Pisah u tuđoj temi, a ne postavih potrebne logove...

Pisah u tuđoj temi, a ne postavih potrebne logove...

offline
  • kvaju  Male
  • Novi MyCity građanin
  • Pridružio: 28 Apr 2008
  • Poruke: 7

Napisano: 18 Mar 2010 16:54

Pozdrav

Ima 2 dana pokušavam se rješiti ovog autorun.inf virusa.
Djevojka ga sa faxa pokupila negdje. Dakle ima par MB podataka na njemu koji su nebitni, i ta ***** autorun.inf datoteka.
Svaki file na njemu je odjednom postao read-only, i nemogu ništa sa njima, niti brisati, micati, formatirati usb, preko cmd-a, regedita, pokušavao sam raznee načine od linuxa (što me je začudilo da nije moglo da ga obriše), do raznih alata usbvakcine, nekih ninja programa, uglavnom probajte izguglati ne znam how to remove autorun.inf from usb, pokušao sam skoro pa sve te opcije.
Nadam se da ću ovdje naći rješenje za ovaj problem.
Najradije bi kupio novi usb, toliko me je ispizdio ovaj da bi ga najradije čekićem, ali je drama simpatičan stick, i nema ga sličnog kod nas kupit.
Koristim Xp.

Od svih programa koje sam koristio, iKill bar nekakav log izbaci, pa će možda netko stručniji možda nešto i izčitati sa njega.
i44.tinypic.com/64gua8.jpg

Također vam šaljem hijackthis.log


Combofix.log
ComboFix 10-03-17.07 - Administrator 03/18/2010 16:12:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.2047.1429 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sshnas21.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.

2010-03-18 14:52 . 2010-03-18 14:52 -------- d-----w- c:\program files\Autorun Eater
2010-03-18 14:41 . 2010-03-18 14:41 -------- d-----w- C:\USBNoRisk
2010-03-18 00:35 . 2010-03-18 00:35 17542 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3E0D9074-5C5B-41DD-B557-79BA6264D8A3}\_9C7848C97F2E75A915E0ED.exe
2010-03-18 00:35 . 2010-03-18 00:35 17542 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3E0D9074-5C5B-41DD-B557-79BA6264D8A3}\_0B41555A83B7152FD224B2.exe
2010-03-18 00:35 . 2010-03-18 00:35 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3E0D9074-5C5B-41DD-B557-79BA6264D8A3}\_41977DC1B763F3C72E2FA5.exe
2010-03-18 00:35 . 2010-03-18 00:35 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3E0D9074-5C5B-41DD-B557-79BA6264D8A3}\_0028004F1D61D623D05EAD.exe
2010-03-18 00:35 . 2010-03-18 00:35 -------- d-----w- c:\program files\ArpanTECH
2010-03-18 00:12 . 2010-03-18 01:13 -------- d-----w- c:\program files\Unlocker
2010-03-18 00:09 . 2010-03-18 00:08 168448 ----a-w- c:\windows\Ssicaa.exe
2010-03-18 00:00 . 2010-03-18 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-03-18 00:00 . 2010-03-18 00:00 -------- d-----w- c:\program files\Panda USB Vaccine
2010-03-17 23:29 . 2010-03-17 23:29 152880 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-17 23:28 . 2010-03-17 23:28 -------- d-----w- c:\windows\system32\XPSViewer
2010-03-17 23:28 . 2010-03-17 23:28 -------- d-----w- c:\program files\Reference Assemblies
2010-03-17 23:28 . 2007-03-22 19:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-03-17 23:28 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-03-17 23:19 . 2010-03-18 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2010-03-17 23:06 . 2010-03-17 23:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-17 22:18 . 2010-03-17 22:20 -------- d-----w- c:\windows\system32\NtmsData
2010-03-17 21:02 . 2010-03-17 21:02 2145 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com
2010-03-17 17:24 . 2008-04-22 12:09 32384 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-03-17 17:24 . 2008-04-22 12:09 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-16 22:22 . 2008-04-13 21:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-03-16 18:22 . 2010-03-16 18:22 -------- d-----w- C:\found.000
2010-03-16 01:18 . 2010-03-16 01:18 13264416 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-03-16 01:16 . 2010-03-16 01:18 91696 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\Uninstall.exe
2010-03-16 01:16 . 2010-03-18 15:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Dropbox
2010-03-16 00:30 . 2010-03-16 00:30 -------- d-----w- c:\program files\Lavalys
2010-03-15 18:05 . 2010-03-15 18:05 -------- d-----w- c:\program files\Common Files\Skype
2010-03-15 17:23 . 2010-03-15 17:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2010-03-15 17:13 . 2010-03-15 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-03-15 16:26 . 2010-03-15 16:26 -------- d-----w- c:\program files\CCleaner
2010-03-15 16:09 . 2010-03-15 17:12 -------- d-----w- c:\program files\uTorrent
2010-03-15 16:09 . 2010-03-18 15:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-03-15 16:01 . 2009-08-25 00:30 13312 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w74qs5rm.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 14:36 . 2010-03-15 15:23 -------- d-----w- c:\program files\Pidgin
2010-03-18 14:33 . 2010-03-15 15:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\.purple
2010-03-17 23:41 . 2010-03-15 15:04 65368 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-17 20:33 . 2010-03-15 15:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-03-17 19:19 . 2010-03-15 15:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-03-16 23:04 . 2010-03-15 15:38 90112 ----a-w- c:\windows\DUMP4565.tmp
2010-03-15 18:05 . 2010-03-15 15:43 -------- d-----r- c:\program files\Skype
2010-03-15 18:05 . 2010-03-15 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-15 17:24 . 2010-03-15 17:24 -------- d-----w- c:\program files\Vimicro
2010-03-15 17:24 . 2010-03-15 15:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-15 16:27 . 2010-03-15 15:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\AIMP
2010-03-15 16:02 . 2010-03-15 15:47 -------- d-----w- c:\program files\AIMP2
2010-03-15 15:49 . 2010-03-15 15:49 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe
2010-03-15 15:49 . 2010-03-15 15:33 275 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2010-03-15 15:49 . 2010-03-15 15:49 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
2010-03-15 15:45 . 2010-03-15 15:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-15 15:42 . 2010-03-15 15:42 -------- d-----w- c:\program files\The KMPlayer
2010-03-15 15:39 . 2010-03-15 15:39 0 ----a-w- c:\windows\nsreg.dat
2010-03-15 15:39 . 2010-03-15 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-15 15:38 . 2010-03-15 15:38 -------- d-----w- c:\program files\Microsoft Works
2010-03-15 15:37 . 2010-03-15 15:37 -------- d-----w- c:\program files\MSBuild
2010-03-15 15:33 . 2010-03-15 15:33 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
2010-03-15 15:33 . 2010-03-15 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2010-03-15 15:33 . 2010-03-15 15:31 -------- d-----w- c:\program files\MediaMonkey
2010-03-15 15:32 . 2010-03-15 15:32 -------- d-----w- c:\program files\Last.fm
2010-03-15 15:28 . 2010-03-15 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-03-15 15:28 . 2010-03-15 15:27 -------- d-----w- c:\program files\COMODO
2010-03-15 15:24 . 2010-03-15 15:24 2153 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\contacts.msn.com
2010-03-15 15:24 . 2010-03-15 15:24 2095 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2010-03-15 15:24 . 2010-03-15 15:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0
2010-03-15 15:23 . 2010-03-15 15:23 -------- d-----w- c:\program files\Common Files\GTK
2010-03-15 15:21 . 2010-03-15 15:21 -------- d-----w- c:\program files\Alwil Software
2010-03-15 15:21 . 2010-03-15 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-15 15:15 . 2010-03-15 15:15 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-15 15:15 . 2010-03-15 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-03-15 15:07 . 2010-03-15 15:07 -------- d-----w- c:\program files\Analog Devices
2010-03-15 15:07 . 2010-03-15 15:06 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-15 15:06 . 2010-03-15 15:06 -------- d-----w- c:\program files\Intel
2010-03-15 14:58 . 2010-03-15 14:58 -------- d-----w- c:\program files\microsoft frontpage
2010-03-15 14:56 . 2010-03-15 14:56 -------- d-----w- c:\program files\Windows Desktop Search
2010-03-15 14:53 . 2010-03-15 14:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-15 14:51 . 2010-03-15 14:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-15 14:50 . 2010-03-15 14:50 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-03 18:54 . 2010-03-03 18:54 276648 ----a-w- c:\windows\system32\guard32.dll
2010-03-03 18:54 . 2010-03-03 18:54 86720 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-03-03 18:54 . 2010-03-03 18:54 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-03-03 18:54 . 2010-03-03 18:54 214056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-03-03 18:54 . 2010-03-03 18:54 15376 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
.

------- Sigcheck -------

[-] 2009-06-07 . F958DC764FCCB2E899FC5F58BACF8494 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-15 319792]
"iKill"="c:\program files\ArpanTECH\iKill\iKill.exe" [2009-04-23 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlowDownCPU"="c:\windows\INF\MSI\SlowDownCPU\SlowDownCPU.exe" [2005-02-25 208896]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-03-03 1983760]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-26 549400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Preźac do mirc.lnk - d:\windows\THR-1.1\mirc.exe [2010-1-28 2023424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Windows\\THR-1.1\\mirc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/3/2010 19:54 214056]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/3/2010 19:54 25160]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/12/2010 19:23 148744]
R3 SlowDownCPU;SlowDownCPU;c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS [3/15/2010 16:06 23424]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [3/16/2010 1:30 27248]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2010-03-18 15:45]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {11EB1077-9C64-4856-85D0-D2842CE39B09} = 212.39.98.161,212.39.98.162
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w74qs5rm.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\w74qs5rm.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-823518204-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,92,ba,67,c9,d7,fc,48,ab,29,f5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,92,ba,67,c9,d7,fc,48,ab,29,f5,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1392)
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Autorun Eater\billy.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-18 16:20:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-18 15:20

Pre-Run: 44.593.467.392 bytes free
Post-Run: 44.690.829.312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C0970B447385A64CE23DDC115613
i Usbnorisk.log
USBNoRisk 2.5 (26 July 2009) by bobby

Started at 3/18/2010 15:38:47

Searching for connected USB Mass storage...
----------------------------------------
J:  {76c9e30c-314a-11df-82e0-0013d3604574}
========================================

Searching for other storage...
----------------------------------------
D:  {6acb0dbb-3048-11df-984b-806d6172696f}
E:  {6acb0dbc-3048-11df-984b-806d6172696f}
F:  {6acb0dbd-3048-11df-984b-806d6172696f}
G:  {6acb0dbe-3048-11df-984b-806d6172696f}
H:  {6acb0dbf-3048-11df-984b-806d6172696f}
C:  {6acb0dc3-3048-11df-984b-806d6172696f}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on J:
No Autorun.inf files found on J:
No mountpoint found for 76c9e30c-314a-11df-82e0-0013d3604574
No Desktop.ini files found on J:
No mimics found on drive J:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 6acb0dc3-3048-11df-984b-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 6acb0dbb-3048-11df-984b-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 6acb0dbc-3048-11df-984b-806d6172696f
No Desktop.ini files found on E:
----------------------------------------

No blocked files found on F:
No Autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 6acb0dbd-3048-11df-984b-806d6172696f
No Desktop.ini files found on F:
----------------------------------------

No blocked files found on G:
No Autorun.inf files found on G:
No mountpoint found for G:
No mountpoint found for 6acb0dbe-3048-11df-984b-806d6172696f
No Desktop.ini files found on G:
----------------------------------------

No blocked files found on H:
No Autorun.inf files found on H:
No mountpoint found for H:
No mountpoint found for 6acb0dbf-3048-11df-984b-806d6172696f
No Desktop.ini files found on H:
----------------------------------------

========================================
Initial scan finished!
========================================
========================================
Removed J:
========================================


[b]New device connected at[/b] 3/18/2010 15:39:26

Scanning for connected USB mass storage...
----------------------------------------
J:  {76c9e30c-314a-11df-82e0-0013d3604574}
Added J:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on J:
----------------------------------------
No Autorun.inf files found on J:
No mountpoint found for 76c9e30c-314a-11df-82e0-0013d3604574
----------------------------------------

No Desktop.ini files found on J:
----------------------------------------

No mimics found on drive J:
========================================

========================================

========================================


Svaka pomoć dobrodošla.

Hvala

Dopuna: 18 Mar 2010 17:18

Pošto vidim da sam nešto pogrešno uradio, jer je mod premjestio moj post u drugu temu, zanima me koji još log trebam da prikačim?
Mislio sam da su ta 3 sasvim dovoljna

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

ne odlucujes ti koji su logovi potrebni.

Aj sad polako

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Ko je trenutno na forumu
 

Ukupno su 478 korisnika na forumu :: 24 registrovanih, 7 sakrivenih i 447 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Battlehammer, darkangel, DreadForce83, Drug pukovnik, HDMI, ikan, kvcali, Marko Marković, Mercury, mrvica78, nemkea71, nuke92, ostoja, pein, Recce, Regrut Boskica, ruseskij, suton, vdeki, Vlad000, vladetije, Wiesel092