ================ 2011-01-27 16:49:26 -------- d-----w- c:\windows\system32\extensions 2011-01-27 16:49:25 -------- d-----w- c:\program files\QuestBrwSearch 2011-01-27 16:49:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\QuestBrwSearch 2011-01-27 16:49:11 -------- d-----w- c:\program files\HBLite 2011-01-27 16:49:11 -------- d-----w- c:\docume~1\stefan~1\applic~1\HBLite 2011-01-27 16:49:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\HBLiteSA 2011-01-27 16:49:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 2011-01-27 16:48:56 -------- d-----w- c:\program files\ShopperReports3 2011-01-27 16:48:56 -------- d-----w- c:\docume~1\stefan~1\applic~1\ShopperReports3 2011-01-27 16:41:22 -------- d-----w- c:\program files\Easy downloads 2011-01-26 18:16:16 -------- d-----w- c:\docume~1\stefan~1\applic~1\TS3Client 2011-01-26 18:15:17 -------- d-----w- c:\program files\TeamSpeak 3 Client 2011-01-24 14:54:59 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc98.tmp 2011-01-21 20:06:09 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc173.tmp ==================== Find3M ==================== 2011-02-18 12:03:46 17488 ----a-w- c:\windows\gdrv.sys 2010-12-24 19:08:31 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr ============= FINISH: 19:13:21.75 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 19 Feb 2011 16:36 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav djordjee88! Izvadi usb flash uredjaj ukoliko ga trenutno koristis i nemoj ga prikljucivati dok ti to ne napisem; Prati detaljno korake i radi iskljucivo po njima onako kako su napisani. Korak 1 Deinstaliraj sledece aplikacije (Start -> Control Panel -> Add or Remove programs): - QuestDns 1.0 build 115 - ShopperReports Korak 2 Nadji sledeci fajl: C:\WINDOWS\system32\XDva341.sys Upload-uj mi taj fajl preko sledeceg link-a: http://www.mycity.rs/ambulanta-upload.php Korak 3 Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). Korak 4 Koristis staru verziju Anti-Virusa (AVG 9). Preporucujem ti da je deinstaliras (s'obzirom da je zastita na niskom nivou ako je instalirana stara verzija AV-a) i instaliras najnoviju (AVG 10) koju mozes skinuti sa ovog link-a: http://free.avg.com/us-en/download-avg-anti-virus-free Koristis prastaru verziju Acrobat 6.0 (problem je sto su stare verzije problematicne kada je malware u pitanju) pa ti preporucujem da je deinstaliras i instaliras najnoviju verziju koju mozes naci na sledecem link-u: http://get.adobe.com/reader/ Korak 5 - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd. goran9888 (AMF Tim)

Profil

djordjee88 Poslao: 20 Feb 2011 00:02 Idi na vrh
offline djordjee88 Građanin Arhitekta Pridružio: 13 Okt 2009 Poruke: 79	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ne mogu da nadjem C:\WINDOWS\system32\XDva341.sys KORAK br 2 ni manuelno ni na search!!!! sta da radim?

Profil

1l padr1n0 Poslao: 20 Feb 2011 00:08 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preskoci i nastavi dalje.

Profil

djordjee88 Poslao: 20 Feb 2011 00:36 Idi na vrh
offline djordjee88 Građanin Arhitekta Pridružio: 13 Okt 2009 Poruke: 79	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 20 Feb 2011 0:27 ovo sam dobio posle skeniranja Malwarebytes Anti-Malware Malwarebytes' Anti-Malware 1.50.1.1100 malwarebytes.org Database version: 5814 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 2/20/2011 12:26:18 AM mbam-log-2011-02-20 (00-26-10).txt Scan type: Quick scan Objects scanned: 168216 Time elapsed: 10 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 12 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 13 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> No action taken. HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTDNS_SERVICE (Adware.QuestDns) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestDns Service (Adware.QuestDns) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790577B2765C5234A196 (Malware.Trace) -> Value: SRS_IT_E8790577B2765C5234A196 -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879057EB776555131AF91 (Malware.Trace) -> Value: SRS_IT_E879057EB776555131AF91 -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790470B5765B5337AE90 (Malware.Trace) -> Value: SRS_IT_E8790470B5765B5337AE90 -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> No action taken. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> No action taken. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> No action taken. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> No action taken. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> No action taken. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97} (Adware.QuestDns) -> No action taken. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\chrome (Adware.QuestDns) -> No action taken. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\defaults (Adware.QuestDns) -> No action taken. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\defaults\preferences (Adware.QuestDns) -> No action taken. c:\program files\QuestDns (Adware.QuestDns) -> No action taken. c:\program files\resultbar (Adware.ResultBar) -> No action taken. c:\program files\questbrwsearch (Adware.QuestBrowse) -> No action taken. c:\documents and settings\all users\application data\questbrwsearch (Adware.QuestBrowse) -> No action taken. Files Infected: c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> No action taken. c:\RECYCLER\s-1-5-21-73586283-562591055-725345543-1003\Dc127.exe (Adware.Hotbar) -> No action taken. c:\documents and settings\stefan guslarevic\local settings\Temp\SHO9.exe (Adware.ShopperReports) -> No action taken. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> No action taken. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> No action taken. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> No action taken. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> No action taken. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\chrome.manifest (Adware.QuestDns) -> No action taken. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\install.rdf (Adware.QuestDns) -> No action taken. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\chrome\questdns.jar (Adware.QuestDns) -> No action taken. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\defaults\preferences\prefs.js (Adware.QuestDns) -> No action taken. c:\program files\QuestDns\questdns.exe (Adware.QuestDns) -> No action taken. Dopuna: 20 Feb 2011 0:28 IZVINI TO JE BILO PRE REMOVE evo ovo Malwarebytes' Anti-Malware 1.50.1.1100 malwarebytes.org Database version: 5814 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 2/20/2011 12:28:43 AM mbam-log-2011-02-20 (00-28-43).txt Scan type: Quick scan Objects scanned: 168216 Time elapsed: 10 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 12 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 13 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTDNS_SERVICE (Adware.QuestDns) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestDns Service (Adware.QuestDns) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790577B2765C5234A196 (Malware.Trace) -> Value: SRS_IT_E8790577B2765C5234A196 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879057EB776555131AF91 (Malware.Trace) -> Value: SRS_IT_E879057EB776555131AF91 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790470B5765B5337AE90 (Malware.Trace) -> Value: SRS_IT_E8790470B5765B5337AE90 -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97} (Adware.QuestDns) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\chrome (Adware.QuestDns) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\defaults (Adware.QuestDns) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\defaults\preferences (Adware.QuestDns) -> Quarantined and deleted successfully. c:\program files\QuestDns (Adware.QuestDns) -> Quarantined and deleted successfully. c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully. c:\program files\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\questbrwsearch (Adware.QuestBrowse) -> Quarantined and deleted successfully. Files Infected: c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully. c:\RECYCLER\s-1-5-21-73586283-562591055-725345543-1003\Dc127.exe (Adware.Hotbar) -> Quarantined and deleted successfully. c:\documents and settings\stefan guslarevic\local settings\Temp\SHO9.exe (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\chrome.manifest (Adware.QuestDns) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\install.rdf (Adware.QuestDns) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\chrome\questdns.jar (Adware.QuestDns) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{c91e1c68-b60a-4c9f-b53b-aaaef0e7ef97}\defaults\preferences\prefs.js (Adware.QuestDns) -> Quarantined and deleted successfully. c:\program files\QuestDns\questdns.exe (Adware.QuestDns) -> Quarantined and deleted successfully. Dopuna: 20 Feb 2011 0:36 EVO rezultata od USBNoRisk USBNoRisk 2.7 (28 December 2010) by bobby Started at 2/20/2011 12:34:46 AM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {735e7fc1-dc42-11de-8e5d-806d6172696f} D: {735e7fc2-dc42-11de-8e5d-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 735e7fc1-dc42-11de-8e5d-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 735e7fc2-dc42-11de-8e5d-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 2/20/2011 12:35:22 AM Scanning for connected USB mass storage... ---------------------------------------- H: {1010f230-3a8d-11df-9fdc-00241dc10b35} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No autorun.inf files found on H: Sanitized mountpoint for 1010f230-3a8d-11df-9fdc-00241dc10b35 ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- Mimics found on drive H: ---------------------------------------- No .lnk/.pif/.com/.scr files found on drive H: ======================================== sta dalje???

Profil

1l padr1n0 Poslao: 20 Feb 2011 00:53 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{1010f230-3a8d-11df-9fdc-00241dc10b35} delete_mimics: folder_list:%DRIVE% no_sh:` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. Postavi mi sveze DDS i Attach log-ove da pogledam. goran9888 (AMF Tim)

Profil

djordjee88 Poslao: 20 Feb 2011 01:24 Idi na vrh
offline djordjee88 Građanin Arhitekta Pridružio: 13 Okt 2009 Poruke: 79	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 20 Feb 2011 1:03 evo rezultata od USBNoRisk USBNoRisk 2.7 (28 December 2010) by bobby Started at 2/20/2011 1:01:55 AM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {735e7fc1-dc42-11de-8e5d-806d6172696f} D: {735e7fc2-dc42-11de-8e5d-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 735e7fc1-dc42-11de-8e5d-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 735e7fc2-dc42-11de-8e5d-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 2/20/2011 1:02:07 AM Scanning for connected USB mass storage... ---------------------------------------- H: {1010f230-3a8d-11df-9fdc-00241dc10b35} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No autorun.inf files found on H: Sanitized mountpoint for 1010f230-3a8d-11df-9fdc-00241dc10b35 ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- Mimics found on drive H: ---------------------------------------- No .lnk/.pif/.com/.scr files found on drive H: ======================================== Processing script ---------------------------------------- 1010f230-3a8d-11df-9fdc-00241dc10b35 Drive letter for GUID: H: SectionStart = 0 SectionEnd = 3 ---------------------------------------- Deleting mimics: ---------------------------------------- f_delete: C:\Win\lsass.exe > File does not exist! Mimics found: H:\REPERI fotografije.exe f_delete: file "H:\REPERI fotografije.exe" deleted successfully Mimics found: H:\ni 8.exe f_delete: file "H:\ni 8.exe" deleted successfully Mimics found: H:\svi tereni.exe f_delete: file "H:\svi tereni.exe" deleted successfully Mimics found: H:\k25.exe f_delete: file "H:\k25.exe" deleted successfully Mimics found: H:\mima.exe f_delete: file "H:\mima.exe" deleted successfully Mimics found: H:\RECYCLER.exe f_delete: file "H:\RECYCLER.exe" deleted successfully Mimics found: H:\PRECIZNI NIVELMAN KRALJEVINE SRBIJE.exe f_delete: file "H:\PRECIZNI NIVELMAN KRALJEVINE SRBIJE.exe" deleted successfully Mimics found: H:\DIJAMANTE.exe f_delete: file "H:\DIJAMANTE.exe" deleted successfully Mimics found: H:\Cuprija.exe f_delete: file "H:\Cuprija.exe" deleted successfully Mimics found: H:\reper 975.exe f_delete: file "H:\reper 975.exe" deleted successfully Mimics found: H:\Cuprija111.exe f_delete: file "H:\Cuprija111.exe" deleted successfully Mimics found: H:\muzika.exe f_delete: file "H:\muzika.exe" deleted successfully Mimics found: H:\Cuprija1.exe f_delete: file "H:\Cuprija1.exe" deleted successfully Mimics found: H:\Gromanov album.exe f_delete: file "H:\Gromanov album.exe" deleted successfully Mimics found: H:\NOVIKOZJAK.exe f_delete: file "H:\NOVIKOZJAK.exe" deleted successfully Mimics found: H:\Reperi padina, Samos.exe f_delete: file "H:\Reperi padina, Samos.exe" deleted successfully Mimics found: H:\ЗА СТАМПУ ПАДИНА САМОШ.exe f_delete: delete file error: H:\?? ?????? ?????? ?????.exe, The filename, directory name, or volume label syntax is incorrect. Mimics found: H:\bora dugic.exe f_delete: file "H:\bora dugic.exe" deleted successfully ---------------------------------------- Folder list for H:\: ---------------------------------------- dr-hs 0 H:\REPERI~1 H:\REPERI fotografije dr-hs 0 H:\NI8~1 H:\ni 8 dr-hs 0 H:\SVITER~1 H:\svi tereni dr-hs 0 H:\k25 H:\k25 dr-hs 0 H:\mima H:\mima dr-hs 0 H:\RECYCLER H:\RECYCLER d---- 0 H:\SKENIR~1.8VI H:\SKENIRANI OBRAS.8 VISINE FOTOGRAF --a-- 187474 H:\REPERI.dwg H:\REPERI.dwg d---- 0 H:\SLIKE1~1.201 H:\slike 1106.2010 dr-hs 0 H:\PRECIZ~1 H:\PRECIZNI NIVELMAN KRALJEVINE SRBIJE d---- 0 H:\BOLE8~1.082 H:\bole 8.082010 --a-- 734 H:\acadmap.ini H:\acadmap.ini --a-- 632252 H:\KARTAN~1.JPG H:\karta NVT 1i2.jpg dr-hs 0 H:\DIJAMA~1 H:\DIJAMANTE --a-- 187474 H:\REPERI.bak H:\REPERI.bak d---- 0 H:\VINCI8~1.201 H:\vinci 8.08.2010 --a-- 898 H:\acadstk.dmp H:\acadstk.dmp d---- 0 H:\FOTOGV~1.201 H:\fotog. VGI 14.04.2010 dr-hs 0 H:\Cuprija H:\Cuprija d---- 0 H:\SKENIO~1.I H:\SKENI.OBRAZ ORIG. V.G.I dr-hs 0 H:\REPER9~1 H:\reper 975 --a-- 13425 H:\POLTAC~1.TXT H:\pol. tacke.txt vinci.txt dr-hs 0 H:\CUPRIJ~1 H:\Cuprija111 --a-- 629688 H:\NVT2~1.JPG H:\NVT 2 .jpg --a-- 3321679 H:\RAZANJ~1.JPG H:\Razanj 1876.jpg dr-hs 0 H:\muzika H:\muzika dr-hs 0 H:\Cuprija1 H:\Cuprija1 dr-hs 0 H:\GROMAN~1 H:\Gromanov album d---- 0 H:\CUPRIJ~1.201 H:\cuprija 06.2010 dr-hs 0 H:\KARTA2~1 H:\karta 25000 padina dr-hs 0 H:\NOVIKO~1 H:\NOVIKOZJAK dr-hs 0 H:\REPERI~2 H:\Reperi padina, Samos d---- 0 H:\BOLJEV~1.G H:\boljevac 30.05.2007.g dr-hs 0 H:\F04F~1 H:\ЗА СТАМПУ ПАДИНА САМОШ --a-- 552103 H:\NEWFOL~1.EXE H:\New Folder.exe --a-- 552103 H:\BC49~1.EXE H:\ЗА СТАМПУ ПАДИНА САМОШ.exe --a-- 552103 H:\KARTA2~1.EXE H:\karta 25000 padina.files.exe dr-hs 0 H:\BORADU~1 H:\bora dugic --a-- 20 H:\PRECIZ~1.OLD H:\PRECIZNI NIVELMAN KRALJEVINE SRBIJE.exe.old ---------------------------------------- Unhide superhidden for H:\ ---------------------------------------- dra-- H:\REPERI fotografije > unhidden dra-- H:\ni 8 > unhidden dra-- H:\svi tereni > unhidden dra-- H:\k25 > unhidden dra-- H:\mima > unhidden dra-- H:\RECYCLER > unhidden dra-- H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 > unhidden --a-- H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini > unhidden dra-- H:\PRECIZNI NIVELMAN KRALJEVINE SRBIJE > unhidden dra-- H:\DIJAMANTE > unhidden dra-- H:\Cuprija > unhidden dra-- H:\reper 975 > unhidden dra-- H:\Cuprija111 > unhidden dra-- H:\muzika > unhidden dra-- H:\Cuprija1 > unhidden dra-- H:\Gromanov album > unhidden dra-- H:\karta 25000 padina > unhidden dra-- H:\NOVIKOZJAK > unhidden dra-- H:\Reperi padina, Samos > unhidden dra-- H:\ЗА СТАМПУ ПАДИНА САМОШ > unhidden dra-- H:\bora dugic > unhidden ---------------------------------------- a sad cu da pokrenem DDS i Attach Dopuna: 20 Feb 2011 1:09 DDS DDS (Ver_10-12-12.02) - NTFSx86 Run by Stefan Guslarevic at 1:05:15.37 on Sun 02/20/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2382 [GMT 1:00] AV: AVG Internet Security Enabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall Enabled ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgfws9.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgam.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\vsnpstd.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Gigabyte\Gamer HUD Lite\HUD.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe C:\Documents and Settings\Stefan Guslarevic\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.rs/ uSearch Page = uSearch Bar = uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [EasyTuneVI] c:\program files\gigabyte\et6\ETcall.exe mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [GBTUpd] c:\program files\gigabyte\gbtupd\PreRun.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [snpstd] c:\windows\vsnpstd.exe mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [AASecuUFD] StartupFolder: c:\docume~1\stefan~1\startm~1\programs\startup\gigaby~1.lnk - c:\program files\gigabyte\gamer hud lite\HUD.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL LSA: Authentication Packages = msv1_0 nwprovau ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\stefan~1\applic~1\mozilla\firefox\profiles\jq88eb6w.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q= FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox ============= SERVICES / DRIVERS =============== R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-4-24 25168] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-4-24 52872] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-24 216400] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-24 29584] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-24 243024] R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136] R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-22 2331544] R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-22 5897808] R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-11-29 68136] R3 AODDriver;AODDriver;c:\program files\gigabyte\et6\i386\AODDriver.sys [2009-2-23 7168] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-4-24 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-4-24 122448] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-4-24 30288] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-4-24 26192] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-24 136176] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-4-24 30104] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-10-2 13192] S3 etdrv;etdrv;c:\windows\etdrv.sys [2009-11-29 17488] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-10-2 8456] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 XDva341;XDva341;\??\c:\windows\system32\xdva341.sys --> c:\windows\system32\XDva341.sys [?] SUnknown GVTDrv;GVTDrv; [x] =============== File Associations =============== .scr=AutoCADScriptFile =============== Created Last 30 ================ 2011-02-19 23:12:53 -------- d-----w- c:\docume~1\stefan~1\applic~1\Malwarebytes 2011-02-19 23:12:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-19 23:12:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-02-19 23:12:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-19 23:12:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-19 19:11:25 -------- d-----w- c:\program files\DiskInternals 2011-02-19 17:56:54 -------- d-----w- c:\docume~1\stefan~1\applic~1\PrimoPDF 2011-02-19 17:55:54 176235 ----a-w- c:\windows\system32\Primomonnt.dll 2011-02-19 17:55:52 -------- d-----w- c:\program files\Nitro PDF 2011-02-19 15:12:42 -------- d-----w- C:\USBNoRisk 2011-01-27 16:49:26 -------- d-----w- c:\windows\system32\extensions 2011-01-27 16:41:22 -------- d-----w- c:\program files\Easy downloads 2011-01-26 18:16:16 -------- d-----w- c:\docume~1\stefan~1\applic~1\TS3Client 2011-01-26 18:15:17 -------- d-----w- c:\program files\TeamSpeak 3 Client 2011-01-24 14:54:59 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc98.tmp 2011-01-21 20:06:09 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc173.tmp ==================== Find3M ==================== 2011-02-19 23:32:39 17488 ----a-w- c:\windows\gdrv.sys 2010-12-24 19:08:31 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr ============= FINISH: 1:06:07.43 =============== mycity.rs/must-login.png Dopuna: 20 Feb 2011 1:24 STA SAD??? cekam vas ili treba nesto da uradim jos??

Profil

1l padr1n0 Poslao: 20 Feb 2011 01:28 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 4 nisi ispratio iz mog prethodnog uputstva. Imas instaliranu staru verziju Anti-Virusa kao i staru verziju Adobe Reader-a koja je ranjiva od strane malware-a. - Preporucujem ti da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja. Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan. Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/ Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html Ubodi USB memorijski uredjaj i pusti da ga MCShield skenira. Nakon sto se zavrsi skeniranje okaci mi izvestaj pod nazivom: AllScans.txt. Start -> Run %UserProfile%\Application Data\MCShield\AllScans.txt -> Enter Posalji mi sadrzaj izvestaja koji ce ti se otvoriti u Notepad-u. goran9888 (AMF Tim)

Profil

djordjee88 Poslao: 20 Feb 2011 01:37 Idi na vrh
offline djordjee88 Građanin Arhitekta Pridružio: 13 Okt 2009 Poruke: 79	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 20 Feb 2011 01:41 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, USB flash uredjaj je cist. Preuzmi program SystemLook sa ovog ili ovog linka na Desktop; Dvoklikom pokreni SystemLook; - U beli okvir prozora iskopirati sledeći tekst: `:file c:\windows\system32\xdva341.sys` Klikni taster Look; Po završetku rada programa priloži uz poruku file SystemLook.txt koji će se nalaziti na Desktop-u korišćenjem opcije Prikači Fajl. goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » WORM-FLESKA-VAZNI PODACI

Ko je trenutno na forumu

Ukupno su 1059 korisnika na forumu :: 23 registrovanih, 4 sakrivenih i 1032 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Aleksandar Tomić, bojcistv, Brana01, djuradj, galerija, Georgius, Japidson, Jeremiah, JOntra, krkalon, Kubovac, Litostroton, Mi lao shu, milos97, milutin134, nemkea71, raptorsi, Romibrat, skvara, t84dar, Tvrtko I, vathra, Vlada1389

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by