MyCity » Ambulanta -> Arhiva Ambulante » Virus Hi

Virus Hi

Napisano na dan: 24.7.2011
2

Virus Hi
Pagination Prethodna strana

Idi na vrh

Poslao: 25 Jul 2011 19:44
Idi na vrh
offline
  • Pridružio: 24 Jul 2011
  • Poruke: 8

Nije da zurim, ali oduzi se sve ovo...Very Happy

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 25.7.2011 19:33:22

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {84025ba8-8568-11df-800e-806e6f6e6963}
D: {84025ba9-8568-11df-800e-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 84025ba8-8568-11df-800e-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 84025ba9-8568-11df-800e-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 25.7.2011 19:34:24

Scanning for connected USB mass storage...
----------------------------------------
G: {c5f99347-afb1-11df-97cf-001d72cd19b4}
Added G:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: G:\autorun.inf.blocked
----------------------------------------
----------------------------------------
Could not open G:\autorun.inf.blocked to read the content
File lock detected:
USBNoRisk cannot find what locked the file
----------------------------------------

----------------------------------------
No autorun.inf files found on G:
Sanitized mountpoint for c5f99347-afb1-11df-97cf-001d72cd19b4
----------------------------------------

----------------------------------------
Desktop.ini found at G:\selomoje\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------

No mimics found on drive G:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive G:
========================================



New device connected at 25.7.2011 19:34:29

Scanning for connected USB mass storage...
----------------------------------------
H: {c5f99343-afb1-11df-97cf-001d72cd19b4}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
----------------------------------------
Could not open H:\autorun.inf.blocked to read the content
File lock detected:
USBNoRisk cannot find what locked the file
----------------------------------------

----------------------------------------
No autorun.inf files found on H:
Sanitized mountpoint for c5f99343-afb1-11df-97cf-001d72cd19b4
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive H:
========================================


Processing script
----------------------------------------
c5f99343-afb1-11df-97cf-001d72cd19b4
Drive letter for GUID: H:
SectionStart = 0
SectionEnd = 2
----------------------------------------
Folder list for H:\:
----------------------------------------

d----   0   H:\Images   H:\Images
d----   0   H:\Videos   H:\Videos
d----   0   H:\Sounds   H:\Sounds
d----   0   H:\Others   H:\Others
d----   0   H:\DOCUME~1   H:\Documents
d--hs   0   H:\FOUND.000   H:\FOUND.000
--a--   808   H:\AUTORU~1.BL~   H:\aut[b][/b]orun.inf.blocked

----------------------------------------
Unhide superhidden for H:\
----------------------------------------
d-a-- H:\FOUND.000 > unhidden
----------------------------------------

mycity.rs/must-login.png

Ae pogledaj, pa posalji dobre vesti...Smile

Poslao: 25 Jul 2011 23:10
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Tvoj sistem je cist sto se malware-a tice.




Arrow


Prikljuci telefon i obrisi sa njega fajl koji nosi naziv: autorun.inf.blocked




Arrow


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.



Arrow


Pokreni OTL i izaberi opciju CleanUp (restaruj sistem kada zatrazi).









Poslao: 26 Jul 2011 12:52
Idi na vrh
offline
  • Pridružio: 24 Jul 2011
  • Poruke: 8

Uradila.... hvala na pomoci...

MyCity » Ambulanta -> Arhiva Ambulante » Virus Hi

Ko je trenutno na forumu
 

Ukupno su 971 korisnika na forumu :: 8 registrovanih, 1 sakriven i 962 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: cikadeda, comi_pfc, draggan, Georgius, milenko crazy north, saputnik plavetnila, TBF1D, vathra