MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Trojancima!!!

Problem sa Trojancima!!!

Napisano na dan: 9.7.2010

Strana:
1
2
3
4

Problem sa Trojancima!!!

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

vlax10 Poslao: 19 Jul 2010 10:54 Idi na vrh
offline vlax10 Građanin Pridružio: 29 Jan 2009 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:54:23 AM, on 7/19/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O8 - Extra context menu item: &Google Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Link mogu videti samo ulogovani korisnici]\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Backward &Links - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmtrans.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 5974 bytes

Profil

1l padr1n0 Poslao: 19 Jul 2010 17:08 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

vlax10 Poslao: 22 Jul 2010 18:00 Idi na vrh
offline vlax10 Građanin Pridružio: 29 Jan 2009 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:00:42 PM, on 7/22/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Link mogu videti samo ulogovani korisnici]\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Backward &Links - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - [Link mogu videti samo ulogovani korisnici]\Program Files\Google\googletoolbar.dll/cmtrans.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6172 bytes

Profil

1l padr1n0 Poslao: 22 Jul 2010 18:35 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Procitaj moj prethodni post i uradi po uputstvu.

Profil

vlax10 Poslao: 23 Jul 2010 17:44 Idi na vrh
offline vlax10 Građanin Pridružio: 29 Jan 2009 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako prvo sam ubacio svoj usb od 4gb potom mobilni i ostatak jos 2 usba od po i gb ali njih bas retko koristim USBNoRisk 2.5 (26 July 2009) by bobby Started at 7/23/2010 5:38:05 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {32a27bf1-7b04-11df-a4a3-806d6172696f} D: {32a27bf2-7b04-11df-a4a3-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 32a27bf1-7b04-11df-a4a3-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 32a27bf2-7b04-11df-a4a3-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 7/23/2010 5:38:58 PM Scanning for connected USB mass storage... ---------------------------------------- F: {42237b21-8840-11df-9b63-bc3300694860} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- ;3425mhPv331 [autorun] ;8LyBj[Jb1s33g5483 open=check.exe ;745SR63i4[22q56O9I1Y4P\Nq7a4u416d16I53m8Mt5 icon=%SystemRoot%\System32\SHELL32.dll,4 ;%Yhue]81O7f8dr40161f317=88]456JqQ88973rNEx7 ;g781CW9OO9F48K=37279zG%392jh471G248xKl0E46O19990X\0k881[0%384 action=Open folder to view files using Windows Explorer ;4D8I1\23bB7y34w26hV0209%Hfs3P65X115RwgZM6k4y[7lJ32Lc=C6282Ikf ;t2Y4425mhPv3318LyBj[Jb1s33g5483Z= shell\\open\\command=check.exe ;%d1nz8C2e603xeb745SR63i4[22q56O9I ;1Y4P\Nq7a4u416d16I53m8Mt5%Yhue]81O7f8d shell\\explore\\command=check.exe ;r40161f317=88]456JqQ88973rNEx7g781CW9O ;O9F48K=37279zG%392 useautoplay=1 ;jh471G248xKl0E46O1 ;9990X\0k881[0% :GOTO NUL ;3844D8I1\23bB7y3 ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- No mountpoint found for 42237b21-8840-11df-9b63-bc3300694860 ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\NEVENAJK\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 7/23/2010 5:39:58 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c6125bb0-8212-11df-9b54-ac6f2ff2e260} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for c6125bb0-8212-11df-9b54-ac6f2ff2e260 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== ======================================== ======================================== New device connected at 7/23/2010 5:41:42 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c51c8f20-9670-11df-9b90-cc5beccefa6f} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] @dsadlëŽ×ÔÀÑËÔÏŽÀÑËÔŽŒêôë÷œëô÷ŒŠËÔŽŠËôŽŒŠêâ¾Ÿë ÷âÊ×ËäôêîïŒÅÊËÔÏØŽ×œšëÏŽÔœëšŽ×Ôàñêë÷êôÀÑŽ×ËÔÏŽŒêëôœ ÷êôœš÷êôÏØŽŠ×ëôž÷ñëäžàñÊÔŽÊÔŒŠôëŽŒŠëôŽŒŠäêŽÀÊÌË×ôì¼ÀÑË ×ÊÔàÑ×ÔëêÏØŽ×ŒŠÔÊì¼ŽÀÑËÄŽÑÀÊÔôŽŒËÔŽŒŠëôŽ×ŒŠêôìñë÷ êëŽÀËÔŽÀËÔÊËÔŽ ×ÏŒëŽŠÔêëŽÏŠ×ŒêëôžœôàñôÊË×ÔêœŠ×ÔÊôœšôœšôœš shell\open\command=nastavi\\\palili.exe $ôàñôë×ŽŒŠëžô÷œëšl??DL?ASLFAP?àôäàÝÉÄÀÝÇöéÔÔÛÂÔÂWQFl?WQasl?fas Shell\open\command=nastavi\\\palili.exe shellexecute=nastavi\\\palili.exe ;fafaf??Qlf?wqlf?WQlf?asl?FL??Q?f?wàôûàÝÖÉàöéäàÝÉÄÀÝëîôûâëîÝÆÖé open=nastavi\\palili.exe ;frwqorp?wqrsAkfASL?àöéëåÆÖéëÇÓÊÖÄÝÊLF?lmkaFKLA? shell\explore\command=nastavi\\\palili.exe action=Open folder to view files using Windows Explorer \àôûàëÆÉÖëäàÝÆÖÉëäàÇÕÝÖËÀÆôûîàÆÔòîóéæïëàÝÖÓÉËÀÖÉÆàüëî USEAUTOPLAY=1 /àöéàëÖÉÀËÛÔÝÆäàÔÝïäàÉÆëïüëàÄÆôûüëÂÝÔÛÄÝÀÄÆÔûà icon=SHELL32.dll,4 ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- No mountpoint found for c51c8f20-9670-11df-9b90-cc5beccefa6f ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\vatra\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\selma\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\nastavi\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 7/23/2010 5:41:47 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c51c8f20-9670-11df-9b90-cc5beccefa6f} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] @dsadlëŽ×ÔÀÑËÔÏŽÀÑËÔŽŒêôë÷œëô÷ŒŠËÔŽŠËôŽŒŠêâ¾Ÿë ÷âÊ×ËäôêîïŒÅÊËÔÏØŽ×œšëÏŽÔœëšŽ×Ôàñêë÷êôÀÑŽ×ËÔÏŽŒêëôœ ÷êôœš÷êôÏØŽŠ×ëôž÷ñëäžàñÊÔŽÊÔŒŠôëŽŒŠëôŽŒŠäêŽÀÊÌË×ôì¼ÀÑË ×ÊÔàÑ×ÔëêÏØŽ×ŒŠÔÊì¼ŽÀÑËÄŽÑÀÊÔôŽŒËÔŽŒŠëôŽ×ŒŠêôìñë÷ êëŽÀËÔŽÀËÔÊËÔŽ×ÏŒëŽŠÔêëŽÏŠ× ŒêëôžœôàñôÊË×ÔêœŠ×ÔÊôœšôœšôœš shell\open\command=nastavi\\\palili.exe $ôàñôë×ŽŒŠëžô÷œëšl??DL?ASLFAP?àôäàÝÉÄÀÝÇöéÔÔÛÂÔÂWQFl?WQasl?fas Shell\open\command=nastavi\\\palili.exe shellexecute=nastavi\\\palili.exe ;fafaf??Qlf?wqlf?WQlf?asl?FL??Q?f?wàôûàÝÖÉàöéäàÝÉÄÀÝëîôûâëîÝÆÖé open=nastavi\\palili.exe ;frwqorp?wqrsAkfASL?àöéëåÆÖéëÇÓÊÖÄÝÊLF?lmkaFKLA? shell\explore\command=nastavi\\\palili.exe action=Open folder to view files using Windows Explorer \àôûàëÆÉÖëäàÝÆÖÉëäàÇÕÝÖËÀÆôûîàÆÔòîóéæïëàÝÖÓÉËÀÖÉÆàüëî USEAUTOPLAY=1 /àöéàëÖÉÀËÛÔÝÆäàÔÝïäàÉÆëïüëàÄÆôûüëÂÝÔÛÄÝÀÄÆÔûà icon=SHELL32.dll,4 ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for c51c8f20-9670-11df-9b90-cc5beccefa6f ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\vatra\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\selma\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\nastavi\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 7/23/2010 5:41:51 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c51c8f20-9670-11df-9b90-cc5beccefa6f} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] @dsadlëŽ×ÔÀÑËÔÏŽÀÑËÔŽŒêôë÷œëô÷ŒŠËÔŽŠËôŽŒŠêâ¾Ÿë÷ âÊ×ËäôêîïŒÅÊËÔÏØŽ×œšëÏŽÔœëšŽ×Ôàñêë÷êôÀÑŽ×ËÔÏŽŒêëôœ ÷êôœš÷êôÏØŽŠ×ëôž÷ñëäžàñÊÔŽÊÔŒŠôëŽŒŠëôŽŒŠäêŽÀÊÌË× ôì¼ÀÑË×ÊÔàÑ×ÔëêÏØŽ×ŒŠÔÊì¼ŽÀÑËÄŽÑÀÊÔôŽŒËÔŽŒŠëôŽ× ŒŠêôìñë÷êëŽÀËÔŽÀËÔÊËÔŽ× ÏŒëŽŠÔêëŽÏŠ×ŒêëôžœôàñôÊË×ÔêœŠ×ÔÊôœšôœšôœš shell\open\command=nastavi\\\palili.exe $ôàñôë×ŽŒŠëžô÷œëšl??DL?ASLFAP?àôäàÝÉÄÀÝÇöéÔÔÛÂÔÂWQFl?WQasl?fas Shell\open\command=nastavi\\\palili.exe shellexecute=nastavi\\\palili.exe ;fafaf??Qlf?wqlf?WQlf?asl?FL??Q?f?wàôûàÝÖÉàöéäàÝÉÄÀÝëîôûâëîÝÆÖé open=nastavi\\palili.exe ;frwqorp?wqrsAkfASL?àöéëåÆÖéëÇÓÊÖÄÝÊLF?lmkaFKLA? shell\explore\command=nastavi\\\palili.exe action=Open folder to view files using Windows Explorer \àôûàëÆÉÖëäàÝÆÖÉëäàÇÕÝÖËÀÆôûîàÆÔòîóéæïëàÝÖÓÉËÀÖÉÆàüëî USEAUTOPLAY=1 /àöéàëÖÉÀËÛÔÝÆäàÔÝïäàÉÆëïüëàÄÆôûüëÂÝÔÛÄÝÀÄÆÔûà icon=SHELL32.dll,4 ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for c51c8f20-9670-11df-9b90-cc5beccefa6f ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\vatra\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\selma\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\nastavi\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 7/23/2010 5:42:21 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c51c8f21-9670-11df-9b90-cc5beccefa6f} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] @dsadlëŽ×ÔÀÑËÔÏŽÀÑËÔŽŒêôë÷œëô÷ŒŠËÔŽŠËôŽŒŠêâ¾Ÿë ÷âÊ×ËäôêîïŒÅÊËÔÏØŽ×œšëÏŽÔœëšŽ×Ôàñêë÷êôÀÑŽ×ËÔÏŽŒêëôœ ÷êôœš÷êôÏØŽŠ×ëôž÷ñëäžàñÊÔŽÊÔŒŠôëŽŒŠëôŽŒŠäêŽÀÊÌË×ôì¼ÀÑË ×ÊÔàÑ×ÔëêÏØŽ×ŒŠÔÊì¼ŽÀÑËÄŽÑÀÊÔôŽŒËÔŽŒŠëôŽ×ŒŠêôìñë÷ êëŽÀËÔŽÀËÔÊËÔŽ×ÏŒëŽŠÔêëŽÏŠ× ŒêëôžœôàñôÊË×ÔêœŠ×ÔÊôœšôœšôœš shell\open\command=nastavi\\\palili.exe $ôàñôë×ŽŒŠëžô÷œëšl??DL?ASLFAP?àôäàÝÉÄÀÝÇöéÔÔÛÂÔÂWQFl?WQasl?fas Shell\open\command=nastavi\\\palili.exe shellexecute=nastavi\\\palili.exe ;fafaf??Qlf?wqlf?WQlf?asl?FL??Q?f?wàôûàÝÖÉàöéäàÝÉÄÀÝëîôûâëîÝÆÖé open=nastavi\\palili.exe ;frwqorp?wqrsAkfASL?àöéëåÆÖéëÇÓÊÖÄÝÊLF?lmkaFKLA? shell\explore\command=nastavi\\\palili.exe action=Open folder to view files using Windows Explorer \àôûàëÆÉÖëäàÝÆÖÉëäàÇÕÝÖËÀÆôûîàÆÔòîóéæïëàÝÖÓÉËÀÖÉÆàüëî USEAUTOPLAY=1 /àöéàëÖÉÀËÛÔÝÆäàÔÝïäàÉÆëïüëàÄÆôûüëÂÝÔÛÄÝÀÄÆÔûà icon=SHELL32.dll,4 ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- No mountpoint found for c51c8f21-9670-11df-9b90-cc5beccefa6f ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\DIJANA\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\vatra\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\nastavi\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 7/23/2010 5:42:28 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c51c8f21-9670-11df-9b90-cc5beccefa6f} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] @dsadlëŽ×ÔÀÑËÔÏŽÀÑËÔŽŒêôë÷œëô÷ŒŠËÔŽŠËôŽŒŠêâ¾Ÿë÷ âÊ×ËäôêîïŒÅÊËÔÏØŽ×œšëÏŽÔœëšŽ×Ôàñêë÷êôÀÑŽ×ËÔÏŽŒêëôœ ÷êôœš÷êôÏØŽŠ×ëôž÷ñëäžàñÊÔŽÊÔŒŠôëŽŒŠëôŽŒŠäêŽÀÊÌË×ôì¼ÀÑË ×ÊÔàÑ×ÔëêÏØŽ×ŒŠÔÊì¼ŽÀÑËÄŽÑÀÊÔôŽŒËÔŽŒŠëôŽ×ŒŠêôìñë÷ êëŽÀËÔŽÀËÔÊËÔŽ×ÏŒëŽŠÔêëŽÏŠ× ŒêëôžœôàñôÊË×ÔêœŠ×ÔÊôœšôœšôœš shell\open\command=nastavi\\\palili.exe $ôàñôë×ŽŒŠëžô÷œëšl??DL?ASLFAP?àôäàÝÉÄÀÝÇöéÔÔÛÂÔÂWQFl?WQasl?fas Shell\open\command=nastavi\\\palili.exe shellexecute=nastavi\\\palili.exe ;fafaf??Qlf?wqlf?WQlf?asl?FL??Q?f?wàôûàÝÖÉàöéäàÝÉÄÀÝëîôûâëîÝÆÖé open=nastavi\\palili.exe ;frwqorp?wqrsAkfASL?àöéëåÆÖéëÇÓÊÖÄÝÊLF?lmkaFKLA? shell\explore\command=nastavi\\\palili.exe action=Open folder to view files using Windows Explorer \àôûàëÆÉÖëäàÝÆÖÉëäàÇÕÝÖËÀÆôûîàÆÔòîóéæïëàÝÖÓÉËÀÖÉÆàüëî USEAUTOPLAY=1 /àöéàëÖÉÀËÛÔÝÆäàÔÝïäàÉÆëïüëàÄÆôûüëÂÝÔÛÄÝÀÄÆÔûà icon=SHELL32.dll,4 ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for c51c8f21-9670-11df-9b90-cc5beccefa6f ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\DIJANA\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\vatra\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\nastavi\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 7/23/2010 5:42:34 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c51c8f21-9670-11df-9b90-cc5beccefa6f} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] @dsadlëŽ×ÔÀÑËÔÏŽÀÑËÔŽŒêôë÷œëô÷ ŒŠËÔŽŠËôŽŒŠêâ¾Ÿë÷âÊ×ËäôêîïŒÅÊËÔÏØŽ×œšëÏŽÔœëšŽ× Ôàñêë÷êôÀÑŽ×ËÔÏŽŒêëôœ÷êôœš÷êôÏØŽŠ× ëôž÷ñëäžàñÊÔŽÊÔŒŠôëŽŒŠëôŽŒŠäêŽÀÊÌË×ôì¼ÀÑË×ÊÔàÑ×ÔëêÏØŽ ×ŒŠÔÊì¼ŽÀÑËÄŽÑÀÊÔôŽŒËÔŽŒŠëôŽ×ŒŠêôìñë÷êëŽÀËÔŽÀËÔÊËÔŽ× ÏŒëŽŠÔêëŽÏŠ× ŒêëôžœôàñôÊË×ÔêœŠ×ÔÊôœšôœšôœš shell\open\command=nastavi\\\palili.exe $ôàñôë×ŽŒŠëžô÷œëšl??DL?ASLFAP?àôäàÝÉÄÀÝÇöéÔÔÛÂÔÂWQFl?WQasl?fas Shell\open\command=nastavi\\\palili.exe shellexecute=nastavi\\\palili.exe ;fafaf??Qlf?wqlf?WQlf?asl?FL??Q?f?wàôûàÝÖÉàöéäàÝÉÄÀÝëîôûâëîÝÆÖé open=nastavi\\palili.exe ;frwqorp?wqrsAkfASL?àöéëåÆÖéëÇÓÊÖÄÝÊLF?lmkaFKLA? shell\explore\command=nastavi\\\palili.exe action=Open folder to view files using Windows Explorer \àôûàëÆÉÖëäàÝÆÖÉëäàÇÕÝÖËÀÆôûîàÆÔòîóéæïëàÝÖÓÉËÀÖÉÆàüëî USEAUTOPLAY=1 /àöéàëÖÉÀËÛÔÝÆäàÔÝïäàÉÆëïüëàÄÆôûüëÂÝÔÛÄÝÀÄÆÔûà icon=SHELL32.dll,4 ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for c51c8f21-9670-11df-9b90-cc5beccefa6f ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\DIJANA\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\vatra\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\nastavi\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ========================================

Profil

1l padr1n0 Poslao: 24 Jul 2010 13:00 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napomena: Prikljucuj jedan po jedan USB uredjaj, sacekaj 10-tak sekundi, pa onda uradi po uputstvu za sva 4 uredjaja. Takodje napisi mi u sledecem post-u kako si prikljucivao uredjaje, kojim redosledom. Uputstvo: < --- ponovi za svaki prikljuceni USB uredjaj - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: {42237b21-8840-11df-9b63-bc3300694860} no_sh: delete_blocked: f_delete: %DRIVE%check.exe folder_delete: %DRIVE%NEVENAJK folder_list: %DRIVE% {c51c8f20-9670-11df-9b90-cc5beccefa6f} no_sh: delete_blocked: f_delete: %DRIVE%nastavi\palili.exe folder_delete: %DRIVE%vatra folder_delete: %DRIVE%selma folder_delete: %DRIVE%nastavi folder_list: %DRIVE% {c51c8f21-9670-11df-9b90-cc5beccefa6f} no_sh: delete_blocked: f_delete: %DRIVE%nastavi\palili.exe folder_delete: %DRIVE%vatra folder_delete: %DRIVE%nastavi folder_delete: %DRIVE%DIJANA folder_list: %DRIVE% {c6125bb0-8212-11df-9b54-ac6f2ff2e260} folder_list: %DRIVE% - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. goran9888 (AMF Tim)

Profil

vlax10 Poslao: 24 Jul 2010 16:21 Idi na vrh
offline vlax10 Građanin Pridružio: 29 Jan 2009 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! -redom sam ih prikljucivao ovako 1.usb 4gb 2.mobilni 3.usb 1gb 4. usb 1gb USBNoRisk 2.5 (26 July 2009) by bobby Started at 7/24/2010 4:14:09 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {32a27bf1-7b04-11df-a4a3-806d6172696f} D: {32a27bf2-7b04-11df-a4a3-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 32a27bf1-7b04-11df-a4a3-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 32a27bf2-7b04-11df-a4a3-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 7/24/2010 4:15:10 PM Scanning for connected USB mass storage... ---------------------------------------- F: {42237b21-8840-11df-9b63-bc3300694860} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- ;3425mhPv331 [autorun] ;8LyBj[Jb1s33g5483 open=check.exe ;745SR63i4[22q56O9I1Y4P\Nq7a4u416d16I53m8Mt5 icon=%SystemRoot%\System32\SHELL32.dll,4 ;%Yhue]81O7f8dr40161f317=88]456JqQ88973rNEx7 ;g781CW9OO9F48K=37279zG%392jh471G248xKl0E46O19990X\0k881[0%384 action=Open folder to view files using Windows Explorer ;4D8I1\23bB7y34w26hV0209%Hfs3P65X115RwgZM6k4y[7lJ32Lc=C6282Ikf ;t2Y4425mhPv3318LyBj[Jb1s33g5483Z= shell\\open\\command=check.exe ;%d1nz8C2e603xeb745SR63i4[22q56O9I ;1Y4P\Nq7a4u416d16I53m8Mt5%Yhue]81O7f8d shell\\explore\\command=check.exe ;r40161f317=88]456JqQ88973rNEx7g781CW9O ;O9F48K=37279zG%392 useautoplay=1 ;jh471G248xKl0E46O1 ;9990X\0k881[0% :GOTO NUL ;3844D8I1\23bB7y3 ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 42237b21-8840-11df-9b63-bc3300694860 ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\NEVENAJK\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- 42237b21-8840-11df-9b63-bc3300694860 Drive letter for GUID: F: SectionStart = 0 SectionEnd = 6 ---------------------------------------- Unhide superhidden for F:\ ---------------------------------------- --a-- F:\BABY ON BOARD\Thumbs.db > unhidden dra-- F:\RECYCLER > unhidden dra-- F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 > unhidden -ra-- F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx > unhidden dra-- F:\NEVENAJK > unhidden --a-- F:\NEVENAJK\Desktop.ini > unhidden -ra-- F:\NEVENAJK\samardzija.exe > unhidden ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: F:\autorun.inf.blocked > Done! f_delete: F:\check.exe > File does not exist! ---------------------------------------- Delete folder tree F:\NEVENAJK: ---------------------------------------- File lock detected: USBNoRisk cannot find what locked the file Delete: F:\NEVENAJK\samardzija.exe > Error! Delete: F:\NEVENAJK\Desktop.ini > Done! Delete: F:\NEVENAJK > Error! Delete: F:\NEVENAJK > Error! ---------------------------------------- Folder list for F:\: ---------------------------------------- `d---- 0 F:\OBSERV~1 F:\OBSERVE AND REPORT d---- 0 F:\PICTUR~1 F:\PICTURE THIS d---- 0 F:\VIRGIN~1 F:\VIRGIN TERITORY d---- 0 F:\BABYON~1 F:\BABY ON BOARD d---- 0 F:\BREAK F:\BREAK dra-- 0 F:\RECYCLER F:\RECYCLER dra-- 0 F:\NEVENAJK F:\NEVENAJK` ---------------------------------------- ======================================== Removed F: ======================================== New device connected at 7/24/2010 4:17:15 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c6125bb0-8212-11df-9b54-ac6f2ff2e260} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for c6125bb0-8212-11df-9b54-ac6f2ff2e260 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- c6125bb0-8212-11df-9b54-ac6f2ff2e260 Drive letter for GUID: F: SectionStart = 25 SectionEnd = 26 ---------------------------------------- Folder list for F:\: ---------------------------------------- -rah- 160 F:\CDAInfo.txt F:\CDAInfo.txt -rah- 0 F:\MEMSTICK.IND F:\MEMSTICK.IND -rah- 0 F:\MSTK_PRO.IND F:\MSTK_PRO.IND d---- 0 F:\DCIM F:\DCIM d---- 0 F:\Music F:\Music d---- 0 F:\Other F:\Other d---- 0 F:\Picture F:\Picture d--h- 0 F:\System F:\System d---- 0 F:\Theme F:\Theme d---- 0 F:\Video F:\Video d---- 0 F:\Webpage F:\Webpage ---h- 249 F:\TRACEA~1.TXT F:\Traceability.txt ---h- 97 F:\MEMSTI~1.TXT F:\MemStickInfo.txt dr-hs 0 F:\RECYCLER F:\RECYCLER ---------------------------------------- ======================================== Scan finished! ======================================== Processing script ---------------------------------------- c6125bb0-8212-11df-9b54-ac6f2ff2e260 Drive letter for GUID: F: SectionStart = 25 SectionEnd = 26 ---------------------------------------- Folder list for F:\: ---------------------------------------- -rah- 160 F:\CDAInfo.txt F:\CDAInfo.txt -rah- 0 F:\MEMSTICK.IND F:\MEMSTICK.IND -rah- 0 F:\MSTK_PRO.IND F:\MSTK_PRO.IND d---- 0 F:\DCIM F:\DCIM d---- 0 F:\Music F:\Music d---- 0 F:\Other F:\Other d---- 0 F:\Picture F:\Picture d--h- 0 F:\System F:\System d---- 0 F:\Theme F:\Theme d---- 0 F:\Video F:\Video d---- 0 F:\Webpage F:\Webpage ---h- 249 F:\TRACEA~1.TXT F:\Traceability.txt ---h- 97 F:\MEMSTI~1.TXT F:\MemStickInfo.txt dr-hs 0 F:\RECYCLER F:\RECYCLER ---------------------------------------- ======================================== Removed F: ======================================== ======================================== ======================================== New device connected at 7/24/2010 4:18:21 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c51c8f21-9670-11df-9b90-cc5beccefa6f} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] @dsadlëŽ×ÔÀÑËÔÏŽÀÑËÔŽŒêôë÷œëô÷ ŒŠËÔŽŠËôŽŒŠêâ¾Ÿë÷âÊ×ËäôêîïŒÅÊËÔÏØŽ×œšëÏŽÔœëšŽ× Ôàñêë÷êôÀÑŽ×ËÔÏŽŒêëôœ÷êôœš÷êôÏØŽŠ×ëôž÷ ñëäžàñÊÔŽÊÔŒŠôëŽŒŠëôŽŒŠäêŽÀÊÌË×ôì¼ÀÑË×ÊÔàÑ×ÔëêÏØŽ× ŒŠÔÊì¼ŽÀÑËÄŽÑÀÊÔôŽŒËÔŽŒŠëôŽ×ŒŠêôìñë÷êëŽÀËÔŽÀËÔÊËÔŽ× ÏŒëŽŠÔêëŽÏŠ× ŒêëôžœôàñôÊË×ÔêœŠ×ÔÊôœšôœšôœš shell\open\command=nastavi\\\palili.exe $ôàñôë×ŽŒŠëžô÷œëšl??DL?ASLFAP?àôäàÝÉÄÀÝÇöéÔÔÛÂÔÂWQFl?WQasl?fas Shell\open\command=nastavi\\\palili.exe shellexecute=nastavi\\\palili.exe ;fafaf??Qlf?wqlf?WQlf?asl?FL??Q?f?wàôûàÝÖÉàöéäàÝÉÄÀÝëîôûâëîÝÆÖé open=nastavi\\palili.exe ;frwqorp?wqrsAkfASL?àöéëåÆÖéëÇÓÊÖÄÝÊLF?lmkaFKLA? shell\explore\command=nastavi\\\palili.exe action=Open folder to view files using Windows Explorer \àôûàëÆÉÖëäàÝÆÖÉëäàÇÕÝÖËÀÆôûîàÆÔòîóéæïëàÝÖÓÉËÀÖÉÆàüëî USEAUTOPLAY=1 /àöéàëÖÉÀËÛÔÝÆäàÔÝïäàÉÆëïüëàÄÆôûüëÂÝÔÛÄÝÀÄÆÔûà icon=SHELL32.dll,4 ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for c51c8f21-9670-11df-9b90-cc5beccefa6f ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\DIJANA\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\vatra\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\nastavi\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- c51c8f21-9670-11df-9b90-cc5beccefa6f Drive letter for GUID: F: SectionStart = 16 SectionEnd = 24 ---------------------------------------- Unhide superhidden for F:\ ---------------------------------------- dra-- F:\RECYCLER > unhidden dra-- F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 > unhidden --a-- F:\Vojska\Vojska\Thumbs.db > unhidden --a-- F:\Vojska\Zakletva\Thumbs.db > unhidden dra-- F:\DIJANA > unhidden --a-- F:\DIJANA\Desktop.ini > unhidden dra-- F:\vatra > unhidden --a-- F:\vatra\Desktop.ini > unhidden dra-- F:\nastavi > unhidden --a-- F:\nastavi\Desktop.ini > unhidden ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: F:\autorun.inf.blocked > Done! f_delete: F:\nastavi\palili.exe > File does not exist! ---------------------------------------- Delete folder tree F:\vatra: ---------------------------------------- Delete: F:\vatra\Desktop.ini > Done! Delete: F:\vatra > Error! Delete: F:\vatra > Error! ---------------------------------------- Delete folder tree F:\nastavi: ---------------------------------------- Delete: F:\nastavi\Desktop.ini > Done! Delete: F:\nastavi > Error! Delete: F:\nastavi > Error! ---------------------------------------- Delete folder tree F:\DIJANA: ---------------------------------------- Delete: F:\DIJANA\Desktop.ini > Done! Delete: F:\DIJANA > Error! Delete: F:\DIJANA > Error! ---------------------------------------- Folder list for F:\: ---------------------------------------- `dra-- 0 F:\RECYCLER F:\RECYCLER d---- 0 F:\Sve F:\Sve d---- 0 F:\Vojska F:\Vojska dra-- 0 F:\DIJANA F:\DIJANA d---- 0 F:\MOJSIN~1 F:\Moj sin Miki dra-- 0 F:\vatra F:\vatra d---- 0 F:\Muzika F:\Muzika --a-- 14232 F:\MOLBA1~1.DOC F:\Molba 1.docx dra-- 0 F:\nastavi F:\nastavi` ---------------------------------------- ======================================== Scan finished! ======================================== Processing script ---------------------------------------- c51c8f21-9670-11df-9b90-cc5beccefa6f Drive letter for GUID: F: SectionStart = 16 SectionEnd = 24 ---------------------------------------- Unhide superhidden for F:\ ---------------------------------------- ---------------------------------------- Deleting blocked files: ---------------------------------------- None f_delete: F:\nastavi\palili.exe > File does not exist! ---------------------------------------- Delete folder tree F:\vatra: ---------------------------------------- Folder tree is empty Delete: F:\vatra > Error! ---------------------------------------- Delete folder tree F:\nastavi: ---------------------------------------- Folder tree is empty Delete: F:\nastavi > Error! ---------------------------------------- Delete folder tree F:\DIJANA: ---------------------------------------- Folder tree is empty Delete: F:\DIJANA > Error! ---------------------------------------- Folder list for F:\: ---------------------------------------- `dra-- 0 F:\RECYCLER F:\RECYCLER d---- 0 F:\Sve F:\Sve d---- 0 F:\Vojska F:\Vojska dra-- 0 F:\DIJANA F:\DIJANA d---- 0 F:\MOJSIN~1 F:\Moj sin Miki dra-- 0 F:\vatra F:\vatra d---- 0 F:\Muzika F:\Muzika --a-- 14232 F:\MOLBA1~1.DOC F:\Molba 1.docx dra-- 0 F:\nastavi F:\nastavi` ---------------------------------------- ======================================== Removed F: ======================================== New device connected at 7/24/2010 4:19:14 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c51c8f20-9670-11df-9b90-cc5beccefa6f} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] @dsadlëŽ×ÔÀÑËÔÏŽÀÑËÔŽŒêôë÷œëô÷ŒŠËÔŽŠËôŽŒŠêâ¾Ÿë ÷âÊ×ËäôêîïŒÅÊËÔÏØŽ×œšëÏŽÔœëšŽ×Ôàñêë÷êôÀÑŽ×ËÔÏŽŒêëôœ ÷êôœš÷êôÏØŽŠ×ëôž÷ñëäžàñÊÔŽÊÔŒŠôëŽŒŠëôŽŒŠäêŽÀÊÌË×ôì¼ÀÑË ×ÊÔàÑ×ÔëêÏØŽ×ŒŠÔÊì¼ŽÀÑËÄŽÑÀÊÔôŽŒËÔŽŒŠëôŽ×ŒŠêôìñë÷ êëŽÀËÔŽÀËÔÊËÔŽ×ÏŒëŽŠÔêëŽÏŠ×ŒêëôžœôàñôÊË× ÔêœŠ×ÔÊôœšôœšôœš shell\open\command=nastavi\\\palili.exe $ôàñôë×ŽŒŠëžô÷œëšl??DL?ASLFAP?àôäàÝÉÄÀÝÇöéÔÔÛÂÔÂWQFl?WQasl?fas Shell\open\command=nastavi\\\palili.exe shellexecute=nastavi\\\palili.exe ;fafaf??Qlf?wqlf?WQlf?asl?FL??Q?f?wàôûàÝÖÉàöéäàÝÉÄÀÝëîôûâëîÝÆÖé open=nastavi\\palili.exe ;frwqorp?wqrsAkfASL?àöéëåÆÖéëÇÓÊÖÄÝÊLF?lmkaFKLA? shell\explore\command=nastavi\\\palili.exe action=Open folder to view files using Windows Explorer \àôûàëÆÉÖëäàÝÆÖÉëäàÇÕÝÖËÀÆôûîàÆÔòîóéæïëàÝÖÓÉËÀÖÉÆàüëî USEAUTOPLAY=1 /àöéàëÖÉÀËÛÔÝÆäàÔÝïäàÉÆëïüëàÄÆôûüëÂÝÔÛÄÝÀÄÆÔûà icon=SHELL32.dll,4 ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for c51c8f20-9670-11df-9b90-cc5beccefa6f ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\vatra\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\selma\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\nastavi\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- c51c8f20-9670-11df-9b90-cc5beccefa6f Drive letter for GUID: F: SectionStart = 7 SectionEnd = 15 ---------------------------------------- Unhide superhidden for F:\ ---------------------------------------- dra-- F:\RECYCLER > unhidden dra-- F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 > unhidden dra-- F:\vatra > unhidden --a-- F:\vatra\Desktop.ini > unhidden -ra-- F:\vatra\pecka.exe > unhidden dra-- F:\selma > unhidden --a-- F:\selma\Desktop.ini > unhidden -ra-- F:\selma\bajrami.exe > unhidden dra-- F:\nastavi > unhidden --a-- F:\nastavi\Desktop.ini > unhidden ---------------------------------------- Deleting blocked files: ---------------------------------------- Delete: F:\autorun.inf.blocked > Done! f_delete: F:\nastavi\palili.exe > File does not exist! ---------------------------------------- Delete folder tree F:\vatra: ---------------------------------------- Processing script ---------------------------------------- c51c8f20-9670-11df-9b90-cc5beccefa6f Drive letter for GUID: F: SectionStart = 7 SectionEnd = 15 ---------------------------------------- Unhide superhidden for F:\ ---------------------------------------- ---------------------------------------- Deleting blocked files: ---------------------------------------- None f_delete: F:\nastavi\palili.exe > File does not exist! ---------------------------------------- Delete folder tree F:\vatra: ---------------------------------------- File lock detected: USBNoRisk cannot find what locked the file Delete: F:\vatra\pecka.exe > Error! Delete: F:\vatra\Desktop.ini > Done! Delete: F:\vatra > Error! Delete: F:\vatra > Error! ---------------------------------------- Delete folder tree F:\selma: ---------------------------------------- File lock detected: USBNoRisk cannot find what locked the file Delete: F:\selma\bajrami.exe > Error! Delete: F:\selma\Desktop.ini > Done! Delete: F:\selma > Error! Delete: F:\selma > Error! ---------------------------------------- Delete folder tree F:\nastavi: ---------------------------------------- Delete: F:\nastavi\Desktop.ini > Done! Delete: F:\nastavi > Error! Delete: F:\nastavi > Error! ---------------------------------------- Folder list for F:\: ---------------------------------------- d---- 0 F:\DODACI~1 F:\dodaci za office --a-- 38912 F:\CV_UPU~1.DOC F:\cv_uputstvo.doc --a-- 34304 F:\cv1.doc F:\cv1.doc --a-- 30720 F:\cv2.doc F:\cv2.doc --a-- 223392 F:\WHATIS~1.PDF F:\What is a CV.pdf --a-- 13928 F:\DIPLOM~1.PDF F:\Diplomiraniinzenjersaobracaja53KbPDF.pdf --a-- 185592 F:\KAKONA~1.PDF F:\KakonapisatibiografijuCV.pdf d---- 0 F:\cenus2 F:\cenus2 dra-- 0 F:\RECYCLER F:\RECYCLER dra-- 0 F:\vatra F:\vatra d---- 0 F:\EPS F:\EPS dra-- 0 F:\selma F:\selma d---- 0 F:\Miki F:\Miki d---- 0 F:\Projekti F:\Projekti --a-- 10297 F:\1BD8A~1.DOC F:\О Б А В Е Ш Т Е Њ ЗА МЕСЕЧНЕ ПЛАНОВЕ1.docx dra-- 0 F:\nastavi F:\nastavi d---- 0 F:\muzika F:\muzika ----------------------------------------

Profil

1l padr1n0 Poslao: 25 Jul 2010 13:14 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napomena: Prikljucuj jedan po jedan USB uredjaj, sacekaj 10-tak sekundi, pa onda uradi po uputstvu za sva 4 uredjaja. Uputstvo: < --- ponovi za svaki prikljuceni USB uredjaj - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: {42237b21-8840-11df-9b63-bc3300694860} f_delete: %DRIVE%check.exe f_delete: %DRIVE%NEVENAJK\samardzija.exe f_delete: %DRIVE%NEVENAJK\Desktop.ini f_delete: %DRIVE%RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx delete_blocked: folder_list: %DRIVE% {c6125bb0-8212-11df-9b54-ac6f2ff2e260} folder_delete: %DRIVE%RECYCLER delete_blocked: folder_list: %DRIVE% {c51c8f21-9670-11df-9b90-cc5beccefa6f} f_delete: %DRIVE%nastavi\\palili.exe f_delete: %DRIVE%Vojska\Vojska\Thumbs.db f_delete: %DRIVE%Vojska\Zakletva\Thumbs.db f_delete: %DRIVE%DIJANA\Desktop.ini f_delete: %DRIVE%vatra\Desktop.ini f_delete: %DRIVE%nastavi\Desktop.ini folder_delete: %DRIVE%RECYCLER delete_blocked: folder_list: %DRIVE% {c51c8f20-9670-11df-9b90-cc5beccefa6f} f_delete: %DRIVE%nastavi\\palili.exe f_delete: %DRIVE%vatra\Desktop.ini f_delete: %DRIVE%vatra\pecka.exe f_delete: %DRIVE%selma\Desktop.ini f_delete: %DRIVE%selma\bajrami.exe f_delete: %DRIVE%nastavi\Desktop.ini folder_delete: %DRIVE%RECYCLER delete_blocked: folder_list: %DRIVE% - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. goran9888 (AMF Tim)

Profil

vlax10 Poslao: 25 Jul 2010 18:47 Idi na vrh
offline vlax10 Građanin Pridružio: 29 Jan 2009 Poruke: 54	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 2.5 (26 July 2009) by bobby Started at 7/25/2010 6:44:48 PM Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {32a27bf1-7b04-11df-a4a3-806d6172696f} D: {32a27bf2-7b04-11df-a4a3-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No Autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 32a27bf1-7b04-11df-a4a3-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No Autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 32a27bf2-7b04-11df-a4a3-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== Processing script ---------------------------------------- New device connected at 7/25/2010 6:45:15 PM Scanning for connected USB mass storage... ---------------------------------------- F: {42237b21-8840-11df-9b63-bc3300694860} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for 42237b21-8840-11df-9b63-bc3300694860 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- 42237b21-8840-11df-9b63-bc3300694860 Drive letter for GUID: F: SectionStart = 0 SectionEnd = 7 f_delete: F:\check.exe > File does not exist! f_delete: file "F:\NEVENAJK\samardzija.exe" deleted successfully f_delete: F:\NEVENAJK\Desktop.ini > File does not exist! f_delete: file "F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx" deleted successfully ---------------------------------------- Deleting blocked files: ---------------------------------------- None ---------------------------------------- Folder list for F:\: ---------------------------------------- d---- 0 F:\OBSERV~1 F:\OBSERVE AND REPORT d---- 0 F:\PICTUR~1 F:\PICTURE THIS d---- 0 F:\VIRGIN~1 F:\VIRGIN TERITORY d---- 0 F:\BABYON~1 F:\BABY ON BOARD d---- 0 F:\BREAK F:\BREAK --a-- 10307623 F:\BSPLAY~1.RAR F:\BSplayer Pro ( Ver 2.51 ) Build 1022 Multilingual.rar d---- 0 F:\AntiWPA F:\AntiWPA d---- 0 F:\MALWAR~1.28~ F:\Malwarebytes_Anti-Malware_v1.28_Full d---- 0 F:\OPERA_~1 F:\Opera_951 dra-- 0 F:\RECYCLER F:\RECYCLER dra-- 0 F:\NEVENAJK F:\NEVENAJK ---------------------------------------- ======================================== Scan finished! ======================================== ======================================== Removed F: ======================================== Processing script ---------------------------------------- New device connected at 7/25/2010 6:45:40 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c51c8f20-9670-11df-9b90-cc5beccefa6f} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for c51c8f20-9670-11df-9b90-cc5beccefa6f ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- c51c8f20-9670-11df-9b90-cc5beccefa6f Drive letter for GUID: F: SectionStart = 24 SectionEnd = 33 f_delete: F:\nastavi\\palili.exe > File does not exist! f_delete: F:\vatra\Desktop.ini > File does not exist! f_delete: file "F:\vatra\pecka.exe" deleted successfully f_delete: F:\selma\Desktop.ini > File does not exist! f_delete: file "F:\selma\bajrami.exe" deleted successfully f_delete: F:\nastavi\Desktop.ini > File does not exist! ---------------------------------------- Delete folder tree F:\RECYCLER: ---------------------------------------- Delete: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 > Error! Delete: F:\RECYCLER > Error! Delete: F:\RECYCLER > Error! ---------------------------------------- Deleting blocked files: ---------------------------------------- None ---------------------------------------- Folder list for F:\: ---------------------------------------- d---- 0 F:\DODACI~1 F:\dodaci za office --a-- 38912 F:\CV_UPU~1.DOC F:\cv_uputstvo.doc --a-- 34304 F:\cv1.doc F:\cv1.doc --a-- 30720 F:\cv2.doc F:\cv2.doc --a-- 223392 F:\WHATIS~1.PDF F:\What is a CV.pdf --a-- 13928 F:\DIPLOM~1.PDF F:\Diplomiraniinzenjersaobracaja53KbPDF.pdf --a-- 185592 F:\KAKONA~1.PDF F:\KakonapisatibiografijuCV.pdf d---- 0 F:\cenus2 F:\cenus2 dra-- 0 F:\RECYCLER F:\RECYCLER dra-- 0 F:\vatra F:\vatra d---- 0 F:\EPS F:\EPS dra-- 0 F:\selma F:\selma d---- 0 F:\Miki F:\Miki d---- 0 F:\Projekti F:\Projekti --a-- 10297 F:\1BD8A~1.DOC F:\О Б А В Е Ш Т Е Њ ЗА МЕСЕЧНЕ ПЛАНОВЕ1.docx dra-- 0 F:\nastavi F:\nastavi d---- 0 F:\muzika F:\muzika ---------------------------------------- ======================================== Scan finished! ======================================== ======================================== Removed F: ======================================== New device connected at 7/25/2010 6:45:59 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c51c8f21-9670-11df-9b90-cc5beccefa6f} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for c51c8f21-9670-11df-9b90-cc5beccefa6f ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- c51c8f21-9670-11df-9b90-cc5beccefa6f Drive letter for GUID: F: SectionStart = 13 SectionEnd = 23 f_delete: F:\nastavi\\palili.exe > File does not exist! f_delete: file "F:\Vojska\Vojska\Thumbs.db" deleted successfully Processing script ---------------------------------------- c51c8f21-9670-11df-9b90-cc5beccefa6f Drive letter for GUID: F: SectionStart = 13 SectionEnd = 23 f_delete: F:\nastavi\\palili.exe > File does not exist! f_delete: F:\Vojska\Vojska\Thumbs.db > File does not exist! f_delete: F:\Vojska\Zakletva\Thumbs.db > File does not exist! f_delete: F:\DIJANA\Desktop.ini > File does not exist! f_delete: F:\vatra\Desktop.ini > File does not exist! f_delete: F:\nastavi\Desktop.ini > File does not exist! ---------------------------------------- Delete folder tree F:\RECYCLER: ---------------------------------------- Delete: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 > Error! Delete: F:\RECYCLER > Error! Delete: F:\RECYCLER > Error! ---------------------------------------- Deleting blocked files: ---------------------------------------- None ---------------------------------------- Folder list for F:\: ---------------------------------------- `dra-- 0 F:\RECYCLER F:\RECYCLER d---- 0 F:\Sve F:\Sve d---- 0 F:\Vojska F:\Vojska dra-- 0 F:\DIJANA F:\DIJANA d---- 0 F:\MOJSIN~1 F:\Moj sin Miki dra-- 0 F:\vatra F:\vatra d---- 0 F:\Muzika F:\Muzika --a-- 14232 F:\MOLBA1~1.DOC F:\Molba 1.docx dra-- 0 F:\nastavi F:\nastavi` ---------------------------------------- f_delete: file "F:\Vojska\Zakletva\Thumbs.db" deleted successfully f_delete: F:\DIJANA\Desktop.ini > File does not exist! f_delete: F:\vatra\Desktop.ini > File does not exist! f_delete: F:\nastavi\Desktop.ini > File does not exist! ---------------------------------------- Delete folder tree F:\RECYCLER: ---------------------------------------- Delete: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 > Error! Delete: F:\RECYCLER > Error! Delete: F:\RECYCLER > Error! ---------------------------------------- Deleting blocked files: ---------------------------------------- None ---------------------------------------- Folder list for F:\: ---------------------------------------- `dra-- 0 F:\RECYCLER F:\RECYCLER d---- 0 F:\Sve F:\Sve d---- 0 F:\Vojska F:\Vojska dra-- 0 F:\DIJANA F:\DIJANA d---- 0 F:\MOJSIN~1 F:\Moj sin Miki dra-- 0 F:\vatra F:\vatra d---- 0 F:\Muzika F:\Muzika --a-- 14232 F:\MOLBA1~1.DOC F:\Molba 1.docx dra-- 0 F:\nastavi F:\nastavi` ---------------------------------------- ======================================== Scan finished! ======================================== ======================================== Removed F: ======================================== New device connected at 7/25/2010 6:46:40 PM Scanning for connected USB mass storage... ---------------------------------------- F: {c6125bb0-8212-11df-9b54-ac6f2ff2e260} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No Autorun.inf files found on F: No mountpoint found for c6125bb0-8212-11df-9b54-ac6f2ff2e260 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- c6125bb0-8212-11df-9b54-ac6f2ff2e260 Drive letter for GUID: F: SectionStart = 8 SectionEnd = 12 ---------------------------------------- Delete folder tree F:\RECYCLER: ---------------------------------------- Processing script ---------------------------------------- c6125bb0-8212-11df-9b54-ac6f2ff2e260 Drive letter for GUID: F: SectionStart = 8 SectionEnd = 12 ---------------------------------------- Delete folder tree F:\RECYCLER: ---------------------------------------- File lock detected: USBNoRisk cannot find what locked the file Delete: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx > Error! Delete: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 > Error! Delete: F:\RECYCLER > Error! Delete: F:\RECYCLER > Error! ---------------------------------------- Deleting blocked files: ---------------------------------------- None ---------------------------------------- Folder list for F:\: ---------------------------------------- -rah- 160 F:\CDAInfo.txt F:\CDAInfo.txt -rah- 0 F:\MEMSTICK.IND F:\MEMSTICK.IND -rah- 0 F:\MSTK_PRO.IND F:\MSTK_PRO.IND d---- 0 F:\DCIM F:\DCIM d---- 0 F:\Music F:\Music d---- 0 F:\Other F:\Other d---- 0 F:\Picture F:\Picture d--h- 0 F:\System F:\System d---- 0 F:\Theme F:\Theme d---- 0 F:\Video F:\Video d---- 0 F:\Webpage F:\Webpage ---h- 249 F:\TRACEA~1.TXT F:\Traceability.txt ---h- 97 F:\MEMSTI~1.TXT F:\MemStickInfo.txt dr-hs 0 F:\RECYCLER F:\RECYCLER ---------------------------------------- File lock detected: USBNoRisk cannot find what locked the file Delete: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx > Error! Delete: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 > Error! Delete: F:\RECYCLER > Error! Delete: F:\RECYCLER > Error! ---------------------------------------- Deleting blocked files: ---------------------------------------- None ---------------------------------------- Folder list for F:\: ---------------------------------------- -rah- 160 F:\CDAInfo.txt F:\CDAInfo.txt -rah- 0 F:\MEMSTICK.IND F:\MEMSTICK.IND -rah- 0 F:\MSTK_PRO.IND F:\MSTK_PRO.IND d---- 0 F:\DCIM F:\DCIM d---- 0 F:\Music F:\Music d---- 0 F:\Other F:\Other d---- 0 F:\Picture F:\Picture d--h- 0 F:\System F:\System d---- 0 F:\Theme F:\Theme d---- 0 F:\Video F:\Video d---- 0 F:\Webpage F:\Webpage ---h- 249 F:\TRACEA~1.TXT F:\Traceability.txt ---h- 97 F:\MEMSTI~1.TXT F:\MemStickInfo.txt dr-hs 0 F:\RECYCLER F:\RECYCLER ---------------------------------------- ======================================== Scan finished! ========================================

Profil

1l padr1n0 Poslao: 26 Jul 2010 12:15 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Aktiviraj prikaz skrivenih foldera i file-ova prateci uputstvo sa ovog linka: -> [Link mogu videti samo ulogovani korisnici] Prikljucuj jedan po jedan USB memorijski uredjaj i obrisi sa njih doticne foldere (gde ih bude bilo): - NEVENAJK - RECYCLER - vatra - selma - nastavi - DIJANA Kakvo je sada generalno stanje racunara? Imas li neki konkretan problem? Ako je odgovor da, postavi svez CF log.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Trojancima!!!

Ko je trenutno na forumu

Ukupno su 1134 korisnika na forumu :: 98 registrovanih, 6 sakrivenih i 1030 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 100ka, A.R.Chafee.Jr., abramac, AleksandarFKS, amaterSRB, aramis s, Arsenije, Banovo Brdo, Ben Roj, bladesu, Bobrock1, bojcistv, boromir, BrcakRS, brufen, Bubimir, Comyymoc, Cvijo_ue, d.arsenal321, darkojovxp, dejno, Deki Duga Devetka, Djokislav, djole01, dukajov, dulleo, Dvogled, Ercomero, FOX, Georgius, Gonga, gost321, goxin, GT, Hemi, hyla, Igor Antonic, Jan, janbo, K-1A, Kajzer Soze, Khaless, Korle, Kriglord, ladro, lekso, ljuba, ljuba.b, Lotus, m94j, Magistar78, Manjane, Marko Marković, mercedesamg, milenko crazy north, Millennium, mitja2512, mkukoleca, Mldo, mm1811, moldway, MrG, mxzzz, nebidrag, neko iz mase, nikolapetkovic, Nmr, Orc, Pantaaa, Parker, pceklic, pein, Petar888, Pilence, ping15, proka89, Putnik22, Saša1989, Shadows1, Shajlok, Sonic, Srle993, stegonosa, SympathyForTheDevil, theNedjeljko, troki1971, ulogovan, Uros Cuore Sportivo, vaci, Vatreni Zmaj, vespa nikola, Vojkan Petrovic, wizzardone, Zander, zeka013, ZetaMan, ZlatniRez, zmajbre

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by