Problem sa virusima-verovatno virtumonde!

3

Problem sa virusima-verovatno virtumonde!

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

sory sto kasnim... evo novi log:


USB_blocker by bobby

Started at 28.8.2008 22:50:26

Scanning for connected USB Mass storage...
========================================
========================================
Scanning for other storage...
========================================
C: a12370c0-d2f0-11db-86d0-806d6172696f
D: a12370c1-d2f0-11db-86d0-806d6172696f
========================================



New device connected at 28.8.2008 22:51:18

Scanning for connected USB Mass storage...
========================================
K: 990f1c0e-8a29-11dc-89ac-ac2becd67bc9
========================================

Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================
Sanitizing Shell Menu...
No key for GUID: 990f1c0e-8a29-11dc-89ac-ac2becd67bc9
========================================

Scanning drive K: at 28.8.2008 22:51:36
Scan for autorun.inf: True
Scan for desktop.ini: True
Make list of all files: False
Action: Block

Content of K:\SecurDataStorRM\Files\autorun.inf
====================
[autorun]
OPEN=SecurDataStor\CopyFile.exe true
ICON=SecurDataStor\SecurDataStor.ico
====================
File K:\SecurDataStorRM\Files\autorun.inf renamed successfully

Content of K:\jul 2008\tocadisco - streetgirls (dabruck and klein mix) -www.mp3t.info-.mp3
====================
ID3
====================
File K:\jul 2008\tocadisco - streetgirls (dabruck and klein mix) -www.mp3t.info-.mp3 renamed successfully

Content of K:\Instalacije\Audio Grabber 1.81 Final\Lame 3.92\ACM\LameACM.inf
====================
; Lame codec
; enable MP3 compression in Windows

; Usage : right-click on this file and choose "Install" in the pop up menu

[Version]
Signature = "$CHICAGO$"
Class = MEDIA

[SourceDisksNames]
1="Lame MP3 Install Disk",, 0001

[SourceDisksFiles]
LameACM.inf=1
LameACM.acm=1
lame_acm.xml=1

[Installable.Drivers]
lameacm = 1:LameACM.acm, "msacm.lameacm", %DisplayNameWin% , , ,

[DefaultInstall]
CopyFiles = LameACM.Copy,LameACM.Copy.Inf
Updateinis = LameACM.Updateini
;addreg = LameACM.AddReg,LameACM.AddReg9x,LameACM.DoReg
addreg = LameACM.AddReg,LameACM.AddReg9x
MediaType = SOFTWARE

[DefaultInstall.ntx86]
CopyFiles = LameACM.Copy,LameACM.Copy.Inf
;addreg = LameACM.AddReg,LameACM.AddRegNT,LameACM.DoReg
addreg = LameACM.AddReg,LameACM.AddRegNT
MediaType = SOFTWARE

[Remove_LameMP3]
;AddReg = LameACM.Unregister
DelReg = LameACM.DelReg
DelFiles = LameACM.Copy,LameACM.Copy.Inf
UpdateInis = LameACM.UpdateIni

[LameACM.Copy]
LameACM.acm
lame_acm.xml

[LameACM.Copy.Inf]
LameACM.inf

[LameACM.UpdateIni]
system.ini, drivers32,,"msacm.lameacm=LameACM.acm"

[LameACM.AddReg]
HKLM, "Software\Microsoft\Windows NT\CurrentVersion\Drivers32","msacm.lameacm",,"LameACM.acm"
HKLM, "Software\Microsoft\Windows NT\CurrentVersion\Drivers.desc","LameACM.acm",,%DisplayNameWin%


[LameACM.AddReg9x]
HKLM,SYSTEM\CurrentControlSet\Control\MediaResources\msacm\msacm.lameacm,Description,,%DisplayNameWin%
HKLM,SYSTEM\CurrentControlSet\Control\MediaResources\msacm\msacm.lameacm,Driver,,LameACM.acm
HKLM,SYSTEM\CurrentControlSet\Control\MediaResources\msacm\msacm.lameacm,FriendlyName,,%DisplayNameWin%
HKLM,%UnInstallPath%,DisplayName,,%DisplayNameWin%
HKLM,%UnInstallPath%,UninstallString,,"%10%\rundll.exe setupx.dll,InstallHinfSection Remove_LameMP3 132 %17%\%InfFile%"

[LameACM.AddRegNT]
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers32","msacm.lameacm",,"LameACM.acm"
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc","LameACM.acm",,%DisplayNameWin%
HKLM,%UnInstallPath%,DisplayName,,%DisplayNameWin%
HKLM,%UnInstallPath%,UninstallString,,"%11%\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 %17%\%InfFile%"

;[LameACM.DoReg]
;HKLM,Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup,"Lame ACM MP3 Codec",,"%11%\regsvr32.exe /s %11%\LameCom.acm"

[LameACM.DelReg]
HKLM,"SYSTEM\CurrentControlSet\Control\MediaResources\msacm\msacm.lameacm"
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc","LameACM.acm",,""
HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers32","msacm.lameacm",,""
HKLM,%UnInstallPath%

;[LameACM.Unregister]
;HKLM,"Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup","Lame ACM MP3 Codec",,"%11%\regsvr32.exe /s /u %11%\LameCom.acm"

[DestinationDirs]
DefaultDestDir = 11 ; LDID_SYS
LameACM.Copy = 11
LameACM.Copy.Inf = 17

[Strings]
InfFile="LameACM.inf"
DisplayNameWin="Lame ACM MP3 Codec"
UnInstallPath="Software\Microsoft\Windows\CurrentVersion\Uninstall\LameACM"
MediaClassName="Media Devices"
mfgname="Steve Lhomme"

====================
File K:\Instalacije\Audio Grabber 1.81 Final\Lame 3.92\ACM\LameACM.inf renamed successfully

Content of K:\SecurDataStorRM\Files\AppPrefs.ini
====================
ň§t&{ĽźƒŞ(\3žv´Ě
====================
File K:\SecurDataStorRM\Files\AppPrefs.ini renamed successfully

Content of K:\pmp_usb.ini
====================
[ml_pmp]
syncOnConnect_time=1219943892
====================
File K:\pmp_usb.ini renamed successfully

Content of K:\Instalacije\Audio Grabber 1.81 Final\Desktop.ini
====================
[.ShellClassInfo]
IconFile=%SystemRoot%\system32\SHELL32.dll
IconIndex=3
====================
File K:\Instalacije\Audio Grabber 1.81 Final\Desktop.ini renamed successfully

Content of K:\Instalacije\Audio Grabber 1.81 Final\Lame 3.92\misc\lame_enc.ini
====================
[debug]
WriteLogFile=1
====================
File K:\Instalacije\Audio Grabber 1.81 Final\Lame 3.92\misc\lame_enc.ini renamed successfully

Content of K:\Recycled\desktop.ini.blocked
====================
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
IconFile=%SystemRoot%system32SHELL32.dll
IconIndex=15
====================
File K:\Recycled\desktop.ini.blocked renamed successfully

Content of K:\BackupStorage\diagnostics.ini
====================
TraceLevel;3
ShowTimeTick;0
CreateProfileDlg;1
BuyNowMenu;1
AssumeValidPID_VID;0
TotalSpaceAvailabeInDevice;0
====================
File K:\BackupStorage\diagnostics.ini renamed successfully

Content of K:\BackupStorage\config.ini
====================
"MaxFileSize";"0"
"MaxBackupSize";"1023410176"
"LocalKey";"158C824682464730973FBF"
"RegistrationKey";""
"SellerURL";"http://www.kadenabuy.com/cruzerpc/CruzerPCPurchase.aspx?serialnumber="
"PhoneNumber";"+1 (510) 658-5244"
"Reseller";"To order PocketCache by phone, please call Kagi, a Kadena reseller in Berkeley, California, at:#1Handling charges will apply.#1Please note: When you call Kagi you need to provide this serial number:"
"MustShowLicenseAgreement";"0"
"BackupStorage";"BackupStorage\20071106173337\Dir\file";"G:\BackupStorage"
====================
File K:\BackupStorage\config.ini renamed successfully
====================
Scan finished at 28.8.2008 22:51:37


New device connected at 28.8.2008 22:52:26

Scanning for connected USB Mass storage...
========================================
H: 28d3ec52-d544-11db-86dc-0018f377d88b
========================================

Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================
Sanitizing Shell Menu...
No key for GUID: 28d3ec52-d544-11db-86dc-0018f377d88b
========================================

Scanning drive H: at 28.8.2008 22:52:33
Scan for autorun.inf: True
Scan for desktop.ini: True
Make list of all files: False
Action: Block

Content of H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
====================
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
====================
File H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini renamed successfully
====================
Scan finished at 28.8.2008 22:52:34

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Sutra nastavak, bice tu jos da se radi...

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

kako ti kazes:) pozz
tnx na trudu

Dopuna: 29 Avg 2008 17:45

ajmo nastavak:D

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

@Tushke
Na mene se ceka. USB_blocker nije lepo odradio posao, pa sada prepravljam program. Potrudicu se da bude gotov u toku veceri.

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

ok Wink pozz...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Tushke, ovo moze da potraje.
Hajmo da probamo rucno, ako se moze.
USB_blocker je na tvom USB sticku preimenovao par fajlova koje nije trebao:

K:\SecurDataStorRM\Files\autorun.inf
K:\jul 2008\tocadisco - streetgirls (dabruck and klein mix) -www.mp3t.info-.mp3
K:\SecurDataStorRM\Files\AppPrefs.ini
K:\pmp_usb.ini
K:\Instalacije\Audio Grabber 1.81 Final\Lame 3.92\misc\lame_enc.ini
K:\Instalacije\Audio Grabber 1.81 Final\Lame 3.92\ACM\LameACM.inf
K:\BackupStorage\diagnostics.ini
K:\BackupStorage\config.ini

USB_blocker je svim ovim fajlovima dodao ekstenziju blocked
Znaci (primer) prvi fajl sa gornjeg je sada na tvom USB sticku preimenovan u:
K:\SecurDataStorRM\Files\autorun.inf.blocked

Jel bi umeo sam da preimenujes onako kako je bio u originalu, tj. da obrises dodatnu ekstenziju .blocked ?

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

ok... evo sad cu

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Izvini na muci, moja je krivica Sad
Stick je inace cist, nema tragova infekcije.

Dalje ce ti pomagati helen1, ja sam uleteo u vasu temu samo da ispravim ovo sto se desilo mojom krivicom.

offline
  • Pridružio: 27 Avg 2008
  • Poruke: 50

da skinem sa svih fajlova extenzije blocked-zato sto ima jos jedan koji ti nisi naveo?

Dopuna: 29 Avg 2008 19:45

evo gotovo

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Imas li jos nekih problema? Kakvo je sad stanje?

Ko je trenutno na forumu
 

Ukupno su 895 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 891 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Dorcolac, mnn2, Parker