hijack log hitno!!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ako sam dobro razumela to je ovo:

NDIS fix

C:\WINDOWS\system32\drivers\ndis.sys found 182912 bytes
C:\WINDOWS\system32\dllcache\ndis.sys not found

Backup C:\WINDOWS\system32\drivers\ndis.sys to C:\ndis_drivers.bak 212480 bytes
C:\WINDOWS\system32\drivers\ndis.sys deleted
New copy of C:\WINDOWS\system32\drivers\ndis.sys dropped

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\drivers\4360a163.sys
C:\dbckb.exe
C:\aqwiry.exe
c:\windows\system32\usbewt.sys

Driver::
mailKmd
usbewt

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-14.08 - Miki 07/19/2009 8:18.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1790.1354 [GMT 2:00]
Running from: c:\documents and settings\Miki\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Miki\Desktop\CFScript.txt

FILE ::
"C:\aqwiry.exe"
"C:\dbckb.exe"
"c:\windows\system32\drivers\4360a163.sys"
"c:\windows\system32\usbewt.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aqwiry.exe
C:\dbckb.exe
c:\windows\system32\drivers\4360a163.sys
c:\windows\system32\usbewt.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_usbewt
-------\Service_4360a163
-------\Service_mailKmd
-------\Service_usbewt


((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-18 19:29 . 2009-07-18 19:29 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-07-18 19:07 . 2009-07-18 19:07 12328 ----a-w- c:\documents and settings\Miki\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-18 19:07 . 2009-07-18 19:07 -------- d-----w- c:\documents and settings\Miki\Local Settings\Application Data\ATI
2009-07-18 19:07 . 2009-07-18 19:07 -------- d-----w- c:\documents and settings\Miki\Application Data\ATI
2009-07-18 19:07 . 2009-07-18 19:07 127 ----a-w- c:\documents and settings\Miki\Local Settings\Application Data\fusioncache.dat
2009-07-18 19:05 . 2009-07-18 19:05 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-07-18 19:03 . 2006-03-08 21:33 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2009-07-18 19:03 . 2006-03-02 12:54 124376 ----a-r- c:\windows\system32\atiicdxx.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 21:50 . 2004-08-04 12:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-07-18 19:04 . 2009-07-18 17:32 -------- d-----w- c:\program files\ATI Technologies
2009-07-18 19:03 . 2009-07-18 17:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-18 19:03 . 2009-07-18 17:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 17:49 . 2009-07-18 17:49 134656 ----a-w- c:\windows\system32\mobsyn.exe
2009-07-18 17:35 . 2009-07-18 17:35 7280 ----a-w- c:\windows\system32\drivers\viamraid.PNF
2009-07-18 17:35 . 2009-07-18 17:35 6984 ----a-w- c:\windows\system32\drivers\SiSRaid.PNF
2009-07-18 17:35 . 2009-07-18 17:35 63240 ----a-w- c:\windows\system32\drivers\Si3112r.PNF
2009-07-18 17:35 . 2009-07-18 17:35 20152 ----a-w- c:\windows\system32\drivers\INFCACHE.1
2009-07-18 17:35 . 2009-07-18 17:35 9388 ----a-w- c:\windows\system32\drivers\iaStor.PNF
2009-07-18 17:35 . 2009-07-18 17:35 12432 ----a-w- c:\windows\system32\drivers\adpu320.PNF
2009-07-18 17:35 . 2009-07-18 17:35 12204 ----a-w- c:\windows\system32\drivers\nvraid.PNF
2009-07-18 17:35 . 2009-07-18 17:35 10828 ----a-w- c:\windows\system32\drivers\iaAHCI.PNF
2009-07-18 17:31 . 2009-07-18 17:31 -------- d-----w- c:\program files\Opera 10 Beta
2009-07-18 17:14 . 2009-07-18 17:14 -------- d-----w- c:\program files\Realtek
2009-07-18 17:11 . 2009-07-18 17:11 -------- d-----w- c:\program files\Launch Manager
2009-07-18 17:06 . 2009-07-18 17:06 -------- d-----w- c:\program files\Synaptics
2009-07-18 16:14 . 2009-07-18 15:43 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-18 15:51 . 2009-07-18 15:51 -------- d-----w- c:\program files\microsoft frontpage
2009-07-18 15:49 . 2009-07-18 15:49 -------- d-----w- c:\program files\Java
2009-07-18 15:49 . 2009-07-18 15:49 -------- d-----w- c:\program files\Common Files\Java
2009-07-18 15:41 . 2009-07-18 15:41 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2009-07-18 21:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

.
((((((((((((((((((((((((((((( SnapShot@2009-07-18_18.04.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-08 21:43 . 2006-03-08 21:43 77824 c:\windows\system32\Oemdspif.dll
+ 2006-03-08 21:12 . 2006-03-08 21:12 40960 c:\windows\system32\drivers\ati2erec.dll
+ 2009-07-18 19:29 . 2009-07-18 21:25 32768 c:\windows\system32\config\systemprofile\UserData\index.dat
+ 2009-07-18 18:19 . 2009-07-18 18:19 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2009-07-18 15:53 . 2009-07-18 21:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2001-11-09 10:01 . 2001-11-09 10:01 24064 c:\windows\system32\ativcoxx.dll
+ 2006-03-08 21:12 . 2006-03-08 21:12 17408 c:\windows\system32\atitvo32.dll
+ 2006-03-08 21:41 . 2006-03-08 21:41 53248 c:\windows\system32\ATIDDC.DLL
+ 2006-03-08 21:43 . 2006-03-08 21:43 26112 c:\windows\system32\Ati2mdxx.exe
+ 2006-03-08 21:43 . 2006-03-08 21:43 61440 c:\windows\system32\ati2evxx.dll
+ 2006-03-08 21:43 . 2006-03-08 21:43 40960 c:\windows\system32\ati2edxx.dll
+ 2009-07-18 19:05 . 2009-07-18 19:05 25214 c:\windows\Installer\{90437E5F-0A9E-4B63-AD8B-D232897D18BF}\ARPPRODUCTICON.exe
+ 2009-07-18 19:05 . 2009-07-18 19:05 9158 c:\windows\Installer\{B61CAD5A-6B93-4C52-83D9-F74853010C04}\NewShortcut5_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
+ 2009-07-18 19:05 . 2009-07-18 19:05 9158 c:\windows\Installer\{B61CAD5A-6B93-4C52-83D9-F74853010C04}\NewShortcut3_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
+ 2009-07-18 19:05 . 2009-07-18 19:05 9158 c:\windows\Installer\{B61CAD5A-6B93-4C52-83D9-F74853010C04}\NewShortcut22_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
+ 2009-07-18 19:05 . 2009-07-18 19:05 9158 c:\windows\Installer\{B61CAD5A-6B93-4C52-83D9-F74853010C04}\NewShortcut21_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
+ 2009-07-18 19:05 . 2009-07-18 19:05 9158 c:\windows\Installer\{B61CAD5A-6B93-4C52-83D9-F74853010C04}\NewShortcut2_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
+ 2009-07-18 19:05 . 2009-07-18 19:05 9158 c:\windows\Installer\{B61CAD5A-6B93-4C52-83D9-F74853010C04}\NewShortcut1_6E06A57A67284CFBAA9A5149F9C9ADB3.exe
+ 2009-07-18 19:05 . 2009-07-18 19:05 9158 c:\windows\Installer\{B61CAD5A-6B93-4C52-83D9-F74853010C04}\ARPPRODUCTICON.exe
+ 2006-03-08 21:26 . 2006-03-08 21:26 860640 c:\windows\system32\dllcache\ativvaxx.dll
+ 2006-03-08 21:49 . 2006-03-08 21:49 256512 c:\windows\system32\dllcache\ati2dvag.dll
+ 2006-03-08 21:07 . 2006-03-08 21:07 258048 c:\windows\system32\dllcache\ati2cqag.dll
+ 2009-07-18 15:53 . 2009-07-18 21:27 458752 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-18 15:54 . 2009-07-18 21:28 147456 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009071820090719\index.dat
+ 2009-07-18 15:53 . 2009-07-18 21:27 229376 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-03-08 21:26 . 2006-03-08 21:26 860640 c:\windows\system32\ativvaxx.dll
+ 2006-03-08 21:43 . 2006-03-08 21:43 114688 c:\windows\system32\atipdlxx.dll
+ 2006-03-08 21:13 . 2006-03-08 21:13 151552 c:\windows\system32\atikvmag.dll
+ 2006-03-08 20:33 . 2006-03-08 20:33 282624 c:\windows\system32\ATIDEMGR.dll
+ 2006-03-08 21:42 . 2006-03-08 21:42 405504 c:\windows\system32\ati2evxx.exe
+ 2006-03-08 21:49 . 2006-03-08 21:49 256512 c:\windows\system32\ati2dvag.dll
+ 2006-03-08 21:07 . 2006-03-08 21:07 258048 c:\windows\system32\ati2cqag.dll
+ 2006-03-08 21:49 . 2006-03-08 21:49 1506816 c:\windows\system32\drivers\ati2mtag.sys
+ 2006-03-08 21:33 . 2006-03-08 21:33 2636672 c:\windows\system32\dllcache\ati3duag.dll
+ 2006-03-08 21:49 . 2006-03-08 21:49 1506816 c:\windows\system32\dllcache\ati2mtag.sys
+ 2006-03-08 21:17 . 2006-03-08 21:17 5124096 c:\windows\system32\atioglxx.dll
+ 2006-03-08 21:30 . 2006-03-08 21:30 6684672 c:\windows\system32\atioglx1.dll
+ 2006-03-08 21:33 . 2006-03-08 21:33 2636672 c:\windows\system32\ati3duag.dll
+ 2009-07-18 19:05 . 2009-07-18 19:05 3654144 c:\windows\Installer\3738a8.msi
+ 2009-07-18 19:05 . 2009-07-18 19:05 13135872 c:\windows\Installer\3738a1.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-20 761946]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-07-28 57344]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-11-10 557056]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\fonts\\services.exe"=

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-19 08:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?8???\??????|x??|????q??|?j?wQj?w????????,??? ???????????????d??????|????????p?????@?t??????????????s???????s???sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?st>???6@??>?????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548-)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-07-19 8:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 06:24
ComboFix2.txt 2009-07-18 18:05

Pre-Run: 74,707,230,720 bytes free
Post-Run: 74,778,238,976 bytes free

156

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

za sad funkcionise sve!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Moralo bi

Imas li predstavu kako si se ponovo inficirala? Mislim, posle podizanja sistema...

Hajde da proverimo USB uredjaje koje posedujes

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 19 Jul 2009 21:37

USBNoRisk 2.4 (1 June 2009) by bobby

Started at 7/19/2009 9:31:14 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {622bc09f-73b7-11de-ab5b-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 622bc09f-73b7-11de-ab5b-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 7/19/2009 9:31:36 PM

Scanning for connected USB mass storage...
----------------------------------------
E: {699510ff-7437-11de-81c7-00c0a8bb9012}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
autorun.inf found on E:
----------------------------------------
File E:\autorun.inf renamed successfully

Content of E:\autorun.inf.blocked
----------------------------------------
[autorun]
open=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
shell\open\default=1
----------------------------------------

Files referenced from E:\autorun.inf.blocked
----------------------------------------
E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com -r-hs 19968
----------------------------------------

Sanitized mountpoint for 699510ff-7437-11de-81c7-00c0a8bb9012
----------------------------------------

No Desktop.ini files found on E:
----------------------------------------

No mimics found on drive E:
========================================

========================================
Removed E:
========================================


New device connected at 7/19/2009 9:32:55 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {ab833740-73e2-11de-81c4-00c0a8bb9012}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for ab833740-73e2-11de-81c4-00c0a8bb9012
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 7/19/2009 9:33:34 PM

Scanning for connected USB mass storage...
----------------------------------------
E: {721147c8-73c0-11de-81c1-00c0a8bb9012}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
autorun.inf found on E:
----------------------------------------
File E:\autorun.inf renamed successfully

Content of E:\autorun.inf.blocked
----------------------------------------
[autorun]
open=RECYCLER\autorun.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RECYCLER\autorun.exe
shell\open\default=1
----------------------------------------

Files referenced from E:\autorun.inf.blocked
----------------------------------------
E:\RECYCLER\autorun.exe -rahs 100864
----------------------------------------

Sanitized mountpoint for 721147c8-73c0-11de-81c1-00c0a8bb9012
----------------------------------------

----------------------------------------
Desktop.ini found at E:\RECYCLER\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive E:
========================================

========================================
Removed E:
========================================

Dopuna: 19 Jul 2009 21:41

obraduj me i reci mi da je to sve u ovom zadnjem usb ...

da ga odmah formatiram!!!

da nije nesto drugo u pitanju!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

U prvom i poslednjem ima malware-a..Ako ti nije problem formatiraj...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

prvi mi je ipod!!!

muzika

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne moras ga formatirati..sad cemo ga ocistiti

Pokreni ponovo USbNoRisk

Predji na karticu Script u USBNoRisku i tamo iskopiraj sledeci skript:

{699510ff-7437-11de-81c7-00c0a8bb9012}
folder_delete: %DRIVE%RECYCLER
delete_blocked:

Vrati se na karticu Monitor.
Nakon toga prikljuci na komp ipod i sacekaj da USBNoRisk automatski obavi skeniranje i ciscenje.

Kada to odradis, snimi ponovo log i iskopiraj mi ga ovde.