|
Poslao: 22 Jun 2009 21:37
|
offline
- Pridružio: 04 Sep 2007
- Poruke: 130
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:21 PM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\blaza\Desktop\blaske\tr3.exe..exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - news.beograd.com/AxisCamControl.ocx
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 5209 bytes
Jednostavno danas kada sam dosao kuci ne mogu da udjem ni na jednu particiju na hard disc.KAda kliknem na C ili D iz my computera izbacuje mi poruku windows script host...
Hvala na pomoci ako je ima:)
|
|
|
|
|
|
|
Poslao: 22 Jun 2009 21:39
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.
Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.
|
|
|
|
|
|
|
Poslao: 22 Jun 2009 21:49
|
offline
- Pridružio: 04 Sep 2007
- Poruke: 130
|
imam usb flash i mp3 player,samo mi kazi da li treba da ih ubacim pre skeniranja ili za vreme skeniranja?
|
|
|
|
|
|
|
Poslao: 22 Jun 2009 21:50
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Prvo ukljucis program, pa sacekas desetak sekundi dok proskenira particije hard diska, pa onda ubacujes redom USB uredjaje.
|
|
|
|
|
|
|
Poslao: 22 Jun 2009 21:54
|
offline
- Pridružio: 04 Sep 2007
- Poruke: 130
|
USBNoRisk 2.4 (1 June 2009) by bobby
Started at 6/22/2009 9:50:15 PM
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
C: {0c44db79-3db6-11de-b67a-806d6172696f}
D: {0c44db7a-3db6-11de-b67a-806d6172696f}
F: {8245a7d2-3daa-11de-8022-806d6172696f}
G: {8245a7d3-3daa-11de-8022-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
autorun.inf found on C:
----------------------------------------
File C:\autorun.inf renamed successfully
Content of C:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------
No mountpoint found for C:
Sanitized mountpoint for 0c44db79-3db6-11de-b67a-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
autorun.inf found on D:
----------------------------------------
File D:\autorun.inf renamed successfully
Content of D:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------
No mountpoint found for D:
Sanitized mountpoint for 0c44db7a-3db6-11de-b67a-806d6172696f
No Desktop.ini files found on D:
----------------------------------------
No blocked files found on F:
autorun.inf found on F:
----------------------------------------
File F:\autorun.inf renamed successfully
Content of F:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------
No mountpoint found for F:
Sanitized mountpoint for 8245a7d2-3daa-11de-8022-806d6172696f
No Desktop.ini files found on F:
----------------------------------------
No blocked files found on G:
autorun.inf found on G:
----------------------------------------
File G:\autorun.inf renamed successfully
Content of G:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------
No mountpoint found for G:
Sanitized mountpoint for 8245a7d3-3daa-11de-8022-806d6172696f
No Desktop.ini files found on G:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 6/22/2009 9:51:11 PM
Scanning for connected USB mass storage...
----------------------------------------
========================================
New drive connected, but USBNoRisk can't find it
========================================
New device connected at 6/22/2009 9:51:13 PM
Scanning for connected removable storage...
----------------------------------------
H: {fe21aa0e-3e36-11de-8025-00508d59a11d}
Added H:
========================================
Scanning removable storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
autorun.inf found on H:
----------------------------------------
File H:\autorun.inf renamed successfully
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------
Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------
Possible references from H:\autorun.inf.blocked
(beware, these are possible false detections)
----------------------------------------
H:\24233.vbs -rahs 83
----------------------------------------
Sanitized mountpoint for fe21aa0e-3e36-11de-8025-00508d59a11d
----------------------------------------
No Desktop.ini files found on H:
----------------------------------------
No mimics found on drive H:
========================================
========================================
Removed H:
========================================
New device connected at 6/22/2009 9:52:08 PM
Scanning for connected USB mass storage...
----------------------------------------
H: {710e41e0-46fc-11de-802b-00508d59a11d}
Added H:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
Sanitized mountpoint for 710e41e0-46fc-11de-802b-00508d59a11d
----------------------------------------
----------------------------------------
Desktop.ini found at H:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\ contains file:// string
----------------------------------------
[.ShellClassInfo]
HTMLInfoTipFile=file://Comment.htt
ConfirmFileOp = 0
----------------------------------------
H:\Comment.htt ---hs 697 bytes
----------------------------------------
No mimics found on drive H:
========================================
|
|
|
|
|
|
|
Poslao: 22 Jun 2009 21:59
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Trebalo bi sada da mozes da udjes na particije, ali tek treba da pocistimo infekciju.
Javljam se za 5 minuta sa daljim upustvima.
|
|
|
|
|
|
|
Poslao: 22 Jun 2009 22:06
|
offline
- Pridružio: 04 Sep 2007
- Poruke: 130
|
Napisano: 22 Jun 2009 22:03
da,moze da se udje,samo mi nije jasno zasto mi pise recimo kada udjem u my computer i kada kliknem recimo na neku particiju sa desnim klikom i hocu recimo open,ne pise mi open nego I love my peanut?
i jos jedan problem koji se sam od sebe javio,a to je jos dok sam mogao da otvaram particije isto kada udjem u my computer i kliknem na neku particiju ona mi se otvara u novom prozoru sto nije bilo tako ranije.
Dopuna: 22 Jun 2009 22:06
U stvari ovo sto sam ti malo pre napisao nije vise tako ispravilo se!
|
|
|
|
|
|
|
Poslao: 22 Jun 2009 22:14
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Ukljuci USBNoRisk ukoliko nije ukljucen, pa se prebaci gore na Script tab i tu iskopiraj sledeci skript:
{0c44db79-3db6-11de-b67a-806d6172696f}
copy: %DRIVE%24233.vbs > c:\USBNoRisk\c_24233.vbs
delete: %DRIVE%24233.vbs
delete: %DRIVE%autorun.inf.blocked
{0c44db7a-3db6-11de-b67a-806d6172696f}
copy: %DRIVE%24233.vbs > c:\USBNoRisk\d_24233.vbs
delete: %DRIVE%24233.vbs
delete: %DRIVE%autorun.inf.blocked
{8245a7d2-3daa-11de-8022-806d6172696f}
copy: %DRIVE%24233.vbs > c:\USBNoRisk\e_24233.vbs
delete: %DRIVE%24233.vbs
delete: %DRIVE%autorun.inf.blocked
{8245a7d3-3daa-11de-8022-806d6172696f}
copy: %DRIVE%24233.vbs > c:\USBNoRisk\f_24233.vbs
delete: %DRIVE%24233.vbs
delete: %DRIVE%autorun.inf.blocked
{fe21aa0e-3e36-11de-8025-00508d59a11d}
copy: %DRIVE%24233.vbs > c:\USBNoRisk\usb_24233.vbs
delete: %DRIVE%24233.vbs
delete: %DRIVE%autorun.inf.blocked
{710e41e0-46fc-11de-802b-00508d59a11d}
copy: %DRIVE%Comment.htt > c:\USBNoRisk\Comment.htt
delete: %DRIVE%desktop.ini
delete: %DRIVE%Comment.htt
KAda to iskopiras u polje za upis skripta, klikni na dugme Run script.
Program ce se prebaciti na karticu Monitor i pokusati da ocisti particije hard diska.
Kada to odradi (nema vise aktivnosti u logu) za najvise 15 sekundi, onda ukljucuj opet USB uredjaje redom.
Kada i to odradis, onda opet snimi log iz menija na desnom dugmetu, pa ga iskopiraj ovde da vidim kako napredujemo.
Kazi mi jos da li imas instaliran WinRAR ili nesto slicno.
Treba mi da mi spakujes kompletan folder C:\USBNoRisk, ali ne biranjem pojedinacnih fajlova, vec ukoliko mozes da ga spakujes desnim klikom na sam folder, pa ako tu imas opciju za pakovanje.
Ako to uspes, onda mi posalji taj RAR preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php
|
|
|
|
|
|
|
Poslao: 22 Jun 2009 22:24
|
offline
- Pridružio: 04 Sep 2007
- Poruke: 130
|
Napisano: 22 Jun 2009 22:21
USBNoRisk 2.4 (1 June 2009) by bobby
Started at 6/22/2009 10:16:45 PM
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
C: {0c44db79-3db6-11de-b67a-806d6172696f}
D: {0c44db7a-3db6-11de-b67a-806d6172696f}
F: {8245a7d2-3daa-11de-8022-806d6172696f}
G: {8245a7d3-3daa-11de-8022-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
Blocked file found: C:\autorun.inf.blocked
----------------------------------------
Content of C:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 0c44db79-3db6-11de-b67a-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
Blocked file found: D:\autorun.inf.blocked
----------------------------------------
Content of D:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 0c44db7a-3db6-11de-b67a-806d6172696f
No Desktop.ini files found on D:
----------------------------------------
Blocked file found: F:\autorun.inf.blocked
----------------------------------------
Content of F:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 8245a7d2-3daa-11de-8022-806d6172696f
No Desktop.ini files found on F:
----------------------------------------
Blocked file found: G:\autorun.inf.blocked
----------------------------------------
Content of G:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------
No Autorun.inf files found on G:
No mountpoint found for G:
No mountpoint found for 8245a7d3-3daa-11de-8022-806d6172696f
No Desktop.ini files found on G:
----------------------------------------
========================================
Initial scan finished!
========================================
Processing script
----------------------------------------
0c44db79-3db6-11de-b67a-806d6172696f
Drive letter for GUID: C:
SectionStart = 0
SectionEnd = 4
Copy: C:\24233.vbs to c:\USBNoRisk\c_24233.vbs > Done!
File lock detected:
USBNoRisk cannot find what locked the file
Delete: C:\24233.vbs > Error!
Delete: C:\autorun.inf.blocked > Done!
----------------------------------------
0c44db7a-3db6-11de-b67a-806d6172696f
Drive letter for GUID: D:
SectionStart = 5
SectionEnd = 9
Copy: D:\24233.vbs to c:\USBNoRisk\d_24233.vbs > Done!
File lock detected:
USBNoRisk cannot find what locked the file
Delete: D:\24233.vbs > Error!
Delete: D:\autorun.inf.blocked > Done!
----------------------------------------
8245a7d2-3daa-11de-8022-806d6172696f
Drive letter for GUID: F:
SectionStart = 10
SectionEnd = 14
Copy: F:\24233.vbs to c:\USBNoRisk\e_24233.vbs > Done!
File lock detected:
USBNoRisk cannot find what locked the file
Delete: F:\24233.vbs > Error!
Delete: F:\autorun.inf.blocked > Done!
----------------------------------------
8245a7d3-3daa-11de-8022-806d6172696f
Drive letter for GUID: G:
SectionStart = 15
SectionEnd = 19
Copy: G:\24233.vbs to c:\USBNoRisk\f_24233.vbs > Done!
File lock detected:
USBNoRisk cannot find what locked the file
Delete: G:\24233.vbs > Error!
Delete: G:\autorun.inf.blocked > Done!
----------------------------------------
New device connected at 6/22/2009 10:18:37 PM
Scanning for connected USB mass storage...
----------------------------------------
========================================
New drive connected, but USBNoRisk can't find it
========================================
New device connected at 6/22/2009 10:18:39 PM
Scanning for connected removable storage...
----------------------------------------
H: {fe21aa0e-3e36-11de-8025-00508d59a11d}
Added H:
========================================
Scanning removable storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun]
Open=
shell\Open=I LOVE MY PEANUT
shell\Open\Command=WScript.exe .\24233.vbs
shell\Open\Default=1
shell\Explore=Explore
shell\Explore\Command=WScript.exe .\24233.vbs
----------------------------------------
Files referenced from H:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------
Possible references from H:\autorun.inf.blocked
(beware, these are possible false detections)
----------------------------------------
H:\24233.vbs -rahs 83
----------------------------------------
----------------------------------------
No Autorun.inf files found on H:
Sanitized mountpoint for fe21aa0e-3e36-11de-8025-00508d59a11d
----------------------------------------
No Desktop.ini files found on H:
----------------------------------------
No mimics found on drive H:
========================================
Processing script
----------------------------------------
fe21aa0e-3e36-11de-8025-00508d59a11d
Drive letter for GUID: H:
SectionStart = 20
SectionEnd = 24
Copy: H:\24233.vbs to c:\USBNoRisk\usb_24233.vbs > Done!
File lock detected:
USBNoRisk cannot find what locked the file
Delete: H:\24233.vbs > Error!
Delete: H:\autorun.inf.blocked > Done!
----------------------------------------
========================================
Scan finished!
========================================
========================================
Removed H:
========================================
New device connected at 6/22/2009 10:19:12 PM
Scanning for connected USB mass storage...
----------------------------------------
H: {710e41e0-46fc-11de-802b-00508d59a11d}
Added H:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on H:
----------------------------------------
No Autorun.inf files found on H:
Sanitized mountpoint for 710e41e0-46fc-11de-802b-00508d59a11d
----------------------------------------
----------------------------------------
Desktop.ini found at H:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\ contains file:// string
----------------------------------------
[.ShellClassInfo]
HTMLInfoTipFile=file://Comment.htt
ConfirmFileOp = 0
----------------------------------------
H:\Comment.htt ---hs 697 bytes
----------------------------------------
No mimics found on drive H:
========================================
Processing script
----------------------------------------
710e41e0-46fc-11de-802b-00508d59a11d
Drive letter for GUID: H:
SectionStart = 25
SectionEnd = 28
File lock detected:
USBNoRisk cannot find what locked the file
File lock detected:
USBNoRisk cannot find what locked the file
Copy: H:\Comment.htt to c:\USBNoRisk\Comment.htt > Error!
Delete: H:\desktop.ini > Done!
Delete: H:\Comment.htt > File does not exist!
----------------------------------------
========================================
Scan finished!
========================================
========================================
Removed H:
========================================
Dopuna: 22 Jun 2009 22:24
uplodovao sam
|
|
|
|
|
|
|
Poslao: 22 Jun 2009 22:29
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Ugasi pa ponovo upali USBNoRisk, pa onda pusti sledeci skript:
{0c44db79-3db6-11de-b67a-806d6172696f}
delete: %DRIVE%24233.vbs
folder_list: %DRIVE%
{0c44db7a-3db6-11de-b67a-806d6172696f}
delete: %DRIVE%24233.vbs
folder_list: %DRIVE%
{8245a7d2-3daa-11de-8022-806d6172696f}
delete: %DRIVE%24233.vbs
folder_list: %DRIVE%
{8245a7d3-3daa-11de-8022-806d6172696f}
delete: %DRIVE%24233.vbs
folder_list: %DRIVE%
{fe21aa0e-3e36-11de-8025-00508d59a11d}
delete: %DRIVE%24233.vbs
folder_list: %DRIVE%
{710e41e0-46fc-11de-802b-00508d59a11d}
f_copy: %DRIVE%Comment.htt > c:\USBNoRisk\Comment.htt
f_delete: %DRIVE%Comment.htt
folder_list: %DRIVE%
Onda mi iskopiraj ponovo log ovde.
|
|
|
|
|
|
