Kompjuter mi ne prepoznaje usb flash

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 23 Dec 2010 16:10

ComboFix 10-12-22.05 - RIP 12/23/2010 16:06:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2577 [GMT 1:00]
Running from: c:\documents and settings\RIP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\RIP\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMSERVICE
-------\Service_AMService


((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-21 16:19 . 2010-12-21 16:21 -------- d-----w- c:\program files\KaraFun
2010-12-20 10:19 . 2010-12-20 10:19 -------- d-----w- c:\program files\ESET
2010-12-18 13:39 . 2010-12-18 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-12-18 13:39 . 2010-12-18 13:39 -------- d-----w- c:\program files\Raxco
2010-12-17 10:15 . 2010-12-17 10:15 110080 ----a-r- c:\documents and settings\RIP\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2010-12-17 10:15 . 2010-12-17 10:15 110080 ----a-r- c:\documents and settings\RIP\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2010-12-17 10:15 . 2010-12-17 10:15 -------- d-----w- C:\sh4ldr
2010-12-17 09:55 . 2010-12-17 09:55 -------- d-----w- c:\program files\Enigma Software Group
2010-12-17 09:55 . 2010-12-17 10:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-12-16 14:54 . 2010-12-16 15:17 -------- d-----w- c:\documents and settings\All Users\Immunet
2010-12-16 14:54 . 2010-12-16 14:55 -------- d-----w- c:\documents and settings\RIP\Application Data\Immunet
2010-12-16 14:09 . 2010-12-16 14:09 -------- d-----w- c:\program files\Panda Security
2010-12-16 11:33 . 2010-12-16 11:33 -------- d-----w- c:\documents and settings\Administrator
2010-12-15 15:42 . 2010-12-16 08:07 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-12-15 09:31 . 2010-12-15 09:31 -------- d-----w- c:\documents and settings\RIP\Application Data\TuneUp Software
2010-12-15 09:31 . 2010-12-15 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-12-15 09:31 . 2010-12-15 09:31 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-12-15 09:21 . 2008-04-14 03:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-12-15 08:24 . 2010-12-21 10:51 -------- d-----w- c:\windows\system32\NtmsData
2010-12-14 17:13 . 2010-12-14 17:13 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-12-14 16:03 . 2010-12-14 16:03 -------- d-----w- c:\documents and settings\RIP\Local Settings\Application Data\uTorrentBar
2010-12-14 16:00 . 2010-12-14 16:00 -------- d-----w- c:\documents and settings\RIP\Application Data\URSoft
2010-12-14 16:00 . 2010-12-23 13:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-12-10 11:17 . 2010-12-10 11:17 -------- d-----w- c:\program files\Common Files\Skype
2010-12-06 12:55 . 2010-12-06 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\IntelliPDF
2010-12-06 12:55 . 2010-12-06 12:54 737280 ----a-w- c:\windows\iun6002.exe
2010-11-25 14:04 . 2010-12-17 11:29 -------- d-----w- c:\program files\RegCure
2010-11-25 14:04 . 2010-11-25 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-11-25 08:58 . 2010-11-25 08:58 -------- d-----w- c:\documents and settings\RIP\Local Settings\Application Data\Two Worlds II
2010-11-25 08:58 . 2010-11-25 08:58 -------- d-----w- c:\documents and settings\RIP\Application Data\NVIDIA
2010-11-25 08:54 . 2010-11-25 08:54 -------- d-----w- c:\program files\Reality Pump
2010-11-25 08:50 . 2010-11-25 07:50 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-25 08:28 . 2010-11-25 08:28 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-25 07:50 . 2010-11-25 07:50 436792 ----a-w- c:\windows\system32\drivers\sptd.svs
2010-11-12 17:53 . 2010-07-19 11:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-07-19 11:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-16 18:55 . 2010-10-30 09:46 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55 . 2010-10-30 09:46 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55 . 2010-07-12 18:05 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-16 18:55 . 2010-07-12 18:05 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-07-12 18:05 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55 . 2010-07-12 18:05 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55 . 2010-07-12 18:05 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-07-12 18:05 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-07-12 18:05 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-07-12 18:05 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55 . 2010-07-12 18:05 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 10:04 . 2010-10-16 10:04 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 10:04 . 2010-10-16 10:04 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 10:04 . 2010-10-16 10:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 10:04 . 2010-10-16 10:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 10:04 . 2010-10-16 10:04 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 10:04 . 2010-10-16 10:04 145000 ----a-w- c:\windows\system32\nvcolor.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-23 15:08 . 2010-12-23 15:08 16384 c:\windows\Temp\Perflib_Perfdata_118.dat
+ 2010-09-08 10:31 . 2010-12-23 13:28 286720 c:\windows\system32\config\systemprofile\ntuser.dat
- 2010-09-08 10:31 . 2010-09-08 10:31 286720 c:\windows\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-13 16132608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^RIP^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\RIP\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 21:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2010-07-23 06:47 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-07-13 03:53 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"gupdate"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BlueSoleilCS"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrobat.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 22:39 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/25/2010 09:50 436792]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [5/18/2010 17:06 327064]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/13/2010 04:26 38656]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 11:44 30088]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/27/2010 18:10 5248]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 13:58 26248]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 21:37 4640000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 10:52]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 10:52]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\RIP\Application Data\Mozilla\Firefox\Profiles\i20q41f1.default\
FF - prefs.js: browser.search.selectedEngine - KickassTorrents
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Weather Watcher Live: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\weatherwatcherlive@singerscreations.com
FF - Ext: 1-Click YouTube Video Downloader: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Serbian Dictionary: [Link mogu videti samo ulogovani korisnici] - %profile%\extensions\sr-RS@dictionaries.addons.mozilla.org
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Java Quick Starter: [Link mogu videti samo ulogovani korisnici] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-12-23 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4048-)
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-12-23 16:10:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-23 15:10
ComboFix2.txt 2010-12-23 13:42
ComboFix3.txt 2010-12-22 08:52

Pre-Run: 39,675,535,360 bytes free
Post-Run: 39,665,377,280 bytes free

- - End Of File - - 1C6A5293EED3F853839561DE738F3A27

Dopuna: 23 Dec 2010 16:15

Само један је у питању:

USBNoRisk 2.6 (08 September 2010) by bobby

Started at 12/23/2010 16:12:16

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
E: {66256bf4-8e28-11df-8dca-cfffe97a5bcf}
C: {ce7d652d-8de9-11df-b706-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for ce7d652d-8de9-11df-b706-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on E:
No autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 66256bf4-8e28-11df-8dca-cfffe97a5bcf
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 12/23/2010 16:12:40

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ponovi skeniranje USBNoRisk-om i ostavi mi opet log tj. detaljno isprati Korak 2 iz moje prethodne poruke.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 24 Dec 2010 9:10

Ево, поновио сам поступак са једним USB flash-ом јер само то и користим од USB прикључака.


USBNoRisk 2.6 (08 September 2010) by bobby

Started at 12/24/2010 09:08:03

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
E: {66256bf4-8e28-11df-8dca-cfffe97a5bcf}
C: {ce7d652d-8de9-11df-b706-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for ce7d652d-8de9-11df-b706-806d6172696f
----------------------------------------
Desktop.ini found at C:\ComboFix\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={20D04FE0-3AEA-1069-A2D8-08002B30309D}
IconResource=C:\WINDOWS\system32\SHELL32.dll,4
----------------------------------------
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22913
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31751
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\Explorer.exe,0
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\SHELL32.dll
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\SHELL32.dll,-8503
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%windir%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %windir%\system32\mmc.exe /s %windir%\system32\compmgmt.msc
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22913
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31751
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\Explorer.exe,0
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\SHELL32.dll
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\SHELL32.dll,-8503
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%windir%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %windir%\system32\mmc.exe /s %windir%\system32\compmgmt.msc
----------------------------------------

No blocked files found on E:
No autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 66256bf4-8e28-11df-8dca-cfffe97a5bcf
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 12/24/2010 09:09:18

Scanning for connected USB mass storage...
----------------------------------------
F: {6efdef40-0cee-11e0-a433-000c7648770b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No autorun.inf files found on F:
No mountpoint found for 6efdef40-0cee-11e0-a433-000c7648770b
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================

Dopuna: 24 Dec 2010 16:20

SpyHunter ми данас често избацује ову поруку

Dopuna: 24 Dec 2010 16:23

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{6efdef40-0cee-11e0-a433-000c7648770b}
folder_list:%DRIVE%
no_sh:

- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.






Kada ti Spy Hunter izbaci tu poruku, klik na Accept.






goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 25 Dec 2010 8:31

USBNoRisk 2.6 (08 September 2010) by bobby

Started at 12/25/2010 08:30:45

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
E: {66256bf4-8e28-11df-8dca-cfffe97a5bcf}
C: {ce7d652d-8de9-11df-b706-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for ce7d652d-8de9-11df-b706-806d6172696f
----------------------------------------
Desktop.ini found at C:\ComboFix\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={20D04FE0-3AEA-1069-A2D8-08002B30309D}
IconResource=C:\WINDOWS\system32\SHELL32.dll,4
----------------------------------------
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22913
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31751
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\Explorer.exe,0
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\SHELL32.dll
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\SHELL32.dll,-8503
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%windir%\system32\mycomput.dll,-400
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %windir%\system32\mmc.exe /s %windir%\system32\compmgmt.msc
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22913
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31751
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D},LocalizedString = @%SystemRoot%\system32\shell32.dll,-9216
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon,@ = %SystemRoot%\Explorer.exe,0
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,@ = %SystemRoot%\system32\SHELL32.dll
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find,@ = @%SystemRoot%\system32\SHELL32.dll,-8503
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command,@ = %SystemRoot%\Explorer.exe
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage,@ = @%windir%\system32\mycomput.dll,-400
HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage\command,@ = %windir%\system32\mmc.exe /s %windir%\system32\compmgmt.msc
----------------------------------------

No blocked files found on E:
No autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 66256bf4-8e28-11df-8dca-cfffe97a5bcf
No Desktop.ini files found on E:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 12/25/2010 08:31:04

Scanning for connected USB mass storage...
----------------------------------------
F: {6efdef40-0cee-11e0-a433-000c7648770b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No autorun.inf files found on F:
No mountpoint found for 6efdef40-0cee-11e0-a433-000c7648770b
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================


Processing script
----------------------------------------
6efdef40-0cee-11e0-a433-000c7648770b
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 2
----------------------------------------
Folder list for F:\:
----------------------------------------
None
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
None
----------------------------------------

Dopuna: 25 Dec 2010 9:11

Још и ово, на Е партицији постоји директоријум autorun.inf а у њему се налази фајл: lpt3.This folder was created by Flash_Disinfector



Dopuna: 25 Dec 2010 9:17

А који се не да избрисати.

Dopuna: 25 Dec 2010 12:06

Сад видех, има и на С партицији исто

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Tvoj usb memorijski uredjaj, kao i OS su cisti tj. nema vise malware-a.







Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.




------------------------------------------------


- Ostale koriscene programe slobodno mozes izbrisati;

- Ako vec nisi, pozeljno je da instaliras Anti-Virus;

- Ukoliko imas i dalje problema sa racunarom, otvori temu u odgovarajuci potforum, jer problem najverovatnije nije vezan za malware s'obzirom da ti je racunar sada cist;

- Vezano za tvoje poslednje pitanje, taj folder je nastao koriscenjem programa Flash Disinfector. Folder mozes ukloniti prateci uputstvo sa sledeceg link-a (ponaosob za svaku particiju): [Link mogu videti samo ulogovani korisnici] ;

- Za zastitu USB memorijskih uredjaja, predlazem ti da koristis program MCShield.
Vise o MCShield-u mozes saznati u ovoj temi: [Link mogu videti samo ulogovani korisnici]
Home Page MCShield-a: [Link mogu videti samo ulogovani korisnici]





Hvala sto verujes AMF Timu




Pozdrav,
goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 25 Dec 2010 15:12

о сам по Вашем упутству деактивирао AVG, када покренем деинсталацију ComboFix, излази ми следећа порука:




Иначе, немам више проблема, MCShield ми је од раније инсталиран.

Dopuna: 25 Dec 2010 15:23

У питању је AVG 2011. Moжда да га и деинсталирам комплетно па да га после опет инсталирам?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Moraces prvo da deinstaliras AVG, pa nakon toga da deinstaliras Combo Fix. Kada to uradis, ili ponovo instaliraj AVG ili instaliraj neki drugi Anti-Virus.






Pozdrav,
goran9888 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ОК, сада када је и то јасно желим од срца да ти се захвалим као и целом тиму који нам несебично помажу. Свака вам част, ваша професионалност је на завидном нивоу.
Све најбоље...