2 racunara u mrezi, problem s internetom

Napisano na dan: 9.6.2010
1

2 racunara u mrezi, problem s internetom

offline
  • Pridruio: 09 Jun 2010
  • Poruke: 13

Kuci imam 2 starija desktop racunara koji su medjusobno povezani i oba su preko swicha povezana na adsl, 1 Mbps.
Prije par dana su poceli da se javljaju problemi kad su oba ukljucena - ili se na jednom izgubi internet ili na oba. Decki iz euneta su mi kazali da je sto se njih tice sve ok, alida cesto imam max upload, koji je konstantan, a meni su iskljuceni utorrent i emule i sve slicno.
Jedan smo formatirali, a sa drugim mi se to ne radi jer mi je hard pun i ne da mi se sve to narezivati. Skeniranje je pronaslo jedan inficirani fajl i uklonilo ga, ali sve je i dalje isto.

Evo ovih logova i sl. Gmer mi je kocio citav komp i nisam uspjela da nista sacuvam.

DDS (Ver_10-03-17.01) - NTFSx86
Run by KORISNIK1 at 9:31:00.59 on Wed 06/09/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.132 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\KORISNIK1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\KORISNIK1\My Documents\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/default
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: Shell=Explorer.exe csrcs.exe
mWinlogon: Taskman=c:\documents and settings\korisnik1\application data\tnzbrg.exe
uWinlogon: Shell=c:\documents and settings\korisnik1\ctfmon.exe,explorer.exe,c:\documents and settings\korisnik1\application data\tnzbrg.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunServices: [csrcs] c:\windows\system32\csrcs.exe
mExplorerRun: [csrcs] c:\windows\system32\csrcs.exe
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoStrCmpLogical = 1 (0x1)
mPolicies-explorer: NoChangeAnimation = 1 (0x1)
mPolicies-explorer: NoStrCmpLogical = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {288DE7FE-0BB9-4D82-903A-9C44797E09BF} = 194.247.192.33,194.247.192.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\korisn~1\applic~1\mozilla\firefox\profiles\mfqpztgk.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\korisnik1\application data\mozilla\firefox\profiles\mfqpztgk.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\korisnik1\application data\mozilla\firefox\profiles\mfqpztgk.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\korisnik1\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla plugins\npitunes.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2010-6-6 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-6-6 394952]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2002/01/01 01:30:27];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2002-1-1 27632]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;"c:\program files\tbh\monitor\bin\tbhmonitor.exe" --> c:\program files\tbh\monitor\bin\tbhMonitor.exe [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2002-1-1 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2002-1-1 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2002-1-1 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2002-1-1 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2002-1-1 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2002-1-1 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2002-1-1 115752]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2010-06-09 06:47:48 0 d--h--w- c:\windows\PIF
2010-06-06 22:24:51 0 d-----w- c:\windows\pss
2010-06-06 21:57:17 9248 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-06 21:57:17 663584 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-06 21:53:39 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-06-06 21:53:09 75248 ----a-w- c:\windows\zllsputility.exe
2010-06-06 21:53:08 11264 ----a-w- c:\windows\system32\SpOrder.dll
2010-06-06 21:52:08 0 d-----w- c:\program files\Zone Labs
2010-06-06 21:51:20 0 d-----w- c:\windows\Internet Logs
2010-06-04 09:16:01 157184 --sh--r- c:\docume~1\korisn~1\applic~1\tnzbrg.exe
2010-06-01 08:16:22 0 ----a-w- c:\documents and settings\korisnik1\Desktop.ini
2010-05-10 19:59:56 123392 --sh--r- c:\documents and settings\korisnik1\ctfmon.exe

==================== Find3M ====================

2009-11-12 15:33:12 294688 ----a-w- c:\program files\iTunesOutlookAddIn.dll
2009-11-12 15:33:12 292640 ----a-w- c:\program files\iTunesPhotoProcessor.exe
2009-11-12 15:33:10 384800 ----a-w- c:\program files\iTunesAdmin.dll
2009-11-12 15:33:10 211232 ----a-w- c:\program files\iTunesHelper.dll
2009-11-12 15:33:10 141600 ----a-w- c:\program files\iTunesHelper.exe
2009-11-12 15:33:10 124192 ----a-w- c:\program files\iTunesMiniPlayer.dll
2009-11-12 15:33:04 10358048 ----a-w- c:\program files\iTunes.exe
2009-11-12 15:33:00 722160 ----a-w- c:\program files\CDDBControlApple.dll
2009-11-12 15:33:00 648480 ----a-w- c:\program files\iPodUpdaterExt.dll
2009-11-12 15:33:00 14769448 ----a-w- c:\program files\iTunes.dll
2009-11-12 15:33:00 111912 ----a-w- c:\program files\ITDetector.ocx
2009-11-12 15:32:48 59083 ----a-w- c:\program files\Acknowledgements.rtf

============= FINISH: 9:31:41.29 ===============
mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridruio: 04 Jan 2009
  • Poruke: 2168

Pozdrav i dobrodola na MyCity. Smile




Preuzmi sUBs-ov ComboFix sa sledee adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slinu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sauvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude zavreno:
deaktiviraj zatitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix e:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponueno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati odreeni broj upita/obavetenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (vie puta);
na kraju rada, otvoriti Notepad sa izvetajem o skeniranju.


Iskopiraj izvetaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom mia u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom mia na obeleeni tekst i izaberi Copy;
klikni desnim tasterom mia u polje za pisanje poruke i izaberi Paste.


Napomena:Izvetaj e biti sauvan pod nazivom ComboFix.txt na sistemskoj particiji (tipina lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primeti da izvetaj nije kompletan, iskoristi opciju Prikai fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridruio: 09 Jun 2010
  • Poruke: 13

Evo ga. Jedva :-)


ComboFix 10-06-09.01 - KORISNIK1 06/10/2010 1:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.117 [GMT 2:00]
Running from: c:\documents and settings\KORISNIK1\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\KORISN~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\KORISNIK1\Application Data\tnzbrg.exe
c:\documents and settings\KORISNIK1\ctfmon.exe
D:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-09 06:47 . 2010-06-09 06:47 -------- d--h--w- c:\windows\PIF
2010-06-06 21:57 . 2010-06-09 23:39 725024 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-06-06 21:52 . 2010-06-06 21:52 -------- d-----w- c:\program files\Zone Labs
2010-06-06 21:51 . 2010-06-07 22:09 -------- d-----w- c:\windows\Internet Logs
2010-05-26 12:54 . 2010-05-26 12:54 503808 ----a-w- c:\documents and settings\KORISNIK1\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-50647ad1-n\msvcp71.dll
2010-05-26 12:54 . 2010-05-26 12:54 499712 ----a-w- c:\documents and settings\KORISNIK1\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-50647ad1-n\jmc.dll
2010-05-26 12:54 . 2010-05-26 12:54 348160 ----a-w- c:\documents and settings\KORISNIK1\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-50647ad1-n\msvcr71.dll
2010-05-12 21:25 . 2010-05-12 21:25 -------- d-----w- c:\documents and settings\KORISNIK1\Local Settings\Application Data\ApplicationHistory

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 23:24 . 2010-06-06 21:57 9872 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-06-09 23:23 . 2009-12-22 19:37 -------- d-----w- c:\documents and settings\KORISNIK1\Application Data\Skype
2010-06-06 22:11 . 2010-02-01 11:13 -------- d-----w- c:\documents and settings\KORISNIK1\Application Data\uTorrent
2010-06-06 22:02 . 2010-04-09 20:15 -------- d-----w- c:\program files\Game Accelerator
2010-06-06 21:55 . 2010-06-06 21:53 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-06-06 21:53 . 2010-06-06 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier
2010-05-02 11:58 . 2010-05-02 11:56 -------- d-----w- c:\documents and settings\KORISNIK1\Application Data\PrimoPDF
2010-05-02 11:54 . 2010-05-02 11:54 -------- d-----w- c:\program files\Nitro PDF
2010-04-17 21:44 . 2002-01-01 00:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-17 17:27 . 2010-04-17 08:58 -------- d-----w- c:\program files\ATI
2010-04-17 08:59 . 2010-04-09 20:46 -------- d-----w- c:\program files\ATI Technologies
2010-04-09 20:48 . 2010-04-09 20:48 9158 ----a-r- c:\documents and settings\KORISNIK1\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-11-12 15:33 . 2009-11-12 15:33 294688 ----a-w- c:\program files\iTunesOutlookAddIn.dll
2009-11-12 15:33 . 2009-11-12 15:33 292640 ----a-w- c:\program files\iTunesPhotoProcessor.exe
2009-11-12 15:33 . 2009-11-12 15:33 384800 ----a-w- c:\program files\iTunesAdmin.dll
2009-11-12 15:33 . 2009-11-12 15:33 211232 ----a-w- c:\program files\iTunesHelper.dll
2009-11-12 15:33 . 2009-11-12 15:33 141600 ----a-w- c:\program files\iTunesHelper.exe
2009-11-12 15:33 . 2009-11-12 15:33 124192 ----a-w- c:\program files\iTunesMiniPlayer.dll
2009-11-12 15:33 . 2009-11-12 15:33 10358048 ----a-w- c:\program files\iTunes.exe
2009-11-12 15:33 . 2009-11-12 15:33 722160 ----a-w- c:\program files\CDDBControlApple.dll
2009-11-12 15:33 . 2009-11-12 15:33 648480 ----a-w- c:\program files\iPodUpdaterExt.dll
2009-11-12 15:33 . 2009-11-12 15:33 14769448 ----a-w- c:\program files\iTunes.dll
2009-11-12 15:33 . 2009-11-12 15:33 111912 ----a-w- c:\program files\ITDetector.ocx
2009-11-12 15:32 . 2009-11-12 15:32 59083 ----a-w- c:\program files\Acknowledgements.rtf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-04-01 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-11-19 17:41 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-04 09:39 149040 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2007-12-21 07:21 1443072 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2009-11-15 20:59 158752 ----a-w- c:\program files\Freecorder\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-31 22:10 135664 ----atw- c:\documents and settings\KORISNIK1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 12:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-05-04 09:59 161328 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-27 16:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PtiuPbmd]
2006-10-29 15:12 24576 ----a-r- c:\windows\system32\ptipbm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 13:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
"4672:UDP"= 4672:UDP:UDP Incoming
"4662:TCP"= 4662:TCP:eMule : TCP Incoming

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 09:21 33800]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2002/01/01 01:30];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 20:40 87536]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 09:21 468224]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [1/1/2002 11:25 27632]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/10/2009 12:31 717296]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;"c:\program files\tbh\monitor\bin\tbhMonitor.exe" --> c:\program files\tbh\monitor\bin\tbhMonitor.exe [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [1/1/2002 11:24 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [1/1/2002 11:24 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [1/1/2002 11:24 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [1/1/2002 11:24 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [1/1/2002 11:24 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [1/1/2002 11:24 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [1/1/2002 11:24 115752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1450960922-1417001333-1003Core.job
- c:\documents and settings\KORISNIK1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-31 22:10]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1450960922-1417001333-1003UA.job
- c:\documents and settings\KORISNIK1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-31 22:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/default
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {288DE7FE-0BB9-4D82-903A-9C44797E09BF} = 194.247.192.33,194.247.192.1
FF - ProfilePath - c:\documents and settings\KORISNIK1\Application Data\Mozilla\Firefox\Profiles\mfqpztgk.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\KORISNIK1\Application Data\Mozilla\Firefox\Profiles\mfqpztgk.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\KORISNIK1\Application Data\Mozilla\Firefox\Profiles\mfqpztgk.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\KORISNIK1\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Plugins\npitunes.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-GameXL - c:\program files\Game Accelerator\gamexl.exe
MSConfigStartUp-tbhSystray - c:\program files\tbh\base\bin\tbhSystray.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Completion time: 2010-06-10 01:42:39
ComboFix-quarantined-files.txt 2010-06-09 23:42

Pre-Run: 70,463,488 bytes free
Post-Run: 1,156,493,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

- - End Of File - - 478DC43D01855E42FDA0049E8F8AFAD5

offline
  • Pridruio: 04 Jan 2009
  • Poruke: 2168

Izvini na ekanju...


Kakvo je sada stanje?

offline
  • Pridruio: 09 Jun 2010
  • Poruke: 13

Sad djeluje sve ok. Nije mi se prekidala konekcija danas. To bi trebalo biti to ili?

offline
  • Pridruio: 04 Jan 2009
  • Poruke: 2168

Ima aktivne ostatke od Kasperskog antivirus programa.

To bi trebalo ukloniti, kao i reinstalirati NOD, jer je oteen.


Dau ti uputstvo kako ovo da odradi samo jo neto da proverimo.


Ukoliko ima USB memorijske ureaje kod sebe, isprati sledee uputstvo...



- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridruio: 09 Jun 2010
  • Poruke: 13

Ja nikad nisam imala Kasperski? Doduse ovaj racunar je bio prije pola godine na servisu zbog napajanja i tad mi je taj tip postavio Nod. Ali vidim da Nod nije ok - stalno mi izbacuje neka upozorenja da nije updateovan.

U ovaj racunar ubadam samo iPOD i jedan flash disk. Evo ga log.



USBNoRisk 2.5 (26 July 2009) by bobby

Started at 6/12/2010 08:52:58

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {93732455-fe4d-11d5-954a-806d6172696f}
C: {93732457-fe4d-11d5-954a-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 93732457-fe4d-11d5-954a-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 93732455-fe4d-11d5-954a-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
;12T14I69FX2E03Q9ZYM
[aUTORUN]
;5
;B6M5HOUGHF2087TLC51IB5Y99E1FK2272X9298QYY8O6AZM1R34R3IXBPAKW9
;755GH782Y39Z31JBS7IH18NMQ2OHF8DM
;263344BEDQH5UNO8662G2NM8CA7QY08104EKP5WML754VXZ2A9XQ70CH4U7F8U
;6625KXG1S86BBFXTL97OEB70799E2QBI9BIO1H8KG19GB
OPEN=UiPVKr.ExE
;45F27A231FCABAE1D81E005E0841BDA88E8C0E96B727D2C7BFC81571
;7KWBSR4WM4QA9
;3HDH076YZ2VI90C8E3P6D5SG1AC4JSXW1NZM998Q5O08N44
;285S0RY4S64470REW74D4RD5MK4740S8044F5
;554RE32VBA0N2B5L55O542428KV3R7YY27T6W387CHQ703081ZKZR36ELMPK3
;3IG2YV6NKZ4721O35UD
ShElL\opeN\defAuLT=1
;R8
SHELl\open\CoMmand=UIPvkr.exe
;2Y2HAE1MN56J3JVO3MS39B7918F1SSA9C2UK4A8JY16S8KG530XZ6P076U2BPXW836806YX90A8
----------------------------------------
Content of C:\QooBox\Quarantine\D\autorun.inf.vir
----------------------------------------
;12T14I69FX2E03Q9ZYM
[aUTORUN]
;5
;B6M5HOUGHF2087TLC51IB5Y99E1FK2272X9298QYY8O6AZM1R34R3IXBPAKW9
;755GH782Y39Z31JBS7IH18NMQ2OHF8DM
;263344BEDQH5UNO8662G2NM8CA7QY08104EKP5WML754VXZ2A9XQ70CH4U7F8U
;6625KXG1S86BBFXTL97OEB70799E2QBI9BIO1H8KG19GB
OPEN=UiPVKr.ExE
;45F27A231FCABAE1D81E005E0841BDA88E8C0E96B727D2C7BFC81571
;7KWBSR4WM4QA9
;3HDH076YZ2VI90C8E3P6D5SG1AC4JSXW1NZM998Q5O08N44
;285S0RY4S64470REW74D4RD5MK4740S8044F5
;554RE32VBA0N2B5L55O542428KV3R7YY27T6W387CHQ703081ZKZR36ELMPK3
;3IG2YV6NKZ4721O35UD
ShElL\opeN\defAuLT=1
;R8
SHELl\open\CoMmand=UIPvkr.exe
;2Y2HAE1MN56J3JVO3MS39B7918F1SSA9C2UK4A8JY16S8KG530XZ6P076U2BPXW836806YX90A8
----------------------------------------
========================================
Initial scan finished!
========================================


New device connected at 6/12/2010 08:58:24

Scanning for connected USB mass storage...
----------------------------------------
H: {456f292c-e668-11de-8edf-00112f75c6e2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File H:\autorun.inf renamed successfully

Content of H:\autorun.inf.blocked
----------------------------------------
[autorun
(dsakdasêÑÀÊ׊ŒêŒŒÌkDL?FSAFNsak?fmjwq?DKWQDWLQÛÆÀÆÙÀùæÛÆñÑÛÆÑÛñÛÛÆÆÙùõÛÛÀÛÒæÿìòñÆÙÀÀÛàÆÛïàûæÆÆàÆàðòÆ
open=DIJANA/lausanerka.exe
action=Open folderto view files usingWindowsExplorer
icon=DIJANA/lausanerka.exe
Shell\open\command=DIJANA/lausanerka.exe
shell\open\command=DIJANA/lausanerka.exe
USEAUTOPLAY=1
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Sanitized mountpoint for 456f292c-e668-11de-8edf-00112f75c6e2
----------------------------------------

----------------------------------------
Desktop.ini found at H:\RAZLOG\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\DIJANA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\LAUDA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================

========================================
Removed H:
========================================


New device connected at 6/12/2010 09:00:05

Scanning for connected USB mass storage...
----------------------------------------
H: {ec349256-d3a6-11de-8ec9-00112f75c6e2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File H:\autorun.inf renamed successfully

Content of H:\autorun.inf.blocked
----------------------------------------
[autorun]
&VIJERI
*BEKAM
shell\open\command=tezge\\\gazda.exe
Shell\open\command=tezge\\\gazda.exe
|DELPIJERO
shellexecute=tezge\\\gazda.exe
open=tezge\\gazda.exe
/êñàÊêœêœŒìñàêñàÊŒœïŒêœŒÏÊŒìêìÊìêêêãÑêŒÅêœêåêŒÅêÊàñêêïŒÊÀÑÌ£ñêԎŒŒԎŒØŒØŒÊԎÀÑԎÑÀêԎŒØŒêÏŒœêàñÏŒÌÊ£ŒìêŒ
shell\explore\command=tezge\\\gazda.exe
action=Open folderto view files usingWindowsExplorer
'œŒœŒŒœl??DFSLFSALF?KFM?WQL??FW?Q
USEAUTOPLAY=1
icon=SHELL32.dll,4
$fafl?WQfl??QW?Fwq?l?dsfl?WQFLP??WQLF?WQfLW?
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

No mountpoint found for ec349256-d3a6-11de-8ec9-00112f75c6e2
----------------------------------------

----------------------------------------
Desktop.ini found at H:\tezge\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================

========================================
Removed H:
========================================

offline
  • Pridruio: 04 Jan 2009
  • Poruke: 2168

Moraemo da oistimo oba usb ureaja.

Prikljui jedan, saeka desetak sekundi zatim prikljui drugi.




- Pokrenuti USBNoRisk i saekati da izvri inicijalno skeniranje.

- Po zavretku inicijalnog skeniranja prikljuiti USB memorijski ureaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledei tekst:

{456f292c-e668-11de-8edf-00112f75c6e2}
no_sh:
delete_blocked:
f_delete: %DRIVE%\DIJANA\lausanerka.exe
folder_list: %DRIVE%

{ec349256-d3a6-11de-8ec9-00112f75c6e2}
no_sh:
delete_blocked:
f_delete: %DRIVE%\tezge\gazda.exe
folder_list: %DRIVE%


- Izvriti komandu klikom na taster Run Script;



Po izvrenju komande USBNoRisk e se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvorie se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

offline
  • Pridruio: 09 Jun 2010
  • Poruke: 13

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 6/13/2010 00:00:55

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {93732455-fe4d-11d5-954a-806d6172696f}
C: {93732457-fe4d-11d5-954a-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 93732457-fe4d-11d5-954a-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 93732455-fe4d-11d5-954a-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
;12T14I69FX2E03Q9ZYM
[aUTORUN]
;5
;B6M5HOUGHF2087TLC51IB5Y99E1FK2272X9298QYY8O6AZM1R34R3IXBPAKW9
;755GH782Y39Z31JBS7IH18NMQ2OHF8DM
;263344BEDQH5UNO8662G2NM8CA7QY08104EKP5WML754VXZ2A9XQ70CH4U7F8U
;6625KXG1S86BBFXTL97OEB70799E2QBI9BIO1H8KG19GB
OPEN=UiPVKr.ExE
;45F27A231FCABAE1D81E005E0841BDA88E8C0E96B727D2C7BFC81571
;7KWBSR4WM4QA9
;3HDH076YZ2VI90C8E3P6D5SG1AC4JSXW1NZM998Q5O08N44
;285S0RY4S64470REW74D4RD5MK4740S8044F5
;554RE32VBA0N2B5L55O542428KV3R7YY27T6W387CHQ703081ZKZR36ELMPK3
;3IG2YV6NKZ4721O35UD
ShElL\opeN\defAuLT=1
;R8
SHELl\open\CoMmand=UIPvkr.exe
;2Y2HAE1MN56J3JVO3MS39B7918F1SSA9C2UK4A8JY16S8KG530XZ6P076U2BPXW836806YX90A8
----------------------------------------
Content of C:\QooBox\Quarantine\D\autorun.inf.vir
----------------------------------------
;12T14I69FX2E03Q9ZYM
[aUTORUN]
;5
;B6M5HOUGHF2087TLC51IB5Y99E1FK2272X9298QYY8O6AZM1R34R3IXBPAKW9
;755GH782Y39Z31JBS7IH18NMQ2OHF8DM
;263344BEDQH5UNO8662G2NM8CA7QY08104EKP5WML754VXZ2A9XQ70CH4U7F8U
;6625KXG1S86BBFXTL97OEB70799E2QBI9BIO1H8KG19GB
OPEN=UiPVKr.ExE
;45F27A231FCABAE1D81E005E0841BDA88E8C0E96B727D2C7BFC81571
;7KWBSR4WM4QA9
;3HDH076YZ2VI90C8E3P6D5SG1AC4JSXW1NZM998Q5O08N44
;285S0RY4S64470REW74D4RD5MK4740S8044F5
;554RE32VBA0N2B5L55O542428KV3R7YY27T6W387CHQ703081ZKZR36ELMPK3
;3IG2YV6NKZ4721O35UD
ShElL\opeN\defAuLT=1
;R8
SHELl\open\CoMmand=UIPvkr.exe
;2Y2HAE1MN56J3JVO3MS39B7918F1SSA9C2UK4A8JY16S8KG530XZ6P076U2BPXW836806YX90A8
----------------------------------------
========================================
Initial scan finished!
========================================


New device connected at 6/13/2010 00:01:15

Scanning for connected USB mass storage...
----------------------------------------
H: {456f292c-e668-11de-8edf-00112f75c6e2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun
(dsakdasêÑÀÊ׊ŒêŒŒÌkDL?FSAFNsak?fmjwq?DKWQDWLQÛÆÀÆÙÀùæÛÆñÑÛÆÑÛñÛÛÆÆÙùõÛÛÀÛÒæÿìòñÆÙÀÀÛàÆÛïàûæÆÆàÆàðòÆ
open=DIJANA/lausanerka.exe
action=Open folderto view files usingWindowsExplorer
icon=DIJANA/lausanerka.exe
Shell\open\command=DIJANA/lausanerka.exe
shell\open\command=DIJANA/lausanerka.exe
USEAUTOPLAY=1
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for 456f292c-e668-11de-8edf-00112f75c6e2
----------------------------------------

----------------------------------------
Desktop.ini found at H:\RAZLOG\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\DIJANA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\LAUDA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================

========================================
Removed H:
========================================


New device connected at 6/13/2010 00:01:50

Scanning for connected USB mass storage...
----------------------------------------
H: {ec349256-d3a6-11de-8ec9-00112f75c6e2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun]
&VIJERI
*BEKAM
shell\open\command=tezge\\\gazda.exe
Shell\open\command=tezge\\\gazda.exe
|DELPIJERO
shellexecute=tezge\\\gazda.exe
open=tezge\\gazda.exe
/êñàÊêœêœŒìñàêñàÊŒœïŒêœŒÏÊŒìêìÊìêêêãÑêŒÅêœêåêŒÅêÊàñêêïŒÊÀÑÌ£ñêԎŒŒԎŒØŒØŒÊԎÀÑԎÑÀêԎŒØŒêÏŒœêàñÏŒÌÊ£ŒìêŒ
shell\explore\command=tezge\\\gazda.exe
action=Open folderto view files usingWindowsExplorer
'œŒœŒŒœl??DFSLFSALF?KFM?WQL??FW?Q
USEAUTOPLAY=1
icon=SHELL32.dll,4
$fafl?WQfl??QW?Fwq?l?dsfl?WQFLP??WQLF?WQfLW?
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for ec349256-d3a6-11de-8ec9-00112f75c6e2
----------------------------------------

----------------------------------------
Desktop.ini found at H:\tezge\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive H:
========================================


Processing script
----------------------------------------
ec349256-d3a6-11de-8ec9-00112f75c6e2
Drive letter for GUID: H:
SectionStart = 6
SectionEnd = 10
----------------------------------------
Unhide superhidden for H:\
----------------------------------------
dra-- H:\tezge > unhidden
--a-- H:\tezge\Desktop.ini > unhidden
-ra-- H:\tezge\gazda.exe > unhidden
----------------------------------------
Deleting blocked files:
----------------------------------------
Delete: H:\autorun.inf.blocked > Done!
f_delete:
file "H:\\tezge\gazda.exe" deleted successfully
----------------------------------------
Folder list for H:\:
----------------------------------------

--a--   196750   H:\ZRSSEM~1.DOC   H:\zrs seminarski.docx
--a--   623104   H:\Pitanja.doc   H:\Pitanja.doc
--a--   141963   H:\ZASTIT~1.PPT   H:\ZATITA BEINIH LOKALNIH MREA.pptx
dra--   0   H:\tezge   H:\tezge

----------------------------------------

========================================
Removed H:
========================================

offline
  • Pridruio: 04 Jan 2009
  • Poruke: 2168

Pronai na USB ureaju (drugom po redosledu prikljuivanja) folder pod nazivom tezge i obrii ga.



Idemo jo jednom...


- Pokrenuti USBNoRisk i saekati da izvri inicijalno skeniranje.

- Po zavretku inicijalnog skeniranja prikljuiti USB memorijski ureaj (prvi po redosledu prikljuivanja).

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledei tekst:

{456f292c-e668-11de-8edf-00112f75c6e2}
no_sh:
delete_blocked:
f_delete: %DRIVE%\DIJANA\lausanerka.exe
folder_list: %DRIVE%


- Izvriti komandu klikom na taster Run Script;



Po izvrenju komande USBNoRisk e se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvorie se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

Ko je trenutno na forumu
 

Ukupno su 859 korisnika na forumu :: 45 registrovanih, 4 sakrivenih i 810 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najvie korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Apok, babaroga, baltazarxxx, blue, Cigi, darcaud, Dragan1998, Drug pukovnik, Fog of War, FOX, Georgius, goxsys, HrcAk47, ikan, kaisarevic1, Kibice, kybonacci, ljiljak, manda87, Marko Markovi, MB120mm, meelosh64, Milan A. Nikolic, miodrag, misa1xx, Mixelotti, moldway, Najax, Nekicoveculjak, nemkea71, pacika, raketa, Recce, Regrut Boskica, rovac, sakota79, Sale.S, Smiljke, Srki94, Toni, vathra, yufighter, zodiac94, |_MeD_|