|
Poslao: 27 Jul 2011 09:40
|
offline
- nebojsabujos
- Novi MyCity građanin
- Pridružio: 24 Jul 2011
- Poruke: 9
|
Prvi pokusaj instaliranja je bio neuspesan, iz drugog sam mislim uspeo. u redu je sve koliko vidim, normalno se ulogujem, antivirus se uredno adeptuje. Promenio sam sifre.
prilazem skeniranje telefona:
USBNoRisk 2.7 (28 December 2010) by bobby
Started at 27-Jul-11 9:39:58
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
C: {2b550b45-450d-11e0-afdb-806e6f6e6963}
D: {2b550b46-450d-11e0-afdb-806e6f6e6963}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 2b550b45-450d-11e0-afdb-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 2b550b46-450d-11e0-afdb-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 27-Jul-11 9:40:21
Scanning for connected USB mass storage...
----------------------------------------
G: {f82326f5-728c-11e0-a6f8-1c75087b10b6}
Added G:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
No mountpoint found for f82326f5-728c-11e0-a6f8-1c75087b10b6
----------------------------------------
----------------------------------------
Desktop.ini found at G:\selomoje\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------
No mimics found on drive G:
----------------------------------------
.lnk/.pif/.com/.scr files found on drive G:
========================================
|
|
|
|
|
|
|
Poslao: 27 Jul 2011 14:34
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.
- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.
- Kliknuti na karticu Script;
U beli okvir prozora iskopirati sledeći tekst:
{f82326f5-728c-11e0-a6f8-1c75087b10b6}
folder_list:%DRIVE%
no_sh:
- Izvršiti komandu klikom na taster Run Script;
Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;
- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;
Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.
goran9888 (AMF Tim)
|
|
|
|
|
|
|
Poslao: 27 Jul 2011 22:01
|
offline
- nebojsabujos
- Novi MyCity građanin
- Pridružio: 24 Jul 2011
- Poruke: 9
|
USBNoRisk 2.7 (28 December 2010) by bobby
Started at 27-Jul-11 21:59:18
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
C: {2b550b45-450d-11e0-afdb-806e6f6e6963}
D: {2b550b46-450d-11e0-afdb-806e6f6e6963}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 2b550b45-450d-11e0-afdb-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 2b550b46-450d-11e0-afdb-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 27-Jul-11 22:00:19
Scanning for connected USB mass storage...
----------------------------------------
G: {f82326f5-728c-11e0-a6f8-1c75087b10b6}
Added G:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
Sanitized mountpoint for f82326f5-728c-11e0-a6f8-1c75087b10b6
----------------------------------------
----------------------------------------
Desktop.ini found at G:\selomoje\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------
No mimics found on drive G:
----------------------------------------
.lnk/.pif/.com/.scr files found on drive G:
========================================
Processing script
----------------------------------------
f82326f5-728c-11e0-a6f8-1c75087b10b6
Drive letter for GUID: G:
SectionStart = 0
SectionEnd = 2
----------------------------------------
Folder list for G:\:
----------------------------------------
-r-h- 0 G:\MEMSTICK.IND G:\MEMSTICK.IND
-r-h- 0 G:\MSTK_PRO.IND G:\MSTK_PRO.IND
-r-h- 158 G:\CDAInfo.txt G:\CDAInfo.txt
d---- 0 G:\audio G:\audio
d---- 0 G:\music G:\music
d---- 0 G:\others G:\others
d---- 0 G:\PCCOMP~1 G:\PCCompanion
d---- 0 G:\picture G:\picture
d---- 0 G:\system G:\system
d---- 0 G:\video G:\video
--ah- 221 G:\TRACEA~1.TXT G:\Traceability.txt
--ah- 99 G:\MEMSTI~1.TXT G:\MemStickInfo.txt
d---- 0 G:\LOST.DIR G:\LOST.DIR
--a-- 6883 G:\DEFAUL~1.XML G:\default-capability.xml
d---- 0 G:\ALBUMT~1 G:\albumthumbs
d---- 0 G:\Private G:\Private
d---- 0 G:\Images G:\Images
d---- 0 G:\cities G:\cities
d---- 0 G:\data G:\data
d---- 0 G:\MY_VID~1 G:\My Videos
d---- 0 G:\Nokia G:\Nokia
d---- 0 G:\Videos G:\Videos
d---- 0 G:\ATTACH~1 G:\Attachments
d---- 0 G:\Games G:\Games
d---- 0 G:\Installs G:\Installs
d---- 0 G:\Sounds G:\Sounds
--a-- 239 G:\qf G:\qf
d---- 0 G:\GPX G:\GPX
dr-hs 0 G:\selomoje G:\selomoje
---hs 86667 G:\DevIcon.fil G:\DevIcon.fil
---hs 1579 G:\DevLogo.fil G:\DevLogo.fil
d---- 0 G:\sys G:\sys
d---- 0 G:\resource G:\resource
d---- 0 G:\COMMUN~1 G:\communities-pics
d---- 0 G:\Apps G:\Apps
d---- 0 G:\Cache G:\Cache
d---- 0 G:\JPEG G:\JPEG
d---- 0 G:\POI G:\POI
d---- 0 G:\MUSIC_~1 G:\Music Downloads
d---- 0 G:\download G:\download
d--h- 0 G:\_PAlbTN G:\_PAlbTN
--a-- 5179360 G:\GARMIN~1.SIS G:\GarminMobileXT.sis
-r-h- 474 G:\WINAMP~1.XML G:\winamp_cache_0001.xml
--a-- 41 G:\pmp_usb.ini G:\pmp_usb.ini
--a-- 71965104 G:\151020~1.MP4 G:\15102010006.mp4
--a-- 328 G:\CDDRIV~1.LNK G:\CD Drive - Shortcut.lnk
----------------------------------------
Unhide superhidden for G:\
----------------------------------------
dra-- G:\selomoje > unhidden
--a-- G:\selomoje\Desktop.ini > unhidden
--a-- G:\DevIcon.fil > unhidden
--a-- G:\DevLogo.fil > unhidden
----------------------------------------
|
|
|
|
|
|
|
Poslao: 28 Jul 2011 04:54
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
Za zastitu USB memorijskih uredjaja ti predlazem da koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.
Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.
Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/
Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html
Nakon instaliranja MCShield-a, ubodi jedan po jedan USB memorijski uredjaj; sacekaj da ih MCShield skenira. Kada zavrsi skeniranje zadnjeg uredjaja okaci mi izvestaj pod nazivom: AllScans.txt.
Start -> Run -> %UserProfile%\Application Data\MCShield\AllScans.txt -> Enter
Posalji mi sadrzaj izvestaja koji ce ti se otvoriti u Notepad-u.
goran9888 (AMF Tim)
|
|
|
|
|
|
|
|
|
Poslao: 28 Jul 2011 17:11
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
- Pokrenuti USBNoRisk i sačekati da izvrši inicijalno skeniranje.
- Po završetku inicijalnog skeniranja priključiti USB memorijski uređaj.
- Kliknuti na karticu Script;
U beli okvir prozora iskopirati sledeći tekst:
{f82326f5-728c-11e0-a6f8-1c75087b10b6}
folder_list:%DRIVE%
no_sh:
- Izvršiti komandu klikom na taster Run Script;
Po izvršenju komande USBNoRisk će se automatski vratiti na karticu Monitor;
- Uraditi desni klik unutar belog okvira prozora i odabrati opciju Save Scrambled Log;
Otvoriće se prozor Notepad_a sa tekstom koji je potrebno iskopirati ovde u poruci.
goran9888 (AMF Tim)
|
|
|
|
|
|
|
Poslao: 28 Jul 2011 21:00
|
offline
- nebojsabujos
- Novi MyCity građanin
- Pridružio: 24 Jul 2011
- Poruke: 9
|
USBNoRisk 2.7 (28 December 2010) by bobby
Started at 28-Jul-11 20:59:22
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
C: {2b550b45-450d-11e0-afdb-806e6f6e6963}
D: {2b550b46-450d-11e0-afdb-806e6f6e6963}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 2b550b45-450d-11e0-afdb-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 2b550b46-450d-11e0-afdb-806e6f6e6963
No Desktop.ini files found on D:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 28-Jul-11 20:59:41
Scanning for connected USB mass storage...
----------------------------------------
G: {f82326f5-728c-11e0-a6f8-1c75087b10b6}
Added G:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No autorun.inf files found on G:
Sanitized mountpoint for f82326f5-728c-11e0-a6f8-1c75087b10b6
----------------------------------------
----------------------------------------
Desktop.ini found at G:\selomoje\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\shell32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\shell32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\imageres.dll,-55
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\imageres.dll,-54
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = %SystemRoot%\system32\shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,MUIVerb = @shell32.dll,-10564
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Icon = shell32.dll,-254
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\empty,Description = @shell32.dll,-31332
----------------------------------------
No mimics found on drive G:
----------------------------------------
.lnk/.pif/.com/.scr files found on drive G:
========================================
Processing script
----------------------------------------
f82326f5-728c-11e0-a6f8-1c75087b10b6
Drive letter for GUID: G:
SectionStart = 0
SectionEnd = 2
----------------------------------------
Folder list for G:\:
----------------------------------------
-r-h- 0 G:\MEMSTICK.IND G:\MEMSTICK.IND
-r-h- 0 G:\MSTK_PRO.IND G:\MSTK_PRO.IND
-r-h- 158 G:\CDAInfo.txt G:\CDAInfo.txt
d---- 0 G:\audio G:\audio
d---- 0 G:\music G:\music
d---- 0 G:\others G:\others
d---- 0 G:\PCCOMP~1 G:\PCCompanion
d---- 0 G:\picture G:\picture
d---- 0 G:\system G:\system
d---- 0 G:\video G:\video
--ah- 221 G:\TRACEA~1.TXT G:\Traceability.txt
--ah- 99 G:\MEMSTI~1.TXT G:\MemStickInfo.txt
d---- 0 G:\LOST.DIR G:\LOST.DIR
--a-- 6883 G:\DEFAUL~1.XML G:\default-capability.xml
d---- 0 G:\ALBUMT~1 G:\albumthumbs
d---- 0 G:\Private G:\Private
d---- 0 G:\Images G:\Images
d---- 0 G:\cities G:\cities
d---- 0 G:\data G:\data
d---- 0 G:\MY_VID~1 G:\My Videos
d---- 0 G:\Nokia G:\Nokia
d---- 0 G:\Videos G:\Videos
d---- 0 G:\ATTACH~1 G:\Attachments
d---- 0 G:\Games G:\Games
d---- 0 G:\Installs G:\Installs
d---- 0 G:\Sounds G:\Sounds
--a-- 239 G:\qf G:\qf
d---- 0 G:\GPX G:\GPX
dra-- 0 G:\selomoje G:\selomoje
--a-- 86667 G:\DevIcon.fil G:\DevIcon.fil
--a-- 1579 G:\DevLogo.fil G:\DevLogo.fil
d---- 0 G:\sys G:\sys
d---- 0 G:\resource G:\resource
d---- 0 G:\COMMUN~1 G:\communities-pics
d---- 0 G:\Apps G:\Apps
d---- 0 G:\Cache G:\Cache
d---- 0 G:\JPEG G:\JPEG
d---- 0 G:\POI G:\POI
d---- 0 G:\MUSIC_~1 G:\Music Downloads
d---- 0 G:\download G:\download
d--h- 0 G:\_PAlbTN G:\_PAlbTN
--a-- 5179360 G:\GARMIN~1.SIS G:\GarminMobileXT.sis
-r-h- 474 G:\WINAMP~1.XML G:\winamp_cache_0001.xml
--a-- 41 G:\pmp_usb.ini G:\pmp_usb.ini
--a-- 71965104 G:\151020~1.MP4 G:\15102010006.mp4
--a-- 328 G:\CDDRIV~1.LNK G:\CD Drive - Shortcut.lnk
----------------------------------------
Unhide superhidden for G:\
----------------------------------------
----------------------------------------
|
|
|
|
|
|
|
Poslao: 28 Jul 2011 21:10
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
Obrisi sa tog stika folder:
selomoje
Kakvo je sada stanje sistema? Jel ima problema?
goran9888 (AMF Tim)
|
|
|
|
|
|
