windows script host

1

windows script host

offline
  • Pridružio: 04 Sep 2007
  • Poruke: 130

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:21 PM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\blaza\Desktop\blaske\tr3.exe..exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - news.beograd.com/AxisCamControl.ocx
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 5209 bytes
Jednostavno danas kada sam dosao kuci ne mogu da udjem ni na jednu particiju na hard disc.KAda kliknem na C ili D iz my computera izbacuje mi poruku windows script host...
Hvala na pomoci ako je ima:)

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 04 Sep 2007
  • Poruke: 130

imam usb flash i mp3 player,samo mi kazi da li treba da ih ubacim pre skeniranja ili za vreme skeniranja?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Prvo ukljucis program, pa sacekas desetak sekundi dok proskenira particije hard diska, pa onda ubacujes redom USB uredjaje.

offline
  • Pridružio: 04 Sep 2007
  • Poruke: 130

USBNoRisk 2.4 (1 June 2009) by bobby

Started at 6/22/2009 9:50:15 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {0c44db79-3db6-11de-b67a-806d6172696f}
D: {0c44db7a-3db6-11de-b67a-806d6172696f}
F: {8245a7d2-3daa-11de-8022-806d6172696f}
G: {8245a7d3-3daa-11de-8022-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
autorun.inf found on C:
----------------------------------------
File C:\autorun.inf renamed successfully

Content of C:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------

No mountpoint found for C:
Sanitized mountpoint for 0c44db79-3db6-11de-b67a-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
autorun.inf found on D:
----------------------------------------
File D:\autorun.inf renamed successfully

Content of D:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------

No mountpoint found for D:
Sanitized mountpoint for 0c44db7a-3db6-11de-b67a-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

No blocked files found on F:
autorun.inf found on F:
----------------------------------------
File F:\autorun.inf renamed successfully

Content of F:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------

No mountpoint found for F:
Sanitized mountpoint for 8245a7d2-3daa-11de-8022-806d6172696f
No Desktop.ini files found on F:
----------------------------------------

No blocked files found on G:
autorun.inf found on G:
----------------------------------------
File G:\autorun.inf renamed successfully

Content of G:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------

No mountpoint found for G:
Sanitized mountpoint for 8245a7d3-3daa-11de-8022-806d6172696f
No Desktop.ini files found on G:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 6/22/2009 9:51:11 PM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 6/22/2009 9:51:13 PM

Scanning for connected removable storage...
----------------------------------------
H: {fe21aa0e-3e36-11de-8025-00508d59a11d}
Added H:
========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File H:\autorun.inf renamed successfully

Content of H:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Possible references from H:\autorun.inf.blocked
(beware, these are possible false detections)
----------------------------------------
H:\24233.vbs -rahs 83
----------------------------------------

Sanitized mountpoint for fe21aa0e-3e36-11de-8025-00508d59a11d
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
========================================

========================================
Removed H:
========================================


New device connected at 6/22/2009 9:52:08 PM

Scanning for connected USB mass storage...
----------------------------------------
H: {710e41e0-46fc-11de-802b-00508d59a11d}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
Sanitized mountpoint for 710e41e0-46fc-11de-802b-00508d59a11d
----------------------------------------

----------------------------------------
Desktop.ini found at H:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\ contains file:// string
----------------------------------------
[.ShellClassInfo]
HTMLInfoTipFile=file://Comment.htt
ConfirmFileOp = 0
----------------------------------------
H:\Comment.htt ---hs 697 bytes
----------------------------------------

No mimics found on drive H:
========================================

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Trebalo bi sada da mozes da udjes na particije, ali tek treba da pocistimo infekciju.
Javljam se za 5 minuta sa daljim upustvima.

offline
  • Pridružio: 04 Sep 2007
  • Poruke: 130

Napisano: 22 Jun 2009 22:03

da,moze da se udje,samo mi nije jasno zasto mi pise recimo kada udjem u my computer i kada kliknem recimo na neku particiju sa desnim klikom i hocu recimo open,ne pise mi open nego I love my peanut?
i jos jedan problem koji se sam od sebe javio,a to je jos dok sam mogao da otvaram particije isto kada udjem u my computer i kliknem na neku particiju ona mi se otvara u novom prozoru sto nije bilo tako ranije.

Dopuna: 22 Jun 2009 22:06

U stvari ovo sto sam ti malo pre napisao nije vise tako ispravilo se!

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ukljuci USBNoRisk ukoliko nije ukljucen, pa se prebaci gore na Script tab i tu iskopiraj sledeci skript:
{0c44db79-3db6-11de-b67a-806d6172696f}
copy: %DRIVE%24233.vbs > c:\USBNoRisk\c_24233.vbs
delete: %DRIVE%24233.vbs
delete: %DRIVE%autorun.inf.blocked

{0c44db7a-3db6-11de-b67a-806d6172696f}
copy: %DRIVE%24233.vbs > c:\USBNoRisk\d_24233.vbs
delete: %DRIVE%24233.vbs
delete: %DRIVE%autorun.inf.blocked

{8245a7d2-3daa-11de-8022-806d6172696f}
copy: %DRIVE%24233.vbs > c:\USBNoRisk\e_24233.vbs
delete: %DRIVE%24233.vbs
delete: %DRIVE%autorun.inf.blocked

{8245a7d3-3daa-11de-8022-806d6172696f}
copy: %DRIVE%24233.vbs > c:\USBNoRisk\f_24233.vbs
delete: %DRIVE%24233.vbs
delete: %DRIVE%autorun.inf.blocked

{fe21aa0e-3e36-11de-8025-00508d59a11d}
copy: %DRIVE%24233.vbs > c:\USBNoRisk\usb_24233.vbs
delete: %DRIVE%24233.vbs
delete: %DRIVE%autorun.inf.blocked

{710e41e0-46fc-11de-802b-00508d59a11d}
copy: %DRIVE%Comment.htt  > c:\USBNoRisk\Comment.htt
delete: %DRIVE%desktop.ini
delete: %DRIVE%Comment.htt


KAda to iskopiras u polje za upis skripta, klikni na dugme Run script.
Program ce se prebaciti na karticu Monitor i pokusati da ocisti particije hard diska.
Kada to odradi (nema vise aktivnosti u logu) za najvise 15 sekundi, onda ukljucuj opet USB uredjaje redom.
Kada i to odradis, onda opet snimi log iz menija na desnom dugmetu, pa ga iskopiraj ovde da vidim kako napredujemo.

Kazi mi jos da li imas instaliran WinRAR ili nesto slicno.
Treba mi da mi spakujes kompletan folder C:\USBNoRisk, ali ne biranjem pojedinacnih fajlova, vec ukoliko mozes da ga spakujes desnim klikom na sam folder, pa ako tu imas opciju za pakovanje.
Ako to uspes, onda mi posalji taj RAR preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 04 Sep 2007
  • Poruke: 130

Napisano: 22 Jun 2009 22:21

USBNoRisk 2.4 (1 June 2009) by bobby

Started at 6/22/2009 10:16:45 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {0c44db79-3db6-11de-b67a-806d6172696f}
D: {0c44db7a-3db6-11de-b67a-806d6172696f}
F: {8245a7d2-3daa-11de-8022-806d6172696f}
G: {8245a7d3-3daa-11de-8022-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

Blocked file found: C:\autorun.inf.blocked
----------------------------------------
Content of C:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------

No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 0c44db79-3db6-11de-b67a-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

Blocked file found: D:\autorun.inf.blocked
----------------------------------------
Content of D:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------

No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 0c44db7a-3db6-11de-b67a-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------

No Autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 8245a7d2-3daa-11de-8022-806d6172696f
No Desktop.ini files found on F:
----------------------------------------

Blocked file found: G:\autorun.inf.blocked
----------------------------------------
Content of G:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------

No Autorun.inf files found on G:
No mountpoint found for G:
No mountpoint found for 8245a7d3-3daa-11de-8022-806d6172696f
No Desktop.ini files found on G:
----------------------------------------

========================================
Initial scan finished!
========================================

Processing script
----------------------------------------
0c44db79-3db6-11de-b67a-806d6172696f
Drive letter for GUID: C:
SectionStart = 0
SectionEnd = 4
Copy: C:\24233.vbs to c:\USBNoRisk\c_24233.vbs > Done!
File lock detected:
USBNoRisk cannot find what locked the file
Delete: C:\24233.vbs > Error!
Delete: C:\autorun.inf.blocked > Done!
----------------------------------------

0c44db7a-3db6-11de-b67a-806d6172696f
Drive letter for GUID: D:
SectionStart = 5
SectionEnd = 9
Copy: D:\24233.vbs to c:\USBNoRisk\d_24233.vbs > Done!
File lock detected:
USBNoRisk cannot find what locked the file
Delete: D:\24233.vbs > Error!
Delete: D:\autorun.inf.blocked > Done!
----------------------------------------

8245a7d2-3daa-11de-8022-806d6172696f
Drive letter for GUID: F:
SectionStart = 10
SectionEnd = 14
Copy: F:\24233.vbs to c:\USBNoRisk\e_24233.vbs > Done!
File lock detected:
USBNoRisk cannot find what locked the file
Delete: F:\24233.vbs > Error!
Delete: F:\autorun.inf.blocked > Done!
----------------------------------------

8245a7d3-3daa-11de-8022-806d6172696f
Drive letter for GUID: G:
SectionStart = 15
SectionEnd = 19
Copy: G:\24233.vbs to c:\USBNoRisk\f_24233.vbs > Done!
File lock detected:
USBNoRisk cannot find what locked the file
Delete: G:\24233.vbs > Error!
Delete: G:\autorun.inf.blocked > Done!
----------------------------------------



New device connected at 6/22/2009 10:18:37 PM

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 6/22/2009 10:18:39 PM

Scanning for connected removable storage...
----------------------------------------
H: {fe21aa0e-3e36-11de-8025-00508d59a11d}
Added H:
========================================

Scanning removable storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------

Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Possible references from H:\autorun.inf.blocked
(beware, these are possible false detections)
----------------------------------------
H:\24233.vbs -rahs 83
----------------------------------------

----------------------------------------
No Autorun.inf files found on H:
Sanitized mountpoint for fe21aa0e-3e36-11de-8025-00508d59a11d
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
========================================

Processing script
----------------------------------------
fe21aa0e-3e36-11de-8025-00508d59a11d
Drive letter for GUID: H:
SectionStart = 20
SectionEnd = 24
Copy: H:\24233.vbs to c:\USBNoRisk\usb_24233.vbs > Done!
File lock detected:
USBNoRisk cannot find what locked the file
Delete: H:\24233.vbs > Error!
Delete: H:\autorun.inf.blocked > Done!
----------------------------------------

========================================
Scan finished!
========================================

========================================
Removed H:
========================================


New device connected at 6/22/2009 10:19:12 PM

Scanning for connected USB mass storage...
----------------------------------------
H: {710e41e0-46fc-11de-802b-00508d59a11d}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
Sanitized mountpoint for 710e41e0-46fc-11de-802b-00508d59a11d
----------------------------------------

----------------------------------------
Desktop.ini found at H:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\ contains file:// string
----------------------------------------
[.ShellClassInfo]
HTMLInfoTipFile=file://Comment.htt
ConfirmFileOp = 0
----------------------------------------
H:\Comment.htt ---hs 697 bytes
----------------------------------------

No mimics found on drive H:
========================================

Processing script
----------------------------------------
710e41e0-46fc-11de-802b-00508d59a11d
Drive letter for GUID: H:
SectionStart = 25
SectionEnd = 28
File lock detected:
USBNoRisk cannot find what locked the file
File lock detected:
USBNoRisk cannot find what locked the file
Copy: H:\Comment.htt to c:\USBNoRisk\Comment.htt > Error!
Delete: H:\desktop.ini > Done!
Delete: H:\Comment.htt > File does not exist!
----------------------------------------

========================================
Scan finished!
========================================

========================================
Removed H:
========================================

Dopuna: 22 Jun 2009 22:24

uplodovao sam

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ugasi pa ponovo upali USBNoRisk, pa onda pusti sledeci skript:
{0c44db79-3db6-11de-b67a-806d6172696f}
delete: %DRIVE%24233.vbs
folder_list: %DRIVE%

{0c44db7a-3db6-11de-b67a-806d6172696f}
delete: %DRIVE%24233.vbs
folder_list: %DRIVE%

{8245a7d2-3daa-11de-8022-806d6172696f}
delete: %DRIVE%24233.vbs
folder_list: %DRIVE%

{8245a7d3-3daa-11de-8022-806d6172696f}
delete: %DRIVE%24233.vbs
folder_list: %DRIVE%

{fe21aa0e-3e36-11de-8025-00508d59a11d}
delete: %DRIVE%24233.vbs
folder_list: %DRIVE%

{710e41e0-46fc-11de-802b-00508d59a11d}
f_copy: %DRIVE%Comment.htt  > c:\USBNoRisk\Comment.htt
f_delete: %DRIVE%Comment.htt
folder_list: %DRIVE%

Onda mi iskopiraj ponovo log ovde.

Ko je trenutno na forumu
 

Ukupno su 547 korisnika na forumu :: 5 registrovanih, 1 sakriven i 541 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Drug pukovnik, Duško, kayvan6079, nenad81, suton