[es] - Zna li neko nešto više o Trojan.LdPinch

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta

+88 Profil

Re: Zna li neko nešto više o Trojan.LdPinch

^{17.05.2011. u 21:02 - pre 157 meseci}

Preuzmi OTS na desktop http://oldtimer.geekstogo.com/OTS.exe

Pokreni OTS dvoklikom

Cekiraj Scan All Users

U donjem desnom prozoru cekiraj sledece:

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

U prozotu Custom Scan kopiraj sledece:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Klikni na Run Scan

Upozorenje: Ne dirati racunar dok program radi.

Kada se zavrsi skeniranje optvorice se Notepad sa izvestajem.

Kopiraj izvestaj na http://pastebin.com/ klikni Submit, pa kopiraj link sa izvestajem.

Odgovor na temu

tordajav

Član broj: 62590
Poruke: 702
*.dynamic.isp.telekom.rs.

+2 Profil

Re: Zna li neko nešto više o Trojan.LdPinch

^{18.05.2011. u 19:04 - pre 157 meseci}

Tvo ga link: OTS

Hvala

Noli turbare circulos meos!

Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.dynamic.isp.telekom.rs.

Sajt: www.mycity.rs/Ambulanta

+88 Profil

Re: Zna li neko nešto više o Trojan.LdPinch

^{18.05.2011. u 21:08 - pre 157 meseci}

Pokreni OTS

Kopiraj tekst iz Code taga u prozor [B]Paste fix here[/B] i klikni [B]Run Fix[/B]

Code:

[Unregister Dlls]
[Processes - Safe List]
NY -> syncor.exe -> C:\WINDOWS\SynCor.exe
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
YN -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://start.facemoods.com/?s={searchTerms}
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"{00000000-6E41-4FD3-8538-502F5495E5FC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> "{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Don't filter page with Ad Muncher -> [http://www.admuncher.com/reque...31398X9&id=menu_ie_exclude]
YN -> Report page to the Ad Muncher developers -> [http://www.admuncher.com/reque...431398X9&id=menu_ie_report]
[Files/Folders - Modified Within 30 Days]
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[Files - No Company Name]
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[Alternate Data Streams]
NY -> @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
NY -> @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
NY -> @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D96771C
NY -> @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21F11E8D
NY -> @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7177954
NY -> @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

Kad se zavrsi Fix klikni OK i otvorice se notepad sa izvestajem koji ces mi kopirati

Javi stanje.

Odgovor na temu

tordajav

Član broj: 62590
Poruke: 702
*.dynamic.isp.telekom.rs.

+2 Profil

Re: Zna li neko nešto više o Trojan.LdPinch

^{18.05.2011. u 23:17 - pre 157 meseci}

Evo stanja. Nisam siguran ali... da li je ovo bilo apsolutno naivno da sve poslušam i uradim kako si rekao,
jer stvarno nemam predstavu šta se sve ovde izdešavalo...
Piše da je obrisano 83mb? Čega?
Za trenutak sam se sledio kako je krenuo komp u retart :)

Code:
All Processes Killed
[Processes - Safe List]
No active process named syncor.exe was found!
C:\WINDOWS\SynCor.exe moved successfully.
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Search not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Don't filter page with Ad Muncher\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Report page to the Ad Muncher developers\ deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
[Files - No Company Name]
File C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found!
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D96771C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:21F11E8D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B7177954 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51 deleted successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 258 bytes
->Temporary Internet Files folder emptied: 672274 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 85611101 bytes
->Flash cache emptied: 126228 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.42.0 fix logfile created on 05192011_000857

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Noli turbare circulos meos!

Odgovor na temu