Virus not deleted

1

Virus not deleted

offline
  • nirre  Male
  • Super građanin
  • Pridružio: 26 Mar 2005
  • Poruke: 1489
  • Gde živiš: Podgorica

ESS kada je sinoc od odradio full scan nasao je sledecu stavku

C:\Win\lsass.exe » AUTOIT » script.au3 - Win32/Autoit.GP worm
C:\Win\lsass.exe » AUTOIT » desktop.exe - probably a variant of Win32/Statik potentially unwanted application
C:\Win\lsass.exe » AUTOIT » - archive damaged


I pisaolo je
Number of threats found: 2
Number of cleaned objects: 0


Kako mogu ulkoniti ovo jer ESS ne moze? Ne moze ni rucno.[/i]

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

nirre ::
Kako mogu ulkoniti ovo jer ESS ne moze? Ne moze ni rucno.

Za početak kreni od ovog uputstva:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • nirre  Male
  • Super građanin
  • Pridružio: 26 Mar 2005
  • Poruke: 1489
  • Gde živiš: Podgorica

Izvinjavam se (GMER nije mogao,restartovao mi je racunar)
Da dodam, sada imam problem sa tastaturom, ne prikazuje slova koja kucam.

DDS (Ver_10-12-12.02) - NTFSx86
Run by nirre at 12:40:10.96 on Mon 01/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.256.45 [GMT 1:00]

AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\nirre\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [run32] c:\win\lsass.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nirre\applic~1\mozilla\firefox\profiles\4mhhy4t0.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-6-24 810144]
R3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [2010-8-18 231040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-02 13:37:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-02 13:37:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-31 13:33:50 86016 ----a-w- c:\windows\unvise32qt.exe
2010-12-23 12:14:14 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-23 12:13:15 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 18:53:30 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-12-13 18:53:30 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-12-13 18:53:02 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-12-13 18:33:12 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-12-05 16:17:17 -------- d-----w- c:\documents and settings\nirre\.spss
2010-12-05 16:14:07 1024 ----a-w- c:\windows\system32\grcauth2.dll
2010-12-05 16:14:07 1024 ----a-w- c:\windows\system32\grcauth1.dll
2010-12-05 16:14:07 100 ----a-w- c:\windows\system32\prsgrc.dll
2010-12-05 15:47:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\SafeNet Sentinel
2010-12-05 15:47:22 -------- d-----w- c:\program files\common files\SPSS
2010-12-05 15:47:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\SPSS
2010-12-05 15:45:13 -------- d-----w- c:\program files\SPSSInc
2010-12-04 15:05:51 -------- d-----w- c:\program files\common files\IBM
2010-12-04 15:03:50 205 ----a-w- c:\windows\system32\lsprst7.dll
2010-12-04 15:03:50 1025 ----a-w- c:\windows\system32\sysprs7.dll

==================== Find3M ====================

2010-12-18 17:07:55 90112 ----a-w- c:\windows\DUMP5f94.tmp
2010-12-18 17:06:26 90112 ----a-w- c:\windows\DUMP6c66.tmp
2010-12-18 17:04:53 90112 ----a-w- c:\windows\DUMP7a6f.tmp
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-30 16:09:03 81920 ---ha-w- c:\windows\system32\v3shrtkgn.dll
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 12:41:30.56 ===============


https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Napomena: Nemoj priključivati usb memorijske uređaje dok ti ne napišem da ih priključiš.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • nirre  Male
  • Super građanin
  • Pridružio: 26 Mar 2005
  • Poruke: 1489
  • Gde živiš: Podgorica

ComboFix 11-01-02.04 - nirre 01/03/2011 14:17:14.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.256.124 [GMT 1:00]
Running from: c:\documents and settings\nirre\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Win
c:\win\lsass.exe
c:\win\names.txt
c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2011-01-02 13:37 . 2011-01-02 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-01-02 13:37 . 2011-01-02 13:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-01 18:44 . 2011-01-01 18:44 -------- d-----w- c:\documents and settings\nirre\Local Settings\Application Data\Mozilla
2010-12-31 13:33 . 1999-11-10 11:05 86016 ----a-w- c:\windows\unvise32qt.exe
2010-12-23 12:14 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-23 12:13 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 18:53 . 2008-04-13 19:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-12-13 18:53 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-12-13 18:53 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-12-13 18:33 . 2010-12-23 17:35 -------- dc----w- c:\windows\system32\DRVSTORE
2010-12-13 18:33 . 2010-02-26 13:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-12-13 18:30 . 2010-12-13 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-12-05 16:17 . 2010-12-05 16:17 -------- d-----w- c:\documents and settings\nirre\.spss
2010-12-05 16:14 . 2010-12-05 16:14 1024 ----a-w- c:\windows\system32\grcauth2.dll
2010-12-05 16:14 . 2010-12-05 16:14 1024 ----a-w- c:\windows\system32\grcauth1.dll
2010-12-05 15:47 . 2010-12-05 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2010-12-05 15:47 . 2010-12-05 15:47 -------- d-----w- c:\program files\Common Files\SPSS
2010-12-05 15:47 . 2010-12-05 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SPSS
2010-12-05 15:45 . 2010-12-05 15:45 -------- d-----w- c:\program files\SPSSInc
2010-12-04 15:05 . 2010-12-04 15:05 -------- d-----w- c:\program files\Common Files\IBM
2010-12-04 15:03 . 2010-12-04 15:03 1025 ----a-w- c:\windows\system32\sysprs7.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-18 17:07 . 2010-08-18 17:12 90112 ----a-w- c:\windows\DUMP5f94.tmp
2010-12-18 17:06 . 2010-08-18 17:12 90112 ----a-w- c:\windows\DUMP6c66.tmp
2010-12-18 17:04 . 2010-08-18 17:12 90112 ----a-w- c:\windows\DUMP7a6f.tmp
2010-11-18 18:12 . 2010-08-18 15:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-03 12:25 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-08-23 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-30 16:09 . 2010-10-30 16:09 81920 ---ha-w- c:\windows\system32\v3shrtkgn.dll
2010-10-28 13:13 . 2004-08-03 22:56 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-03 21:17 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-05 18:14 . 2010-10-05 18:14 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2010-10-05 18:14 . 2004-08-03 21:14 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
.

------- Sigcheck -------

[-] 2010-10-05 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2010-10-05 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-06-24 2202704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Documents and Settings\\nirre\\Application Data\\mjusbsp\\magicJack.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 08:17 114984]
R3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [8/18/2010 22:00 231040]

--- Other Services/Drivers In Memory ---

*Deregistered* - pxtdapog
.
Contents of the 'Scheduled Tasks' folder

2011-01-03 c:\windows\Tasks\User_Feed_Synchronization-{7284ED7B-5975-493A-8F1F-E5703C68ACFF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\nirre\Application Data\Mozilla\Firefox\Profiles\4mhhy4t0.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-run32 - c:\win\lsass.exe
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 14:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-03 14:26:37
ComboFix-quarantined-files.txt 2011-01-03 13:26

Pre-Run: 3,980,541,952 bytes free
Post-Run: 4,003,651,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D6EF26892E796E8D24E0C2CFA460B02E

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • nirre  Male
  • Super građanin
  • Pridružio: 26 Mar 2005
  • Poruke: 1489
  • Gde živiš: Podgorica

Odradjeno

USBNoRisk 2.6 (08 September 2010) by bobby

Started at 1/3/2011 16:02:01

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {4fa764a8-aaea-11df-90c0-806d6172696f}
D: {4fa764a9-aaea-11df-90c0-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 4fa764a8-aaea-11df-90c0-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 4fa764a9-aaea-11df-90c0-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 1/3/2011 16:02:24

Scanning for connected USB mass storage...
----------------------------------------
F: {d12c1378-bb56-11df-9793-000ea667e277}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No autorun.inf files found on F:
No mountpoint found for d12c1378-bb56-11df-9793-000ea667e277
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 1/3/2011 16:03:00

Scanning for connected USB mass storage...
----------------------------------------
F: {daccbecf-aea4-11df-977c-000ea667e277}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
autorun.inf found on F:
----------------------------------------
File F:\autorun.inf renamed successfully

Content of F:\autorun.inf.blocked
----------------------------------------
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

No mountpoint found for daccbecf-aea4-11df-977c-000ea667e277
----------------------------------------

----------------------------------------
Desktop.ini found at F:\ALKOHOLU\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at F:\enable\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 1/3/2011 16:03:33

Scanning for connected USB mass storage...
----------------------------------------
F: {48bf5a2a-b85c-11df-978f-000ea667e277}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
autorun.inf found on F:
----------------------------------------
File F:\autorun.inf renamed successfully

Content of F:\autorun.inf.blocked
----------------------------------------
[autorun]
open=autorun.exe
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
F:\autorun.exe --a-- 1776323
----------------------------------------

No mountpoint found for 48bf5a2a-b85c-11df-978f-000ea667e277
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 1/3/2011 16:04:01

Scanning for connected USB mass storage...
----------------------------------------
H: {daccbed1-aea4-11df-977c-000ea667e277}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No autorun.inf files found on H:
No mountpoint found for daccbed1-aea4-11df-977c-000ea667e277
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
========================================

========================================
Removed H:
========================================

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{d12c1378-bb56-11df-9793-000ea667e277}
no_sh:
folder_list: %DRIVE%

{daccbecf-aea4-11df-977c-000ea667e277}
no_sh:
folder_list: %DRIVE%

{48bf5a2a-b85c-11df-978f-000ea667e277}
no_sh:
folder_list: %DRIVE%

{daccbed1-aea4-11df-977c-000ea667e277}
no_sh:
folder_list: %DRIVE%


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.


Napomena: Redom priključuj usb memorijske i pri svakom priključivanju klikni na taster Run Script.

offline
  • nirre  Male
  • Super građanin
  • Pridružio: 26 Mar 2005
  • Poruke: 1489
  • Gde živiš: Podgorica

USBNoRisk 2.6 (08 September 2010) by bobby

Started at 1/3/2011 16:48:49

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {4fa764a8-aaea-11df-90c0-806d6172696f}
D: {4fa764a9-aaea-11df-90c0-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 4fa764a8-aaea-11df-90c0-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 4fa764a9-aaea-11df-90c0-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 1/3/2011 16:49:13

Scanning for connected USB mass storage...
----------------------------------------
F: {d12c1378-bb56-11df-9793-000ea667e277}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No autorun.inf files found on F:
No mountpoint found for d12c1378-bb56-11df-9793-000ea667e277
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================


Processing script
----------------------------------------
d12c1378-bb56-11df-9793-000ea667e277
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 3
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
None
----------------------------------------
Folder list for F:\:
----------------------------------------
None
----------------------------------------

========================================
Removed F:
========================================


New device connected at 1/3/2011 16:50:21

Scanning for connected USB mass storage...
----------------------------------------
F: {daccbecf-aea4-11df-977c-000ea667e277}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No autorun.inf files found on F:
No mountpoint found for daccbecf-aea4-11df-977c-000ea667e277
----------------------------------------

----------------------------------------
Desktop.ini found at F:\ALKOHOLU\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at F:\enable\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive F:
========================================

Processing script
----------------------------------------
daccbecf-aea4-11df-977c-000ea667e277
Drive letter for GUID: F:
SectionStart = 4
SectionEnd = 7
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
dra-- F:\ALKOHOLU > unhidden
--a-- F:\ALKOHOLU\Desktop.ini > unhidden
dra-- F:\enable > unhidden
--a-- F:\enable\Desktop.ini > unhidden
----------------------------------------
Folder list for F:\:
----------------------------------------

--a--   109063   F:\THYMUS~1.DOC   F:\Thymus vulgaris L.docx
d----   0   F:\Stat   F:\Stat
d----   0   F:\EKG   F:\EKG
d----   0   F:\Egipat   F:\Egipat
--a--   605307   F:\MUSKAK~1.PDF   F:\Muska kozmetika.pdf
--a--   272384   F:\ESTROG~1.DOC   F:\Estrogeni.doc
--a--   340992   F:\MUSKAK~1.DOC   F:\Muska kozmetika.doc
--a--   1387982   F:\ESTROG~1.PDF   F:\Estrogeni.pdf
d----   0   F:\STANJE~1   F:\Stanje apoteka
--a--   9879682   F:\CAJKOD~1.PPT   F:\Čaj kod upale želudačne sluznice.pptx
d----   0   F:\24.12   F:\24.12
--a--   914787   F:\SILYBU~1.DOC   F:\Silybum marianum.docx
d----   0   F:\FARMAC~1   F:\farmaceutska analiza
--a--   0   F:\AUTORU~1.BLO   F:\aut[b][/b]orun.inf.blocked
dra--   0   F:\ALKOHOLU   F:\ALKOHOLU
dra--   0   F:\enable   F:\enable

----------------------------------------

========================================
Scan finished!
========================================


Processing script
----------------------------------------
daccbecf-aea4-11df-977c-000ea667e277
Drive letter for GUID: F:
SectionStart = 4
SectionEnd = 7
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
----------------------------------------
Folder list for F:\:
----------------------------------------

--a--   109063   F:\THYMUS~1.DOC   F:\Thymus vulgaris L.docx
d----   0   F:\Stat   F:\Stat
d----   0   F:\EKG   F:\EKG
d----   0   F:\Egipat   F:\Egipat
--a--   605307   F:\MUSKAK~1.PDF   F:\Muska kozmetika.pdf
--a--   272384   F:\ESTROG~1.DOC   F:\Estrogeni.doc
--a--   340992   F:\MUSKAK~1.DOC   F:\Muska kozmetika.doc
--a--   1387982   F:\ESTROG~1.PDF   F:\Estrogeni.pdf
d----   0   F:\STANJE~1   F:\Stanje apoteka
--a--   9879682   F:\CAJKOD~1.PPT   F:\Čaj kod upale želudačne sluznice.pptx
d----   0   F:\24.12   F:\24.12
--a--   914787   F:\SILYBU~1.DOC   F:\Silybum marianum.docx
d----   0   F:\FARMAC~1   F:\farmaceutska analiza
--a--   0   F:\AUTORU~1.BLO   F:\aut[b][/b]orun.inf.blocked
dra--   0   F:\ALKOHOLU   F:\ALKOHOLU
dra--   0   F:\enable   F:\enable

----------------------------------------

========================================
Removed F:
========================================


New device connected at 1/3/2011 16:51:23

Scanning for connected USB mass storage...
----------------------------------------
F: {48bf5a2a-b85c-11df-978f-000ea667e277}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
[autorun]
open=autorun.exe
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
F:\autorun.exe --a-- 1776323
----------------------------------------

----------------------------------------
No autorun.inf files found on F:
No mountpoint found for 48bf5a2a-b85c-11df-978f-000ea667e277
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

Processing script
----------------------------------------
48bf5a2a-b85c-11df-978f-000ea667e277
Drive letter for GUID: F:
SectionStart = 8
SectionEnd = 11
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
--a-- F:\app\webapps\FIP10\images\buttons\Thumbs.db > unhidden
--a-- F:\server\webapps\FIP10\images\buttons\Thumbs.db > unhidden
----------------------------------------
Folder list for F:\:
----------------------------------------

d--h-   0   F:\FSEVEN~1   F:\.fseventsd
d--h-   0   F:\SPOTLI~1   F:\.Spotlight-V100
d--h-   0   F:\TRASHE~1   F:\.Trashes
d----   0   F:\app   F:\app
d----   0   F:\run_osx.app   F:\run_osx.app
d----   0   F:\server   F:\server
--ah-   4096   F:\_F643~1.TRA   F:\._.Trashes
--a--   31000   F:\A2VLOG~1.BMP   F:\A2Vlogo_TM.bmp
--a--   11896   F:\A2VLOG~1.PIC   F:\A2Vlogo_TM.pict
--a--   372   F:\aut[b][/b]orun.dat   F:\aut[b][/b]orun.dat
--a--   1776323   F:\aut[b][/b]orun.exe   F:\aut[b][/b]orun.exe
--a--   29   F:\AUTORU~1.BLO   F:\aut[b][/b]orun.inf.blocked

----------------------------------------

========================================
Scan finished!
========================================


Processing script
----------------------------------------
48bf5a2a-b85c-11df-978f-000ea667e277
Drive letter for GUID: F:
SectionStart = 8
SectionEnd = 11
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
----------------------------------------
Folder list for F:\:
----------------------------------------

d--h-   0   F:\FSEVEN~1   F:\.fseventsd
d--h-   0   F:\SPOTLI~1   F:\.Spotlight-V100
d--h-   0   F:\TRASHE~1   F:\.Trashes
d----   0   F:\app   F:\app
d----   0   F:\run_osx.app   F:\run_osx.app
d----   0   F:\server   F:\server
--ah-   4096   F:\_F643~1.TRA   F:\._.Trashes
--a--   31000   F:\A2VLOG~1.BMP   F:\A2Vlogo_TM.bmp
--a--   11896   F:\A2VLOG~1.PIC   F:\A2Vlogo_TM.pict
--a--   372   F:\aut[b][/b]orun.dat   F:\aut[b][/b]orun.dat
--a--   1776323   F:\aut[b][/b]orun.exe   F:\aut[b][/b]orun.exe
--a--   29   F:\AUTORU~1.BLO   F:\aut[b][/b]orun.inf.blocked

----------------------------------------

========================================
Removed F:
========================================


New device connected at 1/3/2011 16:52:20

Scanning for connected USB mass storage...
----------------------------------------
H: {daccbed1-aea4-11df-977c-000ea667e277}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No autorun.inf files found on H:
No mountpoint found for daccbed1-aea4-11df-977c-000ea667e277
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
========================================

Processing script
----------------------------------------
daccbed1-aea4-11df-977c-000ea667e277
Drive letter for GUID: H:
SectionStart = 12
SectionEnd = 14
----------------------------------------
Unhide superhidden for H:\
----------------------------------------
dra-- H:\RECYCLER > unhidden
dra-- H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 > unhidden
--a-- H:\DevIcon.fil > unhidden
--a-- H:\DevLogo.fil > unhidden
----------------------------------------
Folder list for H:\:
----------------------------------------

d----   0   H:\Images   H:\Images
d----   0   H:\Others   H:\Others
d----   0   H:\Sounds   H:\Sounds
d----   0   H:\Videos   H:\Videos
d----   0   H:\Private   H:\Private
d----   0   H:\Music   H:\Music
d----   0   H:\PLAYLI~1   H:\Playlists
d----   0   H:\sys   H:\sys
d----   0   H:\system   H:\system
d----   0   H:\resource   H:\resource
d----   0   H:\Installs   H:\Installs
d----   0   H:\download   H:\download
d----   0   H:\ACTIVE~1   H:\Activenotes
d----   0   H:\ATTACH~1   H:\Attachments
dra--   0   H:\RECYCLER   H:\RECYCLER
--a--   78879   H:\DevIcon.fil   H:\DevIcon.fil
--a--   3812   H:\DevLogo.fil   H:\DevLogo.fil
d----   0   H:\data   H:\data
--a--   366456   H:\NOKIA_~1.SIS   H:\Nokia_Mobile_Dictionary_sr.SIS

----------------------------------------

========================================
Scan finished!
========================================


Processing script
----------------------------------------
daccbed1-aea4-11df-977c-000ea667e277
Drive letter for GUID: H:
SectionStart = 12
SectionEnd = 14
----------------------------------------
Unhide superhidden for H:\
----------------------------------------
----------------------------------------
Folder list for H:\:
----------------------------------------

d----   0   H:\Images   H:\Images
d----   0   H:\Others   H:\Others
d----   0   H:\Sounds   H:\Sounds
d----   0   H:\Videos   H:\Videos
d----   0   H:\Private   H:\Private
d----   0   H:\Music   H:\Music
d----   0   H:\PLAYLI~1   H:\Playlists
d----   0   H:\sys   H:\sys
d----   0   H:\system   H:\system
d----   0   H:\resource   H:\resource
d----   0   H:\Installs   H:\Installs
d----   0   H:\download   H:\download
d----   0   H:\ACTIVE~1   H:\Activenotes
d----   0   H:\ATTACH~1   H:\Attachments
dra--   0   H:\RECYCLER   H:\RECYCLER
--a--   78879   H:\DevIcon.fil   H:\DevIcon.fil
--a--   3812   H:\DevLogo.fil   H:\DevLogo.fil
d----   0   H:\data   H:\data
--a--   366456   H:\NOKIA_~1.SIS   H:\Nokia_Mobile_Dictionary_sr.SIS

----------------------------------------

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pronađi na drugom usb memorijskom uređaju foldere enable i ALKOHOLU zatim ih obriši.


Kakvo je sada stanje?

Ko je trenutno na forumu
 

Ukupno su 758 korisnika na forumu :: 32 registrovanih, 6 sakrivenih i 720 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, Apok, Bahuss, CrazySerb_MLD, djo97, djordje92sm, dragon986, Drug pukovnik, ivica976, Jovan Nenad, krlebgd77, kybonacci, L A Z A R, Libertas, ljuba, manda87, MB120mm, mercedesamg, MikeHammer, milenko crazy north, nemkea71, NoOneEver Dreams, nuke92, ruan, Skywhaler, Snorks, Srki98, Toni, Vlada78, x9, YU-UKI