virus sa usb-a

2

virus sa usb-a

offline
  • Pridružio: 16 Avg 2008
  • Poruke: 20
  • Gde živiš: U pustinji

Napisano: 22 Avg 2010 19:53

Evo novog log-a, idu istim redom: usb, pa SD kartica, pa hard drive
USBNoRisk 2.5 (26 July 2009) by bobby

Started at 22.8.2010 18:43:51

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {d902b472-025a-11dd-bd6a-806e6f6e6963}
C: {d902b473-025a-11dd-bd6a-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for d902b473-025a-11dd-bd6a-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for d902b472-025a-11dd-bd6a-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 22.8.2010 18:44:05

Scanning for connected USB mass storage...
----------------------------------------
G: {f8ba1b38-3a4f-11dd-a745-001f3ae273a2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
Sanitized mountpoint for f8ba1b38-3a4f-11dd-a745-001f3ae273a2
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================


Processing script
----------------------------------------
f8ba1b38-3a4f-11dd-a745-001f3ae273a2
Drive letter for GUID: G:
SectionStart = 0
SectionEnd = 3
----------------------------------------
Unhide superhidden for G:\
----------------------------------------
-ra-- G:\_111_.txt > unhidden
--a-- G:\novo\AlbumArtSmall.jpg > unhidden
--a-- G:\novo\AlbumArt_{037F7AE6-26FE-4EB0-8D9D-01C4EE30E73C}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{037F7AE6-26FE-4EB0-8D9D-01C4EE30E73C}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{0D3A0C99-1607-4D61-A935-5D19D7CF2B57}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{0D3A0C99-1607-4D61-A935-5D19D7CF2B57}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{0F7766EB-CB37-43F4-95E1-1EBF7FE39B1D}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{0F7766EB-CB37-43F4-95E1-1EBF7FE39B1D}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{5430F7B6-A582-4779-A833-FD8F766B05A2}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{5430F7B6-A582-4779-A833-FD8F766B05A2}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{5B2C60B8-5119-42F2-B144-12E5131C1AB1}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{5B2C60B8-5119-42F2-B144-12E5131C1AB1}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{5C060AF2-3CCE-492A-A245-6A991BA9A566}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{5C060AF2-3CCE-492A-A245-6A991BA9A566}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{5C6ED695-6525-4D1F-B5C6-F66D10D563AB}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{5C6ED695-6525-4D1F-B5C6-F66D10D563AB}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{5DBF13E1-5712-4446-B673-DCB05F7EC2EB}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{5DBF13E1-5712-4446-B673-DCB05F7EC2EB}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{60806CBD-1AC1-4DA7-95D7-6BC2648B7019}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{60806CBD-1AC1-4DA7-95D7-6BC2648B7019}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{6E5E29B3-33D8-43C5-A8EF-F3F8E895C2D9}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{6E5E29B3-33D8-43C5-A8EF-F3F8E895C2D9}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{72582D19-BEBF-494B-9A77-5145F86EE48B}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{72582D19-BEBF-494B-9A77-5145F86EE48B}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{7443DB61-A2B3-423A-8F61-2442D3574412}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{7443DB61-A2B3-423A-8F61-2442D3574412}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{7926A37D-948B-4A27-920E-E954FEA6996F}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{7926A37D-948B-4A27-920E-E954FEA6996F}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{7D0AE6AD-A33B-44D0-87F6-A38B2533EE66}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{7D0AE6AD-A33B-44D0-87F6-A38B2533EE66}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{999FBC3A-E1EA-4F9A-AB83-A9A8CA0DF7FB}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{999FBC3A-E1EA-4F9A-AB83-A9A8CA0DF7FB}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{A890A33A-A577-4DF3-B93C-406CF92457C9}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{A890A33A-A577-4DF3-B93C-406CF92457C9}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{B5CDB3F0-2ED5-4DFB-A2E5-1C399BD065FB}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{B5CDB3F0-2ED5-4DFB-A2E5-1C399BD065FB}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{B80DB80D-7388-49BC-8DAC-5F2121F48B85}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{B80DB80D-7388-49BC-8DAC-5F2121F48B85}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{C37E2D84-99B9-45DB-9DBE-275821DC7746}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{C37E2D84-99B9-45DB-9DBE-275821DC7746}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{DDF58FBA-E42B-4DA0-B920-222F1B1BBC1B}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{DDF58FBA-E42B-4DA0-B920-222F1B1BBC1B}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{E9B9FCD7-3D02-40EF-935C-23105CEE5DF1}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{E9B9FCD7-3D02-40EF-935C-23105CEE5DF1}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{EDE44500-0B9A-4C01-B9FA-BC6E6EC6DCBA}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{EDE44500-0B9A-4C01-B9FA-BC6E6EC6DCBA}_Small.jpg > unhidden
--a-- G:\novo\AlbumArt_{F650AAE2-146B-488E-98CA-3E2F5133564A}_Large.jpg > unhidden
--a-- G:\novo\AlbumArt_{F650AAE2-146B-488E-98CA-3E2F5133564A}_Small.jpg > unhidden
--a-- G:\novo\desktop.ini > unhidden
--a-- G:\novo\Folder.jpg > unhidden
----------------------------------------
Folder list for G:\:
----------------------------------------

d--h-   0   G:\899CANON   G:\899CANON
d--h-   0   G:\THEBLA~1.XVI   G:\The.Black.Dahlia.DVDRip.XviD-DiAMOND
d--h-   0   G:\THELAS~1   G:\The Last Song (2010) DVDRip XviD - MC8
-ra--   3   G:\_111_.txt   G:\_111_.txt
d--h-   0   G:\novo   G:\novo
d--h-   0   G:\narodno   G:\narodno
d--h-   0   G:\u2   G:\u2

----------------------------------------

========================================
Removed G:
========================================


New device connected at 22.8.2010 18:46:57

Scanning for connected USB mass storage...
----------------------------------------
G: {bc114bd5-c108-11dd-abdd-001f3ae273a2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
Sanitized mountpoint for bc114bd5-c108-11dd-abdd-001f3ae273a2
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================

Processing script
----------------------------------------
bc114bd5-c108-11dd-abdd-001f3ae273a2
Drive letter for GUID: G:
SectionStart = 8
SectionEnd = 10
----------------------------------------
Unhide superhidden for G:\
----------------------------------------
----------------------------------------
Folder list for G:\:
----------------------------------------

d----   0   G:\DCIM   G:\DCIM

----------------------------------------

========================================
Scan finished!
========================================


Processing script
----------------------------------------
bc114bd5-c108-11dd-abdd-001f3ae273a2
Drive letter for GUID: G:
SectionStart = 8
SectionEnd = 10
----------------------------------------
Unhide superhidden for G:\
----------------------------------------
----------------------------------------
Folder list for G:\:
----------------------------------------

d----   0   G:\DCIM   G:\DCIM

----------------------------------------

========================================
Removed G:
========================================


New device connected at 22.8.2010 18:49:24

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 22.8.2010 18:49:27

Scanning for connected USB mass storage...
----------------------------------------
H: {8ebb486e-d8d1-11de-b7c7-001d094a6c70}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for H:
Sanitized mountpoint for 8ebb486e-d8d1-11de-b7c7-001d094a6c70
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
========================================

Processing script
----------------------------------------
========================================
Scan finished!
========================================


Processing script
----------------------------------------
8ebb486e-d8d1-11de-b7c7-001d094a6c70
Drive letter for GUID: H:
SectionStart = 4
SectionEnd = 7
----------------------------------------
Unhide superhidden for H:\
----------------------------------------
d-a-- H:\$RECYCLE.BIN > unhidden
d--hs H:\$RECYCLE.BIN\S-1-5-21-2444724103-3525539589-3101120438-1000 > error setting attributes
d-a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000 > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$R4I1HNX\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$R6WMOUR\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$R7NW47B\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$R95YXIH\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$RDWVNW2\Dubai Creek\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$RDWVNW2\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$RF06XO6\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$RF3G3Z9\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$RF6X5GO\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$RJUHYT9\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$RM7PIXA\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$RP3KRBI\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\$RTYU4QO\Thumbs.db > unhidden
--a-- H:\$RECYCLE.BIN\S-1-5-21-3399641057-2724313102-665525911-1000\desktop.ini > unhidden
--a-- H:\Filmovi\2012 (2009) DVDRip XviD-MAXSPEED\Thumbs.db > unhidden
--a-- H:\Filmovi\Crank[2006]DvDrip[Eng]\Thumbs.db > unhidden
--a-- H:\Filmovi\Date Night\Date Night 2010 Encoded TS XviD SAFCuk009\Thumbs.db > unhidden
--a-- H:\Filmovi\G-Force\Thumbs.db > unhidden
--a-- H:\Filmovi\Gamer[2009]DvDrip[Eng]-FXG\Thumbs.db > unhidden
--a-- H:\Filmovi\Head Over Heels\Thumbs.db > unhidden
--a-- H:\Filmovi\Knowing[2009]DvDrip[Eng]-FXG\Thumbs.db > unhidden
--a-- H:\Filmovi\Law Abiding Citizen (2009) DVDRip XviD-MAXSPEED\Thumbs.db > unhidden
--a-- H:\Filmovi\Marie-Antoinette[2006]DvDrip[Eng]-aXXo\Thumbs.db > unhidden
--a-- H:\Filmovi\My Life In Ruins.2009.DvdRip.Xvid {1337x}-Noir\Thumbs.db > unhidden
--a-- H:\Filmovi\Noz\Thumbs.db > unhidden
--a-- H:\Filmovi\Passengers[2008]DvDrip-aXXo\Thumbs.db > unhidden
--a-- H:\Filmovi\Pisma sa Ivo Dzime\Thumbs.db > unhidden
--a-- H:\Filmovi\Public.Enemies.2009.DvDRip-FxM\Thumbs.db > unhidden
--a-- H:\Filmovi\Shakespeare.In.Love.[DVD-RIP.x264][OGG.2CH.EN][Sub.BR].XD-Rips\Thumbs.db > unhidden
--a-- H:\Filmovi\Spider\avi\Thumbs.db > unhidden
--a-- H:\Filmovi\Spider\Thumbs.db > unhidden
--a-- H:\Filmovi\The Other Boleyn Girl[2008]DvDrip[Eng]-FXG\Thumbs.db > unhidden
--a-- H:\Filmovi\The Aviator-DVDRip[Eng]2004\Thumbs.db > unhidden
--a-- H:\Filmovi\The Curious Case of Benjamin Button\Thumbs.db > unhidden
--a-- H:\Filmovi\The Godfather Collection Parts 1-3 '72-'90 DvDrip[Eng]-greenbud1969\Thumbs.db > unhidden
--a-- H:\Filmovi\The Hangover (2009) DVDSCR-MAXSPEED\Thumbs.db > unhidden
--a-- H:\Filmovi\The Sisterhood of the Traveling Pants .1.[2005].DVDRIP.XVID.[Eng]-DUQA\Thumbs.db > unhidden
--a-- H:\Filmovi\The Sisterhood of the Traveling Pants 2[2008]DvDrip[Eng]-FXG\Thumbs.db > unhidden
--a-- H:\Filmovi\The Spirit[2008]DvDrip[Eng]-FXG\Thumbs.db > unhidden
--a-- H:\Filmovi\The.Black.Dahlia.DVDRip.XviD-DiAMOND\Thumbs.db > unhidden
--a-- H:\Filmovi\The.Secret.Life.Of.Bees[2008][Director's.Cut]DvDrip-aXXo\Thumbs.db > unhidden
--a-- H:\Filmovi\The.Tale.of.Despereaux.DVDRip.XviD-DoNE\Thumbs.db > unhidden
--a-- H:\Filmovi\The.Ugly.Truth.2009.BDRip.XviD-LAP\Thumbs.db > unhidden
--a-- H:\Filmovi\Transsiberian[2008]DvDrip-aXXo\Thumbs.db > unhidden
--a-- H:\Filmovi\Twilight[2008]DvDrip-aXXo\Thumbs.db > unhidden
--a-- H:\Filmovi\Underworld Rise of the Lycans[2009]DvDrip[Eng]-FXG\Thumbs.db > unhidden
--a-- H:\Filmovi\Up (2009) TS DivXNL-Team\Thumbs.db > unhidden
--a-- H:\Filmovi\Valkyrie[2008]DvDrip[Eng]-FXG\Thumbs.db > unhidden
--a-- H:\Filmovi\Vicky.Cristina.Barcelona[2008]DvDrip-aXXo\Thumbs.db > unhidden
--a-- H:\Filmovi\Volver\Thumbs.db > unhidden
--a-- H:\Filmovi\Year One[2009][Unrated Edition]DvDrip[Eng]-FXG\Thumbs.db > unhidden
--a-- H:\Filmovi\Zodiac[2007]\Thumbs.db > unhidden
d-a-- H:\RECYCLER > unhidden
d--hs H:\RECYCLER\S-1-5-21-1409082233-838170752-725345543-1003 > error setting attributes
--a-- H:\Slike\Jelena slike\2005\Rodjendan\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2005\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2006\Nessebar\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2006\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2007\nova godina\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2007\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2007\zoo vrt\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2008\Dubai\Džumeira\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2008\Dubai\kucii!!\cibica!!\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2008\Dubai\kucii!!\slike sa slave\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2008\Dubai\kucii!!\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2008\Dubai\Medinat Jumeira\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2008\Dubai\Srbija\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2008\Dubai\Training college 1.5.- 6.8\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2008\Pre Dubaija\diplomska zurka 29.3.08\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2009\Deja i majka u Dubaiju\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2009\desert safari\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2009\Kuci u junu\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2009\Srpska Nova Godina\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\2009\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Beč\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Birmingem\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Christchurch, Novi Zeland\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Cirih\27-10-09\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Dizeldorf\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Edinburg & Glazgov\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Frankfurt\09-12-09\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Frankfurt\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Guangzu\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Hamburg\12-03-09\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Hamburg\30-07-09\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Johanesburg\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Kampala\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Kazablanka\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Lagos\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\London\27-11-09\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Manila\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Mauricijus\22-11-09\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Melburn\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Minhen\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Moskva\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Najrobi\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Njujork\15-12-09\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Njukastl\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Pert\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Rim\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Seul\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Sidnej\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Singapur\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Šangaj\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\Around the world\Šri Lanka\Thumbs.db > unhidden
--a-- H:\Slike\Jelena slike\slike emirates\Thumbs.db > unhidden
d--hs H:\System Volume Information > error setting attributes
----------------------------------------
Folder list for H:\:
----------------------------------------

d-a--   0   H:\$RECYCLE.BIN   H:\$RECYCLE.BIN
d----   0   H:\Filmovi   H:\Filmovi
d-a--   0   H:\RECYCLER   H:\RECYCLER
d----   0   H:\Slike   H:\Slike
d--hs   0   H:\SYSTEM~1   H:\System Volume Information

----------------------------------------

Dopuna: 22 Avg 2010 20:28

p.s. Jel se stanje da popraviti bez brisanja svega zivog ili je katastroficno Confused Bebee Dol Neutral

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj (prvi).

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{f8ba1b38-3a4f-11dd-a745-001f3ae273a2}
folder_delete:C:\configuration
folder_delete:C:\OptionalComponents
folder_delete:c:\windows\configuration


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

offline
  • Pridružio: 16 Avg 2008
  • Poruke: 20
  • Gde živiš: U pustinji

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 22.8.2010 19:42:21

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {d902b472-025a-11dd-bd6a-806e6f6e6963}
C: {d902b473-025a-11dd-bd6a-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for d902b473-025a-11dd-bd6a-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for d902b472-025a-11dd-bd6a-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 22.8.2010 19:42:25

Scanning for connected USB mass storage...
----------------------------------------
G: {f8ba1b38-3a4f-11dd-a745-001f3ae273a2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
Sanitized mountpoint for f8ba1b38-3a4f-11dd-a745-001f3ae273a2
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================


Processing script
----------------------------------------
f8ba1b38-3a4f-11dd-a745-001f3ae273a2
Drive letter for GUID: G:
SectionStart = 0
SectionEnd = 3
----------------------------------------
Delete folder tree C:\configuration:
----------------------------------------
Folder tree is empty
Delete: C:\configuration > Error!
----------------------------------------
Delete folder tree C:\OptionalComponents:
----------------------------------------
Delete: C:\OptionalComponents\lsass.exe > Done!
Delete: C:\OptionalComponents\4A656C656E61\sys.dll > Done!
Delete: C:\OptionalComponents\4A656C656E61\nfie.dll > Done!
Delete: C:\OptionalComponents\4A656C656E61\nam.dll > Done!
Delete: C:\OptionalComponents\4A656C656E61\clm.dll > Done!
Delete: C:\OptionalComponents\4A656C656E61\br.dll > Done!
Delete: C:\OptionalComponents\4A656C656E61\20.exe > Done!
Delete: C:\OptionalComponents\4A656C656E61 > Error!
Delete: C:\OptionalComponents > Error!
Delete: C:\OptionalComponents > Error!
----------------------------------------
Delete folder tree c:\windows\configuration:
----------------------------------------
Folder tree is empty
Folder c:\windows\configuration will not be deleted because it is in protected folder
----------------------------------------

offline
  • Pridružio: 16 Avg 2008
  • Poruke: 20
  • Gde živiš: U pustinji

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 22.8.2010 19:42:21

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {d902b472-025a-11dd-bd6a-806e6f6e6963}
C: {d902b473-025a-11dd-bd6a-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for d902b473-025a-11dd-bd6a-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for d902b472-025a-11dd-bd6a-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 22.8.2010 19:42:25

Scanning for connected USB mass storage...
----------------------------------------
G: {f8ba1b38-3a4f-11dd-a745-001f3ae273a2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
Sanitized mountpoint for f8ba1b38-3a4f-11dd-a745-001f3ae273a2
----------------------------------------

No Desktop.ini files found on G:
----------------------------------------

No mimics found on drive G:
========================================


Processing script
----------------------------------------
f8ba1b38-3a4f-11dd-a745-001f3ae273a2
Drive letter for GUID: G:
SectionStart = 0
SectionEnd = 3
----------------------------------------
Delete folder tree C:\configuration:
----------------------------------------
Folder tree is empty
Delete: C:\configuration > Error!
----------------------------------------
Delete folder tree C:\OptionalComponents:
----------------------------------------
Delete: C:\OptionalComponents\lsass.exe > Done!
Delete: C:\OptionalComponents\4A656C656E61\sys.dll > Done!
Delete: C:\OptionalComponents\4A656C656E61\nfie.dll > Done!
Delete: C:\OptionalComponents\4A656C656E61\nam.dll > Done!
Delete: C:\OptionalComponents\4A656C656E61\clm.dll > Done!
Delete: C:\OptionalComponents\4A656C656E61\br.dll > Done!
Delete: C:\OptionalComponents\4A656C656E61\20.exe > Done!
Delete: C:\OptionalComponents\4A656C656E61 > Error!
Delete: C:\OptionalComponents > Error!
Delete: C:\OptionalComponents > Error!
----------------------------------------
Delete folder tree c:\windows\configuration:
----------------------------------------
Folder tree is empty
Folder c:\windows\configuration will not be deleted because it is in protected folder
----------------------------------------

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Idemo još jednom.



Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\configuration
C:\OptionalComponents
C:\windows\configuration


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 16 Avg 2008
  • Poruke: 20
  • Gde živiš: U pustinji

ComboFix 10-08-21.06 - Jelena 22.08.2010 22:02:54.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.971.1033.18.2037.1065 [GMT 4:00]
Running from: c:\users\Jelena\Desktop\ComboFix.exe
Command switches used :: c:\users\Jelena\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\configuration
C:\OptionalComponents
c:\users\Jelena\FAVORI~1\TranslatorsCafe.com — a Place for Translators, Interpreters, Voice Talents, Other Language Professionals and Their Clients..url
c:\users\Jelena\Favorites\TranslatorsCafe.com — a Place for Translators, Interpreters, Voice Talents, Other Language Professionals and Their Clients..url
c:\windows\configuration

.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-22 18:14 . 2010-08-22 18:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-22 18:14 . 2010-08-22 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-22 11:07 . 2010-08-22 15:43 -------- d-----w- C:\USBNoRisk
2010-08-21 18:06 . 2010-08-22 18:14 -------- d-----w- c:\users\Jelena\AppData\Local\temp
2010-08-15 18:25 . 2010-08-16 17:49 -------- d-----w- c:\users\Jelena\slike tajland
2010-08-15 08:45 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-15 08:45 . 2010-06-28 16:17 833024 ----a-w- c:\windows\system32\wininet.dll
2010-08-15 08:22 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-24 08:34 . 2010-07-24 08:34 122880 ----a-w- c:\users\Jelena\AppData\Roaming\Real\Update\setup3.12\RUP\inst_config\compat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 17:57 . 2008-10-11 17:30 -------- d-----w- c:\users\Jelena\AppData\Roaming\Skype
2010-08-22 15:54 . 2008-06-19 16:33 -------- d-----w- c:\users\Jelena\AppData\Roaming\skypePM
2010-08-22 11:12 . 2008-04-04 15:26 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-21 18:02 . 2010-01-19 09:20 -------- d-----w- c:\program files\Pravoslavac
2010-08-21 15:45 . 2010-07-17 10:01 452104 ----a-w- c:\users\Jelena\AppData\Roaming\Real\Update\setup3.12\setup.exe
2010-08-18 20:21 . 2008-06-20 21:58 -------- d-----w- c:\programdata\Roxio
2010-08-15 15:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-15 15:07 . 2008-04-04 15:54 -------- d-----w- c:\program files\Microsoft Works
2010-08-02 21:06 . 2009-02-12 10:17 -------- d-----w- c:\users\Jelena\AppData\Roaming\uTorrent
2010-07-24 21:36 . 2008-06-17 07:29 5972 ----a-w- c:\users\Jelena\AppData\Local\d3d9caps.dat
2010-07-19 14:50 . 2009-02-02 15:04 -------- d-----w- c:\program files\Hotspot Shield
2010-07-15 23:49 . 2008-06-14 20:28 88624 ----a-w- c:\users\Jelena\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-15 12:15 . 2010-07-15 12:15 -------- d-----w- c:\program files\Polob32
2010-07-04 01:50 . 2010-03-03 11:39 439816 ----a-w- c:\users\Jelena\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-07-01 09:55 . 2008-10-11 17:29 -------- d-----r- c:\program files\Skype
2010-07-01 09:55 . 2010-07-01 09:55 -------- d-----w- c:\program files\Common Files\Skype
2010-07-01 09:55 . 2008-06-19 16:29 -------- d-----w- c:\programdata\Skype
2010-06-29 06:09 . 2008-06-20 19:48 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 18:57 . 2010-06-28 18:57 -------- d-----w- c:\program files\Cinemaware Marquee
2010-06-28 16:13 . 2010-08-15 08:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 14:16 . 2010-06-28 14:16 -------- d-----w- c:\program files\PowerISO
2010-06-22 19:46 . 2010-06-22 19:46 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB682.tmp.exe
2010-06-21 13:18 . 2010-08-15 08:44 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 16:43 . 2010-08-15 08:44 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 14:43 . 2010-08-15 08:44 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 14:43 . 2010-08-15 08:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-11 15:31 . 2010-08-15 08:44 274432 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 15:30 . 2010-08-15 08:44 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:00 . 2010-08-15 08:44 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-08 17:00 . 2010-08-15 08:44 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-26 16:16 . 2010-06-10 09:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 09:44 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-07-24 21:37 . 2008-07-10 14:42 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2010-07-24 21:37 . 2008-07-10 14:42 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2010-07-24 21:37 . 2008-07-10 14:42 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2010-07-24 21:37 . 2008-07-10 14:42 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2010-07-24 21:37 . 2008-07-10 14:42 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-04 15:39 . 2008-04-04 15:39 76 --sh--r- c:\windows\CT4CET.bin
2008-04-04 23:18 . 2008-04-04 23:00 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-08-21_18.03.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-22 14:38 . 2010-08-22 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-21 17:48 . 2010-08-21 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-22 14:38 . 2010-08-22 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-21 17:48 . 2010-08-21 17:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-06 39408]
"iDailyDiary"="c:\progra~1\IDAILY~1\iDD.exe" [2007-05-27 1245184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-02 185896]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-11-23 949376]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-01 122368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-4 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;خدمة تحديث Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-19 717296]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-11-23 15424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 07:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:22]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\imon.dll
Trusted Zone: emirates.com\www.cabincrew
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\m7f6nc52.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\m7f6nc52.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-08-22 22:14
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-22 22:17:43
ComboFix-quarantined-files.txt 2010-08-22 18:17
ComboFix2.txt 2010-08-22 10:08
ComboFix3.txt 2010-08-22 09:47
ComboFix4.txt 2010-08-21 18:06
ComboFix5.txt 2010-08-22 18:00

Pre-Run: 30.798.508.032 bytes free
Post-Run: 30.765.326.336 bytes free

- - End Of File - - 8BEC2616820317350C1556BE99B6E33A

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Kakvo je sada stanje?

offline
  • Pridružio: 16 Avg 2008
  • Poruke: 20
  • Gde živiš: U pustinji

Komp je ok, on u stvari nije ni pokazivao neke simptome zaraze. Logovi su dobri?
SD kartica je ok takodje. Hard drive je dobro takodje, samo su mi se na njemu pojavila neka dva foldera koja nisam pre imala - Recycle bin i Recycler. Recycle bin je pun nekih drugih foldera i fajlova, nebitnih. Jel mogu to da obrisem?
USB i dalje ne valja. Pokazuje da mu je zauzeto 3.5gb memorije od ukupno 4gb, a kad ga otvorim u njemu se nalazi samo jedan .txt file koji pre skeniranja nije bio tu.

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

To na eksternom hdd-u je ok, možeš isprazniti kantu.



Da probamo još jednom samo sa tim usb-om.

U logu vidim da imaš nekih slika na njemu i taj tekstualni file.

Ako imaš Total Commander ili neki drugi file manager možeš sa njim da pogledaš kakve su slike u pitanju.


Isti postupak kao i prethodni, napiši da li ih posle ovoga vidiš ili su i dalje nevidljive.

{f8ba1b38-3a4f-11dd-a745-001f3ae273a2}
no_sh:
folder_list: %DRIVE%

offline
  • Pridružio: 16 Avg 2008
  • Poruke: 20
  • Gde živiš: U pustinji

Nije uspelo, i dalje je sve bilo nevidljivo, a podatke sam uspela da nabavim na drugom mestu, tako da sam ga formatirala i sad izgleda ok. Jel mogu dalje normalno da ga koristim, nema vise virusa? Nod pokazuje da je cist.
Hvala puno na pomoci i strpljenju Smile

Ko je trenutno na forumu
 

Ukupno su 569 korisnika na forumu :: 26 registrovanih, 1 sakriven i 542 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, BSD, ccoogg123, comi_pfc, Dannyboy, darkstar101, DH, DonRumataEstorski, draganl, gonzagbs, goxin, kybonacci, leptirleptir, LUDI, mercedesamg, mikki jons, niksa517, Niske, Parker, radionica1, Shilok, sombrero, Tas011, vaso1, zixmix, Živković