MyCity » Ambulanta -> Arhiva Ambulante » 2 racunara u mrezi, problem s internetom

2 racunara u mrezi, problem s internetom

Napisano na dan: 9.6.2010

Strana:
1
2
3

2 racunara u mrezi, problem s internetom

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Mari983 Poslao: 09 Jun 2010 10:22 Idi na vrh
offline Mari983 Novi MyCity građanin Pridružio: 09 Jun 2010 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Kuci imam 2 starija desktop racunara koji su medjusobno povezani i oba su preko swicha povezana na adsl, 1 Mbps. Prije par dana su poceli da se javljaju problemi kad su oba ukljucena - ili se na jednom izgubi internet ili na oba. Decki iz euneta su mi kazali da je sto se njih tice sve ok, alida cesto imam max upload, koji je konstantan, a meni su iskljuceni utorrent i emule i sve slicno. Jedan smo formatirali, a sa drugim mi se to ne radi jer mi je hard pun i ne da mi se sve to narezivati. Skeniranje je pronaslo jedan inficirani fajl i uklonilo ga, ali sve je i dalje isto. Evo ovih logova i sl. Gmer mi je kocio citav komp i nisam uspjela da nista sacuvam. DDS (Ver_10-03-17.01) - NTFSx86 Run by KORISNIK1 at 9:31:00.59 on Wed 06/09/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.132 [GMT 2:00] AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\KORISNIK1\My Documents\Downloads\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.daemon-search.com/default uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local mWinlogon: Shell=Explorer.exe csrcs.exe mWinlogon: Taskman=c:\documents and settings\korisnik1\application data\tnzbrg.exe uWinlogon: Shell=c:\documents and settings\korisnik1\ctfmon.exe,explorer.exe,c:\documents and settings\korisnik1\application data\tnzbrg.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SoundMan] SOUNDMAN.EXE mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRunServices: [csrcs] c:\windows\system32\csrcs.exe mExplorerRun: [csrcs] c:\windows\system32\csrcs.exe uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1) uPolicies-explorer: NoStrCmpLogical = 1 (0x1) mPolicies-explorer: NoChangeAnimation = 1 (0x1) mPolicies-explorer: NoStrCmpLogical = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab TCP: {288DE7FE-0BB9-4D82-903A-9C44797E09BF} = 194.247.192.33,194.247.192.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\korisn~1\applic~1\mozilla\firefox\profiles\mfqpztgk.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\documents and settings\korisnik1\application data\mozilla\firefox\profiles\mfqpztgk.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll FF - component: c:\documents and settings\korisnik1\application data\mozilla\firefox\profiles\mfqpztgk.default\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - plugin: c:\documents and settings\korisnik1\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla plugins\npitunes.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2010-6-6 127768] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-6-6 394952] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2002/01/01 01:30:27];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536] R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2002-1-1 27632] S2 tbhMonitor.exe;The Browser Highlighter Monitor;"c:\program files\tbh\monitor\bin\tbhmonitor.exe" --> c:\program files\tbh\monitor\bin\tbhMonitor.exe [?] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2002-1-1 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2002-1-1 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2002-1-1 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2002-1-1 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2002-1-1 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2002-1-1 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2002-1-1 115752] S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] =============== Created Last 30 ================ 2010-06-09 06:47:48 0 d--h--w- c:\windows\PIF 2010-06-06 22:24:51 0 d-----w- c:\windows\pss 2010-06-06 21:57:17 9248 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-06-06 21:57:17 663584 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-06-06 21:53:39 4212 ---h--w- c:\windows\system32\zllictbl.dat 2010-06-06 21:53:09 75248 ----a-w- c:\windows\zllsputility.exe 2010-06-06 21:53:08 11264 ----a-w- c:\windows\system32\SpOrder.dll 2010-06-06 21:52:08 0 d-----w- c:\program files\Zone Labs 2010-06-06 21:51:20 0 d-----w- c:\windows\Internet Logs 2010-06-04 09:16:01 157184 --sh--r- c:\docume~1\korisn~1\applic~1\tnzbrg.exe 2010-06-01 08:16:22 0 ----a-w- c:\documents and settings\korisnik1\Desktop.ini 2010-05-10 19:59:56 123392 --sh--r- c:\documents and settings\korisnik1\ctfmon.exe ==================== Find3M ==================== 2009-11-12 15:33:12 294688 ----a-w- c:\program files\iTunesOutlookAddIn.dll 2009-11-12 15:33:12 292640 ----a-w- c:\program files\iTunesPhotoProcessor.exe 2009-11-12 15:33:10 384800 ----a-w- c:\program files\iTunesAdmin.dll 2009-11-12 15:33:10 211232 ----a-w- c:\program files\iTunesHelper.dll 2009-11-12 15:33:10 141600 ----a-w- c:\program files\iTunesHelper.exe 2009-11-12 15:33:10 124192 ----a-w- c:\program files\iTunesMiniPlayer.dll 2009-11-12 15:33:04 10358048 ----a-w- c:\program files\iTunes.exe 2009-11-12 15:33:00 722160 ----a-w- c:\program files\CDDBControlApple.dll 2009-11-12 15:33:00 648480 ----a-w- c:\program files\iPodUpdaterExt.dll 2009-11-12 15:33:00 14769448 ----a-w- c:\program files\iTunes.dll 2009-11-12 15:33:00 111912 ----a-w- c:\program files\ITDetector.ocx 2009-11-12 15:32:48 59083 ----a-w- c:\program files\Acknowledgements.rtf ============= FINISH: 9:31:41.29 =============== mycity.rs/must-login.png mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 09 Jun 2010 10:46 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav i dobrodošla na MyCity. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Mari983 Poslao: 10 Jun 2010 01:44 Idi na vrh
offline Mari983 Novi MyCity građanin Pridružio: 09 Jun 2010 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ga. Jedva :-) ComboFix 10-06-09.01 - KORISNIK1 06/10/2010 1:30.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.117 [GMT 2:00] Running from: c:\documents and settings\KORISNIK1\My Documents\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\docume~1\KORISN~1\LOCALS~1\Temp\tmp2.tmp c:\documents and settings\KORISNIK1\Application Data\tnzbrg.exe c:\documents and settings\KORISNIK1\ctfmon.exe D:\autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 ))))))))))))))))))))))))))))))) . 2010-06-09 06:47 . 2010-06-09 06:47 -------- d--h--w- c:\windows\PIF 2010-06-06 21:57 . 2010-06-09 23:39 725024 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-06-06 21:52 . 2010-06-06 21:52 -------- d-----w- c:\program files\Zone Labs 2010-06-06 21:51 . 2010-06-07 22:09 -------- d-----w- c:\windows\Internet Logs 2010-05-26 12:54 . 2010-05-26 12:54 503808 ----a-w- c:\documents and settings\KORISNIK1\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-50647ad1-n\msvcp71.dll 2010-05-26 12:54 . 2010-05-26 12:54 499712 ----a-w- c:\documents and settings\KORISNIK1\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-50647ad1-n\jmc.dll 2010-05-26 12:54 . 2010-05-26 12:54 348160 ----a-w- c:\documents and settings\KORISNIK1\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-50647ad1-n\msvcr71.dll 2010-05-12 21:25 . 2010-05-12 21:25 -------- d-----w- c:\documents and settings\KORISNIK1\Local Settings\Application Data\ApplicationHistory . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-09 23:24 . 2010-06-06 21:57 9872 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-06-09 23:23 . 2009-12-22 19:37 -------- d-----w- c:\documents and settings\KORISNIK1\Application Data\Skype 2010-06-06 22:11 . 2010-02-01 11:13 -------- d-----w- c:\documents and settings\KORISNIK1\Application Data\uTorrent 2010-06-06 22:02 . 2010-04-09 20:15 -------- d-----w- c:\program files\Game Accelerator 2010-06-06 21:55 . 2010-06-06 21:53 4212 ---h--w- c:\windows\system32\zllictbl.dat 2010-06-06 21:53 . 2010-06-06 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier 2010-05-02 11:58 . 2010-05-02 11:56 -------- d-----w- c:\documents and settings\KORISNIK1\Application Data\PrimoPDF 2010-05-02 11:54 . 2010-05-02 11:54 -------- d-----w- c:\program files\Nitro PDF 2010-04-17 21:44 . 2002-01-01 00:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-17 17:27 . 2010-04-17 08:58 -------- d-----w- c:\program files\ATI 2010-04-17 08:59 . 2010-04-09 20:46 -------- d-----w- c:\program files\ATI Technologies 2010-04-09 20:48 . 2010-04-09 20:48 9158 ----a-r- c:\documents and settings\KORISNIK1\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe 2009-11-12 15:33 . 2009-11-12 15:33 294688 ----a-w- c:\program files\iTunesOutlookAddIn.dll 2009-11-12 15:33 . 2009-11-12 15:33 292640 ----a-w- c:\program files\iTunesPhotoProcessor.exe 2009-11-12 15:33 . 2009-11-12 15:33 384800 ----a-w- c:\program files\iTunesAdmin.dll 2009-11-12 15:33 . 2009-11-12 15:33 211232 ----a-w- c:\program files\iTunesHelper.dll 2009-11-12 15:33 . 2009-11-12 15:33 141600 ----a-w- c:\program files\iTunesHelper.exe 2009-11-12 15:33 . 2009-11-12 15:33 124192 ----a-w- c:\program files\iTunesMiniPlayer.dll 2009-11-12 15:33 . 2009-11-12 15:33 10358048 ----a-w- c:\program files\iTunes.exe 2009-11-12 15:33 . 2009-11-12 15:33 722160 ----a-w- c:\program files\CDDBControlApple.dll 2009-11-12 15:33 . 2009-11-12 15:33 648480 ----a-w- c:\program files\iPodUpdaterExt.dll 2009-11-12 15:33 . 2009-11-12 15:33 14769448 ----a-w- c:\program files\iTunes.dll 2009-11-12 15:33 . 2009-11-12 15:33 111912 ----a-w- c:\program files\ITDetector.ocx 2009-11-12 15:32 . 2009-11-12 15:32 59083 ----a-w- c:\program files\Acknowledgements.rtf . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-04-01 77824] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoChangeAnimation"= 1 (0x1) "NoStrCmpLogical"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoStrCmpLogical"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk backup=c:\windows\pss\BDARemote.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2009-11-19 17:41 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-05-04 09:39 149040 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2007-12-21 07:21 1443072 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service] 2009-11-15 20:59 158752 ----a-w- c:\program files\Freecorder\FLVSrvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-01-31 22:10 135664 ----atw- c:\documents and settings\KORISNIK1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 15:33 141600 ----a-w- c:\program files\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2007-04-19 12:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-05-04 09:59 161328 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut] 2009-04-27 16:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PtiuPbmd] 2006-10-29 15:12 24576 ----a-r- c:\windows\system32\ptipbm.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9] 2009-07-06 13:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes.exe"= "c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"= "c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\eMule\\emule.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "5191:TCP"= 5191:TCP:The Browser Highlighter XCOM "4672:UDP"= 4672:UDP:UDP Incoming "4662:TCP"= 4662:TCP:eMule : TCP Incoming R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 09:21 33800] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2002/01/01 01:30];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 20:40 87536] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 09:21 468224] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [1/1/2002 11:25 27632] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/10/2009 12:31 717296] S2 tbhMonitor.exe;The Browser Highlighter Monitor;"c:\program files\tbh\monitor\bin\tbhMonitor.exe" --> c:\program files\tbh\monitor\bin\tbhMonitor.exe [?] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [1/1/2002 11:24 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [1/1/2002 11:24 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [1/1/2002 11:24 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [1/1/2002 11:24 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [1/1/2002 11:24 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [1/1/2002 11:24 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [1/1/2002 11:24 115752] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1450960922-1417001333-1003Core.job - c:\documents and settings\KORISNIK1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-31 22:10] 2010-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1450960922-1417001333-1003UA.job - c:\documents and settings\KORISNIK1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-31 22:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daemon-search.com/default uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {288DE7FE-0BB9-4D82-903A-9C44797E09BF} = 194.247.192.33,194.247.192.1 FF - ProfilePath - c:\documents and settings\KORISNIK1\Application Data\Mozilla\Firefox\Profiles\mfqpztgk.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\documents and settings\KORISNIK1\Application Data\Mozilla\Firefox\Profiles\mfqpztgk.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll FF - component: c:\documents and settings\KORISNIK1\Application Data\Mozilla\Firefox\Profiles\mfqpztgk.default\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\KORISNIK1\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Plugins\npitunes.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-GameXL - c:\program files\Game Accelerator\gamexl.exe MSConfigStartUp-tbhSystray - c:\program files\tbh\base\bin\tbhSystray.exe *********************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . Completion time: 2010-06-10 01:42:39 ComboFix-quarantined-files.txt 2010-06-09 23:42 Pre-Run: 70,463,488 bytes free Post-Run: 1,156,493,312 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe - - End Of File - - 478DC43D01855E42FDA0049E8F8AFAD5

Profil

Bogdan-Tc Poslao: 10 Jun 2010 23:33 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini na čekanju... Kakvo je sada stanje?

Profil

Mari983 Poslao: 10 Jun 2010 23:44 Idi na vrh
offline Mari983 Novi MyCity građanin Pridružio: 09 Jun 2010 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sad djeluje sve ok. Nije mi se prekidala konekcija danas. To bi trebalo biti to ili?

Profil

Bogdan-Tc Poslao: 11 Jun 2010 00:03 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imaš aktivne ostatke od Kasperskog antivirus programa. To bi trebalo ukloniti, kao i reinstalirati NOD, jer je oštećen. Daću ti uputstvo kako ovo da odradiš samo još nešto da proverimo. Ukoliko imaš USB memorijske uređaje kod sebe, isprati sledeće uputstvo... - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

Mari983 Poslao: 12 Jun 2010 09:04 Idi na vrh
offline Mari983 Novi MyCity građanin Pridružio: 09 Jun 2010 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ja nikad nisam imala Kasperski? Doduse ovaj racunar je bio prije pola godine na servisu zbog napajanja i tad mi je taj tip postavio Nod. Ali vidim da Nod nije ok - stalno mi izbacuje neka upozorenja da nije updateovan. U ovaj racunar ubadam samo iPOD i jedan flash disk. Evo ga log. USBNoRisk 2.5 (26 July 2009) by bobby Started at 6/12/2010 08:52:58 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {93732455-fe4d-11d5-954a-806d6172696f} C: {93732457-fe4d-11d5-954a-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 93732457-fe4d-11d5-954a-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 93732455-fe4d-11d5-954a-806d6172696f No Desktop.ini files found on D: ---------------------------------------- autorun.inf found in Qoobox ---------------------------------------- Content of C:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- ;12T14I69FX2E03Q9ZYM [aUTORUN] ;5 ;B6M5HOUGHF2087TLC51IB5Y99E1FK2272X9298QYY8O6AZM1R34R3IXBPAKW9 ;755GH782Y39Z31JBS7IH18NMQ2OHF8DM ;263344BEDQH5UNO8662G2NM8CA7QY08104EKP5WML754VXZ2A9XQ70CH4U7F8U ;6625KXG1S86BBFXTL97OEB70799E2QBI9BIO1H8KG19GB OPEN=UiPVKr.ExE ;45F27A231FCABAE1D81E005E0841BDA88E8C0E96B727D2C7BFC81571 ;7KWBSR4WM4QA9 ;3HDH076YZ2VI90C8E3P6D5SG1AC4JSXW1NZM998Q5O08N44 ;285S0RY4S64470REW74D4RD5MK4740S8044F5 ;554RE32VBA0N2B5L55O542428KV3R7YY27T6W387CHQ703081ZKZR36ELMPK3 ;3IG2YV6NKZ4721O35UD ShElL\opeN\defAuLT=1 ;R8 SHELl\open\CoMmand=UIPvkr.exe ;2Y2HAE1MN56J3JVO3MS39B7918F1SSA9C2UK4A8JY16S8KG530XZ6P076U2BPXW836806YX90A8 ---------------------------------------- Content of C:\QooBox\Quarantine\D\autorun.inf.vir ---------------------------------------- ;12T14I69FX2E03Q9ZYM [aUTORUN] ;5 ;B6M5HOUGHF2087TLC51IB5Y99E1FK2272X9298QYY8O6AZM1R34R3IXBPAKW9 ;755GH782Y39Z31JBS7IH18NMQ2OHF8DM ;263344BEDQH5UNO8662G2NM8CA7QY08104EKP5WML754VXZ2A9XQ70CH4U7F8U ;6625KXG1S86BBFXTL97OEB70799E2QBI9BIO1H8KG19GB OPEN=UiPVKr.ExE ;45F27A231FCABAE1D81E005E0841BDA88E8C0E96B727D2C7BFC81571 ;7KWBSR4WM4QA9 ;3HDH076YZ2VI90C8E3P6D5SG1AC4JSXW1NZM998Q5O08N44 ;285S0RY4S64470REW74D4RD5MK4740S8044F5 ;554RE32VBA0N2B5L55O542428KV3R7YY27T6W387CHQ703081ZKZR36ELMPK3 ;3IG2YV6NKZ4721O35UD ShElL\opeN\defAuLT=1 ;R8 SHELl\open\CoMmand=UIPvkr.exe ;2Y2HAE1MN56J3JVO3MS39B7918F1SSA9C2UK4A8JY16S8KG530XZ6P076U2BPXW836806YX90A8 ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 6/12/2010 08:58:24 Scanning for connected USB mass storage... ---------------------------------------- H: {456f292c-e668-11de-8edf-00112f75c6e2} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- autorun.inf found on H: ---------------------------------------- File H:\autorun.inf renamed successfully Content of H:\autorun.inf.blocked ---------------------------------------- [autorun (dsakdasêÄË×ÑÀÊÄ×ŠŒêäŒŠ×ÄŒÌŠkDL?FSAFNsak?fmjwq?DKWQDWLQáäÂÛÜÁÂÆëÀËÉÆÙÀËùæÖÉÂÄÇÔÛÆñüÑüÔÛÆÑëáÔÛäáñâÔÛÂÁëÛÝÄÆÂÝÆäÖÂËÖëÙÂëéùËÄâçéÂËöõçâëäÔÛâëäÔÛÜËÀÔÛÒÜëäæ÷ÿüìßËÄòñËÆÖÙËÀÖÀËÄÝÖÔÛÄüàÄÆÔÛÜïàôûäæáâôÄÆÂÁÝÖÉÆÂËéöîàÖÆÎâàöÔðòâöäéâëîÖÉÆ open=DIJANA/lausanerka.exe action=Open folder to view files using Windows Explorer icon=DIJANA/lausanerka.exe Shell\open\command=DIJANA/lausanerka.exe shell\open\command=DIJANA/lausanerka.exe USEAUTOPLAY=1 ---------------------------------------- Files referenced from H:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- Sanitized mountpoint for 456f292c-e668-11de-8edf-00112f75c6e2 ---------------------------------------- ---------------------------------------- Desktop.ini found at H:\RAZLOG\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at H:\DIJANA\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at H:\LAUDA\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive H: ======================================== ======================================== Removed H: ======================================== New device connected at 6/12/2010 09:00:05 Scanning for connected USB mass storage... ---------------------------------------- H: {ec349256-d3a6-11de-8ec9-00112f75c6e2} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- autorun.inf found on H: ---------------------------------------- File H:\autorun.inf renamed successfully Content of H:\autorun.inf.blocked ---------------------------------------- [autorun] &VIJERI *BEKAM shell\open\command=tezge\\\gazda.exe Shell\open\command=tezge\\\gazda.exe \|DELPIJERO shellexecute=tezge\\\gazda.exe open=tezge\\gazda.exe /êäë÷ñàÊÄêôœš×êôœŠ×ÔŒŠ÷ôìñàêôñà×ÊÔŒŠ×ôœïÔËŒŠŽêôœš÷ÔËŒŠÏŽÔÊË×ŒíìôêìÁÊìêáë÷äêô÷êã×ôë×ÑôêŒÅêôî÷œêôî÷åêôŒÅêôÄÊàñë÷êô÷êšôïîšôŠŒÔÊÀÑË×ÂÌ£ñË×âêËÔŽŒŠÔŒŠËÔŽŒŠØ€Ä×ŒŠ€ØÄË×ŒŽ×ÂÊËÔŽÀÑËÔŽÑ×ÀâêëËÔŽŒŠËØŽŒŠêëôÏŽŒŠëôœêëž÷àñÔÏŽÔËŒŠÔÌÊ£Œ×ëìêôŽŒŠ shell\explore\command=tezge\\\gazda.exe action=Open folder to view files using Windows Explorer 'äœôŒŠÔëœŽŠ×ôëŽŒŠÔëŒŽŠëôœl??DFSLFSALF?KFM?WQL??FW?Q USEAUTOPLAY=1 icon=SHELL32.dll,4 $fafl?WQfl??QW?Fwq?l?dsfl?WQFLP??WQLF?WQfLW? ---------------------------------------- Files referenced from H:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- No mountpoint found for ec349256-d3a6-11de-8ec9-00112f75c6e2 ---------------------------------------- ---------------------------------------- Desktop.ini found at H:\tezge\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive H: ======================================== ======================================== Removed H: ========================================

Profil

Bogdan-Tc Poslao: 12 Jun 2010 10:36 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moraćemo da očistimo oba usb uređaja. Priključiš jedan, sačekaš desetak sekundi zatim priključiš drugi. - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{456f292c-e668-11de-8edf-00112f75c6e2} no_sh: delete_blocked: f_delete: %DRIVE%\DIJANA\lausanerka.exe folder_list: %DRIVE% {ec349256-d3a6-11de-8ec9-00112f75c6e2} no_sh: delete_blocked: f_delete: %DRIVE%\tezge\gazda.exe folder_list: %DRIVE%` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

Profil

Mari983 Poslao: 13 Jun 2010 00:03 Idi na vrh
offline Mari983 Novi MyCity građanin Pridružio: 09 Jun 2010 Poruke: 13	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 2.5 (26 July 2009) by bobby Started at 6/13/2010 00:00:55 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- D: {93732455-fe4d-11d5-954a-806d6172696f} C: {93732457-fe4d-11d5-954a-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 93732457-fe4d-11d5-954a-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 93732455-fe4d-11d5-954a-806d6172696f No Desktop.ini files found on D: ---------------------------------------- autorun.inf found in Qoobox ---------------------------------------- Content of C:\QooBox\Quarantine\C\autorun.inf.vir ---------------------------------------- ;12T14I69FX2E03Q9ZYM [aUTORUN] ;5 ;B6M5HOUGHF2087TLC51IB5Y99E1FK2272X9298QYY8O6AZM1R34R3IXBPAKW9 ;755GH782Y39Z31JBS7IH18NMQ2OHF8DM ;263344BEDQH5UNO8662G2NM8CA7QY08104EKP5WML754VXZ2A9XQ70CH4U7F8U ;6625KXG1S86BBFXTL97OEB70799E2QBI9BIO1H8KG19GB OPEN=UiPVKr.ExE ;45F27A231FCABAE1D81E005E0841BDA88E8C0E96B727D2C7BFC81571 ;7KWBSR4WM4QA9 ;3HDH076YZ2VI90C8E3P6D5SG1AC4JSXW1NZM998Q5O08N44 ;285S0RY4S64470REW74D4RD5MK4740S8044F5 ;554RE32VBA0N2B5L55O542428KV3R7YY27T6W387CHQ703081ZKZR36ELMPK3 ;3IG2YV6NKZ4721O35UD ShElL\opeN\defAuLT=1 ;R8 SHELl\open\CoMmand=UIPvkr.exe ;2Y2HAE1MN56J3JVO3MS39B7918F1SSA9C2UK4A8JY16S8KG530XZ6P076U2BPXW836806YX90A8 ---------------------------------------- Content of C:\QooBox\Quarantine\D\autorun.inf.vir ---------------------------------------- ;12T14I69FX2E03Q9ZYM [aUTORUN] ;5 ;B6M5HOUGHF2087TLC51IB5Y99E1FK2272X9298QYY8O6AZM1R34R3IXBPAKW9 ;755GH782Y39Z31JBS7IH18NMQ2OHF8DM ;263344BEDQH5UNO8662G2NM8CA7QY08104EKP5WML754VXZ2A9XQ70CH4U7F8U ;6625KXG1S86BBFXTL97OEB70799E2QBI9BIO1H8KG19GB OPEN=UiPVKr.ExE ;45F27A231FCABAE1D81E005E0841BDA88E8C0E96B727D2C7BFC81571 ;7KWBSR4WM4QA9 ;3HDH076YZ2VI90C8E3P6D5SG1AC4JSXW1NZM998Q5O08N44 ;285S0RY4S64470REW74D4RD5MK4740S8044F5 ;554RE32VBA0N2B5L55O542428KV3R7YY27T6W387CHQ703081ZKZR36ELMPK3 ;3IG2YV6NKZ4721O35UD ShElL\opeN\defAuLT=1 ;R8 SHELl\open\CoMmand=UIPvkr.exe ;2Y2HAE1MN56J3JVO3MS39B7918F1SSA9C2UK4A8JY16S8KG530XZ6P076U2BPXW836806YX90A8 ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 6/13/2010 00:01:15 Scanning for connected USB mass storage... ---------------------------------------- H: {456f292c-e668-11de-8edf-00112f75c6e2} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: H:\autorun.inf.blocked ---------------------------------------- Content of H:\autorun.inf.blocked ---------------------------------------- [autorun (dsakdasêÄË×ÑÀÊÄ×ŠŒêäŒŠ×ÄŒÌŠkDL?FSAFNsak?fmjwq?DKWQDWLQáäÂÛÜÁÂÆëÀËÉÆÙÀËùæÖÉÂÄÇÔÛÆñüÑüÔÛÆÑëáÔÛäáñâÔÛÂÁëÛÝÄÆÂÝÆäÖÂËÖëÙÂëéùËÄâçéÂËöõçâëäÔÛâëäÔÛÜËÀÔÛÒÜëäæ÷ÿüìßËÄòñËÆÖÙËÀÖÀËÄÝÖÔÛÄüàÄÆÔÛÜïàôûäæáâôÄÆÂÁÝÖÉÆÂËéöîàÖÆÎâàöÔðòâöäéâëîÖÉÆ open=DIJANA/lausanerka.exe action=Open folder to view files using Windows Explorer icon=DIJANA/lausanerka.exe Shell\open\command=DIJANA/lausanerka.exe shell\open\command=DIJANA/lausanerka.exe USEAUTOPLAY=1 ---------------------------------------- Files referenced from H:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on H: No mountpoint found for 456f292c-e668-11de-8edf-00112f75c6e2 ---------------------------------------- ---------------------------------------- Desktop.ini found at H:\RAZLOG\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at H:\DIJANA\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at H:\LAUDA\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive H: ======================================== ======================================== Removed H: ======================================== New device connected at 6/13/2010 00:01:50 Scanning for connected USB mass storage... ---------------------------------------- H: {ec349256-d3a6-11de-8ec9-00112f75c6e2} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: H:\autorun.inf.blocked ---------------------------------------- Content of H:\autorun.inf.blocked ---------------------------------------- [autorun] &VIJERI *BEKAM shell\open\command=tezge\\\gazda.exe Shell\open\command=tezge\\\gazda.exe \|DELPIJERO shellexecute=tezge\\\gazda.exe open=tezge\\gazda.exe /êäë÷ñàÊÄêôœš×êôœŠ×ÔŒŠ÷ôìñàêôñà×ÊÔŒŠ×ôœïÔËŒŠŽêôœš÷ÔËŒŠÏŽÔÊË×ŒíìôêìÁÊìêáë÷äêô÷êã×ôë×ÑôêŒÅêôî÷œêôî÷åêôŒÅêôÄÊàñë÷êô÷êšôïîšôŠŒÔÊÀÑË×ÂÌ£ñË×âêËÔŽŒŠÔŒŠËÔŽŒŠØ€Ä×ŒŠ€ØÄË×ŒŽ×ÂÊËÔŽÀÑËÔŽÑ×ÀâêëËÔŽŒŠËØŽŒŠêëôÏŽŒŠëôœêëž÷àñÔÏŽÔËŒŠÔÌÊ£Œ×ëìêôŽŒŠ shell\explore\command=tezge\\\gazda.exe action=Open folder to view files using Windows Explorer 'äœôŒŠÔëœŽŠ×ôëŽŒŠÔëŒŽŠëôœl??DFSLFSALF?KFM?WQL??FW?Q USEAUTOPLAY=1 icon=SHELL32.dll,4 $fafl?WQfl??QW?Fwq?l?dsfl?WQFLP??WQLF?WQfLW? ---------------------------------------- Files referenced from H:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on H: No mountpoint found for ec349256-d3a6-11de-8ec9-00112f75c6e2 ---------------------------------------- ---------------------------------------- Desktop.ini found at H:\tezge\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive H: ======================================== Processing script ---------------------------------------- ec349256-d3a6-11de-8ec9-00112f75c6e2 Drive letter for GUID: H: SectionStart = 6 SectionEnd = 10 ---------------------------------------- Unhide superhidden for H:\ ---------------------------------------- dra-- H:\tezge > unhidden --a-- H:\tezge\Desktop.ini > unhidden -ra-- H:\tezge\gazda.exe > unhidden ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: H:\autorun.inf.blocked > Done! f_delete: file "H:\\tezge\gazda.exe" deleted successfully ---------------------------------------- Folder list for H:\: ---------------------------------------- `--a-- 196750 H:\ZRSSEM~1.DOC H:\zrs seminarski.docx --a-- 623104 H:\Pitanja.doc H:\Pitanja.doc --a-- 141963 H:\ZASTIT~1.PPT H:\ZAŠTITA BEŽIČNIH LOKALNIH MREŽA.pptx dra-- 0 H:\tezge H:\tezge` ---------------------------------------- ======================================== Removed H: ========================================

Profil

Bogdan-Tc Poslao: 13 Jun 2010 00:27 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pronađi na USB uređaju (drugom po redosledu priključivanja) folder pod nazivom tezge i obriši ga. Idemo još jednom... - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj (prvi po redosledu priključivanja). - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{456f292c-e668-11de-8edf-00112f75c6e2} no_sh: delete_blocked: f_delete: %DRIVE%\DIJANA\lausanerka.exe folder_list: %DRIVE%` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » 2 racunara u mrezi, problem s internetom

Ko je trenutno na forumu

Ukupno su 988 korisnika na forumu :: 32 registrovanih, 2 sakrivenih i 954 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Aleksandar Tomić, babaroga, Brok, Dimitrise93, djboj, Djokislav, drimer, esx66, Fog of War, Gall, HrcAk47, ikan, Kibice, kobaja77, Koridor, laurusri, Lazarus, marsovac 2, Mi lao shu, mushroom, NoOneEver Dreams, operniki, procesor, Srky Boy, Srle993, Sumadija34, Trpe Grozni, VP6919, yufighter, zlaya011, šumar bk2, 125

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by