problemi, problemi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

imam problema sa nekim programcicem koji mi je napravio autorun i startuje mi neki program nissan, jedan prijatelj mi kaze da mi samo Vi mozete pomoci da ga se otarasim a da posle toga sam napravim autorun,inf... unapred hvala!
mycity.rs/must-login.png
mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Postavi i DDS logove (uputstvo, korak 2).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Izvinjavam se zbog nekompletne poruke, evo i ostatka:
mycity.rs/must-login.png

mycity.rs/must-login.png




DDS (Ver_09-12-01.01) - NTFSx86
Run by zeljko at 19:10:02,37 on sre 09.12.2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.432 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\System Control Manager\MSIService.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\MSI\MSI Q-Face\webtest.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\MODEM Mobile Connection\MODEM Mobile Connection.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\zeljko\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msi.com/
mWinlogon: Taskman=c:\recycler\s-1-5-21-1663062102-3775951678-413002649-6002\nissan.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.2.11\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [Q-Face agent] c:\program files\msi\msi q-face\webtest.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {41827D3D-9887-4AE7-888E-A7DA26AB2AC8} = 195.178.38.3 195.178.38.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-11-25 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-11-25 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-11-25 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091111.001\IDSXpx86.sys [2009-11-17 329592]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-6 55136]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-7-7 159744]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-11-25 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-25 102448]
R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [2007-1-29 449408]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091209.002\NAVENG.SYS [2009-12-9 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091209.002\NAVEX15.SYS [2009-12-9 1323568]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-7-6 156160]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-9 533344]

=============== Created Last 30 ================

2009-12-06 19:58:16 545 ----a-w- c:\windows\UC.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\RAR.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\PKZIP.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\LHA.PIF
2009-12-06 19:58:16 545 ----a-w- c:\windows\ARJ.PIF
2009-12-06 19:58:15 1218 ----a-w- c:\windows\wincmd.ini
2009-12-06 19:58:15 0 d-----w- C:\totalcmd
2009-12-06 19:39:10 0 d-----w- c:\docume~1\zeljko\applic~1\Artisteer
2009-12-06 19:36:03 0 d-----w- c:\program files\Artisteer 2
2009-11-29 16:10:31 0 d-----w- c:\program files\vanBasco's Karaoke Player
2009-11-26 15:21:45 0 d-----r- c:\program files\Norton Support
2009-11-26 06:29:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-11-22 16:30:28 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-22 16:30:28 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-22 16:30:22 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-22 16:30:22 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-21 10:49:41 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-21 10:49:41 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-11-21 10:49:30 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-21 10:49:30 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-21 10:49:29 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-21 10:49:27 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-21 10:49:26 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-21 10:49:23 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-21 10:44:55 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-21 10:42:11 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-11-21 10:42:08 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-11-21 10:42:07 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-11-21 10:40:21 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-11-21 10:38:30 0 d-----w- c:\windows\system32\PreInstall
2009-11-21 10:38:28 0 d--h--w- c:\windows\$hf_mig$
2009-11-19 19:57:09 0 d-----w- c:\program files\K-Lite Codec Pack
2009-11-18 09:03:13 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2009-11-18 09:03:13 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2009-11-18 09:03:13 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2009-11-18 09:03:03 0 d-----w- c:\windows\system32\SupportAppXL
2009-11-18 09:02:53 0 d-----w- c:\program files\MODEM Mobile Connection
2009-11-17 20:42:07 0 d-----w- c:\docume~1\zeljko\applic~1\FastStone
2009-11-17 20:37:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-17 20:35:03 0 d-----r- c:\program files\Skype
2009-11-17 19:49:18 0 d-----w- c:\program files\FastStone Image Viewer
2009-11-17 18:23:59 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-11-17 12:50:06 0 d-----w- c:\docume~1\alluse~1\applic~1\InterAction studios
2009-11-17 12:42:46 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-11-17 12:42:41 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-17 12:42:41 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-17 12:42:41 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-17 12:42:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-17 12:42:40 0 d-----w- c:\program files\Symantec
2009-11-17 12:42:40 0 d-----w- c:\program files\common files\Symantec Shared
2009-11-17 12:41:54 0 d-----w- c:\windows\system32\drivers\NIS
2009-11-17 12:41:51 0 d-----w- c:\program files\Norton Internet Security
2009-11-17 12:41:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-11-17 12:41:15 0 d-----w- c:\program files\NortonInstaller
2009-11-17 12:41:15 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-11-17 11:06:36 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2009-11-17 11:06:36 20992 ----a-w- c:\windows\system32\dshowext.ax
2009-11-17 11:06:36 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-11-17 11:06:36 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-11-17 11:06:31 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-11-17 11:06:31 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-17 10:58:38 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-11-17 10:58:25 1309504 ----a-r- c:\windows\system32\drivers\athw.sys
2009-11-17 10:53:52 0 d-----w- c:\windows\RE_DRIVE

==================== Find3M ====================

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-07-06 16:59:00 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-07-07 21:13:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-07-06 16:58:56 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 19:10:42,53 ===============

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:


Files to delete:
C:\RECYCLER\S-1-5-21-1663062102-3775951678-413002649-6002\nissan.exe

Registry values to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Taskman



Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u
Iskopiraj sadržaj dobijenog loga u temu na forumu.








Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\RECYCLER\S-1-5-21-1663062102-3775951678-413002649-6002\nissan.exe" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.








mycity.rs/must-login.png



USBNoRisk 2.5 (26 July 2009) by bobby

Started at 10.12.2009 21:36:13

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {f1393426-d367-11de-9882-806d6172696f}
D: {f1393427-d367-11de-9882-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for f1393426-d367-11de-9882-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for f1393427-d367-11de-9882-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 10.12.2009 21:36:51

Scanning for connected USB mass storage...
----------------------------------------
E: {c7c48764-d420-11de-9886-0025d36a44c5}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
No Autorun.inf files found on E:
Sanitized mountpoint for c7c48764-d420-11de-9886-0025d36a44c5
----------------------------------------

----------------------------------------
Desktop.ini found at E:\curice\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at E:\trikfx\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
CLSID not found in registry
----------------------------------------

No mimics found on drive E:
========================================

========================================
Removed E:
========================================


New device connected at 10.12.2009 21:38:23

Scanning for connected USB mass storage...
----------------------------------------
E: {01d1703a-d545-11de-9889-0025d36a44c5}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
autorun.inf found on E:
----------------------------------------
File E:\autorun.inf renamed successfully

Content of E:\autorun.inf.blocked
----------------------------------------
l~-??A?<K??#?Ę??ed?Ş?üXÜ??ÁüFl?ć?eëX?r?:M?ŕ???Ń?çs?Ç?Oü?EF??ëÓ??ÚŢĘN?d=?ú??[Y?????mČm!Ă???çńvč?y?Ęv_????É-/?Is?ů?,[
[autorun
;e???V
open=curice/elena.exe
;Ţm÷?Ç
icon=%SystemRoot%\system32\SHELL32.dll,4
;X]doÝ??a
action=Open folder to view files using Windows Explorer
;?ëë$???µ]
shell\\open\\\command=curice/elena.exe
;Lŕ?˙Ü??Üü`ásáµ????Dţ?é'?µ??rm?ň?
shell\\explore\\command=curice/elena.exe
;??ŕg'ćë?
useautoplay=1

----------------------------------------

No mountpoint found for E:
Sanitized mountpoint for 01d1703a-d545-11de-9889-0025d36a44c5
----------------------------------------

----------------------------------------
Desktop.ini found at E:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at E:\$RECYCLE.BIN\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-8964
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at E:\curice\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
CLSID not found in registry
----------------------------------------

No mimics found on drive E:
========================================

========================================
Removed E:
========================================


New device connected at 10.12.2009 21:40:43

Scanning for connected USB mass storage...
----------------------------------------
E: {8ef1ded3-e5cb-11de-98b4-0025d36a44c5}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
autorun.inf found on E:
----------------------------------------
File E:\autorun.inf renamed successfully

Content of E:\autorun.inf.blocked
----------------------------------------
l~-??A?<K??#?Ę??ed?Ş?üXÜ??ÁüFl?ć?eëX?r?:M?ŕ???Ń?çs?Ç?Oü?EF??ëÓ??ÚŢĘN?d=?ú??[Y?????mČm!Ă???çńvč?y?Ęv_????É-/?Is?ů?,[
[autorun
;e???V
open=trikfx/spomenar.exe
;Ţm÷?Ç
icon=%SystemRoot%\system32\SHELL32.dll,4
;X]doÝ??a
action=Open folder to view files using Windows Explorer
;?ëë$???µ]
shell\\open\\\command=trikfx/spomenar.exe
;Lŕ?˙Ü??Üü`ásáµ????Dţ?é'?µ??rm?ň?
shell\\explore\\command=trikfx/spomenar.exe
;??ŕg'ćë?
useautoplay=1

----------------------------------------

Files referenced from E:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

No mountpoint found for 8ef1ded3-e5cb-11de-98b4-0025d36a44c5
----------------------------------------

----------------------------------------
Desktop.ini found at E:\trikfx\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at E:\curice\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
CLSID not found in registry
----------------------------------------

No mimics found on drive E:
========================================

========================================
Removed E:
========================================


New device connected at 10.12.2009 21:40:47

Scanning for connected USB mass storage...
----------------------------------------
E: {8ef1ded3-e5cb-11de-98b4-0025d36a44c5}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: E:\autorun.inf.blocked
----------------------------------------
Content of E:\autorun.inf.blocked
----------------------------------------
l~-??A?<K??#?Ę??ed?Ş?üXÜ??ÁüFl?ć?eëX?r?:M?ŕ???Ń?çs?Ç?Oü?EF??ëÓ??ÚŢĘN?d=?ú??[Y?????mČm!Ă???çńvč?y?Ęv_????É-/?Is?ů?,[
[autorun
;e???V
open=trikfx/spomenar.exe
;Ţm÷?Ç
icon=%SystemRoot%\system32\SHELL32.dll,4
;X]doÝ??a
action=Open folder to view files using Windows Explorer
;?ëë$???µ]
shell\\open\\\command=trikfx/spomenar.exe
;Lŕ?˙Ü??Üü`ásáµ????Dţ?é'?µ??rm?ň?
shell\\explore\\command=trikfx/spomenar.exe
;??ŕg'ćë?
useautoplay=1

----------------------------------------

Files referenced from E:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on E:
No mountpoint found for 8ef1ded3-e5cb-11de-98b4-0025d36a44c5
----------------------------------------

----------------------------------------
Desktop.ini found at E:\trikfx\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at E:\curice\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
CLSID not found in registry
----------------------------------------

No mimics found on drive E:
========================================

========================================
Removed E:
========================================


New device connected at 10.12.2009 21:40:50

Scanning for connected USB mass storage...
----------------------------------------
E: {8ef1ded3-e5cb-11de-98b4-0025d36a44c5}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: E:\autorun.inf.blocked
----------------------------------------
Content of E:\autorun.inf.blocked
----------------------------------------
l~-??A?<K??#?Ę??ed?Ş?üXÜ??ÁüFl?ć?eëX?r?:M?ŕ???Ń?çs?Ç?Oü?EF??ëÓ??ÚŢĘN?d=?ú??[Y?????mČm!Ă???çńvč?y?Ęv_????É-/?Is?ů?,[
[autorun
;e???V
open=trikfx/spomenar.exe
;Ţm÷?Ç
icon=%SystemRoot%\system32\SHELL32.dll,4
;X]doÝ??a
action=Open folder to view files using Windows Explorer
;?ëë$???µ]
shell\\open\\\command=trikfx/spomenar.exe
;Lŕ?˙Ü??Üü`ásáµ????Dţ?é'?µ??rm?ň?
shell\\explore\\command=trikfx/spomenar.exe
;??ŕg'ćë?
useautoplay=1

----------------------------------------

Files referenced from E:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

----------------------------------------
No Autorun.inf files found on E:
No mountpoint found for 8ef1ded3-e5cb-11de-98b4-0025d36a44c5
----------------------------------------

----------------------------------------
Desktop.ini found at E:\trikfx\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at E:\curice\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
CLSID not found in registry
----------------------------------------

No mimics found on drive E:
========================================

========================================
Removed E:
========================================





usb uredjaji su kaceni ovim redom:
Cruzer SanDisc 8GB
Transcend StoreJet 320 GB
Blueberry mp3 player

e da, da ne zaboravim, pozdravio te J. Davor, on mi je i rekao za ovaj sajt...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Biću zahvalan ako Davoru i njegovoj lepšoj polovini preneseš mnogo pozdrava...



On topic...


Infekcija je uklonjena sa HDD-a.

Što se tiče prenosivih diskova;


1. aktiviraj prikaz skrivenih file-ova, foldera i ekstenzija: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html


2. na prvom uređaju se nalaze folderi:

curice

trikfx


koji imaju ikonice kao Recycle Bin.

Obriši ih.


3. na drugom uređaju:

autorun.inf.blocked - obriši ovaj file

i obriši foldere:

curice

trikfx



4. na trećem uređaju:

autorun.inf.blocked - obriši ovaj file

i obriši foldere:

curice

trikfx




Da li si uspeo sve to da uradiš?

Ponovi još jednom isto skeniranje i postavi novi log (nakon brisanja).