c:\Win\lsass.exe pomoc

c:\Win\lsass.exe pomoc

offline
  • BOb37 
  • Novi MyCity građanin
  • Pridružio: 07 Jan 2011
  • Poruke: 4

Mislim da imam problem sa kompom,usbstickom,telefonom i svim sto prikljucim na komp a narucito me nervira tastatura koja mesa slova.Skenirao sam sa NOD32 i izbacuje mi poruku c:\Win\lsass.exe » AUTOIT » script.au3 - Win32/Autoit.GP worm i c:\Win\lsass.exe » AUTOIT » desktop.exe - Win32/Autoit.FL worm
mycity.rs/must-login.png



DDS (Ver_10-12-12.02) - NTFSx86
Run by CARP at 11:26:25,46 on pet 07.01.2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2216 [GMT 1:00]

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\CARP\My Documents\torent\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://eu.ask.com?o=15183&l=dis
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mURLSearchHooks: H - No File
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [<NO NAME>]
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [FILEOCK]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [run32] c:\win\lsass.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\carp\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\carp\application data\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237322541734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237321794546
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\carp\applic~1\mozilla\firefox\profiles\iain05ze.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\carp\application data\mozilla\firefox\profiles\iain05ze.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\carp\application data\mozilla\firefox\profiles\iain05ze.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: IMDb Preview: {10187899-7ffe-4f9a-b9d2-35fdb3b49690} - %profile%\extensions\{10187899-7ffe-4f9a-b9d2-35fdb3b49690}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: LavaFox V1-Purple: zigboom555@aol.com - %profile%\extensions\zigboom555@aol.com
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-29 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-29 96408]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2009-3-17 11696]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-14 136176]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-8-27 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-8-27 8320]

=============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-01-07 09:49:40 -------- d-----w- c:\windows\pss
2011-01-07 09:46:29 -------- d-----w- c:\program files\CCleaner
2011-01-06 14:27:24 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-06 12:13:55 -------- d-----w- c:\docume~1\carp\applic~1\MCShield
2011-01-06 12:13:54 -------- d-----w- c:\program files\MCShield
2011-01-06 11:56:28 -------- d-----w- c:\docume~1\carp\applic~1\DriverCure
2011-01-06 11:56:27 -------- d-----w- c:\docume~1\carp\applic~1\ParetoLogic
2011-01-06 11:56:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2011-01-02 13:39:11 -------- d-----w- c:\program files\Microids

==================== Find3M ====================

2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 19:08:48 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 11:27:01,48 ===============






mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Arrow Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

 
Folders to delete:
c:\win

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | run32



Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.





Arrow Priključuj jedan po jedan USB uređaj kako bi bili skenirani MCShield-om i ovde postavi izveštaje skeniranja.

offline
  • BOb37 
  • Novi MyCity građanin
  • Pridružio: 07 Jan 2011
  • Poruke: 4

Napisano: 08 Jan 2011 12:13

Najlepse hvala na brzom odgovoru sad cu probati da sve to uradim.Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\win" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|run32" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
medjutim ispisao je da ga blokira mcshield,sad cu probati da usb-ove proverim hvala jos jednom Ziveli

Dopuna: 08 Jan 2011 12:21

prijatelju ne mogu da otvorim mcshield kaze da ga blokira neki moj security softwer iako sam iskljucio moj nod32(nerazumem se bas najbolje pa bi molio da mi objasnis)

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Probaj opet da pokreneš MCShield; ako i dalje ne radi, onda možemo o tome u ovoj temi (kasnije, kad ovde završimo): http://www.mycity.rs/Antispyware-programi/MCShield.html


Ukoliko MCS ne radi, onda isprati sledeće uputstvo:


Arrow Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • BOb37 
  • Novi MyCity građanin
  • Pridružio: 07 Jan 2011
  • Poruke: 4

Skinuo sam usbnorisk evo izvestaja.USBNoRisk 2.7 (28 December 2010) by bobby

Started at 8.1.2011 13:28:00

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {0b281c8d-1322-11de-af79-806d6172696f}
D: {0b281c8e-1322-11de-af79-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 0b281c8d-1322-11de-af79-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 0b281c8e-1322-11de-af79-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 8.1.2011 13:28:33

Scanning for connected USB mass storage...
----------------------------------------
I: {338da7fa-1333-11de-84cf-001e8c66a032}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No autorun.inf files found on I:
No mountpoint found for 338da7fa-1333-11de-84cf-001e8c66a032
----------------------------------------

----------------------------------------
Desktop.ini found at I:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

Mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

========================================
Removed I:
========================================


New device connected at 8.1.2011 13:30:20

Scanning for connected USB mass storage...
----------------------------------------
G: {b3da1b22-c0f8-11de-8514-001e8c66a032}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
No mountpoint found for b3da1b22-c0f8-11de-8514-001e8c66a032
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 8.1.2011 13:30:28

Scanning for connected USB mass storage...
----------------------------------------
G: {b3da1b22-c0f8-11de-8514-001e8c66a032}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
No mountpoint found for b3da1b22-c0f8-11de-8514-001e8c66a032
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive G:
========================================

========================================
Removed G:
========================================
Ovo je samo par stvari koje sam prikacio(usb stick,tel,fotoaparat) ostalo mi je na poslu jos dva stick koje mogu da proverim u ponedeljam ali isto mi se pojavljuju neki exe fajlovi

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj (prvi koji si spajao ranije).

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:


{338da7fa-1333-11de-84cf-001e8c66a032}
delete_mimics:
folder_delete: %DRIVE%SLATKO



- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

offline
  • BOb37 
  • Novi MyCity građanin
  • Pridružio: 07 Jan 2011
  • Poruke: 4

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 8.1.2011 14:35:50

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {0b281c8d-1322-11de-af79-806d6172696f}
D: {0b281c8e-1322-11de-af79-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 0b281c8d-1322-11de-af79-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 0b281c8e-1322-11de-af79-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 8.1.2011 14:36:01

Scanning for connected USB mass storage...
----------------------------------------
I: {338da7fa-1333-11de-84cf-001e8c66a032}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
No autorun.inf files found on I:
No mountpoint found for 338da7fa-1333-11de-84cf-001e8c66a032
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive I:
========================================

Mislim da sam uspeo HVALA PUNO

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Čini se ok...

Preostaje da obrišeš folder c:\avenger i sve korišćene programe.

Ko je trenutno na forumu
 

Ukupno su 352 korisnika na forumu :: 1 registrovan, 1 sakriven i 350 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: pein