Virus na usb flashu

1

Virus na usb flashu

offline
  • Pridružio: 26 Dec 2007
  • Poruke: 612
  • Gde živiš: Beograd

Napisano: 29 Mar 2010 15:45

Ubacio sam u računar usb flash memoriju za koji sam znao da ima neku zarazu,probao sam da obrišem to što mi je avast anti virus prijavio ali sam dobio obaveštenje da je to nemoguće,probao sam i da formatiram usb flash memoriju ali ni to nije htelo,bojim se da sam ovom prilikom zarazio računar,te vas molim da mi objasnite kako da izbrišem eventualne viruse u računaru kao i na usb flash memoriji.
Koristim Mozillu Firefox,adsl telekom internet,nemam nekih posebnih problema sa računarom osim veoma usporen restart ili gašenje računara,evo mojih logova,hvala .

Dopuna: 29 Mar 2010 15:46

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mandic at 15:36:10.40 on 29/03/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1462 [GMT 2:00]

AV: avast! antivirus 4.8.1368 [VPS 100329-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mandic\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/intl/sr/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.avast.com/eng/avast_4_professional.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [BootSkin Startup Jobs] "c:\program files\stardock\wincustomize\bootskin\BootSkin.exe" /StartupJobs
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\mandic\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\mandic\startm~1\programs\startup\ubericon.lnk - c:\windows\bricopacks\vista inspirat 2\ubericon\UberIcon Manager.exe
StartupFolder: c:\docume~1\mandic\startm~1\programs\startup\y'zsha~1.lnk - c:\windows\bricopacks\vista inspirat 2\yzshadow\YzShadow.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mandic\applic~1\mozilla\firefox\profiles\qqdhikh1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14778&locale=en_EU&q=
FF - plugin: c:\documents and settings\mandic\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-10 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-10-10 138680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-7 54752]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-10-10 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-10-10 352920]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-8 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 FStarForce;FStarForce;c:\windows\system32\drivers\FStarForce.sys [2009-1-30 8192]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\mandic\locals~1\temp\rvs3e.tmp --> c:\docume~1\mandic\locals~1\temp\RVS3E.tmp [?]

=============== Created Last 30 ================

2010-03-23 14:49:34 2131336 ----a-w- c:\program files\common files\AskToolbarInstaller.exe
2010-03-21 19:41:31 58 ----a-w- c:\windows\vi.INI
2010-03-14 16:07:05 0 d-----w- c:\docume~1\mandic\applic~1\PSpad
2010-03-14 16:07:00 0 d-----w- c:\program files\PSPad editor
2010-03-09 21:01:24 0 d-----w- c:\documents and settings\mandic\dwhelper
2010-02-27 16:36:52 0 d-----w- c:\docume~1\alluse~1\applic~1\TVU Networks
2010-02-27 16:36:46 0 d-----w- c:\documents and settings\mandic\LocalLow

==================== Find3M ====================

2010-02-09 14:17:14 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-09 14:17:14 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-02 22:51:23 737280 ----a-w- c:\windows\iun6002.exe
2006-06-24 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 15:36:23.28 ===============

Dopuna: 29 Mar 2010 15:51

https://www.mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Arrow Gde su gmer ili rootrepeal logovi ? Jel tolko tesko u celosti ispratiti uputstvo?

Arrow Jel bio pokrenut Internet Explorer u trenutku kad si pravio logove?


Arrow - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 26 Dec 2007
  • Poruke: 612
  • Gde živiš: Beograd

evo gmer-ova,skeniranje je trajalo jako dugo.
U trenutku pravljenja logova,da bio sam na ovom sajtu.
https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Cekam usbnorisk logove.

offline
  • Pridružio: 26 Dec 2007
  • Poruke: 612
  • Gde živiš: Beograd

Napisano: 29 Mar 2010 17:38

Moram napomenuti,da sada prilikom ovog zadnjeg skeniranja,računar je blokirao,ponovio sam postipak,ali čim sam ubacio usb antivirus se upalio i opet prijavio nešto,alo upozorio me je kao da nie u potpunosti proes završen evo šta sam dobio
USBNoRisk 2.5 (26 July 2009) by bobby

Started at 29/03/2010 17:37:03

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {0d16991c-912c-11dd-a6dd-806d6172696f}
D: {0d16991d-912c-11dd-a6dd-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 0d16991c-912c-11dd-a6dd-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 0d16991d-912c-11dd-a6dd-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 29/03/2010 17:37:20

Scanning for connected USB mass storage...
----------------------------------------
H: {5bc868a4-aa83-11dd-bf80-0022156347f2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File lock detected:
USBNoRisk cannot find what locked the file
Error renaming file H:\autorun.inf

----------------------------------------
Could not open H:\autorun.inf to read the content


New device connected at 29/03/2010 17:37:43

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for 5bc868a4-aa83-11dd-bf80-0022156347f2
----------------------------------------

----------------------------------------
Desktop.ini found at H:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------

No mimics found on drive H:
========================================

Dopuna: 29 Mar 2010 17:40

Napominjem ,imam samo jedan USB flash drajv.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{5bc868a4-aa83-11dd-bf80-0022156347f2}
folder_list:


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

offline
  • Pridružio: 26 Dec 2007
  • Poruke: 612
  • Gde živiš: Beograd

Napominjem,da je opet antivirus prijavio virus-crv,evo loga
USBNoRisk 2.5 (26 July 2009) by bobby

Started at 29/03/2010 18:25:22

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {0d16991c-912c-11dd-a6dd-806d6172696f}
D: {0d16991d-912c-11dd-a6dd-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 0d16991c-912c-11dd-a6dd-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 0d16991d-912c-11dd-a6dd-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 29/03/2010 18:25:30

Scanning for connected USB mass storage...
----------------------------------------
H: {5bc868a4-aa83-11dd-bf80-0022156347f2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
No mountpoint found for 5bc868a4-aa83-11dd-bf80-0022156347f2
----------------------------------------

----------------------------------------
Desktop.ini found at H:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------

No mimics found on drive H:
========================================

========================================

========================================

Processing script
----------------------------------------
5bc868a4-aa83-11dd-bf80-0022156347f2
Drive letter for GUID: H:
SectionStart = 0
SectionEnd = 1
----------------------------------------
Folder list for H:\:
----------------------------------------

dr-hs   0   H:\SLATKO   H:\SLATKO
-rahs   904464   H:\sybutb.exe   H:\sybutb.exe
--a--   29696   H:\UNKNOW~1.DOC   H:\UNKNOWN_PARAMETER_VALUE.doc
dr-hs   0   H:\RECYCLER   H:\RECYCLER
-r-hs   108530   H:\mb9x.exe   H:\mb9x.exe
prot-   55      H:\autorun.inf

----------------------------------------

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pre sledeceg postupka obavezno iskljuci Avast!.


- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

5bc868a4-aa83-11dd-bf80-0022156347f2
f_delete:%DRIVE%sybutb.exe
f_delete:%DRIVE%mb9x.exe
folder_delete:%DRIVE%SLATKO


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

offline
  • Pridružio: 26 Dec 2007
  • Poruke: 612
  • Gde živiš: Beograd

Napisano: 29 Mar 2010 22:35

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 29/03/2010 22:35:02

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {0d16991c-912c-11dd-a6dd-806d6172696f}
D: {0d16991d-912c-11dd-a6dd-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 0d16991c-912c-11dd-a6dd-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 0d16991d-912c-11dd-a6dd-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 29/03/2010 22:35:12

Scanning for connected USB mass storage...
----------------------------------------
H: {5bc868a4-aa83-11dd-bf80-0022156347f2}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File lock detected:
USBNoRisk cannot find what locked the file
Error renaming file H:\autorun.inf

Content of H:\autorun.inf
----------------------------------------
[AutoRun]
open=mb9x.exe
shell\open\Command=mb9x.exe
----------------------------------------

Files referenced from H:\autorun.inf
----------------------------------------
H:\mb9x.exe -r-hs 108530
----------------------------------------

Sanitized mountpoint for 5bc868a4-aa83-11dd-bf80-0022156347f2
----------------------------------------

----------------------------------------
Desktop.ini found at H:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------

No mimics found on drive H:
========================================



New device connected at 29/03/2010 22:35:27

Scanning for connected removable storage...
----------------------------------------

========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File lock detected:
USBNoRisk cannot find what locked the file
Error renaming file H:\autorun.inf

Content of H:\autorun.inf
----------------------------------------
[AutoRun]
open=mb9x.exe
shell\open\Command=mb9x.exe
----------------------------------------

Files referenced from H:\autorun.inf
----------------------------------------
H:\mb9x.exe -r-hs 108530
----------------------------------------

Sanitized mountpoint for 5bc868a4-aa83-11dd-bf80-0022156347f2
----------------------------------------

----------------------------------------
Desktop.ini found at H:\SLATKO\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\TuneUp Undelete\Command,@ = "C:\Program Files\TuneUp Utilities 2009\Undelete.exe"
----------------------------------------

No mimics found on drive H:
========================================

Processing script
----------------------------------------
========================================
Scan finished!
========================================


Processing script
----------------------------------------

Dopuna: 29 Mar 2010 22:36

Opet je prilikom ubacivanja usb-a došlo do neke blokade,ali kliknuo sam na opciju continue

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pre sledeceg postupka obavezno iskljuci Avast!.


- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.

- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.

- Kliknuti na karticu Script;

U beli okvir prozora iskopirati sledeći tekst:

{5bc868a4-aa83-11dd-bf80-0022156347f2}
f_delete:%DRIVE%sybutb.exe
f_delete:%DRIVE%mb9x.exe
folder_delete:%DRIVE%SLATKO


- Izvršiti komandu klikom na taster Run Script;



Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;

- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Log;

Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.

Ko je trenutno na forumu
 

Ukupno su 659 korisnika na forumu :: 26 registrovanih, 4 sakrivenih i 629 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, Alexandar Sasa Aritonovic, Apok, cenejac111, Cobi026, dac, Doca, draganca, dragon986, Dzoni90, Helket, JOntra, krlebgd77, kvcali, Mixelotti, Najax, nuke92, Sirius, Smiljke, Sr.Stat., stegonosa, vathra, Vlada78, vlvl, vobo