folderi na HD pretvorili se u shortcut _pokazuju na WINDOWS/sistem32

1

folderi na HD pretvorili se u shortcut _pokazuju na WINDOWS/sistem32

offline
  • Zora
  • Pridružio: 22 Okt 2004
  • Poruke: 1434
  • Gde živiš: ni na nebu ni na zemlji

Zarazila sam 1TB HD prikacivsi ga na neki kompjuter da prekopiram neki svoj program na drugi kompjuter(zurila sam pa sad imam..)
Shvativsi sto se desilo skanirala sam HD sa Avastom.
5 virusa je napalo jedan stari bkp netbook-a.
ne secam se koji virusi ali sam sve uklonila i bkp i infektirane fajlove iz karantene.
greskom sam prekinula skaniranje i nastavila opet..na kraju dana 767GB nasao je jos 2 virusa jedan je bio secam se trojanac..i to sam lepo uklonila iz karantene.
malo mi je cudno izgledala slika foldera na HD u obliku shortcut.
Sve sam otkopcala opet ukljucila ali ista stvar
shortcut ukazuje na lokaciju c:WINDOWS/sistem32
tamo nema nista a nema ni mesta na c za sve foldere..
Properties mi pokazuje Used:767 GB , 163 free.
ponadala s am se da su podaci ipak na disku..kako do njih?
jedan mp3 (tova e u nasa makedonija ) je u normalnom stanju)
ima neka cmd komanda, ima neki appInst koji se ne usudim instalirati, mislim da je od samsunga..
imam sporu konekciju u indiji preko mobitela..neznam brzinu
..............................
kad kliknem na neki shortcut ista poruka dolazi nemoze naci neki recycler program
screen shot sam prikacila.
.........................................
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_29
Run by Zora at 0:12:59 on 2012-02-04
Microsoft Windows XP Professional 5.1.2600.2.1252.46.1033.18.2039.1335 [GMT 5,5:30]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Zora\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zora\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zora\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zora\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Zora\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Documents and Settings\Zora\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\IrfanView\i_view32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [EasyTether] "c:\program files\mobile stream\easytether\easytthr.exe"
uRun: [Google Update] "c:\documents and settings\zora\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe
mRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe -H
mRun: [LClock] c:\program files\lclock\LClock.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{61856E86-368B-4BB5-AD4C-ABC2869F403A} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F5F51C2C-D928-401E-BF13-95841FD7BCC7} : DhcpNameServer = 8.8.8.8 8.8.4.4
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\zora\application data\mozilla\firefox\profiles\mdg8znjh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\zora\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iastor76;iastor76;c:\windows\system32\drivers\iastor76.sys [2007-11-20 305176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-23 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-23 320856]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2011-11-14 101616]
R1 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\drivers\tcpz-x86d.sys [2011-11-21 12136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-23 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-23 44768]
R2 UDisk Monitor;UDisk Monitor;c:\program files\mblaze ui\bin\MonServiceUDisk.exe [2011-11-23 512000]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2011-11-21 17296]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-11-15 38912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-21 1684736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2011-11-23 105472]
.
=============== Created Last 30 ================
.
2012-02-03 17:33:57 -------- d-----w- c:\program files\TeamViewer
2012-01-30 10:47:57 -------- d-----w- C:\temp osho
2012-01-20 04:57:54 -------- d-----w- c:\program files\Free Video Joiner
2012-01-18 18:57:58 -------- d-----w- c:\documents and settings\zora\application data\Malwarebytes
2012-01-18 18:57:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-18 18:57:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-18 18:57:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-18 08:48:32 -------- d-----w- C:\pune arun videos
2012-01-16 15:39:03 -------- d-----w- c:\program files\AutocompletePro
2012-01-16 15:36:44 -------- d-----w- c:\program files\Free Video Cutter
2012-01-16 15:35:21 212240 ----a-w- c:\windows\system32\richtx32.ocx
2012-01-16 15:35:20 152848 ----a-w- c:\windows\system32\comdlg32.ocx
2012-01-16 15:35:19 -------- d-----w- c:\program files\Video Cutter
2012-01-16 03:24:43 -------- d-----w- c:\documents and settings\zora\application data\URSoft
2012-01-16 03:24:35 -------- d-----w- c:\program files\Your Uninstaller 2008
2012-01-16 03:14:30 -------- d-----w- c:\documents and settings\zora\application data\avidemux
2012-01-16 03:13:52 -------- d-----w- c:\program files\Avidemux 2.5
2012-01-11 15:47:29 -------- d-----w- C:\haridas 1
2012-01-10 02:50:35 -------- d-----w- c:\program files\Total Video Converter
2012-01-06 14:40:26 -------- d-----w- c:\program files\SuperAudiotool
2012-01-06 14:38:45 -------- d-----w- c:\program files\VITSOFT
2012-01-06 14:34:44 -------- d-----w- c:\documents and settings\zora\application data\Subtitle Edit
2012-01-06 14:34:42 -------- d-----w- c:\program files\Subtitle Edit
2012-01-06 14:33:36 -------- d-----w- c:\program files\Xvid
2012-01-06 14:33:12 -------- d-----w- c:\program files\AviSynth 2.5
2012-01-06 14:32:34 -------- d-----w- c:\program files\AVI ReComp
.
==================== Find3M ====================
.
2011-11-22 08:08:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-22 08:08:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-22 07:26:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-21 13:59:13 360704 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2011-11-21 13:55:09 360704 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
.
============= FINISH: 0:14:00,17 ===============



https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav novidan!










Nisi ispratila uputstvo za otvaranje teme do kraja.

Uputstvo se nalazi ovde: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html
Obrati paznju na Korak #3









goran9888 (AMF Tim)

offline
  • Zora
  • Pridružio: 22 Okt 2004
  • Poruke: 1434
  • Gde živiš: ni na nebu ni na zemlji

Napisano: 04 Feb 2012 3:28

da korak 3 sam ispustila da prikacim izvestaje gmer-a, ali skaniranje je trajalo satima i ja sam zaspala pustivsi netbook da radi..evo nadam se da mogu naknadno prikaciti ta 3 fajla..hvala

Dopuna: 04 Feb 2012 3:30

neznam kakao prikaciti sva tri u jednom odgovoru, pa saljem 3 puta za svaki Gmer odgovor

Dopuna: 04 Feb 2012 3:36

mislim da sam otkrila kako poslati sva 3 ali gmer1 ne vidim da je okacen pa sam ga u rar spakovala..
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 04 Feb 2012 3:40

izvinite sad vidim da je gmer1 bio okacen neznam zasto nisam videla pa sam ponovo u rar formatu okacila..
molim pogledajte ,samo molim da ne moram ponavljati sve izvestaje ponovo
i hvala na vasem trudu..

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Start -> Control Panel -> Add or Remove programs -> deinstaliraj AutocompletePro (u pitanju je Adware) i sve ostale programe koje ne koristis.





Arrow


- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.



Arrow

Takodje, okaci mi Avast-ov izvestaj da pogledam sta je to detektovao i brisao:

C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\FileSystemShield.txt







goran9888 (AMF Tim)

offline
  • Zora
  • Pridružio: 22 Okt 2004
  • Poruke: 1434
  • Gde živiš: ni na nebu ni na zemlji

hocu Gorane sve cu dodatno uraditi
ali samo da kazem da sam nasla resenje i dobila natrag fajlove na ovaj nacin vidi link
izgleda da je to stara 'boljka' jos iz 2010
vidi
http://en.kioskea.net/forum/affich-488562-shortcut-virus-on-flash-drive

morala sam taj cmd otvoriti kao administrator..uh sto je bilo komplikovano otkriti kako otvoriti cmd kao administrator...ali
ima jedna bojazan
na HD su mi ipak ostali shortcut-ovi, sto je vjerojatno potencijalna opasnost da je virus na HD negde skriven, mozda upravo u shortcut-u.nisam dirala..spasavam si slike i videe na drugi hd i komp.gde imam mesta..sutra cu poceti da vam saljem dodatne izvestaje..hvala sto ste uvek na pomoci... Zagrljaj

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Znam ja sta je problem, ali ...

Nisi imala potrebe praviti posla (kopirati slike i video snimke) - crv je samo promenio atribute folderima (sakrio ih), no ajde ... kad zavrsis, postavi potrebne izvestaje. Ovo sa linka sto si mi ostavila - u pitanju je komanda koja skida atribute folderima, pa ce to privremeno resiti tvoj problem. Na kraju ovog slucaja ces dobiti preporuku za program koji ce te stiti od zarazenih USB memorijskih uredjaja tako da vise neces imati takvih problema. Avast jednostavno ne zna da se izbori sa tim prastarim crvom na pravi nacin. GUZ - Glavom U Zid









goran9888 (AMF Tim)

offline
  • Zora
  • Pridružio: 22 Okt 2004
  • Poruke: 1434
  • Gde živiš: ni na nebu ni na zemlji

pocinjem jos danas s laksim..evo nasla sam izvestaj Avasta :Smile
https://www.mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Cekam USBNoRisk izvestaj ...

offline
  • Zora
  • Pridružio: 22 Okt 2004
  • Poruke: 1434
  • Gde živiš: ni na nebu ni na zemlji

Napisano: 05 Feb 2012 11:20

evo konacno sam izvela i poslednji izvestaj,(nadamse Smile USBnoRisk

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 2012-02-05 15:35:55

Searching for connected USB Mass storage...
----------------------------------------
H: {2e352cd2-14fd-11e1-b863-00261852db89}
========================================

Searching for other storage...
----------------------------------------
D: {3ce89559-1470-11e1-9445-806d6172696f}
C: {3ce8955d-1470-11e1-9445-806d6172696f}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on H:
No autorun.inf files found on H:
No mountpoint found for 2e352cd2-14fd-11e1-b863-00261852db89
No Desktop.ini files found on H:
No mimics found on drive H:
No .lnk/.pif/.com/.scr files found on drive H:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 3ce8955d-1470-11e1-9445-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 3ce89559-1470-11e1-9445-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 2012-02-05 15:37:03

Scanning for connected USB mass storage...
----------------------------------------
G: {25e89745-165e-11e1-b39e-00261852db89}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
No mountpoint found for G:
No mountpoint found for 25e89745-165e-11e1-b39e-00261852db89
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
----------------------------------------

.lnk/.pif/.com/.scr files found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 2012-02-05 15:37:50

Scanning for connected USB mass storage...
----------------------------------------
G: {919dbae9-25a7-11e1-8ff1-00261852db89}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
No mountpoint found for 919dbae9-25a7-11e1-8ff1-00261852db89
----------------------------------------

----------------------------------------
Desktop.ini found at G:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Vit Uninstall Manager\command,@ = C:\Program Files\VITSOFT\Vit Registry Fix\Vit Uninstall Manager.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Vit Uninstall Manager\command,@ = C:\Program Files\VITSOFT\Vit Registry Fix\Vit Uninstall Manager.exe
----------------------------------------

No mimics found on drive G:
----------------------------------------

.lnk/.pif/.com/.scr files found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 2012-02-05 15:38:32

Scanning for connected USB mass storage...
----------------------------------------
G: {8692959f-257d-11e1-8ff0-00261852db89}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
No mountpoint found for 8692959f-257d-11e1-8ff0-00261852db89
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive G:
========================================

========================================
Removed G:
========================================


New device connected at 2012-02-05 15:39:21

Scanning for connected USB mass storage...
----------------------------------------
G: {25e8974a-165e-11e1-b39e-00261852db89}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
No mountpoint found for 25e8974a-165e-11e1-b39e-00261852db89
----------------------------------------

----------------------------------------
Desktop.ini found at G:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Vit Uninstall Manager\command,@ = C:\Program Files\VITSOFT\Vit Registry Fix\Vit Uninstall Manager.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Vit Uninstall Manager\command,@ = C:\Program Files\VITSOFT\Vit Registry Fix\Vit Uninstall Manager.exe
----------------------------------------

No mimics found on drive G:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive G:
========================================

========================================
Removed G:
========================================


redosled ubacivanja:
1TB HD samsung koji mi jos ima shortcutove iako imam pristup normalno do fajlova ..sta da radim sa shortcutovima...?

2.500GB HD kineski Seagate
16 GB pendrive, bio je u kontaktu sa zarazenim laptopom ali sada mi avast nije otkrio virus na njemu
1 GB pendrive iskocio mi je avast sa upozorenjem -u karantenu je stavio
ja bi obrisala karantenu , molim sto prije odgovor...i ovaj je bio u dodiru s zarazenim laptopom
2GB pendrive- nije bio u kontaktu sa virusima
hvala.
.treba li novi avastov report?

Dopuna: 05 Feb 2012 11:28

na H: mi je bio stalno ukljucen mobilni jer preko njega imam internet...
onaj drugi po redu vidim ima neke stringove ali njega nisam prikljucivala na zarazeni kompjuter..
ali prije pitajboga svuda sam nesto negde prikljucivala i delila osho fajlove..dakle tah external od 500GB,

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

novidan ::ja bi obrisala karantenu , molim sto prije odgovor...


Kada Anti-Virus ukloni neki malware u karantin mozes biti bezbedna jer je malware izolovan, ne moze se pokrenuti i dejstvovati iz karantina. Sad, da li ces ocistiti karantin ili neces, nije toliko ni bitno. Nista neces dobiti. Karantin je jako dobra stvar u slucaju kada AV obrise legitiman fajl (a to se desava cesto); onda imas mogucnost lakog vracanja legitimnog fajla na mesto odakle ga je AV obrisao.


Citat:treba li novi avastov report?

Ne.




Arrow


- Ovaj postupak ponovi samo za dva uredjaja: "1TB HD samsung" i "500GB HD kineski Seagate"



- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{25e89745-165e-11e1-b39e-00261852db89}
folder_list:%DRIVE%
no_sh:

{919dbae9-25a7-11e1-8ff1-00261852db89}
folder_list:%DRIVE%
no_sh:


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.









goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 1206 korisnika na forumu :: 47 registrovanih, 3 sakrivenih i 1156 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, A.R.Chafee.Jr., AMCXXL, Andrija357, Apok, Asparagus, babaroga, Battlehammer, Boris Bosiljčić, Boris90, Brana01, Bubimir, DonRumataEstorski, Duh sa sekirom, FOX, GenZee, goxin, GveX, havoc995, ikan, ILGromovnik, jaeger, Krusarac, Krvava Devetka, kybonacci, ladro, Lieutenant, ljuba, lord sir giga, Luka Blažević, manda87, mercedesamg, mikrimaus, mkukoleca, naki011, ostoja, samsung, Sančo, sasakrajina, Shinobi, sombrero, suponik, tubular, VJ, Vlada78, voja64, vukovi