Win32/Spy.Keylogger.NHI trojan

2

Win32/Spy.Keylogger.NHI trojan

Idi na vrh
offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

Evo uradila sam i sta sada.

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 23.3.2012 21:12:20

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {781d8eaf-2947-11df-b238-806e6f6e6963}
D: {781d8eb0-2947-11df-b238-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 781d8eaf-2947-11df-b238-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 781d8eb0-2947-11df-b238-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 23.3.2012 21:13:57

Scanning for connected USB mass storage...
----------------------------------------
F: {6d19baf8-4580-11e0-adcd-002622f0879b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No autorun.inf files found on F:
Sanitized mountpoint for 6d19baf8-4580-11e0-adcd-002622f0879b
----------------------------------------

----------------------------------------
Desktop.ini found at F:\boot\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------

No mimics found on drive F:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 23.3.2012 21:15:04

Scanning for connected USB mass storage...
----------------------------------------
F: {3e479d93-2baf-11df-b699-002622f0879b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No autorun.inf files found on F:
Sanitized mountpoint for 3e479d93-2baf-11df-b699-002622f0879b
----------------------------------------

----------------------------------------
Desktop.ini found at F:\ZABORAVI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------
Desktop.ini found at F:\cache.tmp\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------
Desktop.ini found at F:\GODINA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------

No mimics found on drive F:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 23.3.2012 21:16:57

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 23.3.2012 21:16:58

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 23.3.2012 21:17:02

Scanning for connected removable storage...
----------------------------------------
F: {f8cf6f70-3655-11df-ae4b-002622f0879b}
H: {f8cf6f74-3655-11df-ae4b-002622f0879b}
Added H:
========================================

Scanning removable storage for files...
----------------------------------------


New device connected at 23.3.2012 21:17:02

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No autorun.inf files found on H:
Sanitized mountpoint for f8cf6f74-3655-11df-ae4b-002622f0879b
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================

No blocked files found on H:
----------------------------------------
No autorun.inf files found on H:
No mountpoint found for f8cf6f74-3655-11df-ae4b-002622f0879b
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================

========================================
Removed H:
========================================
========================================

========================================
========================================

========================================

Idi na vrh
offline
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 8845
  • Gde živiš: Prokuplje

- Pokreni USBNoRisk i sačekaj da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključi USB memorijske uređaje po redosledu kako si ih priključivala.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{6d19baf8-4580-11e0-adcd-002622f0879b}
no_sh:
folder_list:%DRIVE%

{3e479d93-2baf-11df-b699-002622f0879b}
no_sh:
folder_list:%DRIVE%

{f8cf6f70-3655-11df-ae4b-002622f0879b}
no_sh:
folder_list:%DRIVE%

 


Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;

Otvoriće se prozor Notepada sa tekstom koji je potrebno iskopirati ovde u poruci.

Idi na vrh
offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 23.3.2012 22:30:45

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {781d8eaf-2947-11df-b238-806e6f6e6963}
D: {781d8eb0-2947-11df-b238-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 781d8eaf-2947-11df-b238-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 781d8eb0-2947-11df-b238-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 23.3.2012 22:30:51

Scanning for connected USB mass storage...
----------------------------------------
F: {6d19baf8-4580-11e0-adcd-002622f0879b}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No autorun.inf files found on F:
Sanitized mountpoint for 6d19baf8-4580-11e0-adcd-002622f0879b
----------------------------------------

----------------------------------------
Desktop.ini found at F:\boot\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------

No mimics found on drive F:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive F:
========================================



New device connected at 23.3.2012 22:31:01

Scanning for connected USB mass storage...
----------------------------------------
H: {3e479d93-2baf-11df-b699-002622f0879b}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No autorun.inf files found on H:
Sanitized mountpoint for 3e479d93-2baf-11df-b699-002622f0879b
----------------------------------------

----------------------------------------
Desktop.ini found at H:\ZABORAVI\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------
Desktop.ini found at H:\cache.tmp\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------
Desktop.ini found at H:\GODINA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================


Processing script
----------------------------------------
3e479d93-2baf-11df-b699-002622f0879b
Drive letter for GUID: H:
SectionStart = 4
SectionEnd = 7
----------------------------------------
Unhide superhidden for H:\
----------------------------------------
----------------------------------------
Folder list for H:\:
----------------------------------------

dra--   0   H:\RECYCLER   H:\RECYCLER
d----   0   H:\mis   H:\mis
d----   0   H:\Drivers   H:\Drivers
d----   0   H:\prog   H:\prog
d----   0   H:\Zadaca   H:\Zadaca
d----   0   H:\FCMS   H:\FCMS
dra--   0   H:\ZABORAVI   H:\ZABORAVI
--a--   12319   H:\SEMINA~1.DOC   H:\seminarski.docx
--a--   56320   H:\SEMINA~2.DOC   H:\seminarski.doc
-r-h-   474   H:\WINAMP~1.XML   H:\winamp_cache_0001.xml
--a--   22120   H:\UNIVER~1.DOC   H:\UNIVERZITET2.docx
--a--   24395   H:\UNIVER~2.DOC   H:\UNIVERZITET.docx
dra--   0   H:\cache.tmp   H:\cache.tmp
--a--   41   H:\pmp_usb.ini   H:\pmp_usb.ini
--a--   2638   H:\NEWWOR~1.DOC   H:\New Wordpad Document.doc
--a--   77117208   H:\JDK-6U~1.EXE   H:\jdk-6u16-windows-i586.exe
dra--   0   H:\GODINA   H:\GODINA
--a--   348160   H:\msvcr71.dll   H:\msvcr71.dll

----------------------------------------

6d19baf8-4580-11e0-adcd-002622f0879b
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 3
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
----------------------------------------
Folder list for F:\:
----------------------------------------

dra--   0   F:\boot   F:\boot
d----   0   F:\1   F:\1
d----   0   F:\zadnji   F:\zadnji
d----   0   F:\HP   F:\HP

----------------------------------------

Idi na vrh
offline
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 8845
  • Gde živiš: Prokuplje

Na drugom fleshu obrisi folder RECYCLER


Za zastitu USB memorijskih uredjaja ti predlazem da koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html



Nakon instaliranja MCShield-a, ubodi jedan po jedan USB memorijski uredjaj; sacekaj da ih MCShield skenira. Kada zavrsi skeniranje zadnjeg uredjaja okaci mi izvestaj pod nazivom: AllScans.txt.

Start -> Run -> %UserProfile%\Application Data\MCShield\AllScans.txt -> Enter


Posalji mi sadrzaj izvestaja koji ce ti se otvoriti u Notepad-u.

Idi na vrh
offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

Valjda sam dobro uradila.



>>> MCShield v 2.0.3.11 <<<


23.3.2012 23:20:35 > Disk H: - skeniranje započeto (PEDJA ~1906 MB, FAT flash disk )...


>>> H:\ZABORAVI\Desktop.ini - Malware > Obrisano. (12.03.23. 23.21 Desktop.ini.422421; MD5: f05d6580608901fa2aea2a1e711a8ff4)

>>> H:\cache.tmp\Desktop.ini - Malware > Obrisano. (12.03.23. 23.21 Desktop.ini.559135; MD5: f05d6580608901fa2aea2a1e711a8ff4)

>>> H:\GODINA\Desktop.ini - Malware > Obrisano. (12.03.23. 23.21 Desktop.ini.555517; MD5: f05d6580608901fa2aea2a1e711a8ff4)

> H:\cache.tmp

>>> H:\cache.tmp - Malware (fascikla) > Obrisano. (12.03.23. 23.21 cache.tmp.428356)


=> Malicioznih datoteka : 3/3 obrisano.
=> Malicioznih fascikli : 1/1 obrisano.

____________________________________________

::::: Trajanje skeniranja: 27s :::::::::::::
____________________________________________

Idi na vrh
offline
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 8845
  • Gde živiš: Prokuplje

Jesi Smile

Ostaje da pokrenes OTL i kliknes na karticu CleanUp

To bi bilo sve.

Idi na vrh
offline
  • Pridružio: 20 Mar 2012
  • Poruke: 9

Uradjeno i to. Smile
Hvala puno. Pozzz

Idi na vrh
offline
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 8845
  • Gde živiš: Prokuplje

Ziveli


Potreban je samo minut da se registrujete - da biste učestvovali u diskusiji:
Izaberite vaše korisničko ime [username] :
Vaša email adresa je [email] : Email adresa mora biti tačna!
Ukucajte željenu šifru [password] :
Ukucajte šifru ponovo [password again] :
Jezik [language] :




Ili se jednostavno uloguj preko Facebook-a:
Ko je trenutno na forumu
 

Ukupno su 636 korisnika na forumu :: 94 registrovanih, 14 sakrivenih i 528 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1311 - dana 15 Nov 2012 21:40

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _iKaC, _Sale, AcaDinic, Acclamator, acotv, ahil 952, Ajduk, Aleksandar Vuckovic, aljosa7, ante mpt, arsen.arsenovic93, black venom, bojank2, Boris902, bozidar79, Chuck Norris, Cigi, Cili2, croato, crusher, danijell, Danko SVIK VRS, darios, Davor Kondic, Dejan842, deki992, dekifcrs, Dimitrije Paunovic, dobri covek, dragan638, dusanjagodic88, E.L.I.T.E., Eyes Wide Shut, Filip Marinković, Fog of War, gile960, goxin, HP 35, HS2, i.senica, ifix, igic 2, ivan1810, ivan24, ivica976, kobaja EL grande, latex, Lieutenant, ljuba, lovac12, Lucije Kvint, MarKhan, Marko Marković, menges, Mercury011, Milan A. Nikolic, milimoj, MinerFull, mislimdaimamnesto, monomah, mpman, MrCrow, nenad812, PanchoVilla, pein, pustinjski_tolstolobik, rapha, raskoljnikov, respectzr, Ričard, Rogi, Sale.S, sara85, Sass Drake, Saturn V, Shone 89, sosko, spasa, stringer bell, tanakadzo, Tanatos, tvlada, vasa.93, vathra, Viceroy2, vilenjakmax, vladetije, Vladimir Petrovic 3, Warhawk, wolf1, zaratusta, zoran MKD, |_MeD_|, Žan Klod vam dam
Siguran hosting