|
Poslao: 20 Nov 2009 11:38
|
offline
- Pridružio: 27 Dec 2008
- Poruke: 30
|
DDS (Ver_09-10-26.01) - NTFSx86
Run by ronaldinjo at 11:36:54,14 on pet 20.11.2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.148 [GMT 1:00]
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Ovislink\Common\TurboG-UI.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ronaldinjo\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Connection Wizard,ShellNext = iexplore
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /RunOnce
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ronald~1\startm~1\programs\startup\deerhu~1.lnk - c:\program files\atari\deer hunter 2005\ATR1.EXE
StartupFolder: c:\docume~1\ronald~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airliv~1.lnk - c:\program files\ovislink\common\TurboG-UI.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {D7CD196B-DB17-4A51-93FF-4D2245ECC5C9} = 81.93.85.152 81.93.85.132
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ronald~1\applic~1\mozilla\firefox\profiles\pmgj8ix8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\ronaldinjo\application data\mozilla\firefox\profiles\pmgj8ix8.default\extensions\{8a6264b5-a8f2-494b-8f37-cf898a763e42}\components\FFAlert.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [2009-7-29 5229696]
R3 PAC7311;PLEOMAX PWC-2000;c:\windows\system32\drivers\PA707UCM.SYS [2009-11-12 150272]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [2009-7-29 5229696]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
=============== Created Last 30 ================
2009-11-20 10:01:51 0 d-sh--r- C:\Win
2009-11-19 11:51:11 0 d-----w- c:\program files\Disney Interactive
2009-11-13 08:35:51 116 ----a-w- c:\windows\ConverterCore.INI
2009-11-13 08:34:08 0 d-----w- c:\docume~1\ronald~1\applic~1\SolidDocuments
2009-11-13 08:31:52 27456 ----a-w- c:\windows\system32\solidlocalmon.dll
2009-11-13 08:31:52 18752 ----a-w- c:\windows\system32\solidlocalui.dll
2009-11-13 08:31:11 0 d-----w- c:\docume~1\alluse~1\applic~1\SolidDocuments
2009-11-12 20:33:22 0 d-----w- c:\program files\PLEOMAX PWC-2000
2009-11-12 20:33:20 150272 ----a-w- c:\windows\system32\drivers\PA707UCM.SYS
2009-11-12 20:33:19 0 d-----w- c:\program files\common files\PWC2000
2009-11-12 15:56:15 53248 ----a-w- c:\windows\system32\PAStiSvc.exe
2009-11-12 15:56:06 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-11-12 15:56:06 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-11-12 15:53:38 107520 ------w- c:\windows\system32\SP7311.AX
2009-11-12 15:53:35 0 d-----w- c:\windows\PixArt
2009-11-10 13:32:38 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-09 21:56:09 0 d-----w- c:\docume~1\ronald~1\applic~1\uTorrent
2009-11-07 10:56:18 0 d-----w- c:\docume~1\ronald~1\applic~1\PdfMerger
2009-11-07 10:51:49 0 d-----w- c:\windows\system32\no
2009-11-07 10:51:47 0 d-----w- c:\program files\ArduoPdfMerger
2009-11-06 21:19:20 0 d-----w- c:\docume~1\ronald~1\applic~1\OpenOffice.org
2009-11-06 21:17:03 0 d-----w- c:\program files\OpenOffice.org 3
2009-11-06 20:08:54 0 ----a-w- c:\windows\system32\FOXIT_PDF
2009-11-06 19:12:30 0 d-----w- c:\program files\JPEG to PDF
2009-11-06 18:57:54 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2009-11-06 18:57:54 0 d-----w- c:\program files\PDF Editor 2
==================== Find3M ====================
2009-10-14 19:02:42 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-24 13:21:50 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
============= FINISH: 11:37:06,53 ===============
|
|
|
|
|
|
|
Poslao: 20 Nov 2009 13:08
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Nedostaju Gmer logovi. Isprati ostatak uputstva.
|
|
|
|
|
|
|
|
|
|
|
Poslao: 20 Nov 2009 15:42
|
offline
- Pridružio: 27 Dec 2008
- Poruke: 30
|
USBNoRisk 2.5 (26 July 2009) by bobby
Started at 20.11.2009 15:41:03
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
C: {0a6a23aa-43cb-11de-b009-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 0a6a23aa-43cb-11de-b009-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 20.11.2009 15:41:29
Scanning for connected USB mass storage...
----------------------------------------
E: {b32a7a29-43c4-11de-9881-004f6a0159dd}
Added E:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
No Autorun.inf files found on E:
No mountpoint found for b32a7a29-43c4-11de-9881-004f6a0159dd
----------------------------------------
No Desktop.ini files found on E:
----------------------------------------
Mimics found on drive E:
========================================
========================================
Removed E:
========================================
|
|
|
|
|
|
|
Poslao: 20 Nov 2009 21:08
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Pokrenuti USBNoRisk i sacekati da izvrši inicijalno skeniranje.
- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.
- Kliknuti na karticu Script;
U beli okvir prozora iskopirati sledeći tekst:
{b32a7a29-43c4-11de-9881-004f6a0159dd}
delete_mimics:
no_sh:
folder_delete: C:\Win\
folder_list: %DRIVE%
- Izvršiti komandu klikom na taster Run Script;
Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;
- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;
Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.
|
|
|
|
|
|
|
Poslao: 20 Nov 2009 21:17
|
offline
- Pridružio: 27 Dec 2008
- Poruke: 30
|
USBNoRisk 2.5 (26 July 2009) by bobby
Started at 20.11.2009 21:15:44
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
C: {0a6a23aa-43cb-11de-b009-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 0a6a23aa-43cb-11de-b009-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 20.11.2009 21:16:01
Scanning for connected USB mass storage...
----------------------------------------
E: {b32a7a29-43c4-11de-9881-004f6a0159dd}
Added E:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
No Autorun.inf files found on E:
No mountpoint found for b32a7a29-43c4-11de-9881-004f6a0159dd
----------------------------------------
No Desktop.ini files found on E:
----------------------------------------
Mimics found on drive E:
========================================
Processing script
----------------------------------------
b32a7a29-43c4-11de-9881-004f6a0159dd
Drive letter for GUID: E:
SectionStart = 0
SectionEnd = 4
----------------------------------------
Deleting mimics:
----------------------------------------
f_delete: C:\Win\lsass.exe > File does not exist!
Mimics found: E:\sdg.exe
f_delete:
file "E:\sdg.exe" deleted successfully
Mimics found: E:\Jork i Hana.exe
f_delete:
file "E:\Jork i Hana.exe" deleted successfully
Mimics found: E:\NJEGOS SLIKE.exe
f_delete:
file "E:\NJEGOS SLIKE.exe" deleted successfully
Mimics found: E:\SA MORA.exe
f_delete:
file "E:\SA MORA.exe" deleted successfully
Mimics found: E:\SKENIRANE SLIKE.exe
f_delete:
file "E:\SKENIRANE SLIKE.exe" deleted successfully
Mimics found: E:\SPLIT.exe
f_delete:
file "E:\SPLIT.exe" deleted successfully
Mimics found: E:\HANNA.exe
f_delete:
file "E:\HANNA.exe" deleted successfully
Mimics found: E:\SPLIT 2.exe
f_delete:
file "E:\SPLIT 2.exe" deleted successfully
Mimics found: E:\INSTALACIJE.exe
f_delete:
file "E:\INSTALACIJE.exe" deleted successfully
Mimics found: E:\Dokumenti.exe
f_delete:
file "E:\Dokumenti.exe" deleted successfully
Mimics found: E:\MIRO SARAC.exe
f_delete:
file "E:\MIRO SARAC.exe" deleted successfully
----------------------------------------
Unhide superhidden for E:\
----------------------------------------
dra-- E:\sdg > unhidden
dra-- E:\Jork i Hana > unhidden
--a-- E:\Jork i Hana\Thumbs.db > unhidden
dra-- E:\NJEGOS SLIKE > unhidden
--a-- E:\NJEGOS SLIKE\PIKSI KUP -TREBINJE-SLIKE\Thumbs.db > unhidden
--a-- E:\NJEGOS SLIKE\NJEGOS U SKENDERIJI\Thumbs.db > unhidden
--a-- E:\NJEGOS SLIKE\MEDJUGORJE\Thumbs.db > unhidden
dra-- E:\SA MORA > unhidden
--a-- E:\SA MORA\Thumbs.db > unhidden
dra-- E:\SKENIRANE SLIKE > unhidden
--a-- E:\SKENIRANE SLIKE\Thumbs.db > unhidden
--a-- E:\msvcr71.dll > unhidden
dra-- E:\SPLIT > unhidden
--a-- E:\SPLIT\Thumbs.db > unhidden
dra-- E:\HANNA > unhidden
--a-- E:\HANNA\Thumbs.db > unhidden
dra-- E:\SPLIT 2 > unhidden
--a-- E:\SPLIT 2\Thumbs.db > unhidden
dra-- E:\INSTALACIJE > unhidden
--a-- E:\INSTALACIJE\Desktop.ini > unhidden
--a-- E:\INSTALACIJE\Zuma Deluxe 1.0.0.2 (full)\Thumbs.db > unhidden
--a-- E:\INSTALACIJE\instalacije 1111\(zabranjeno)lock.3.9.44\Moto Accidents\Thumbs.db > unhidden
dra-- E:\Dokumenti > unhidden
--a-- E:\Dokumenti\Thumbs.db > unhidden
dra-- E:\MIRO SARAC > unhidden
dra-- E:\Adobe Photoshop CS4 > unhidden
dra-- E:\RESTORE > unhidden
dra-- E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 > unhidden
--a-- E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini > unhidden
----------------------------------------
Delete folder tree C:\Win\:
----------------------------------------
Folder tree is empty
Delete: C:\Win\ > Error!
----------------------------------------
Folder list for E:\:
----------------------------------------
--a-- 90112 E:\IZLOZBE.doc E:\IZLOZBE.doc
dra-- 0 E:\sdg E:\sdg
dra-- 0 E:\JORKIH~1 E:\Jork i Hana
dra-- 0 E:\NJEGOS~1 E:\NJEGOS SLIKE
dra-- 0 E:\SAMORA~1 E:\SA MORA
dra-- 0 E:\SKENIR~1 E:\SKENIRANE SLIKE
--a-- 61952 E:\CVPRIM~1.DOC E:\Cv primjer.doc
--a-- 348160 E:\msvcr71.dll E:\msvcr71.dll
dra-- 0 E:\SPLIT E:\SPLIT
--a-- 3167920 E:\RCSETU~1.EXE E:\rcsetup126.exe
dra-- 0 E:\HANNA E:\HANNA
--a-- 58055 E:\IZLOZB~1.PDF E:\IZLOZBE SRBIJA.pdf
dra-- 0 E:\SPLIT2~1 E:\SPLIT 2
dra-- 0 E:\INSTAL~1 E:\INSTALACIJE
--a-- 216 E:\NEWTEX~1.TXT E:\New Text Document.txt
dra-- 0 E:\DOKUME~1 E:\Dokumenti
dra-- 0 E:\MIROSA~1 E:\MIRO SARAC
--a-- 37888 E:\BARICA~1.DOC E:\Baricanin Srdjan CV.doc
dra-- 0 E:\ADOBEP~1 E:\Adobe Photoshop CS4
--a-- 403584 E:\JOHNCE~1.MP3 E:\John Cena-My Time Is Now.mp3
dra-- 0 E:\RESTORE E:\RESTORE
----------------------------------------
|
|
|
|
|
|
|
Poslao: 20 Nov 2009 21:36
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Ako postoji, obriši folder C:\Win
Napomena: nemoj da obrišeš c:\windows
Na flash-u postoji folder RESTORE - obriši ga.
Obriši i file msvcr71.dll sa flash-a.
Da li je sada sve u redu? Imaš pristup svemu što se nalazi na flash-u?
|
|
|
|
|
|
|
Poslao: 20 Nov 2009 21:42
|
offline
- Pridružio: 27 Dec 2008
- Poruke: 30
|
C:\Win nema ga ovo ostalo obrisano i sada je sve ok hvala puno
|
|
|
|
|
|
|
|
Preuzmi 
