neizbrisiv csrss file na usb-u

2

neizbrisiv csrss file na usb-u

offline
  • Pridružio: 03 Nov 2009
  • Poruke: 8

Napisano: 05 Nov 2009 23:09

Sve sam po uputama napravio. Sad na usb-u nema csrss.exe file-a, ostao je samo onaj blokirani autorun.


U task manageru je jos uvijek CSRSS.EXE file.

Evo ga log a ja cu resetirat komp da vidim oce se sta promijenit.


USBNoRisk 2.5 (26 July 2009) by bobby

Started at 5.11.2009 22:59:46

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {ac2d61bd-a35f-11db-822e-806d6172696f}
D: {ac2d61be-a35f-11db-822e-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for ac2d61bd-a35f-11db-822e-806d6172696f
----------------------------------------
Desktop.ini found at C:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for ac2d61be-a35f-11db-822e-806d6172696f
----------------------------------------
Desktop.ini found at D:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Otvori CCleaner...\command,@ = C:\Program Files\CCleaner\ccleaner.exe
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Pokreni CCleaner\command,@ = C:\Program Files\CCleaner\ccleaner.exe /AUTO
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 5.11.2009 23:00:09

Scanning for connected USB mass storage...
----------------------------------------
I: {2e0ed46e-4062-11dc-abfb-005056c00008}
Added I:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: I:\autorun.inf.blocked
----------------------------------------
Content of I:\autorun.inf.blocked
----------------------------------------
[autorun]
open=csrss.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=csrss.exe
shell\open\default=1
----------------------------------------

Files referenced from I:\autorun.inf.blocked
----------------------------------------
I:\csrss.exe ---h- 1136164
----------------------------------------

----------------------------------------
No Autorun.inf files found on I:
No mountpoint found for 2e0ed46e-4062-11dc-abfb-005056c00008
----------------------------------------

No Desktop.ini files found on I:
----------------------------------------

No mimics found on drive I:
========================================


Processing script
----------------------------------------
2e0ed46e-4062-11dc-abfb-005056c00008
Drive letter for GUID: I:
SectionStart = 0
SectionEnd = 2

Dopuna: 05 Nov 2009 23:23

nakon restartanja stanje isto.

sta dalje?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

ne razumem..kako je stanje isto...Jedan csrss.exe i treba da postoji..to je sistemski fajl...

Obrisi rucno autorun.inf.blocked.

csrss.exe je nestao sa usb-a jel tako?

offline
  • Pridružio: 03 Nov 2009
  • Poruke: 8

Napisano: 06 Nov 2009 7:32

ako jedan treba da postoji, onda je stvar rijesena :-)))

(nisam na pocetku naglasio da sam tele za ove svari i da cu vjerojatno izvalit koju glupost, sto se na kraju i desilo)

autorun.inf.blocked izbrisan rucno
csrss.exe sa usb nestao
usb otvaram dvoklikom bez problema

ukratko sve je OK!!

Hvala puno!!

Dopuna: 06 Nov 2009 7:47

Jos jedno pitanje...(mozda je glupo ali ipak...)

Sta da radim sa ovim pustim logovima i programima? Na C disku imam dosta novih foldea, da brisem ili ih ostavim?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Combofix dolazi sa par fajlova i foldera a njega ces ukloniti prateci ovu jednostavnu proceduru

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.


Ostale programe i logove rucno izbrisi...Jer ako ponovo zakacis infekciju neophodni su svezi logovi Smile

Pozzz

offline
  • Pridružio: 03 Nov 2009
  • Poruke: 8

sve rijeseno!! :-)))

najljepsa hvala na pomoci!

Pozdrav

Ko je trenutno na forumu
 

Ukupno su 982 korisnika na forumu :: 48 registrovanih, 6 sakrivenih i 928 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Asparagus, babaroga, bojanM84, BORUTUS, BraneS, brundo65, CrazyDiablo, Dannyboy, doklevise, DonRumataEstorski, doom83, Dorcolac, DragoslavS, GenZee, Georgius, havoc995, ikan, Ivan Campo, Karla, kunktator, kybonacci, ljuba, ljubacv, LUDI, Marko Marković, mercedesamg, Metanoja, mgolub, misa1xx, mrav pesadinac, Nemanja.M, nemkea71, operniki, Parker, raptorsi, repac, sap, sasakrajina, savaskytec, slonic_tonic, solic, stalja, Stija zmija, Vlad000, voja64, Wrangler, zlaya011