MyCity » Ambulanta -> Arhiva Ambulante » Virus not deleted

Virus not deleted

Napisano na dan: 3.1.2011

Strana:
1
2

Virus not deleted

Sledeća strana

Pagination

Odgovori

Strana:
1
2

nirre Poslao: 03 Jan 2011 12:24 Idi na vrh
offline nirre Super građanin Pridružio: 26 Mar 2005 Poruke: 1489 Gde živiš: Podgorica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ESS kada je sinoc od odradio full scan nasao je sledecu stavku C:\Win\lsass.exe » AUTOIT » script.au3 - Win32/Autoit.GP worm C:\Win\lsass.exe » AUTOIT » desktop.exe - probably a variant of Win32/Statik potentially unwanted application C:\Win\lsass.exe » AUTOIT » - archive damaged I pisaolo je Number of threats found: 2 Number of cleaned objects: 0 Kako mogu ulkoniti ovo jer ESS ne moze? Ne moze ni rucno.[/i]

Profil

Bogdan-Tc Poslao: 03 Jan 2011 12:29 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nirre :: Kako mogu ulkoniti ovo jer ESS ne moze? Ne moze ni rucno. Za početak kreni od ovog uputstva: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

nirre Poslao: 03 Jan 2011 13:48 Idi na vrh
offline nirre Super građanin Pridružio: 26 Mar 2005 Poruke: 1489 Gde živiš: Podgorica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Izvinjavam se (GMER nije mogao,restartovao mi je racunar) Da dodam, sada imam problem sa tastaturom, ne prikazuje slova koja kucam. DDS (Ver_10-12-12.02) - NTFSx86 Run by nirre at 12:40:10.96 on Mon 01/03/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.256.45 [GMT 1:00] AV: ESET Smart Security 4.2 Enabled/Updated {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall Enabled ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\nirre\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [run32] c:\win\lsass.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\nirre\applic~1\mozilla\firefox\profiles\4mhhy4t0.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-6-24 810144] R3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [2010-8-18 231040] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2011-01-02 13:37:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-01-02 13:37:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-12-31 13:33:50 86016 ----a-w- c:\windows\unvise32qt.exe 2010-12-23 12:14:14 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-23 12:13:15 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2010-12-13 18:53:30 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2010-12-13 18:53:30 26112 ----a-w- c:\windows\system32\drivers\usbser.sys 2010-12-13 18:53:02 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-12-13 18:33:12 92672 ----a-w- c:\windows\system32\nmwcdcls.dll 2010-12-05 16:17:17 -------- d-----w- c:\documents and settings\nirre\.spss 2010-12-05 16:14:07 1024 ----a-w- c:\windows\system32\grcauth2.dll 2010-12-05 16:14:07 1024 ----a-w- c:\windows\system32\grcauth1.dll 2010-12-05 16:14:07 100 ----a-w- c:\windows\system32\prsgrc.dll 2010-12-05 15:47:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\SafeNet Sentinel 2010-12-05 15:47:22 -------- d-----w- c:\program files\common files\SPSS 2010-12-05 15:47:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\SPSS 2010-12-05 15:45:13 -------- d-----w- c:\program files\SPSSInc 2010-12-04 15:05:51 -------- d-----w- c:\program files\common files\IBM 2010-12-04 15:03:50 205 ----a-w- c:\windows\system32\lsprst7.dll 2010-12-04 15:03:50 1025 ----a-w- c:\windows\system32\sysprs7.dll ==================== Find3M ==================== 2010-12-18 17:07:55 90112 ----a-w- c:\windows\DUMP5f94.tmp 2010-12-18 17:06:26 90112 ----a-w- c:\windows\DUMP6c66.tmp 2010-12-18 17:04:53 90112 ----a-w- c:\windows\DUMP7a6f.tmp 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec 2010-10-30 16:09:03 81920 ---ha-w- c:\windows\system32\v3shrtkgn.dll 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 12:41:30.56 =============== https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 03 Jan 2011 13:59 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napomena: Nemoj priključivati usb memorijske uređaje dok ti ne napišem da ih priključiš. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

nirre Poslao: 03 Jan 2011 14:28 Idi na vrh
offline nirre Super građanin Pridružio: 26 Mar 2005 Poruke: 1489 Gde živiš: Podgorica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 11-01-02.04 - nirre 01/03/2011 14:17:14.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.256.124 [GMT 1:00] Running from: c:\documents and settings\nirre\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 Disabled/Updated {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall Enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Win c:\win\lsass.exe c:\win\names.txt c:\windows\system32\lsprst7.dll c:\windows\system32\prsgrc.dll . ((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 ))))))))))))))))))))))))))))))) . 2011-01-02 13:37 . 2011-01-02 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-01-02 13:37 . 2011-01-02 13:40 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-01-01 18:44 . 2011-01-01 18:44 -------- d-----w- c:\documents and settings\nirre\Local Settings\Application Data\Mozilla 2010-12-31 13:33 . 1999-11-10 11:05 86016 ----a-w- c:\windows\unvise32qt.exe 2010-12-23 12:14 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-23 12:13 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2010-12-13 18:53 . 2008-04-13 19:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2010-12-13 18:53 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys 2010-12-13 18:53 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-12-13 18:33 . 2010-12-23 17:35 -------- dc----w- c:\windows\system32\DRVSTORE 2010-12-13 18:33 . 2010-02-26 13:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll 2010-12-13 18:30 . 2010-12-13 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2010-12-05 16:17 . 2010-12-05 16:17 -------- d-----w- c:\documents and settings\nirre\.spss 2010-12-05 16:14 . 2010-12-05 16:14 1024 ----a-w- c:\windows\system32\grcauth2.dll 2010-12-05 16:14 . 2010-12-05 16:14 1024 ----a-w- c:\windows\system32\grcauth1.dll 2010-12-05 15:47 . 2010-12-05 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel 2010-12-05 15:47 . 2010-12-05 15:47 -------- d-----w- c:\program files\Common Files\SPSS 2010-12-05 15:47 . 2010-12-05 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SPSS 2010-12-05 15:45 . 2010-12-05 15:45 -------- d-----w- c:\program files\SPSSInc 2010-12-04 15:05 . 2010-12-04 15:05 -------- d-----w- c:\program files\Common Files\IBM 2010-12-04 15:03 . 2010-12-04 15:03 1025 ----a-w- c:\windows\system32\sysprs7.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-18 17:07 . 2010-08-18 17:12 90112 ----a-w- c:\windows\DUMP5f94.tmp 2010-12-18 17:06 . 2010-08-18 17:12 90112 ----a-w- c:\windows\DUMP6c66.tmp 2010-12-18 17:04 . 2010-08-18 17:12 90112 ----a-w- c:\windows\DUMP7a6f.tmp 2010-11-18 18:12 . 2010-08-18 15:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:26 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-06 00:26 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:26 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-03 12:25 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2001-08-23 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-30 16:09 . 2010-10-30 16:09 81920 ---ha-w- c:\windows\system32\v3shrtkgn.dll 2010-10-28 13:13 . 2004-08-03 22:56 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25 . 2004-08-03 21:17 1853312 ----a-w- c:\windows\system32\win32k.sys 2010-10-05 18:14 . 2010-10-05 18:14 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2010-10-05 18:14 . 2004-08-03 21:14 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS . ------- Sigcheck ------- [-] 2010-10-05 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [-] 2010-10-05 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-06-24 2202704] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"= "c:\\Documents and Settings\\nirre\\Application Data\\mjusbsp\\magicJack.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 08:17 114984] R3 SNPHV71;PC Camera (602a VGA);c:\windows\system32\drivers\snphv71.sys [8/18/2010 22:00 231040] --- Other Services/Drivers In Memory --- Deregistered - pxtdapog . Contents of the 'Scheduled Tasks' folder 2011-01-03 c:\windows\Tasks\User_Feed_Synchronization-{7284ED7B-5975-493A-8F1F-E5703C68ACFF}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\nirre\Application Data\Mozilla\Firefox\Profiles\4mhhy4t0.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-run32 - c:\win\lsass.exe SafeBoot-Wdf01000.sys SafeBoot-WudfPf SafeBoot-WudfRd ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-03 14:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2011-01-03 14:26:37 ComboFix-quarantined-files.txt 2011-01-03 13:26 Pre-Run: 3,980,541,952 bytes free Post-Run: 4,003,651,584 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - D6EF26892E796E8D24E0C2CFA460B02E

Profil

Bogdan-Tc Poslao: 03 Jan 2011 15:22 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

nirre Poslao: 03 Jan 2011 16:04 Idi na vrh
offline nirre Super građanin Pridružio: 26 Mar 2005 Poruke: 1489 Gde živiš: Podgorica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odradjeno USBNoRisk 2.6 (08 September 2010) by bobby Started at 1/3/2011 16:02:01 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {4fa764a8-aaea-11df-90c0-806d6172696f} D: {4fa764a9-aaea-11df-90c0-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 4fa764a8-aaea-11df-90c0-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 4fa764a9-aaea-11df-90c0-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 1/3/2011 16:02:24 Scanning for connected USB mass storage... ---------------------------------------- F: {d12c1378-bb56-11df-9793-000ea667e277} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No autorun.inf files found on F: No mountpoint found for d12c1378-bb56-11df-9793-000ea667e277 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 1/3/2011 16:03:00 Scanning for connected USB mass storage... ---------------------------------------- F: {daccbecf-aea4-11df-977c-000ea667e277} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- No mountpoint found for daccbecf-aea4-11df-977c-000ea667e277 ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\ALKOHOLU\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\enable\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 1/3/2011 16:03:33 Scanning for connected USB mass storage... ---------------------------------------- F: {48bf5a2a-b85c-11df-978f-000ea667e277} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- autorun.inf found on F: ---------------------------------------- File F:\autorun.inf renamed successfully Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] open=autorun.exe ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- F:\autorun.exe --a-- 1776323 ---------------------------------------- No mountpoint found for 48bf5a2a-b85c-11df-978f-000ea667e277 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== ======================================== Removed F: ======================================== New device connected at 1/3/2011 16:04:01 Scanning for connected USB mass storage... ---------------------------------------- H: {daccbed1-aea4-11df-977c-000ea667e277} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No autorun.inf files found on H: No mountpoint found for daccbed1-aea4-11df-977c-000ea667e277 ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- No mimics found on drive H: ======================================== ======================================== Removed H: ========================================

Profil

Bogdan-Tc Poslao: 03 Jan 2011 16:39 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{d12c1378-bb56-11df-9793-000ea667e277} no_sh: folder_list: %DRIVE% {daccbecf-aea4-11df-977c-000ea667e277} no_sh: folder_list: %DRIVE% {48bf5a2a-b85c-11df-978f-000ea667e277} no_sh: folder_list: %DRIVE% {daccbed1-aea4-11df-977c-000ea667e277} no_sh: folder_list: %DRIVE%` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. Napomena: Redom priključuj usb memorijske i pri svakom priključivanju klikni na taster Run Script.

Profil

nirre Poslao: 03 Jan 2011 16:52 Idi na vrh
offline nirre Super građanin Pridružio: 26 Mar 2005 Poruke: 1489 Gde živiš: Podgorica	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 2.6 (08 September 2010) by bobby Started at 1/3/2011 16:48:49 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {4fa764a8-aaea-11df-90c0-806d6172696f} D: {4fa764a9-aaea-11df-90c0-806d6172696f} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 4fa764a8-aaea-11df-90c0-806d6172696f No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 4fa764a9-aaea-11df-90c0-806d6172696f No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 1/3/2011 16:49:13 Scanning for connected USB mass storage... ---------------------------------------- F: {d12c1378-bb56-11df-9793-000ea667e277} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on F: ---------------------------------------- No autorun.inf files found on F: No mountpoint found for d12c1378-bb56-11df-9793-000ea667e277 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- d12c1378-bb56-11df-9793-000ea667e277 Drive letter for GUID: F: SectionStart = 0 SectionEnd = 3 ---------------------------------------- Unhide superhidden for F:\ ---------------------------------------- None ---------------------------------------- Folder list for F:\: ---------------------------------------- None ---------------------------------------- ======================================== Removed F: ======================================== New device connected at 1/3/2011 16:50:21 Scanning for connected USB mass storage... ---------------------------------------- F: {daccbecf-aea4-11df-977c-000ea667e277} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- None ---------------------------------------- ---------------------------------------- No autorun.inf files found on F: No mountpoint found for daccbecf-aea4-11df-977c-000ea667e277 ---------------------------------------- ---------------------------------------- Desktop.ini found at F:\ALKOHOLU\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- Desktop.ini found at F:\enable\ contains interesting CLSID string ---------------------------------------- [.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E} ---------------------------------------- HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32 HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- daccbecf-aea4-11df-977c-000ea667e277 Drive letter for GUID: F: SectionStart = 4 SectionEnd = 7 ---------------------------------------- Unhide superhidden for F:\ ---------------------------------------- dra-- F:\ALKOHOLU > unhidden --a-- F:\ALKOHOLU\Desktop.ini > unhidden dra-- F:\enable > unhidden --a-- F:\enable\Desktop.ini > unhidden ---------------------------------------- Folder list for F:\: ---------------------------------------- --a-- 109063 F:\THYMUS~1.DOC F:\Thymus vulgaris L.docx d---- 0 F:\Stat F:\Stat d---- 0 F:\EKG F:\EKG d---- 0 F:\Egipat F:\Egipat --a-- 605307 F:\MUSKAK~1.PDF F:\Muska kozmetika.pdf --a-- 272384 F:\ESTROG~1.DOC F:\Estrogeni.doc --a-- 340992 F:\MUSKAK~1.DOC F:\Muska kozmetika.doc --a-- 1387982 F:\ESTROG~1.PDF F:\Estrogeni.pdf d---- 0 F:\STANJE~1 F:\Stanje apoteka --a-- 9879682 F:\CAJKOD~1.PPT F:\Čaj kod upale želudačne sluznice.pptx d---- 0 F:\24.12 F:\24.12 --a-- 914787 F:\SILYBU~1.DOC F:\Silybum marianum.docx d---- 0 F:\FARMAC~1 F:\farmaceutska analiza --a-- 0 F:\AUTORU~1.BLO F:\aut[b][/b]orun.inf.blocked dra-- 0 F:\ALKOHOLU F:\ALKOHOLU dra-- 0 F:\enable F:\enable ---------------------------------------- ======================================== Scan finished! ======================================== Processing script ---------------------------------------- daccbecf-aea4-11df-977c-000ea667e277 Drive letter for GUID: F: SectionStart = 4 SectionEnd = 7 ---------------------------------------- Unhide superhidden for F:\ ---------------------------------------- ---------------------------------------- Folder list for F:\: ---------------------------------------- --a-- 109063 F:\THYMUS~1.DOC F:\Thymus vulgaris L.docx d---- 0 F:\Stat F:\Stat d---- 0 F:\EKG F:\EKG d---- 0 F:\Egipat F:\Egipat --a-- 605307 F:\MUSKAK~1.PDF F:\Muska kozmetika.pdf --a-- 272384 F:\ESTROG~1.DOC F:\Estrogeni.doc --a-- 340992 F:\MUSKAK~1.DOC F:\Muska kozmetika.doc --a-- 1387982 F:\ESTROG~1.PDF F:\Estrogeni.pdf d---- 0 F:\STANJE~1 F:\Stanje apoteka --a-- 9879682 F:\CAJKOD~1.PPT F:\Čaj kod upale želudačne sluznice.pptx d---- 0 F:\24.12 F:\24.12 --a-- 914787 F:\SILYBU~1.DOC F:\Silybum marianum.docx d---- 0 F:\FARMAC~1 F:\farmaceutska analiza --a-- 0 F:\AUTORU~1.BLO F:\aut[b][/b]orun.inf.blocked dra-- 0 F:\ALKOHOLU F:\ALKOHOLU dra-- 0 F:\enable F:\enable ---------------------------------------- ======================================== Removed F: ======================================== New device connected at 1/3/2011 16:51:23 Scanning for connected USB mass storage... ---------------------------------------- F: {48bf5a2a-b85c-11df-978f-000ea667e277} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Blocked file found: F:\autorun.inf.blocked ---------------------------------------- Content of F:\autorun.inf.blocked ---------------------------------------- [autorun] open=autorun.exe ---------------------------------------- Files referenced from F:\autorun.inf.blocked ---------------------------------------- F:\autorun.exe --a-- 1776323 ---------------------------------------- ---------------------------------------- No autorun.inf files found on F: No mountpoint found for 48bf5a2a-b85c-11df-978f-000ea667e277 ---------------------------------------- No Desktop.ini files found on F: ---------------------------------------- No mimics found on drive F: ======================================== Processing script ---------------------------------------- 48bf5a2a-b85c-11df-978f-000ea667e277 Drive letter for GUID: F: SectionStart = 8 SectionEnd = 11 ---------------------------------------- Unhide superhidden for F:\ ---------------------------------------- --a-- F:\app\webapps\FIP10\images\buttons\Thumbs.db > unhidden --a-- F:\server\webapps\FIP10\images\buttons\Thumbs.db > unhidden ---------------------------------------- Folder list for F:\: ---------------------------------------- d--h- 0 F:\FSEVEN~1 F:\.fseventsd d--h- 0 F:\SPOTLI~1 F:\.Spotlight-V100 d--h- 0 F:\TRASHE~1 F:\.Trashes d---- 0 F:\app F:\app d---- 0 F:\run_osx.app F:\run_osx.app d---- 0 F:\server F:\server --ah- 4096 F:\_F643~1.TRA F:\._.Trashes --a-- 31000 F:\A2VLOG~1.BMP F:\A2Vlogo_TM.bmp --a-- 11896 F:\A2VLOG~1.PIC F:\A2Vlogo_TM.pict --a-- 372 F:\aut[b][/b]orun.dat F:\aut[b][/b]orun.dat --a-- 1776323 F:\aut[b][/b]orun.exe F:\aut[b][/b]orun.exe --a-- 29 F:\AUTORU~1.BLO F:\aut[b][/b]orun.inf.blocked ---------------------------------------- ======================================== Scan finished! ======================================== Processing script ---------------------------------------- 48bf5a2a-b85c-11df-978f-000ea667e277 Drive letter for GUID: F: SectionStart = 8 SectionEnd = 11 ---------------------------------------- Unhide superhidden for F:\ ---------------------------------------- ---------------------------------------- Folder list for F:\: ---------------------------------------- d--h- 0 F:\FSEVEN~1 F:\.fseventsd d--h- 0 F:\SPOTLI~1 F:\.Spotlight-V100 d--h- 0 F:\TRASHE~1 F:\.Trashes d---- 0 F:\app F:\app d---- 0 F:\run_osx.app F:\run_osx.app d---- 0 F:\server F:\server --ah- 4096 F:\_F643~1.TRA F:\._.Trashes --a-- 31000 F:\A2VLOG~1.BMP F:\A2Vlogo_TM.bmp --a-- 11896 F:\A2VLOG~1.PIC F:\A2Vlogo_TM.pict --a-- 372 F:\aut[b][/b]orun.dat F:\aut[b][/b]orun.dat --a-- 1776323 F:\aut[b][/b]orun.exe F:\aut[b][/b]orun.exe --a-- 29 F:\AUTORU~1.BLO F:\aut[b][/b]orun.inf.blocked ---------------------------------------- ======================================== Removed F: ======================================== New device connected at 1/3/2011 16:52:20 Scanning for connected USB mass storage... ---------------------------------------- H: {daccbed1-aea4-11df-977c-000ea667e277} Added H: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on H: ---------------------------------------- No autorun.inf files found on H: No mountpoint found for daccbed1-aea4-11df-977c-000ea667e277 ---------------------------------------- No Desktop.ini files found on H: ---------------------------------------- No mimics found on drive H: ======================================== Processing script ---------------------------------------- daccbed1-aea4-11df-977c-000ea667e277 Drive letter for GUID: H: SectionStart = 12 SectionEnd = 14 ---------------------------------------- Unhide superhidden for H:\ ---------------------------------------- dra-- H:\RECYCLER > unhidden dra-- H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 > unhidden --a-- H:\DevIcon.fil > unhidden --a-- H:\DevLogo.fil > unhidden ---------------------------------------- Folder list for H:\: ---------------------------------------- d---- 0 H:\Images H:\Images d---- 0 H:\Others H:\Others d---- 0 H:\Sounds H:\Sounds d---- 0 H:\Videos H:\Videos d---- 0 H:\Private H:\Private d---- 0 H:\Music H:\Music d---- 0 H:\PLAYLI~1 H:\Playlists d---- 0 H:\sys H:\sys d---- 0 H:\system H:\system d---- 0 H:\resource H:\resource d---- 0 H:\Installs H:\Installs d---- 0 H:\download H:\download d---- 0 H:\ACTIVE~1 H:\Activenotes d---- 0 H:\ATTACH~1 H:\Attachments dra-- 0 H:\RECYCLER H:\RECYCLER --a-- 78879 H:\DevIcon.fil H:\DevIcon.fil --a-- 3812 H:\DevLogo.fil H:\DevLogo.fil d---- 0 H:\data H:\data --a-- 366456 H:\NOKIA_~1.SIS H:\Nokia_Mobile_Dictionary_sr.SIS ---------------------------------------- ======================================== Scan finished! ======================================== Processing script ---------------------------------------- daccbed1-aea4-11df-977c-000ea667e277 Drive letter for GUID: H: SectionStart = 12 SectionEnd = 14 ---------------------------------------- Unhide superhidden for H:\ ---------------------------------------- ---------------------------------------- Folder list for H:\: ---------------------------------------- d---- 0 H:\Images H:\Images d---- 0 H:\Others H:\Others d---- 0 H:\Sounds H:\Sounds d---- 0 H:\Videos H:\Videos d---- 0 H:\Private H:\Private d---- 0 H:\Music H:\Music d---- 0 H:\PLAYLI~1 H:\Playlists d---- 0 H:\sys H:\sys d---- 0 H:\system H:\system d---- 0 H:\resource H:\resource d---- 0 H:\Installs H:\Installs d---- 0 H:\download H:\download d---- 0 H:\ACTIVE~1 H:\Activenotes d---- 0 H:\ATTACH~1 H:\Attachments dra-- 0 H:\RECYCLER H:\RECYCLER --a-- 78879 H:\DevIcon.fil H:\DevIcon.fil --a-- 3812 H:\DevLogo.fil H:\DevLogo.fil d---- 0 H:\data H:\data --a-- 366456 H:\NOKIA_~1.SIS H:\Nokia_Mobile_Dictionary_sr.SIS ----------------------------------------

Profil

Bogdan-Tc Poslao: 03 Jan 2011 18:37 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pronađi na drugom usb memorijskom uređaju foldere enable i ALKOHOLU zatim ih obriši. Kakvo je sada stanje?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virus not deleted

Ko je trenutno na forumu

Ukupno su 496 korisnika na forumu :: 5 registrovanih, 0 sakrivenih i 491 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Excalibur13, goxin, t84dar, vladaa012, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by