Win32/Spy.Keylogger.NHI trojan

2

Win32/Spy.Keylogger.NHI trojan

offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

Evo uradila sam i sta sada.

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 23.3.2012 21:12:20

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {781d8eaf-2947-11df-b238-806e6f6e6963}
D: {781d8eb0-2947-11df-b238-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 781d8eaf-2947-11df-b238-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 781d8eb0-2947-11df-b238-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 23.3.2012 21:13:57

Scanning for connected USB mass storage...
----------------------------------------
F: {6d19baf8-4580-11e0-adcd-002622f0879b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No autorun.inf files found on F:
Sanitized mountpoint for 6d19baf8-4580-11e0-adcd-002622f0879b
----------------------------------------

----------------------------------------
Desktop.ini found at F:\boot\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------

No mimics found on drive F:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 23.3.2012 21:15:04

Scanning for connected USB mass storage...
----------------------------------------
F: {3e479d93-2baf-11df-b699-002622f0879b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No autorun.inf files found on F:
Sanitized mountpoint for 3e479d93-2baf-11df-b699-002622f0879b
----------------------------------------

----------------------------------------
Desktop.ini found at F:\ZABORAVI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------
Desktop.ini found at F:\cache.tmp\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------
Desktop.ini found at F:\GODINA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------

No mimics found on drive F:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 23.3.2012 21:16:57

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 23.3.2012 21:16:58

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 23.3.2012 21:17:02

Scanning for connected removable storage...
----------------------------------------
F: {f8cf6f70-3655-11df-ae4b-002622f0879b}
H: {f8cf6f74-3655-11df-ae4b-002622f0879b}
Added H:
========================================

Scanning removable storage for files...
----------------------------------------


New device connected at 23.3.2012 21:17:02

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No autorun.inf files found on H:
Sanitized mountpoint for f8cf6f74-3655-11df-ae4b-002622f0879b
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================

No blocked files found on H:
----------------------------------------
No autorun.inf files found on H:
No mountpoint found for f8cf6f74-3655-11df-ae4b-002622f0879b
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================

========================================
Removed H:
========================================
========================================

========================================
========================================

========================================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

- Pokreni USBNoRisk i sačekaj da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključi USB memorijske uređaje po redosledu kako si ih priključivala.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{6d19baf8-4580-11e0-adcd-002622f0879b}
no_sh:
folder_list:%DRIVE%

{3e479d93-2baf-11df-b699-002622f0879b}
no_sh:
folder_list:%DRIVE%

{f8cf6f70-3655-11df-ae4b-002622f0879b}
no_sh:
folder_list:%DRIVE%

 


Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;

Otvoriće se prozor Notepada sa tekstom koji je potrebno iskopirati ovde u poruci.

offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 23.3.2012 22:30:45

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {781d8eaf-2947-11df-b238-806e6f6e6963}
D: {781d8eb0-2947-11df-b238-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 781d8eaf-2947-11df-b238-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 781d8eb0-2947-11df-b238-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 23.3.2012 22:30:51

Scanning for connected USB mass storage...
----------------------------------------
F: {6d19baf8-4580-11e0-adcd-002622f0879b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No autorun.inf files found on F:
Sanitized mountpoint for 6d19baf8-4580-11e0-adcd-002622f0879b
----------------------------------------

----------------------------------------
Desktop.ini found at F:\boot\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------

No mimics found on drive F:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive F:
========================================



New device connected at 23.3.2012 22:31:01

Scanning for connected USB mass storage...
----------------------------------------
H: {3e479d93-2baf-11df-b699-002622f0879b}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No autorun.inf files found on H:
Sanitized mountpoint for 3e479d93-2baf-11df-b699-002622f0879b
----------------------------------------

----------------------------------------
Desktop.ini found at H:\ZABORAVI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------
Desktop.ini found at H:\cache.tmp\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------
Desktop.ini found at H:\GODINA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================


Processing script
----------------------------------------
3e479d93-2baf-11df-b699-002622f0879b
Drive letter for GUID: H:
SectionStart = 4
SectionEnd = 7
----------------------------------------
Unhide superhidden for H:\
----------------------------------------
----------------------------------------
Folder list for H:\:
----------------------------------------

dra--   0   H:\RECYCLER   H:\RECYCLER
d----   0   H:\mis   H:\mis
d----   0   H:\Drivers   H:\Drivers
d----   0   H:\prog   H:\prog
d----   0   H:\Zadaca   H:\Zadaca
d----   0   H:\FCMS   H:\FCMS
dra--   0   H:\ZABORAVI   H:\ZABORAVI
--a--   12319   H:\SEMINA~1.DOC   H:\seminarski.docx
--a--   56320   H:\SEMINA~2.DOC   H:\seminarski.doc
-r-h-   474   H:\WINAMP~1.XML   H:\winamp_cache_0001.xml
--a--   22120   H:\UNIVER~1.DOC   H:\UNIVERZITET2.docx
--a--   24395   H:\UNIVER~2.DOC   H:\UNIVERZITET.docx
dra--   0   H:\cache.tmp   H:\cache.tmp
--a--   41   H:\pmp_usb.ini   H:\pmp_usb.ini
--a--   2638   H:\NEWWOR~1.DOC   H:\New Wordpad Document.doc
--a--   77117208   H:\JDK-6U~1.EXE   H:\jdk-6u16-windows-i586.exe
dra--   0   H:\GODINA   H:\GODINA
--a--   348160   H:\msvcr71.dll   H:\msvcr71.dll

----------------------------------------

6d19baf8-4580-11e0-adcd-002622f0879b
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 3
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
----------------------------------------
Folder list for F:\:
----------------------------------------

dra--   0   F:\boot   F:\boot
d----   0   F:\1   F:\1
d----   0   F:\zadnji   F:\zadnji
d----   0   F:\HP   F:\HP

----------------------------------------

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Na drugom fleshu obrisi folder RECYCLER


Za zastitu USB memorijskih uredjaja ti predlazem da koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html



Nakon instaliranja MCShield-a, ubodi jedan po jedan USB memorijski uredjaj; sacekaj da ih MCShield skenira. Kada zavrsi skeniranje zadnjeg uredjaja okaci mi izvestaj pod nazivom: AllScans.txt.

Start -> Run -> %UserProfile%\Application Data\MCShield\AllScans.txt -> Enter


Posalji mi sadrzaj izvestaja koji ce ti se otvoriti u Notepad-u.

offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

Valjda sam dobro uradila.



>>> MCShield v 2.0.3.11 <<<


23.3.2012 23:20:35 > Disk H: - skeniranje započeto (PEDJA ~1906 MB, FAT flash disk )...


>>> H:\ZABORAVI\Desktop.ini - Malware > Obrisano. (12.03.23. 23.21 Desktop.ini.422421; MD5: f05d6580608901fa2aea2a1e711a8ff4)

>>> H:\cache.tmp\Desktop.ini - Malware > Obrisano. (12.03.23. 23.21 Desktop.ini.559135; MD5: f05d6580608901fa2aea2a1e711a8ff4)

>>> H:\GODINA\Desktop.ini - Malware > Obrisano. (12.03.23. 23.21 Desktop.ini.555517; MD5: f05d6580608901fa2aea2a1e711a8ff4)

> H:\cache.tmp

>>> H:\cache.tmp - Malware (fascikla) > Obrisano. (12.03.23. 23.21 cache.tmp.428356)


=> Malicioznih datoteka : 3/3 obrisano.
=> Malicioznih fascikli : 1/1 obrisano.

____________________________________________

::::: Trajanje skeniranja: 27s :::::::::::::
____________________________________________

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Jesi Smile

Ostaje da pokrenes OTL i kliknes na karticu CleanUp

To bi bilo sve.

offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

Uradjeno i to. Smile
Hvala puno. Pozzz

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Ziveli

Ko je trenutno na forumu
 

Ukupno su 1082 korisnika na forumu :: 51 registrovanih, 11 sakrivenih i 1020 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Ben Roj, brundo65, dankisha, darkangel, deimos25, Dimitrise93, djboj, Djokislav, Doca, DonRumataEstorski, Dorcolac, dragoljub11987, DragoslavS, Fog of War, Frunze, Georgius, glada, ikan, ivan979, kljift, kunktator, kybonacci, lord sir giga, LUDI, Luka Blažević, Marko.anticc, marsovac 2, mercedesamg, milenko crazy north, nebkv, nemkea71, Neretva, Parker, Romibrat, sasa87, savaskytec, Shinobi, slonic_tonic, Smajser, Srky Boy, Steeeefan, Stoilkovic, tmanda323, uruk, Vatreni Zmaj, VJ, Vlad000, Zi0mek, zixmix, zlaya011