MyCity » Ambulanta -> Arhiva Ambulante » Problem: SHeur2

Problem: SHeur2

Napisano na dan: 11.1.2010

Strana:
1
2

Problem: SHeur2

Sledeća strana

Pagination

Odgovori

Strana:
1
2

User_Mira Poslao: 11 Jan 2010 20:08 Idi na vrh
offline User_Mira Novi MyCity građanin Pridružio: 11 Jan 2010 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Poštovani, Pre mesec dana prilikom startovanja računara, dešavalo se da se otvori Mozilla prikazujući neku "biznis" stranu. Tada sam startovala Spybot koji je otkrio neke MyWeb Search fajlove, koje sam po završetku skeniranja obrisala. Inače, prilikom svakog skeniranja računara od strane AVG-a, nije se javljao nikakav problem. Mislila sam da je time sve završeno. Međutim, jutros se, prilikom startovanja računara konstantno nekih par minuta otvarao "dosoliki" prozor, ali nisam uspela da pročitam šta je bilo napisano. Nakon toga, startovala sam AVG, i prijavio je trojanca SHeur2.CFK (2 fajla). Nakon toga, startovala sam Spybot, gde su izašli nanovo MyWeb search fajlovi, ali nisu svi mogli da se obrišu. Kako ceo dan nisam bila u prilici da se obratim Ambulanti, to činim sada. Raspolažem kablovskom konekcijom (SBB) 6 Mbps. Nisam uspela da izvršim skeniranje Gmer-om, tako da prilažem RootRepeal izveštaj. Još jedna napomena, nisam "napredan" korisnik računara. Unapred se zahvaljujem. Sledi DDS: DDS (Ver_09-12-01.01) - NTFSx86 Run by Deca at 19:25:23.29 on Mon 01/11/2010 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1314 [GMT 1:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\713xRMTMon.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\honestech\honestech TVR\scheduleTV.exe C:\WINDOWS\713xRMT.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Deca\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = [Link mogu videti samo ulogovani korisnici] uSearch Page = uSearch Bar = uInternet Settings,ProxyOverride = .local mSearchAssistant = mWinlogon: Taskman=c:\recycler\s-1-5-21-2565977379-6415044609-369197376-9052\nissan.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray uRun: [LREC75DND7] c:\docume~1\deca\locals~1\temp\d.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [TV Card Remote Control Device Monitor] c:\windows\713xRMTMon.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [AGRSMMSG] AGRSMMSG.exe dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\schedu~1.lnk - c:\program files\honestech\honestech tvr\scheduleTV.exe IE: &Search - ?p=ZKfox000 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\java\classes\xmldso.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [Link mogu videti samo ulogovani korisnici]* DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\deca\applic~1\mozilla\firefox\profiles\4nr9n9ro.default\ FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - component: c:\documents and settings\deca\application data\mozilla\firefox\profiles\4nr9n9ro.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\documents and settings\deca\application data\mozilla\firefox\profiles\4nr9n9ro.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\deca\application data\mozilla\firefox\profiles\4nr9n9ro.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-18 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-18 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-18 108552] R2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [2009-4-25 279552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-18 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-18 297752] R2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2009-4-25 25984] R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [2005-2-24 162176] S2 gupdate1c9ecdce5af182c;Google Update Service (gupdate1c9ecdce5af182c);c:\program files\google\update\GoogleUpdate.exe [2009-6-14 133104] S3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2009-4-25 906368] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-12-6 102656] =============== Created Last 30 ================ 2010-01-03 19:24:41 0 d-----w- c:\windows\Mystery Case Files Huntsville 2009-12-29 20:02:10 0 d---a-w- C:\xampp 2009-12-26 13:31:51 281 ----a-w- C:\Shortcut to Podaci (D).lnk 2009-12-23 16:54:15 0 d-----w- c:\program files\MyWebSearch ==================== Find3M ==================== 2009-10-31 12:24:30 304160 ----a-w- C:\StiImg.dat ============= FINISH: 19:25:43.90 =============== [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

diarno Poslao: 11 Jan 2010 20:30 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: pozdrav i dobrodosla na forum Isprati sledeće... Preuzmi file na Desktop sa dole navedenog linka; Pokreni ga dvoklikom; Na svaki upit klikni Ok i sačekaj da se pojavi log Antinissan.txt koji ćeš mi iskopirati ovde u poruci. [Link mogu videti samo ulogovani korisnici] - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

User_Mira Poslao: 11 Jan 2010 20:42 Idi na vrh
offline User_Mira Novi MyCity građanin Pridružio: 11 Jan 2010 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ovako. Ubacila sam prvo fleš, a zatim fotoaparat. Postojao je i eksterni hard, koji nije moj, tako da njega ne mogu proveriti. Izveštaji slede: Fix started @ 8:30:45 PM, 1/11/2010 Checking loading points... Traces found! Checking files... OK. »»»»»» Finished! »»»»»» Anti-nissan v1.0 by dr_Bora ================================== USBNoRisk 2.5 (26 July 2009) by bobby Started at 1/11/2010 8:32:00 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {177a200d-fdee-11dd-a8fc-806d6172696f} C: {177a200f-fdee-11dd-a8fc-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 177a200f-fdee-11dd-a8fc-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 177a200d-fdee-11dd-a8fc-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 1/11/2010 8:33:31 PM Scanning for connected USB mass storage... ---------------------------------------- F: {acf31ace-e498-11de-a10b-001485dee0db} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: Sanitized mountpoint for acf31ace-e498-11de-a10b-001485dee0db ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\SLATKO\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 1/11/2010 8:35:30 PM Scanning for connected USB mass storage... ---------------------------------------- F: {4db7e3a6-ba8a-11de-a095-001485dee0db} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- ;M=õs???èt??té?ì?üFLíwú?d????L??ð???y/??sÉÖÖd?ðseAc???Â??è?dE-X?e?Ïí?àm????l?ú???Òb?éEeÁF?}ÃÇ [autorun ;kÜE?ñ<ýI,ýµ%ì\? ;ø???Ø$?Þm$??r?ù?Ê??^?\|æÏrW?dv?+??þÿá-Jw?ò?ÃõCò?M?wÍ?ås open=SLATKO/torta.exe ;ñ?v?$Vt?úý ;??Z??N?xòF?<Z&?vYK?ð?x?aL??wT%?ô?wJ?>wröZ???mbñ?bL@???ÊEð?rÔ?Ú?s?QÈ`??j(?è??ì?ð?a?Fm???yst? icon=%SystemRoot%\system32\SHELL32.dll,4 ;QåRta??v?:ñts+/ÒÊ?ñ?µ action=Open folder to view files using Windows Explorer ;?åÚ?r?Â?Äú?dM shell\\open\\command=SLATKO/torta.exe ;?TQ?ØXòàmx?AÖà??wÿ?Â?}?C\|fìÖ?ìùoLa?ÁOev?µ??Ý????ùýyv??Xlñ??Rx?è??ë??XIMB?W?? shell\\explore\\command=SLATKO/torta.exe ;ÀìmJdO?dm?ðñ???? useautoplay=1 ;ø???Ø$?Þm$??r?=K.??<nà÷ ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- Sanitized mountpoint for 4db7e3a6-ba8a-11de-a095-001485dee0db ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\SLATKO\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 1/11/2010 8:36:16 PM Scanning for connected USB mass storage... ---------------------------------------- F: {4db7e3a6-ba8a-11de-a095-001485dee0db} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ========================================

Profil

diarno Poslao: 12 Jan 2010 01:26 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: obrisi antinissan.vbs koji si koristila i skini ovaj [Link mogu videti samo ulogovani korisnici] isprati uputstva i okaci mi log - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{4db7e3a6-ba8a-11de-a095-001485dee0db} delete_blocked: f_delete:%DRIVE%SLATKO/torta.exe folder_list:%DRIVE%` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

Profil

User_Mira Poslao: 12 Jan 2010 01:33 Idi na vrh
offline User_Mira Novi MyCity građanin Pridružio: 11 Jan 2010 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav jos jednom! Nadam se da sam sve dobro uradila. Slede izvestaji: Fix started @ 1:26:07 AM, 1/12/2010 Checking loading points... Traces found! Checking files... OK. Global loading point removed. »»»»»» Finished! »»»»»» Anti-nissan v1.0 by dr_Bora ================================== USBNoRisk 2.5 (26 July 2009) by bobby Started at 1/12/2010 1:27:21 AM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {177a200d-fdee-11dd-a8fc-806d6172696f} C: {177a200f-fdee-11dd-a8fc-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 177a200f-fdee-11dd-a8fc-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 177a200d-fdee-11dd-a8fc-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 1/12/2010 1:27:44 AM Scanning for connected USB mass storage... ---------------------------------------- F: {acf31ace-e498-11de-a10b-001485dee0db} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: Sanitized mountpoint for acf31ace-e498-11de-a10b-001485dee0db ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\SLATKO\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== Processing script ----------------------------------------

Profil

diarno Poslao: 12 Jan 2010 01:48 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako.. POkreni USbnorisk..sacekaj da se zavrsi ono pocetno skeniranje pa onda prikljuci fotoaparat...Kada prikljucis fotoarat klikni na karticu Script i odradi ono sto sam ti napisao... Moja greska... nisam naglasio da ubacis fotoaparat posto je on zarazen.

Profil

User_Mira Poslao: 12 Jan 2010 01:53 Idi na vrh
offline User_Mira Novi MyCity građanin Pridružio: 11 Jan 2010 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo izvestaja sa fotoaparata: USBNoRisk 2.5 (26 July 2009) by bobby Started at 1/12/2010 1:46:36 AM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {177a200d-fdee-11dd-a8fc-806d6172696f} C: {177a200f-fdee-11dd-a8fc-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 177a200f-fdee-11dd-a8fc-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 177a200d-fdee-11dd-a8fc-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 1/12/2010 1:48:04 AM Scanning for connected USB mass storage... ---------------------------------------- F: {4db7e3a6-ba8a-11de-a095-001485dee0db} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- ;M=õs???èt??té?ì?üFLíwú?d????L??ð???y/??sÉÖÖd?ðseAc???Â??è?dE-X?e?Ïí?àm????l?ú???Òb?éEeÁF?}ÃÇ [autorun ;kÜE?ñ<ýI,ýµ%ì\? ;ø???Ø$?Þm$??r?ù?Ê??^?\|æÏrW?dv?+??þÿá-Jw?ò?ÃõCò?M?wÍ?ås open=SLATKO/torta.exe ;ñ?v?$Vt?úý ;??Z??N?xòF?<Z&?vYK?ð?x?aL??wT%?ô?wJ?>wröZ???mbñ?bL@???ÊEð?rÔ?Ú?s?QÈ`??j(?è??ì?ð?a?Fm???yst? icon=%SystemRoot%\system32\SHELL32.dll,4 ;QåRta??v?:ñts+/ÒÊ?ñ?µ action=Open folder to view files using Windows Explorer ;?åÚ?r?Â?Äú?dM shell\\open\\command=SLATKO/torta.exe ;?TQ?ØXòàmx?AÖà??wÿ?Â?}?C\|fìÖ?ìùoLa?ÁOev?µ??Ý????ùýyv??Xlñ??Rx?è??ë??XIMB?W?? shell\\explore\\command=SLATKO/torta.exe ;ÀìmJdO?dm?ðñ???? useautoplay=1 ;ø???Ø$?Þm$??r?=K.??<nà÷ ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: Sanitized mountpoint for 4db7e3a6-ba8a-11de-a095-001485dee0db ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\SLATKO\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== Processing script ----------------------------------------

Profil

diarno Poslao: 12 Jan 2010 11:59 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ajmo jos jednom Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{4db7e3a6-ba8a-11de-a095-001485dee0db} no_sh: f_delete:%DRIVE%SLATKO/torta.exe folder_list:%DRIVE%` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. Okaci mi log ovde i proveri dal je ceo selektovan i kopiran na forum Zatim : Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: [Link mogu videti samo ulogovani korisnici] Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: Update Malwarebytes' Anti-Malware; Launch Malwarebytes Anti-Malware; a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan. Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti. Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).

Profil

User_Mira Poslao: 12 Jan 2010 19:15 Idi na vrh
offline User_Mira Novi MyCity građanin Pridružio: 11 Jan 2010 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 2.5 (26 July 2009) by bobby Started at 1/12/2010 6:56:01 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {177a200d-fdee-11dd-a8fc-806d6172696f} C: {177a200f-fdee-11dd-a8fc-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 177a200f-fdee-11dd-a8fc-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 177a200d-fdee-11dd-a8fc-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 1/12/2010 6:57:02 PM Scanning for connected USB mass storage... ---------------------------------------- F: {4db7e3a6-ba8a-11de-a095-001485dee0db} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- ;M=õs???èt??té?ì?üFLíwú?d????L??ð???y/??sÉÖÖd?ðseAc???Â??è?dE-X?e?Ïí?àm????l?ú???Òb?éEeÁF?}ÃÇ [autorun ;kÜE?ñ<ýI,ýµ%ì\? ;ø???Ø$?Þm$??r?ù?Ê??^?\|æÏrW?dv?+??þÿá-Jw?ò?ÃõCò?M?wÍ?ås open=SLATKO/torta.exe ;ñ?v?$Vt?úý ;??Z??N?xòF?<Z&?vYK?ð?x?aL??wT%?ô?wJ?>wröZ???mbñ?bL@???ÊEð?rÔ?Ú?s?QÈ`??j(?è??ì?ð?a?Fm???yst? icon=%SystemRoot%\system32\SHELL32.dll,4 ;QåRta??v?:ñts+/ÒÊ?ñ?µ action=Open folder to view files using Windows Explorer ;?åÚ?r?Â?Äú?dM shell\\open\\command=SLATKO/torta.exe ;?TQ?ØXòàmx?AÖà??wÿ?Â?}?C\|fìÖ?ìùoLa?ÁOev?µ??Ý????ùýyv??Xlñ??Rx?è??ë??XIMB?W?? shell\\explore\\command=SLATKO/torta.exe ;ÀìmJdO?dm?ðñ???? useautoplay=1 ;ø???Ø$?Þm$??r?=K.??<nà÷ ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: Sanitized mountpoint for 4db7e3a6-ba8a-11de-a095-001485dee0db ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\SLATKO\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== Processing script ---------------------------------------- Malwarebytes' Anti-Malware 1.44 Database version: 3549 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 1/12/2010 7:12:03 PM mbam-log-2010-01-12 (19-12-03).txt Scan type: Quick Scan Objects scanned: 126030 Time elapsed: 10 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 18 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 3 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lrec75dnd7 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Profil

diarno Poslao: 12 Jan 2010 20:04 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok... sad samo kad ubacis fotoaparat udji i obrisi folder sa nazivom SLATKO

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem: SHeur2

Ko je trenutno na forumu

Ukupno su 904 korisnika na forumu :: 20 registrovanih, 1 sakriven i 883 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Boris90, BZ, comi, cvele130, Denaya, Grandmaster1, GrobarPovratak, jovo caruga, KonstantinR, Kruger, majstro, Makeitdrip, N.e.m.a.nj.a., Nobunaga, Paklenica, PrincipL, Saša31LPB, stalja, superwhy, Tila Painen

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by