MyCity » Ambulanta -> Arhiva Ambulante » Rootkit na SD kartici

Rootkit na SD kartici

Napisano na dan: 3.12.2010

Strana:
1
2

Rootkit na SD kartici

Sledeća strana

Pagination

Odgovori

Strana:
1
2

bojovnik Poslao: 03 Dec 2010 13:46 Idi na vrh
offline bojovnik Građanin Pridružio: 28 Maj 2010 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Imam problem na SD kartici zbog kojeg ne mogu da slikam digitalnim fotoaparatom. Naime, kada slikam, na digitalcu mi se često javlja poruka error saving image sa crvenim ekranom te se nekad kad pregledavam slike na digitalcu slike ne mogu pogledati. Inace, na aparatu koristim dvije SD kartice i njegovu internu memoriju. Na racunalu imam AVG antivirusni program te sam prilikom skeniranja tih memorija nasao fajlove koje AVG okarakterizira kao rootkitove, a ne daju se obrisati jer su hidden fajlovi. To su ovi fajlovi: C:\Windows\system32\Drivers\RKREVEAL150.SYS C:\Windows\System32\Drivers\aq3wojgh.SYS" Pokusao sam ukloniti ove fajlove sa raznim programcicima ukljucujuci i ove sa ove vase stranice mycity.rs/Zastita/Sve-o-Rootkit-ovima-p.....anje.html. ali bezuspjesno. Molio bih vas da pogledate i ucinite nesto ako se moze. Na internet sam spojem ADSLom 2 Mbit/s. DDS (Ver_10-11-27.01) - NTFSx86 Run by Marijan at 13:01:42,19 on pet 03.12.2010. Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.1789.769 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe C:\Windows\system32\AEADISRV.EXE C:\Windows\system32\svchost.exe -k apphost C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\UAService.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\system32\taskeng.exe C:\Program Files\UnHackMe\hackmon.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\Ultralingua\Ultralingua 7\ULHotkey.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Users\Marijan\Desktop\RootkitRevealer.exe C:\Users\Marijan\AppData\Local\Temp\XHAKL.exe C:\Windows\system32\UI0Detect.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\SpeedFan\speedfan.exe C:\Windows\system32\notepad.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Marijan\Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.hr/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: everyflv: {9016c848-658e-e968-b881-a31dc53c4c60} - c:\windows\system32\vDh05J.dll BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide uRun: [Canaveral] rundll32.exe c:\windows\system32\sshnas21.dll,BackupReadW uRun: [M5T8QL3YW3] c:\users\marijan\appdata\local\temp\Yt1.exe mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Ultralingua 7 Hotkey] "c:\program files\ultralingua\ultralingua 7\ULHotkey.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [WinampAgent] c:\program files\winamp\winampa.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\users\marijan\appdata\roaming\microsoft\windows\start menu\programs\startup\9635938.del StartupFolder: c:\users\marijan\appdata\roaming\micros~1\windows\startm~1\programs\startup\9635938.lnk - c:\users\marijan\appdata\local\temp\mvNat.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: avgrsstx.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\marijan\appdata\roaming\mozilla\firefox\profiles\5dw6pwt9.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\mozilla firefox\extensions\{ee1dd5b8-be23-521a-15e2-b13dbba8da81}\components\u_9yWWCq-GmriS.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{ee1dd5b8-be23-521a-15e2-b13dbba8da81} FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Extension: LoudMo Contextual Ad Assistant: {ee1dd5b8-be23-521a-15e2-b13dbba8da81} - c:\program files\mozilla firefox\extensions\{ee1dd5b8-be23-521a-15e2-b13dbba8da81} FF - Extension: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - c:\users\marijan\appdata\roaming\mozilla\firefox\profiles\5dw6pwt9.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox ---- FIREFOX POLICIES ---- FF - user.js: network.proxy.type - 0 FF - user.js: network.proxy.http - user_pref(network.proxy.http_port,); FF - user.js: network.proxy.no_proxies_on - FF - user.js: google.toolbar.linkdoctor.enabled - false ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-3-9 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-9 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-9 27784] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-9 108552] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\abbyy finereader 9.0\NetworkLicenseServer.exe [2007-11-2 566560] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-4 176128] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2010-3-10 297752] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-12-9 228408] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2010-8-26 375808] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] =============== Created Last 30 ================ 2010-12-03 08:41:13 2 --shatr- c:\windows\winstart.bat 2010-12-03 08:40:53 -------- d-----w- c:\program files\UnHackMe 2010-12-02 22:01:22 -------- d-----w- c:\windows\system32\MpEngineStore 2010-12-02 21:11:22 -------- d-----w- c:\users\marijan\Pavark 2010-12-02 21:10:16 -------- d-----w- c:\program files\IceSword 2010-12-02 21:09:47 744960 ----a-w- c:\program files\mozilla firefox\icesword122en\IceSword.exe 2010-12-02 21:05:39 -------- d-----w- c:\program files\Sophos 2010-11-30 19:20:51 -------- d-----w- c:\users\marijan\appdata\local\ABBYY 2010-11-26 20:38:10 -------- d-----w- c:\users\marijan\appdata\local\Adobe 2010-11-16 15:03:25 -------- d-----w- c:\program files\HP Photosmart M417 FW Files ==================== Find3M ==================== ============= FINISH: 13:03:00,86 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 03 Dec 2010 15:54 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, bojovnik! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Korak 1 Nemoj koristiti te SD kartice dok ti to ne budem napisao. Korak 2 Deinstaliraj trenutnu verziju antivirusa (AVG 8.5) ; Korak 3 Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

bojovnik Poslao: 03 Dec 2010 18:15 Idi na vrh
offline bojovnik Građanin Pridružio: 28 Maj 2010 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-12-02.06 - Marijan 3.12.2010. 17:47:22.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.1789.1058 [GMT 1:00] Running from: c:\users\Marijan\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\FLV Direct Player c:\program files\FLV Direct Player\downloading.swf c:\program files\FLV Direct Player\FLVPlayer.exe c:\program files\FLV Direct Player\player.swf c:\program files\FLV Direct Player\preload.swf c:\program files\FLV Direct Player\Skin\DirectFLV\Button.bmp c:\program files\FLV Direct Player\Skin\DirectFLV\Logo.bmp c:\program files\FLV Direct Player\Skin\DirectFLV\skin.xml c:\program files\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp c:\program files\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp c:\program files\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp c:\program files\FLV Direct Player\Skin\DirectFLV\Window.bmp c:\program files\FLV Direct Player\uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk c:\users\Marijan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9635938.lnk C:\Win c:\win\1.exe c:\win\desktop.exe c:\win\lsass.exe c:\win\names.txt c:\windows\system32\-UfiR1Dkx.exe c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_usnjsvc ((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 ))))))))))))))))))))))))))))))) . 2010-12-03 16:55 . 2010-12-03 16:59 -------- d-----w- c:\users\Marijan\AppData\Local\temp 2010-12-03 16:55 . 2010-12-03 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-03 16:18 . 2010-12-03 16:18 -------- d-----w- c:\users\Marijan\AppData\Roaming\AVG10 2010-12-03 16:15 . 2010-12-03 16:15 -------- d--h--w- c:\programdata\Common Files 2010-12-03 16:14 . 2010-12-03 16:40 -------- d-----w- c:\programdata\AVG10 2010-12-03 16:04 . 2010-12-03 16:13 -------- d-----w- c:\programdata\MFAData 2010-12-03 13:48 . 2010-12-03 13:48 -------- d-----w- c:\users\Marijan\AppData\Local\Adobe 2010-12-03 08:41 . 2010-12-03 08:41 2 --shatr- c:\windows\winstart.bat 2010-12-03 08:40 . 2010-12-03 13:25 -------- d-----w- c:\program files\UnHackMe 2010-12-02 22:01 . 2010-12-03 08:28 -------- d-----w- c:\windows\system32\MpEngineStore 2010-12-02 21:11 . 2010-12-02 21:11 -------- d-----w- c:\users\Marijan\Pavark 2010-12-02 21:10 . 2010-12-02 21:10 -------- d-----w- c:\program files\IceSword 2010-12-02 21:09 . 2007-07-10 15:23 744960 ----a-w- c:\program files\Mozilla Firefox\IceSword122en\IceSword.exe 2010-12-02 21:05 . 2010-12-02 21:11 -------- d-----w- c:\program files\Sophos 2010-11-16 15:03 . 2010-11-16 15:03 -------- d-----w- c:\program files\HP Photosmart M417 FW Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-02 22:01 . 2009-07-13 23:23 35328 ----a-w- c:\windows\system32\drivers\blbdrive.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-05-17 5729136] "Eraser"="c:\program files\Eraser\Eraser.exe" [2009-12-12 332800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-09 98304] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "Ultralingua 7 Hotkey"="c:\program files\Ultralingua\Ultralingua 7\ULHotkey.exe" [2009-11-04 1483264] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] c:\users\Marijan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ 9635938.del [2010-5-7 949] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-10 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" R3 <NtDriverName>;<NtDriverName>;c:\windows\System32\Drivers\<NtDriverName>.sys [x] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] R3 MGSGK;MGSGK;c:\users\Marijan\AppData\Local\Temp\MGSGK.exe [x] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-07-02 375808] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 XHAKL;XHAKL;c:\users\Marijan\AppData\Local\Temp\XHAKL.exe [x] R3 XVUYQK;XVUYQK;c:\users\Marijan\AppData\Local\Temp\XVUYQK.exe [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-09 691696] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-11-02 566560] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128] S2 Realtek87B;Realtek87B;c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hr/ uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 FF - ProfilePath - c:\users\Marijan\AppData\Roaming\Mozilla\Firefox\Profiles\5dw6pwt9.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\Mozilla Firefox\extensions\{ee1dd5b8-be23-521a-15e2-b13dbba8da81}\components\u_9yWWCq-GmriS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Extension: LoudMo Contextual Ad Assistant: {ee1dd5b8-be23-521a-15e2-b13dbba8da81} - c:\program files\Mozilla Firefox\extensions\{ee1dd5b8-be23-521a-15e2-b13dbba8da81} FF - Extension: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - c:\users\Marijan\AppData\Roaming\Mozilla\Firefox\Profiles\5dw6pwt9.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} ---- FIREFOX POLICIES ---- FF - user.js: network.proxy.type - 0 FF - user.js: network.proxy.http - user_pref(network.proxy.http_port,); FF - user.js: network.proxy.no_proxies_on - . - - - - ORPHANS REMOVED - - - - BHO-{9016c848-658e-e968-b881-a31dc53c4c60} - c:\windows\system32\vDh05J.dll HKCU-Run-Canaveral - c:\windows\system32\sshnas21.dll HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe AddRemove--UfiR1Dkx - c:\windows\system32\-UfiR1Dkx.exe AddRemove-Winamp Detect - c:\program files\Winamp Detect\UninstWaDetect.exe . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1045542724-2555930307-1999853709-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] @Allowed: (Read) (RestrictedCode) "??"=hex:5e,8a,db,3f,ac,a8,97,18,10,91,cf,fd,13,84,ba,89,5e,4c,ad,f3,81,4b,1d, 9f,8d,af,31,8f,76,65,2e,92,2f,13,e4,f2,0b,bd,5a,af,44,91,ab,cd,05,f6,8e,5a,\ "??"=hex:e0,e2,4a,34,c0,2f,df,49,49,81,5d,ab,cf,2f,d7,f3 [HKEY_USERS\S-1-5-21-1045542724-2555930307-1999853709-1000\Software\SecuROM\License information] @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atieclxx.exe c:\windows\system32\AEADISRV.EXE c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\sppsvc.exe c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\UAService.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe . ************************************************************************* . Completion time: 2010-12-03 18:03:14 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-03 17:03 Pre-Run: 15.066.562.560 bytes free Post-Run: 14.679.871.488 bytes free - - End Of File - - 80B5F621E2FA2F07CB74A9C9000A897D

Profil

1l padr1n0 Poslao: 03 Dec 2010 21:14 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Korak 1 Sada instaliraj jedan Anti-Virus. Ukoliko zelis, nova verzija AVG-a je dostupna na sledecem link-u: AVG Free Anti-Virus Pored AVG-a, postoje i druga besplatna Anti-Virus-na resenja: Avast, Avira, Panda Cloud Free, Microsoft Security Essentials, itd. Odluci se za jedan od njih. Korak 2 - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak - Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum. Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd. ----------------------------------- Kakvo je sada stanje racunara? goran9888 (AMF Tim)

Profil

bojovnik Poslao: 03 Dec 2010 22:06 Idi na vrh
offline bojovnik Građanin Pridružio: 28 Maj 2010 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 2.6 (08 September 2010) by bobby Started at 3.12.2010. 22:02:00 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {5d240f4b-e4f8-11de-9002-806e6f6e6963} D: {5d240f4c-e4f8-11de-9002-806e6f6e6963} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 5d240f4b-e4f8-11de-9002-806e6f6e6963 No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 5d240f4c-e4f8-11de-9002-806e6f6e6963 No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 3.12.2010. 22:02:40 Scanning for connected USB mass storage... ---------------------------------------- G: {12a34a66-2d46-11df-a4ea-0022645d24dd} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- No autorun.inf files found on G: No mountpoint found for 12a34a66-2d46-11df-a4ea-0022645d24dd ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== ======================================== Removed G: ======================================== New device connected at 3.12.2010. 22:03:09 Scanning for connected USB mass storage... ---------------------------------------- G: {e53ebe26-d2c6-11df-ba72-002186b45413} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- No autorun.inf files found on G: No mountpoint found for e53ebe26-d2c6-11df-ba72-002186b45413 ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== ======================================== Removed G: ======================================== New device connected at 3.12.2010. 22:03:43 Scanning for connected USB mass storage... ---------------------------------------- G: {e53ebe26-d2c6-11df-ba72-002186b45413} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- No autorun.inf files found on G: Sanitized mountpoint for e53ebe26-d2c6-11df-ba72-002186b45413 ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== ======================================== Removed G: ======================================== Kad slikam digitalcem i dalje javlja error saving image...

Profil

1l padr1n0 Poslao: 03 Dec 2010 23:29 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! odraditi isti postupak za oba uredjaja - Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje. - Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj. - Kliknuti na karticu Script; U beli okvir prozora iskopirati sledeći tekst: `{12a34a66-2d46-11df-a4ea-0022645d24dd} folder_list:%DRIVE% no_sh: {e53ebe26-d2c6-11df-ba72-002186b45413} folder_list:%DRIVE% no_sh:` - Izvršiti komandu klikom na taster Run Script; Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor; - Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log; Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci. goran9888 (AMF Tim)

Profil

bojovnik Poslao: 04 Dec 2010 08:42 Idi na vrh
offline bojovnik Građanin Pridružio: 28 Maj 2010 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel mislis da ovo uradim za sve tri memorije ili samo za ove dvije SD kartice?

Profil

1l padr1n0 Poslao: 04 Dec 2010 14:02 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! bojovnik ::Jel mislis da ovo uradim za sve tri memorije ili samo za ove dvije SD kartice? Izvinjavam se sto sam bio malo nejasan. Da, odradi postupak za sva tri memorijska uredjaja.

Profil

bojovnik Poslao: 04 Dec 2010 16:01 Idi na vrh
offline bojovnik Građanin Pridružio: 28 Maj 2010 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk 2.6 (08 September 2010) by bobby Started at 4.12.2010. 15:58:29 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {5d240f4b-e4f8-11de-9002-806e6f6e6963} D: {5d240f4c-e4f8-11de-9002-806e6f6e6963} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 5d240f4b-e4f8-11de-9002-806e6f6e6963 No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 5d240f4c-e4f8-11de-9002-806e6f6e6963 No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 4.12.2010. 15:58:44 Scanning for connected USB mass storage... ---------------------------------------- G: {12a34a66-2d46-11df-a4ea-0022645d24dd} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- No autorun.inf files found on G: Sanitized mountpoint for 12a34a66-2d46-11df-a4ea-0022645d24dd ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== Processing script ---------------------------------------- 12a34a66-2d46-11df-a4ea-0022645d24dd Drive letter for GUID: G: SectionStart = 0 SectionEnd = 3 ---------------------------------------- Folder list for G:\: ---------------------------------------- `d---- 0 G:\DCIM G:\DCIM d---- 0 G:\MISC G:\MISC` ---------------------------------------- Unhide superhidden for G:\ ---------------------------------------- ---------------------------------------- USBNoRisk 2.6 (08 September 2010) by bobby Started at 4.12.2010. 16:00:29 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {5d240f4b-e4f8-11de-9002-806e6f6e6963} D: {5d240f4c-e4f8-11de-9002-806e6f6e6963} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 5d240f4b-e4f8-11de-9002-806e6f6e6963 No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 5d240f4c-e4f8-11de-9002-806e6f6e6963 No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 4.12.2010. 16:00:45 Scanning for connected USB mass storage... ---------------------------------------- G: {e53ebe26-d2c6-11df-ba72-002186b45413} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- No autorun.inf files found on G: Sanitized mountpoint for e53ebe26-d2c6-11df-ba72-002186b45413 ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== Processing script ---------------------------------------- e53ebe26-d2c6-11df-ba72-002186b45413 Drive letter for GUID: G: SectionStart = 4 SectionEnd = 6 ---------------------------------------- Folder list for G:\: ---------------------------------------- `d---- 0 G:\DCIM G:\DCIM d---- 0 G:\MISC G:\MISC` ---------------------------------------- Unhide superhidden for G:\ ---------------------------------------- ---------------------------------------- USBNoRisk 2.6 (08 September 2010) by bobby Started at 4.12.2010. 16:01:40 Searching for connected USB Mass storage... ---------------------------------------- ======================================== Searching for other storage... ---------------------------------------- C: {5d240f4b-e4f8-11de-9002-806e6f6e6963} D: {5d240f4c-e4f8-11de-9002-806e6f6e6963} ======================================== Scanning fixed storage... ---------------------------------------- No blocked files found on C: No autorun.inf files found on C: No mountpoint found for C: No mountpoint found for 5d240f4b-e4f8-11de-9002-806e6f6e6963 No Desktop.ini files found on C: ---------------------------------------- No blocked files found on D: No autorun.inf files found on D: No mountpoint found for D: No mountpoint found for 5d240f4c-e4f8-11de-9002-806e6f6e6963 No Desktop.ini files found on D: ---------------------------------------- ======================================== Initial scan finished! ======================================== New device connected at 4.12.2010. 16:01:49 Scanning for connected USB mass storage... ---------------------------------------- G: {e53ebe26-d2c6-11df-ba72-002186b45413} Added G: ======================================== Scanning USB mass storage for files... ---------------------------------------- No blocked files found on G: ---------------------------------------- No autorun.inf files found on G: Sanitized mountpoint for e53ebe26-d2c6-11df-ba72-002186b45413 ---------------------------------------- No Desktop.ini files found on G: ---------------------------------------- No mimics found on drive G: ======================================== Processing script ---------------------------------------- e53ebe26-d2c6-11df-ba72-002186b45413 Drive letter for GUID: G: SectionStart = 4 SectionEnd = 6 ---------------------------------------- Folder list for G:\: ---------------------------------------- `d---- 0 G:\DCIM G:\DCIM d---- 0 G:\MISC G:\MISC` ---------------------------------------- Unhide superhidden for G:\ ---------------------------------------- ----------------------------------------

Profil

1l padr1n0 Poslao: 04 Dec 2010 16:45 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Tvoj racunar i memorijski uredjaji koje si prikljucivao su cisti sto se malware-a tice. Znaci, tvoj problem nije izazvan malware-om, vec je problem najverovatnije u tom digitalnom fotoaparatu. -------------------------------------------- Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Za zastitu USB memorijskih uredjaja, predlazem ti da koristis program MCShield. Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/ goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Rootkit na SD kartici

Ko je trenutno na forumu

Ukupno su 1127 korisnika na forumu :: 29 registrovanih, 6 sakrivenih i 1092 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, cikadeda, darcaud, Denaya, Drakce65, Georgius, Grond, Kubovac, Marko Marković, Metanoja, Motocar, Nobunaga, Oscar, Panter, perko91, procesor, sabros, skvara, ss10, suton, theNedjeljko, uruk, vaso1, vathra, VJ, voja64, VP6919, x9, zlatkoa987

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by