MyCity » Ambulanta -> Arhiva Ambulante » Virtuemonde-dobijen preko MSN-a?

Virtuemonde-dobijen preko MSN-a?

Napisano na dan: 27.1.2008

Virtuemonde-dobijen preko MSN-a?

Sledeća strana

Pagination

Odgovori

Veni_Vidi_Vici Poslao: 27 Jan 2008 21:24 Idi na vrh
offline Veni_Vidi_Vici Građanin Pridružio: 27 Jan 2008 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam problem, sestra je pre 2 dana dobila msn poruku od drugarice preko koje se, tako se ispostavilo, zarazio komp. sa trojancem ili cime vec A sto je NOD32 oznacio kao: 1. WIN32/Adware.virtumonde.application 2. WIN32/BHO.G trojan 3. WIN32/Adware.Ezula application Evo u roku od 3 sati informisuci se po netu saznao sam i za ovaj forum i za program Hijack. Pomozite mi kako da resim ovaj problem i daj te mi neke informacije sta rade ova gore 3 navedena trojanca, kakva su vam iskustva sa njim i slicno. Hvala na pomoci. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:22:05 PM, on 1/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP000.TMP\skyper.exe C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP001.TMP\skyper.exe C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP002.TMP\skyper.exe C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP003.TMP\skyper.exe C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP004.TMP\skyper.exe C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP005.TMP\skyper.exe C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP006.TMP\skyper.exe C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP007.TMP\skyper.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\WINDOWS\system32\taskmgr.exe D:\Instalacije programa\antivirus\VundoFix.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\totalcmd\TOTALCMD.EXE C:\hijack\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winlogon.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E16A7D1-271B-4DA8-AD7B-A4A344D9B69A} - C:\WINDOWS\system32\ddayw.dll (file missing) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: {96961b17-2837-3abb-e194-c92f19bbeff4} - {4ffebb91-f29c-491e-bba3-738271b16969} - C:\WINDOWS\system32\stgpgeto.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {6544FE94-DAB9-4AC6-809C-47AD3BDDF822} - C:\WINDOWS\system32\sstqn.dll (file missing) O2 - BHO: (no name) - {F4982BAB-80E9-4838-A2A0-95D30F348161} - C:\WINDOWS\system32\tuvtutu.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [LogitechSetup] E:\Setup\Setup.exe /restart /l:enu O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Remote Access Monitor] rpgsvc.exe O4 - HKLM\..\Run: [e85a4825] rundll32.exe "C:\WINDOWS\system32\qneiprqc.dll",b O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP000.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP001.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup2] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP002.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup3] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP003.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup4] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP004.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup5] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP005.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup6] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP006.TMP\" O4 - HKLM\..\RunOnce: [wextract_cleanup7] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\NEMANJ~1\LOCALS~1\Temp\IXP007.TMP\" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: VirtuaGirl2.lnk = D:\Vg\VirtuaGirl2.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - eset.eu/buxus/docs/OnlineScanner.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: awtspom - C:\WINDOWS\SYSTEM32\awtspom.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 10402 bytes

Profil

dr_Bora Poslao: 27 Jan 2008 21:48 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Za početak restartuj kompjuter a zatim isprati sledeće uputstvo... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Veni_Vidi_Vici Poslao: 27 Jan 2008 22:17 Idi na vrh
offline Veni_Vidi_Vici Građanin Pridružio: 27 Jan 2008 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.79 [GMT 1:00] * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\system32\awtspom.dll C:\WINDOWS\system32\khfebay.dll C:\WINDOWS\system32\nqtss.ini C:\WINDOWS\system32\nqtss.ini2 C:\WINDOWS\system32\stgpgeto.dll C:\WINDOWS\system32\tuvtutu.dll . ((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))) . 2008-01-27 22:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-27 20:52 . 2008-01-27 20:56 <DIR> d-------- C:\hijack 2008-01-27 19:33 . 2008-01-27 19:33 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-01-27 18:58 . 2008-01-27 18:58 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-27 18:57 . 2008-01-27 18:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-27 18:02 . 2008-01-27 19:07 <DIR> d-------- C:\Program Files\EsetOnlineScanner 2008-01-27 15:47 . 2008-01-27 20:51 <DIR> d-------- C:\VundoFix Backups 2008-01-27 13:12 . 2008-01-27 15:20 1,142,702 --ahs---- C:\WINDOWS\system32\cqrpienq.ini 2008-01-27 13:08 . 2008-01-27 13:09 1,142,572 --ahs---- C:\WINDOWS\system32\ephbrjxc.ini 2008-01-26 13:03 . 2008-01-27 13:03 1,142,572 --ahs---- C:\WINDOWS\system32\gansinfv.ini 2008-01-26 13:00 . 2008-01-26 13:03 1,142,572 --ahs---- C:\WINDOWS\system32\rxqffgbq.ini 2008-01-25 08:15 . 2008-01-25 08:15 1,133,102 --ahs---- C:\WINDOWS\system32\otnhnphr.ini 2008-01-25 08:12 . 2008-01-25 08:23 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-01-23 05:09 . 2008-01-23 05:09 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2008-01-23 05:09 . 2008-01-23 05:09 <DIR> d-------- C:\Program Files\FLV Player 2008-01-18 00:33 . 2008-01-18 00:33 <DIR> d-------- C:\Program Files\DivX 2008-01-18 00:33 . 2008-01-18 00:33 672 --a------ C:\WINDOWS\mozver.dat 2008-01-17 22:07 . 2005-09-14 08:16 205,824 --a------ C:\WINDOWS\patchw32.dll 2008-01-17 22:04 . 2005-09-14 08:16 205,824 --a------ C:\WINDOWS\system32\pw32a.dll 2008-01-17 22:04 . 2005-09-14 08:16 205,824 --a------ C:\WINDOWS\pw32a.dll 2008-01-17 22:04 . 2005-09-14 09:25 28 --a------ C:\WINDOWS\system32\copytowin.bat 2008-01-17 21:39 . 2008-01-17 21:39 <DIR> d-------- C:\Program Files\Lead Pursuit 2008-01-11 01:39 . 2008-01-11 01:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-11 01:39 . 2008-01-11 01:39 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-09 23:51 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe 2008-01-04 01:29 . 2008-01-04 01:29 <DIR> d-------- C:\Program Files\MegauploadToolbar 2008-01-02 22:27 . 2008-01-23 11:37 <DIR> d-------- C:\Program Files\American Conquest 2008-01-02 22:23 . 2008-01-02 22:27 <DIR> d-------- C:\Program Files\American Conquest - Fight Back 2008-01-02 22:15 . 2008-01-02 22:19 <DIR> d-------- C:\Program Files\American Conquest - Divided Nation . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 03:09 --------- d-----w C:\Program Files\Soulseek 2007-12-24 01:53 --------- d-----w C:\Program Files\mIRC 2007-12-16 15:40 --------- d-----w C:\Program Files\Winamp 2007-12-11 17:02 --------- d-----w C:\Program Files\WinUAE 2007-12-10 16:52 --------- d-----w C:\Program Files\Common Files\Totem Shared 2007-12-10 15:12 --------- d-----w C:\Program Files\ImTOO 2007-12-05 00:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-05 00:36 --------- d-----w C:\Program Files\Paradox Interactive 2007-12-04 23:49 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-12 18:42 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2007-11-05 16:03 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E16A7D1-271B-4DA8-AD7B-A4A344D9B69A}] C:\WINDOWS\system32\ddayw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6544FE94-DAB9-4AC6-809C-47AD3BDDF822}] C:\WINDOWS\system32\sstqn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-12 21:18 67128] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:48 23344936] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 07:54 16248320 C:\WINDOWS\RTHDCPL.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-03 23:17 949376] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll] "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 09:46 497200] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 10:34 614960] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 10:33 243248] "LogitechSetup"="E:\Setup\Setup.exe" [ ] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-05 20:55 185896] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "Remote Access Monitor"="rpgsvc.exe" [] "e85a4825"="C:\WINDOWS\system32\qneiprqc.dll" [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-12 21:18:11 67128] S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [] . Contents of the 'Scheduled Tasks' folder "2008-01-27 16:39:10 C:\WINDOWS\Tasks\At1.job" - D:\INSTAL~1\ANTIVI~1\Look2Me-Destroyer.exe "2008-01-27 16:45:04 C:\WINDOWS\Tasks\At2.job" - D:\INSTAL~1\ANTIVI~1\Look2Me-Destroyer.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-27 22:09:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-27 22:12:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-27 21:12:21

Profil

dr_Bora Poslao: 27 Jan 2008 22:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\cqrpienq.ini C:\WINDOWS\system32\ephbrjxc.ini C:\WINDOWS\system32\gansinfv.ini C:\WINDOWS\system32\rxqffgbq.ini C:\WINDOWS\system32\otnhnphr.ini Folder:: C:\VundoFix Backups Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E16A7D1-271B-4DA8-AD7B-A4A344D9B69A}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6544FE94-DAB9-4AC6-809C-47AD3BDDF822}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Remote Access Monitor"=- "e85a4825"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Veni_Vidi_Vici Poslao: 27 Jan 2008 23:17 Idi na vrh
offline Veni_Vidi_Vici Građanin Pridružio: 27 Jan 2008 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\cqrpienq.ini C:\WINDOWS\system32\ephbrjxc.ini C:\WINDOWS\system32\gansinfv.ini C:\WINDOWS\system32\otnhnphr.ini C:\WINDOWS\system32\rxqffgbq.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\VundoFix Backups\addmorefiles.txt C:\VundoFix Backups\adgyjpiq.ini.bad C:\VundoFix Backups\cbxuuro.dll.bad C:\VundoFix Backups\ddayw.dll.bad C:\VundoFix Backups\jkklmlk.dll.bad C:\VundoFix Backups\khffedb.dll.bad C:\VundoFix Backups\nnnkjii.dll.bad C:\VundoFix Backups\nvbvvupi.dll.bad C:\VundoFix Backups\qipjygda.dll.bad C:\VundoFix Backups\qneiprqc.dll.bad C:\VundoFix Backups\ssqrppo.dll.bad C:\VundoFix Backups\sstqn.dll.bad C:\VundoFix Backups\ttiurdsq.dll.bad C:\VundoFix Backups\tuvtutu.dll.bad C:\VundoFix Backups\urqppop.dll.bad C:\VundoFix Backups\vfnisnag.dll.bad C:\VundoFix Backups\vturspm.dll.bad C:\VundoFix Backups\wyadd.ini.bad C:\VundoFix Backups\wyadd.ini2.bad C:\VundoFix Backups\xxyxuuv.dll.bad C:\WINDOWS\system32\cqrpienq.ini C:\WINDOWS\system32\ephbrjxc.ini C:\WINDOWS\system32\gansinfv.ini C:\WINDOWS\system32\otnhnphr.ini C:\WINDOWS\system32\rxqffgbq.ini . ((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))) . 2008-01-27 22:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-27 20:52 . 2008-01-27 20:56 <DIR> d-------- C:\hijack 2008-01-27 19:33 . 2008-01-27 19:33 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-01-27 18:58 . 2008-01-27 18:58 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-27 18:57 . 2008-01-27 18:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-27 18:02 . 2008-01-27 19:07 <DIR> d-------- C:\Program Files\EsetOnlineScanner 2008-01-25 08:12 . 2008-01-25 08:23 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-01-23 05:09 . 2008-01-23 05:09 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2008-01-23 05:09 . 2008-01-23 05:09 <DIR> d-------- C:\Program Files\FLV Player 2008-01-18 00:33 . 2008-01-18 00:33 <DIR> d-------- C:\Program Files\DivX 2008-01-18 00:33 . 2008-01-18 00:33 672 --a------ C:\WINDOWS\mozver.dat 2008-01-17 22:07 . 2005-09-14 08:16 205,824 --a------ C:\WINDOWS\patchw32.dll 2008-01-17 22:04 . 2005-09-14 08:16 205,824 --a------ C:\WINDOWS\system32\pw32a.dll 2008-01-17 22:04 . 2005-09-14 08:16 205,824 --a------ C:\WINDOWS\pw32a.dll 2008-01-17 22:04 . 2005-09-14 09:25 28 --a------ C:\WINDOWS\system32\copytowin.bat 2008-01-17 21:39 . 2008-01-17 21:39 <DIR> d-------- C:\Program Files\Lead Pursuit 2008-01-11 01:39 . 2008-01-11 01:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-11 01:39 . 2008-01-11 01:39 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-09 23:51 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe 2008-01-04 01:29 . 2008-01-04 01:29 <DIR> d-------- C:\Program Files\MegauploadToolbar 2008-01-02 22:27 . 2008-01-23 11:37 <DIR> d-------- C:\Program Files\American Conquest 2008-01-02 22:23 . 2008-01-02 22:27 <DIR> d-------- C:\Program Files\American Conquest - Fight Back 2008-01-02 22:15 . 2008-01-02 22:19 <DIR> d-------- C:\Program Files\American Conquest - Divided Nation . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 03:09 --------- d-----w C:\Program Files\Soulseek 2007-12-24 01:53 --------- d-----w C:\Program Files\mIRC 2007-12-16 15:40 --------- d-----w C:\Program Files\Winamp 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-11 17:02 --------- d-----w C:\Program Files\WinUAE 2007-12-10 16:52 --------- d-----w C:\Program Files\Common Files\Totem Shared 2007-12-10 15:12 --------- d-----w C:\Program Files\ImTOO 2007-12-05 00:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-05 00:36 --------- d-----w C:\Program Files\Paradox Interactive 2007-12-04 23:49 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-26 18:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-12 18:42 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2007-11-05 20:05 278,528 ----a-w C:\WINDOWS\system32\livesnth.dll 2007-11-05 20:05 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll 2007-11-05 16:03 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe 2007-11-03 22:17 298,104 ----a-w C:\WINDOWS\system32\imon.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-27_22.12.04.73 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-27 21:03:10 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-27 21:58:44 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-27 21:03:10 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-27 21:58:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-27 21:03:10 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-27 21:58:44 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-27 21:03:10 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-27 21:58:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-27 21:03:10 4,222,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-27 21:58:44 4,222,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-27 21:03:10 102,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-27 21:58:44 102,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-12 21:18 67128] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:48 23344936] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 07:54 16248320 C:\WINDOWS\RTHDCPL.EXE] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-03 23:17 949376] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll] "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 09:46 497200] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 10:34 614960] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 10:33 243248] "LogitechSetup"="E:\Setup\Setup.exe" [ ] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-05 20:55 185896] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-12 21:18:11 67128] S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [] . Contents of the 'Scheduled Tasks' folder "2008-01-27 16:39:10 C:\WINDOWS\Tasks\At1.job" - D:\INSTAL~1\ANTIVI~1\Look2Me-Destroyer.exe "2008-01-27 16:45:04 C:\WINDOWS\Tasks\At2.job" - D:\INSTAL~1\ANTIVI~1\Look2Me-Destroyer.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-27 23:02:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-27 23:04:29 ComboFix-quarantined-files.txt 2008-01-27 22:04:14 ComboFix2.txt 2008-01-27 21:12:24

Profil

dr_Bora Poslao: 27 Jan 2008 23:30 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

Veni_Vidi_Vici Poslao: 27 Jan 2008 23:41 Idi na vrh
offline Veni_Vidi_Vici Građanin Pridružio: 27 Jan 2008 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! hoces da kazes da je to ociseceno sve? Reci mi nesto vise o tome sta se nalazilo u mom kompu...kako on deluje na kompjuter i slicne informacije...verovatno to mnoge kao i mene zanima. Hvala

Profil

dr_Bora Poslao: 27 Jan 2008 23:49 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Po onome što logovi pokazuju, sada više nema malware-a. Za dužu priču o ovoj infekciji sada stvarno nemam vremena. No, na sledećem linku postoje neke informacije o ovome: http://www.mycity.rs/Ambulanta/Kako-prepoznati-Virtumonde-Vundo-WinFixer.html Ukratko, jedna vrlo česta infekcija koja zna da pravi mnogo problema oko uklanjanja.

Profil

Veni_Vidi_Vici Poslao: 27 Jan 2008 23:56 Idi na vrh
offline Veni_Vidi_Vici Građanin Pridružio: 27 Jan 2008 Poruke: 35	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! u svakom slucaju hvala...nadam se da je sve sad u redu...a ako se setis kad budes imao vremena ti ostavi neke zanimljivosti u vezi ovog sto mi se desilo. Pozdrav Doktore

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virtuemonde-dobijen preko MSN-a?

Ko je trenutno na forumu

Ukupno su 1592 korisnika na forumu :: 55 registrovanih, 11 sakrivenih i 1526 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AC-DC, Areal84, babaroga, bobomicek, Bobrock1, Brana01, bufanje, ccoogg123, cinoeye, DejanSt, Denaya, DENIRO, Dimitrise93, Djokkinen, DonRumataEstorski, dragoljub11987, Dukelander, elenemste, flash12, Georgius, gomago, GORDI, goxin, Karla, kikisp, Koridor, Krvava Devetka, kunktator, kybonacci, ljuba, Mercury, Mi lao shu, MiG-29M2, MikeHammer, milenko crazy north, milutin134, Mixelotti, Nemanja.M, nemkea71, novator, ObelixSRB, oganj123, pein, raso7, rasok, repac, Ripanjac, ruso, S2M, Sirius, Srle993, theNedjeljko, vathra, Vladko, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by