Rootkit na SD kartici

1

Rootkit na SD kartici

offline
  • Pridružio: 28 Maj 2010
  • Poruke: 46

Imam problem na SD kartici zbog kojeg ne mogu da slikam digitalnim fotoaparatom.


Naime, kada slikam, na digitalcu mi se često javlja poruka error saving image sa crvenim ekranom te se nekad kad pregledavam slike na digitalcu slike ne mogu pogledati.

Inace, na aparatu koristim dvije SD kartice i njegovu internu memoriju.


Na racunalu imam AVG antivirusni program te sam prilikom skeniranja tih memorija nasao fajlove koje AVG okarakterizira kao rootkitove, a ne daju se obrisati jer su hidden fajlovi.

To su ovi fajlovi:

C:\Windows\system32\Drivers\RKREVEAL150.SYS
C:\Windows\System32\Drivers\aq3wojgh.SYS"

Pokusao sam ukloniti ove fajlove sa raznim programcicima ukljucujuci i ove sa ove vase stranice
mycity.rs/Zastita/Sve-o-Rootkit-ovima-p.....anje.html.

ali bezuspjesno.

Molio bih vas da pogledate i ucinite nesto ako se moze.

Na internet sam spojem ADSLom 2 Mbit/s.








DDS (Ver_10-11-27.01) - NTFSx86
Run by Marijan at 13:01:42,19 on pet 03.12.2010.
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.1789.769 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UAService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Ultralingua\Ultralingua 7\ULHotkey.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Users\Marijan\Desktop\RootkitRevealer.exe
C:\Users\Marijan\AppData\Local\Temp\XHAKL.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Marijan\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: everyflv: {9016c848-658e-e968-b881-a31dc53c4c60} - c:\windows\system32\vDh05J.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
uRun: [Canaveral] rundll32.exe c:\windows\system32\sshnas21.dll,BackupReadW
uRun: [M5T8QL3YW3] c:\users\marijan\appdata\local\temp\Yt1.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ultralingua 7 Hotkey] "c:\program files\ultralingua\ultralingua 7\ULHotkey.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\marijan\appdata\roaming\microsoft\windows\start menu\programs\startup\9635938.del
StartupFolder: c:\users\marijan\appdata\roaming\micros~1\windows\startm~1\programs\startup\9635938.lnk - c:\users\marijan\appdata\local\temp\mvNat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\marijan\appdata\roaming\mozilla\firefox\profiles\5dw6pwt9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ee1dd5b8-be23-521a-15e2-b13dbba8da81}\components\u_9yWWCq-GmriS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{ee1dd5b8-be23-521a-15e2-b13dbba8da81}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: LoudMo Contextual Ad Assistant: {ee1dd5b8-be23-521a-15e2-b13dbba8da81} - c:\program files\mozilla firefox\extensions\{ee1dd5b8-be23-521a-15e2-b13dbba8da81}
FF - Extension: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - c:\users\marijan\appdata\roaming\mozilla\firefox\profiles\5dw6pwt9.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-3-9 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-9 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-9 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-9 108552]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\abbyy finereader 9.0\NetworkLicenseServer.exe [2007-11-2 566560]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-4 176128]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2010-3-10 297752]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-12-9 228408]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2010-8-26 375808]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-12-03 08:41:13 2 --shatr- c:\windows\winstart.bat
2010-12-03 08:40:53 -------- d-----w- c:\program files\UnHackMe
2010-12-02 22:01:22 -------- d-----w- c:\windows\system32\MpEngineStore
2010-12-02 21:11:22 -------- d-----w- c:\users\marijan\Pavark
2010-12-02 21:10:16 -------- d-----w- c:\program files\IceSword
2010-12-02 21:09:47 744960 ----a-w- c:\program files\mozilla firefox\icesword122en\IceSword.exe
2010-12-02 21:05:39 -------- d-----w- c:\program files\Sophos
2010-11-30 19:20:51 -------- d-----w- c:\users\marijan\appdata\local\ABBYY
2010-11-26 20:38:10 -------- d-----w- c:\users\marijan\appdata\local\Adobe
2010-11-16 15:03:25 -------- d-----w- c:\program files\HP Photosmart M417 FW Files

==================== Find3M ====================


============= FINISH: 13:03:00,86 ===============




mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav, bojovnik!





U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------


Arrow Korak 1

Nemoj koristiti te SD kartice dok ti to ne budem napisao.




Arrow Korak 2

Deinstaliraj trenutnu verziju antivirusa (AVG 8.5) ;




Arrow Korak 3

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.







goran9888 (AMF Tim)

offline
  • Pridružio: 28 Maj 2010
  • Poruke: 46

ComboFix 10-12-02.06 - Marijan 3.12.2010. 17:47:22.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.1789.1058 [GMT 1:00]
Running from: c:\users\Marijan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FLV Direct Player
c:\program files\FLV Direct Player\downloading.swf
c:\program files\FLV Direct Player\FLVPlayer.exe
c:\program files\FLV Direct Player\player.swf
c:\program files\FLV Direct Player\preload.swf
c:\program files\FLV Direct Player\Skin\DirectFLV\Button.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Logo.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\skin.xml
c:\program files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp
c:\program files\FLV Direct Player\Skin\DirectFLV\Window.bmp
c:\program files\FLV Direct Player\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk
c:\users\Marijan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9635938.lnk
C:\Win
c:\win\1.exe
c:\win\desktop.exe
c:\win\lsass.exe
c:\win\names.txt
c:\windows\system32\-UfiR1Dkx.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-03 16:55 . 2010-12-03 16:59 -------- d-----w- c:\users\Marijan\AppData\Local\temp
2010-12-03 16:55 . 2010-12-03 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-03 16:18 . 2010-12-03 16:18 -------- d-----w- c:\users\Marijan\AppData\Roaming\AVG10
2010-12-03 16:15 . 2010-12-03 16:15 -------- d--h--w- c:\programdata\Common Files
2010-12-03 16:14 . 2010-12-03 16:40 -------- d-----w- c:\programdata\AVG10
2010-12-03 16:04 . 2010-12-03 16:13 -------- d-----w- c:\programdata\MFAData
2010-12-03 13:48 . 2010-12-03 13:48 -------- d-----w- c:\users\Marijan\AppData\Local\Adobe
2010-12-03 08:41 . 2010-12-03 08:41 2 --shatr- c:\windows\winstart.bat
2010-12-03 08:40 . 2010-12-03 13:25 -------- d-----w- c:\program files\UnHackMe
2010-12-02 22:01 . 2010-12-03 08:28 -------- d-----w- c:\windows\system32\MpEngineStore
2010-12-02 21:11 . 2010-12-02 21:11 -------- d-----w- c:\users\Marijan\Pavark
2010-12-02 21:10 . 2010-12-02 21:10 -------- d-----w- c:\program files\IceSword
2010-12-02 21:09 . 2007-07-10 15:23 744960 ----a-w- c:\program files\Mozilla Firefox\IceSword122en\IceSword.exe
2010-12-02 21:05 . 2010-12-02 21:11 -------- d-----w- c:\program files\Sophos
2010-11-16 15:03 . 2010-11-16 15:03 -------- d-----w- c:\program files\HP Photosmart M417 FW Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 22:01 . 2009-07-13 23:23 35328 ----a-w- c:\windows\system32\drivers\blbdrive.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-05-17 5729136]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2009-12-12 332800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-09 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Ultralingua 7 Hotkey"="c:\program files\Ultralingua\Ultralingua 7\ULHotkey.exe" [2009-11-04 1483264]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\users\Marijan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
9635938.del [2010-5-7 949]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-10 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R3 <NtDriverName>;<NtDriverName>;c:\windows\System32\Drivers\<NtDriverName>.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 MGSGK;MGSGK;c:\users\Marijan\AppData\Local\Temp\MGSGK.exe [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-07-02 375808]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 XHAKL;XHAKL;c:\users\Marijan\AppData\Local\Temp\XHAKL.exe [x]
R3 XVUYQK;XVUYQK;c:\users\Marijan\AppData\Local\Temp\XVUYQK.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-09 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-11-02 566560]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 Realtek87B;Realtek87B;c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Marijan\AppData\Roaming\Mozilla\Firefox\Profiles\5dw6pwt9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\{ee1dd5b8-be23-521a-15e2-b13dbba8da81}\components\u_9yWWCq-GmriS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: LoudMo Contextual Ad Assistant: {ee1dd5b8-be23-521a-15e2-b13dbba8da81} - c:\program files\Mozilla Firefox\extensions\{ee1dd5b8-be23-521a-15e2-b13dbba8da81}
FF - Extension: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - c:\users\Marijan\AppData\Roaming\Mozilla\Firefox\Profiles\5dw6pwt9.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - ORPHANS REMOVED - - - -

BHO-{9016c848-658e-e968-b881-a31dc53c4c60} - c:\windows\system32\vDh05J.dll
HKCU-Run-Canaveral - c:\windows\system32\sshnas21.dll
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove--UfiR1Dkx - c:\windows\system32\-UfiR1Dkx.exe
AddRemove-Winamp Detect - c:\program files\Winamp Detect\UninstWaDetect.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1045542724-2555930307-1999853709-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:5e,8a,db,3f,ac,a8,97,18,10,91,cf,fd,13,84,ba,89,5e,4c,ad,f3,81,4b,1d,
9f,8d,af,31,8f,76,65,2e,92,2f,13,e4,f2,0b,bd,5a,af,44,91,ab,cd,05,f6,8e,5a,\
"??"=hex:e0,e2,4a,34,c0,2f,df,49,49,81,5d,ab,cf,2f,d7,f3

[HKEY_USERS\S-1-5-21-1045542724-2555930307-1999853709-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\sppsvc.exe
c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\UAService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2010-12-03 18:03:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-03 17:03

Pre-Run: 15.066.562.560 bytes free
Post-Run: 14.679.871.488 bytes free

- - End Of File - - 80B5F621E2FA2F07CB74A9C9000A897D

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow Korak 1

Sada instaliraj jedan Anti-Virus.
Ukoliko zelis, nova verzija AVG-a je dostupna na sledecem link-u:
AVG Free Anti-Virus
Pored AVG-a, postoje i druga besplatna Anti-Virus-na resenja: Avast, Avira, Panda Cloud Free, Microsoft Security Essentials, itd. Odluci se za jedan od njih.



Arrow Korak 2

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.
-----------------------------------



Arrow


Kakvo je sada stanje racunara?





goran9888 (AMF Tim)

offline
  • Pridružio: 28 Maj 2010
  • Poruke: 46

USBNoRisk 2.6 (08 September 2010) by bobby

Started at 3.12.2010. 22:02:00

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {5d240f4b-e4f8-11de-9002-806e6f6e6963}
D: {5d240f4c-e4f8-11de-9002-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 5d240f4b-e4f8-11de-9002-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 5d240f4c-e4f8-11de-9002-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 3.12.2010. 22:02:40

Scanning for connected USB mass storage...
----------------------------------------
G: {12a34a66-2d46-11df-a4ea-0022645d24dd}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
No mountpoint found for 12a34a66-2d46-11df-a4ea-0022645d24dd
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 3.12.2010. 22:03:09

Scanning for connected USB mass storage...
----------------------------------------
G: {e53ebe26-d2c6-11df-ba72-002186b45413}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
No mountpoint found for e53ebe26-d2c6-11df-ba72-002186b45413
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 3.12.2010. 22:03:43

Scanning for connected USB mass storage...
----------------------------------------
G: {e53ebe26-d2c6-11df-ba72-002186b45413}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
Sanitized mountpoint for e53ebe26-d2c6-11df-ba72-002186b45413
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

========================================
Removed G:
========================================




Kad slikam digitalcem i dalje javlja error saving image...

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow
odraditi isti postupak za oba uredjaja

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{12a34a66-2d46-11df-a4ea-0022645d24dd}
folder_list:%DRIVE%
no_sh:

{e53ebe26-d2c6-11df-ba72-002186b45413}
folder_list:%DRIVE%
no_sh:


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.






goran9888 (AMF Tim)

offline
  • Pridružio: 28 Maj 2010
  • Poruke: 46

Jel mislis da ovo uradim za sve tri memorije ili samo za ove dvije SD kartice?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

bojovnik ::Jel mislis da ovo uradim za sve tri memorije ili samo za ove dvije SD kartice?


Izvinjavam se sto sam bio malo nejasan.

Da, odradi postupak za sva tri memorijska uredjaja.

offline
  • Pridružio: 28 Maj 2010
  • Poruke: 46

USBNoRisk 2.6 (08 September 2010) by bobby

Started at 4.12.2010. 15:58:29

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {5d240f4b-e4f8-11de-9002-806e6f6e6963}
D: {5d240f4c-e4f8-11de-9002-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 5d240f4b-e4f8-11de-9002-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 5d240f4c-e4f8-11de-9002-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 4.12.2010. 15:58:44

Scanning for connected USB mass storage...
----------------------------------------
G: {12a34a66-2d46-11df-a4ea-0022645d24dd}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
Sanitized mountpoint for 12a34a66-2d46-11df-a4ea-0022645d24dd
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================


Processing script
----------------------------------------
12a34a66-2d46-11df-a4ea-0022645d24dd
Drive letter for GUID: G:
SectionStart = 0
SectionEnd = 3
----------------------------------------
Folder list for G:\:
----------------------------------------

d----   0   G:\DCIM   G:\DCIM
d----   0   G:\MISC   G:\MISC

----------------------------------------
Unhide superhidden for G:\
----------------------------------------
----------------------------------------















USBNoRisk 2.6 (08 September 2010) by bobby

Started at 4.12.2010. 16:00:29

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {5d240f4b-e4f8-11de-9002-806e6f6e6963}
D: {5d240f4c-e4f8-11de-9002-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 5d240f4b-e4f8-11de-9002-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 5d240f4c-e4f8-11de-9002-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 4.12.2010. 16:00:45

Scanning for connected USB mass storage...
----------------------------------------
G: {e53ebe26-d2c6-11df-ba72-002186b45413}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
Sanitized mountpoint for e53ebe26-d2c6-11df-ba72-002186b45413
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================


Processing script
----------------------------------------
e53ebe26-d2c6-11df-ba72-002186b45413
Drive letter for GUID: G:
SectionStart = 4
SectionEnd = 6
----------------------------------------
Folder list for G:\:
----------------------------------------

d----   0   G:\DCIM   G:\DCIM
d----   0   G:\MISC   G:\MISC

----------------------------------------
Unhide superhidden for G:\
----------------------------------------
----------------------------------------















USBNoRisk 2.6 (08 September 2010) by bobby

Started at 4.12.2010. 16:01:40

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {5d240f4b-e4f8-11de-9002-806e6f6e6963}
D: {5d240f4c-e4f8-11de-9002-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 5d240f4b-e4f8-11de-9002-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 5d240f4c-e4f8-11de-9002-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 4.12.2010. 16:01:49

Scanning for connected USB mass storage...
----------------------------------------
G: {e53ebe26-d2c6-11df-ba72-002186b45413}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
Sanitized mountpoint for e53ebe26-d2c6-11df-ba72-002186b45413
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================


Processing script
----------------------------------------
e53ebe26-d2c6-11df-ba72-002186b45413
Drive letter for GUID: G:
SectionStart = 4
SectionEnd = 6
----------------------------------------
Folder list for G:\:
----------------------------------------

d----   0   G:\DCIM   G:\DCIM
d----   0   G:\MISC   G:\MISC

----------------------------------------
Unhide superhidden for G:\
----------------------------------------
----------------------------------------

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Tvoj racunar i memorijski uredjaji koje si prikljucivao su cisti sto se malware-a tice.
Znaci, tvoj problem nije izazvan malware-om, vec je problem najverovatnije u tom digitalnom fotoaparatu.


--------------------------------------------

Arrow

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.




Arrow

Za zastitu USB memorijskih uredjaja, predlazem ti da koristis program MCShield.

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html
Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/






goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 1336 korisnika na forumu :: 26 registrovanih, 2 sakrivenih i 1308 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksandarbl, Andrija357, Atomski čoban, Bane san, Bobrock1, Boris BM, Dorcolac, ds69, FileFinder, Ivica1102, Lukaaa, Mi lao shu, MiroslavD, Panter, pein, Posmatrac77OKB, raketaš, raptorsi, S2M, Sloven, taz1cl, vasa.93, vladulns, wolf1, zlatkoa987, zlaya011