Virus ?

2

Virus ?

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Ok, ajde ponovi skeniranje sa programom USBNoRisk i postavi log.

offline
  • Pridružio: 02 Apr 2009
  • Poruke: 28

USBNoRisk 1.6 by bobby

Started at 4.4.2009 14:25:32

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {4a09361b-7cf7-11dc-b9df-806d6172696f}
D: {4a09361c-7cf7-11dc-b9df-806d6172696f}
E: {4a09361d-7cf7-11dc-b9df-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 4a09361b-7cf7-11dc-b9df-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for 4a09361c-7cf7-11dc-b9df-806d6172696f
========================================

Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for E:
No key found for 4a09361d-7cf7-11dc-b9df-806d6172696f
========================================

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------
Content of C:\QooBox\Quarantine\D\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------
Content of C:\QooBox\Quarantine\E\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------


New device connected at 4.4.2009 14:25:49

Scanning for connected USB mass storage...
----------------------------------------
H: {c30f56e7-87e6-11dc-878f-0019dbd0b9c2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun]
open=driver\usb\driver.exe
action=Open
shell\open=Open
shell\open\command=driver\usb\driver.exe
Usb_Driver installed
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
H:\driver\usb\driver.exe -r-hs 30989
----------------------------------------

Blocked file found: H:\autorun(1).inf.blocked
----------------------------------------
Content of H:\autorun(1).inf.blocked
----------------------------------------
[autorun]
open=driver\usb\driver.exe
action=Open
shell\open=Open
shell\open\command=driver\usb\driver.exe
Usb_Driver installed
----------------------------------------

Files referenced from H:\autorun(1).inf.blocked
----------------------------------------
H:\driver\usb\driver.exe -r-hs 30989
----------------------------------------

----------------------------------------
autorun.inf found on H:
----------------------------------------
File H:\autorun.inf renamed successfully

Content of H:\autorun(2).inf.blocked
----------------------------------------
[autorun]
open=driver\usb\driver.exe
action=Open
shell\open=Open
shell\open\command=driver\usb\driver.exe
Usb_Driver installed
----------------------------------------

Files referenced from H:\autorun(2).inf.blocked
----------------------------------------
H:\driver\usb\driver.exe -r-hs 30989
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
Sanitized c30f56e7-87e6-11dc-878f-0019dbd0b9c2
========================================

----------------------------------------

Desktop.ini on H: - None
----------------------------------------

========================================

========================================
Removed H:
========================================


New device connected at 4.4.2009 14:26:16

Scanning for connected USB mass storage...
----------------------------------------
G: {f2cfc787-19c3-11dd-889f-0019dbd0b9c2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: G:\autorun.inf.blocked
----------------------------------------
Content of G:\autorun.inf.blocked
----------------------------------------
[autorun]
open=driver\usb\driver.exe
action=Open
shell\open=Open
shell\open\command=driver\usb\driver.exe
Usb_Driver installed
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
G:\driver\usb\driver.exe -r-hs 30989
----------------------------------------

----------------------------------------
autorun.inf found on G:
----------------------------------------
File G:\autorun.inf renamed successfully

Content of G:\autorun(1).inf.blocked
----------------------------------------
[autorun]
open=driver\usb\driver.exe
action=Open
shell\open=Open
shell\open\command=driver\usb\driver.exe
Usb_Driver installed
----------------------------------------

Files referenced from G:\autorun(1).inf.blocked
----------------------------------------
G:\driver\usb\driver.exe -r-hs 30989
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
Sanitized f2cfc787-19c3-11dd-889f-0019dbd0b9c2
========================================

----------------------------------------

Desktop.ini on G: - None
----------------------------------------

========================================

========================================
Removed G:
========================================

Dopuna: 04 Apr 2009 14:31

Treci od proslog skeniranja je bila memorijska kartica na fotoaparatu, ali trenutno ne mogu da je skeniram posto je prazna baterija Smile to cu da uradim cim se baterija napuni

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pokreni USBNoRisk, prebaci se na karticu Script i tamo unesi sledeci tekst:

{c30f56e7-87e6-11dc-878f-0019dbd0b9c2}
f_delete: %DRIVE%driver\usb\driver.exe
delete_blocked:

{f2cfc787-19c3-11dd-889f-0019dbd0b9c2}
f_delete: %DRIVE%driver\usb\driver.exe
delete_blocked:


Prebaci se na karticu Monitor.
Sada ubodi problematicni USB stick u komp i dopusti da USBNoRisk obavi svoje (ovaj put ce to da potraje malo duze).
Kada zavrsi ponovo snimi log i postavi ga u poruci na forumu.

Preporucio bih ti da otvoris novu temu i postavis HJT log sa tog drugog racunara, posto je verovatno i on zarazen i zamolio bi te da ne ubacujes usb skick-ove u racunare dok ne zavrsimo ciscenje istih. Jer dzabe mi cistimo, ako ti ubodes usb i preneses zarazu na cist racunar.

offline
  • Pridružio: 02 Apr 2009
  • Poruke: 28

USBNoRisk 1.6 by bobby

Started at 4.4.2009 19:01:00

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {4a09361b-7cf7-11dc-b9df-806d6172696f}
D: {4a09361c-7cf7-11dc-b9df-806d6172696f}
E: {4a09361d-7cf7-11dc-b9df-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 4a09361b-7cf7-11dc-b9df-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for 4a09361c-7cf7-11dc-b9df-806d6172696f
========================================

Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for E:
No key found for 4a09361d-7cf7-11dc-b9df-806d6172696f
========================================

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------
Content of C:\QooBox\Quarantine\D\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------
Content of C:\QooBox\Quarantine\E\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------


New device connected at 4.4.2009 19:04:01

Scanning for connected USB mass storage...
----------------------------------------
G: {c8e63404-7d7c-11dc-8779-0019dbd0b9c2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on G: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for c8e63404-7d7c-11dc-8779-0019dbd0b9c2
========================================

----------------------------------------

Desktop.ini on G: - None
----------------------------------------

========================================

========================================
Removed G:
========================================

Dopuna: 04 Apr 2009 19:07

ovo je memorijska kartica sa fotoaparata

Dopuna: 04 Apr 2009 19:12

USBNoRisk 1.6 by bobby

Started at 4.4.2009 19:08:25

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {4a09361b-7cf7-11dc-b9df-806d6172696f}
D: {4a09361c-7cf7-11dc-b9df-806d6172696f}
E: {4a09361d-7cf7-11dc-b9df-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 4a09361b-7cf7-11dc-b9df-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for 4a09361c-7cf7-11dc-b9df-806d6172696f
========================================

Autorun.inf on E: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for E:
No key found for 4a09361d-7cf7-11dc-b9df-806d6172696f
========================================

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------
Content of C:\QooBox\Quarantine\D\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------
Content of C:\QooBox\Quarantine\E\autorun.inf.vir
----------------------------------------
[autorun]
open=gg.exe 0o
shell\open=´ňżŞ(&O)
shell\open\Command=gg.exe 0o
shell\explore=×ĘÔ´ąÜŔíĆ÷(&X)
shell\explore\Command=gg.exe 0e
----------------------------------------


New device connected at 4.4.2009 19:09:16

Scanning for connected USB mass storage...
----------------------------------------
H: {c30f56e7-87e6-11dc-878f-0019dbd0b9c2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun]
open=driver\usb\driver.exe
action=Open
shell\open=Open
shell\open\command=driver\usb\driver.exe
Usb_Driver installed
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
H:\driver\usb\driver.exe -r-hs 30989
----------------------------------------

Blocked file found: H:\autorun(1).inf.blocked
----------------------------------------
Content of H:\autorun(1).inf.blocked
----------------------------------------
[autorun]
open=driver\usb\driver.exe
action=Open
shell\open=Open
shell\open\command=driver\usb\driver.exe
Usb_Driver installed
----------------------------------------

Files referenced from H:\autorun(1).inf.blocked
----------------------------------------
H:\driver\usb\driver.exe -r-hs 30989
----------------------------------------

Blocked file found: H:\autorun(2).inf.blocked
----------------------------------------
Content of H:\autorun(2).inf.blocked
----------------------------------------
[autorun]
open=driver\usb\driver.exe
action=Open
shell\open=Open
shell\open\command=driver\usb\driver.exe
Usb_Driver installed
----------------------------------------

Files referenced from H:\autorun(2).inf.blocked
----------------------------------------
H:\driver\usb\driver.exe -r-hs 30989
----------------------------------------

----------------------------------------
Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for c30f56e7-87e6-11dc-878f-0019dbd0b9c2
========================================

----------------------------------------

Desktop.ini on H: - None
----------------------------------------

========================================

Processing script
----------------------------------------
Drive letter for GUID: H:\
c30f56e7-87e6-11dc-878f-0019dbd0b9c2
SectionStart = 0
SectionEnd = 3
f_delete: file "H:\driver\usb\driver.exe" deleted successfully
----------------------------------------
Deleting blocked files:
----------------------------------------
Delete: H:\autorun.inf.blocked > Done!
Delete: H:\autorun(1).inf.blocked > Done!
Delete: H:\autorun(2).inf.blocked > Done!
----------------------------------------

========================================

========================================
Removed H:
========================================


New device connected at 4.4.2009 19:09:20

Scanning for connected USB mass storage...
----------------------------------------
H: {c30f56e7-87e6-11dc-878f-0019dbd0b9c2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
----------------------------------------
Autorun.inf on H: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for c30f56e7-87e6-11dc-878f-0019dbd0b9c2
========================================

----------------------------------------

Desktop.ini on H: - None
----------------------------------------

========================================

Processing script
----------------------------------------
Drive letter for GUID: H:\
c30f56e7-87e6-11dc-878f-0019dbd0b9c2
SectionStart = 0
SectionEnd = 3
f_delete: H:\driver\usb\driver.exe > File does not exist!
----------------------------------------
Deleting blocked files:
----------------------------------------
None
----------------------------------------

========================================

========================================
Removed H:
========================================


New device connected at 4.4.2009 19:10:44

Scanning for connected USB mass storage...
----------------------------------------
G: {f2cfc787-19c3-11dd-889f-0019dbd0b9c2}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: G:\autorun.inf.blocked
----------------------------------------
Content of G:\autorun.inf.blocked
----------------------------------------
[autorun]
open=driver\usb\driver.exe
action=Open
shell\open=Open
shell\open\command=driver\usb\driver.exe
Usb_Driver installed
----------------------------------------

Files referenced from G:\autorun.inf.blocked
----------------------------------------
G:\driver\usb\driver.exe -r-hs 30989
----------------------------------------

Blocked file found: G:\autorun(1).inf.blocked
----------------------------------------
Content of G:\autorun(1).inf.blocked
----------------------------------------
[autorun]
open=driver\usb\driver.exe
action=Open
shell\open=Open
shell\open\command=driver\usb\driver.exe
Usb_Driver installed
----------------------------------------

Files referenced from G:\autorun(1).inf.blocked
----------------------------------------
G:\driver\usb\driver.exe -r-hs 30989
----------------------------------------

----------------------------------------
Autorun.inf on G: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for f2cfc787-19c3-11dd-889f-0019dbd0b9c2
========================================

----------------------------------------

Desktop.ini on G: - None
----------------------------------------

========================================

Processing script
----------------------------------------
Drive letter for GUID: G:\
f2cfc787-19c3-11dd-889f-0019dbd0b9c2
SectionStart = 4
SectionEnd = 6
f_delete: file "G:\driver\usb\driver.exe" deleted successfully
----------------------------------------
Deleting blocked files:
----------------------------------------
Delete: G:\autorun.inf.blocked > Done!
Delete: G:\autorun(1).inf.blocked > Done!
----------------------------------------

========================================

Dopuna: 04 Apr 2009 19:17

Razumem. Postavicu novu temu Virus1? kako bi znali da su povezane.

Ko je trenutno na forumu
 

Ukupno su 575 korisnika na forumu :: 6 registrovanih, 2 sakrivenih i 567 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel, Despot1, louderick, Ognjen D., robytz, saputnik plavetnila