MyCity » Ambulanta -> Arhiva Ambulante » Win32/Adware.Virtumonde.FP

Win32/Adware.Virtumonde.FP

Napisano na dan: 12.2.2008

Strana:
1
2

Win32/Adware.Virtumonde.FP

Sledeća strana

Pagination

Odgovori

Strana:
1
2

draavid Poslao: 12 Feb 2008 19:04 Idi na vrh
offline draavid Novi MyCity građanin Pridružio: 12 Feb 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozz, vidim da na ovom forumu vec ima ovakvih problema pa se nadam da cete i meni pomoci da ih rijesim. NOD32 mi na pocetku skeniranja odmah javlja: "Provjeravam CRC datoteke NOD 32.EXE: Status OK vjerojatna varijanta Win32/Adware.Virtumonde.FP aplikacija pronađen u radnoj memoriji. Zaraza sistemske memorija potječe od datoteke C:\WINDOWS\system32\jkhff.dll." To ne mogu nikako obrisat, svaki put kad obrisem nakon restartiranja kompjutera ono se ponovno vrati. Logfile of HijackThis v1.99.1 Scan saved at 18:51:49, on 12.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Power ISO 3.8\PowerISO\PWRISOVM.EXE C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\Program Files\WinFast\WFDTV\WFWIZ.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe D:\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Desktop\New Folder\TR3.exe.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {16C4CC4D-559A-40CA-927A-F59BD019E904} - C:\WINDOWS\system32\cvjxpcyx.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: (no name) - {4FB3E0F7-41FC-4A37-97EC-64F4F63AA583} - C:\WINDOWS\system32\jkhff.dll O2 - BHO: {f0e6e515-2d43-c06a-1c84-46352b458bd5} - {5db854b2-5364-48c1-a60c-34d2515e6e0f} - C:\WINDOWS\system32\namejiug.dll O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\wvuvtrq.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\Power ISO 3.8\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Application Process] rndsvc.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [d4902b0a] rundll32.exe "C:\WINDOWS\system32\dtycwsfg.dll",b O4 - HKLM\..\Run: [BMd7a31896] Rundll32.exe "C:\WINDOWS\system32\lqrdjlqg.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Gadwin PrintScreen 4.0] D:\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [Pile Pop] C:\DOCUME~1\KORISN~1.ALI\APPLIC~1\PHONEW~1\five one.exe O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\Mozilla\Firefox\Profiles\ng641r0p.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\Mozilla\Firefox\Profiles/ng641r0p.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Registration Prince of Persia Warrior Within.LNK = C:\Program Files\Ubisoft\Prince of Persia Warrior Within\Support\Register\RegistrationReminder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....1791262843 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: wvuvtrq - wvuvtrq.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001670 (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe Hvala unaprijed.

Profil

helen1 Poslao: 12 Feb 2008 19:25 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

draavid Poslao: 12 Feb 2008 19:52 Idi na vrh
offline draavid Novi MyCity građanin Pridružio: 12 Feb 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napravio ComboFix 08-02-13.1 - Korisnik 2008-02-12 19:32:26.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.104 [GMT 1:00] Running from: C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\jkhff.dll C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\FunWebProducts C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\FunWebProducts\Data\Korisnik\avatar.dat C:\Program Files\Common Files\{34902~1 C:\Program Files\Common Files\{34902~1\Bar888.dll C:\Program Files\Common Files\{34902~1\UnInstall.exe C:\Program Files\Common Files\{D4902~1 C:\Program Files\FunWebProducts C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\History\search2 C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\WINDOWS\system32\ahidaecc.dll C:\WINDOWS\system32\ajvayvdy.ini C:\WINDOWS\system32\alwqhonc.dll C:\WINDOWS\system32\bjhurfna.dll C:\WINDOWS\system32\bkrabdmh.dll C:\WINDOWS\system32\btwmavei.ini C:\WINDOWS\system32\ciavvmsx.dll C:\WINDOWS\system32\ddnqcagh.dll C:\WINDOWS\system32\devwhlso.dll C:\WINDOWS\system32\dtycwsfg.dll C:\WINDOWS\system32\Dvbpws.dll C:\WINDOWS\system32\eoxkmigc.ini C:\WINDOWS\system32\erijlmrm.dll C:\WINDOWS\system32\etjrhkkd.dll C:\WINDOWS\system32\ffhkj.ini C:\WINDOWS\system32\ffhkj.ini2 C:\WINDOWS\system32\ftebgvma.dll C:\WINDOWS\system32\gdpshoiy.dll C:\WINDOWS\system32\gfswcytd.ini C:\WINDOWS\system32\hlaewsxr.dll C:\WINDOWS\system32\ievamwtb.dll C:\WINDOWS\system32\ilasdgmq.dll C:\WINDOWS\system32\jkhff.dll C:\WINDOWS\system32\jpwuvows.dll C:\WINDOWS\system32\kyvjnvbg.dll C:\WINDOWS\system32\lqrdjlqg.dll C:\WINDOWS\system32\lwycgehm.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mklouqus.dll C:\WINDOWS\system32\namejiug.dll C:\WINDOWS\system32\nbvqnijm.dll C:\WINDOWS\system32\nekykahu.ini C:\WINDOWS\system32\owphildy.dll C:\WINDOWS\system32\owxivbmw.ini C:\WINDOWS\system32\picaqnbq.ini C:\WINDOWS\system32\rsobbkbd.dll C:\WINDOWS\system32\rxgjxruq.dll C:\WINDOWS\system32\ugedceic.ini C:\WINDOWS\system32\unsvchosts.lzma C:\WINDOWS\system32\uwdmoucr.dll C:\WINDOWS\system32\ydvyavja.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_COM+_MESSAGES -------\COM+ Messages ((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))) . 2008-02-12 16:08 . 2008-02-12 16:08 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-12 16:08 . 2008-02-12 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-12 16:07 . 2008-02-12 16:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-09 21:34 . 2005-06-24 16:24 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-02-09 21:34 . 2004-12-10 09:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax 2008-02-07 13:44 . 2008-02-08 16:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-07 13:44 . 2008-02-07 13:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 12:31 . 2008-02-07 12:31 <DIR> d-------- C:\Program Files\Rockstar Games 2008-02-04 13:12 . 2008-02-04 13:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-02-01 16:06 . 2008-02-01 16:06 125 --a--c--- C:\ioSpecial.ini 2008-01-31 18:15 . 2008-01-31 18:15 <DIR> d-------- C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\Oberon Games 2008-01-31 18:15 . 2008-01-31 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games 2008-01-28 22:35 . 2008-01-28 22:35 26,688 --a------ C:\WINDOWS\system32\cvjxpcyx.dll 2008-01-22 10:21 . 2008-01-24 10:58 114 --a------ C:\WINDOWS\BMd7a31896.xml 2008-01-16 19:47 . 2008-02-13 19:32 22 --a------ C:\WINDOWS\pskt.ini 2008-01-13 18:37 . 2008-01-13 18:59 <DIR> d-------- C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 14:06 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-09 20:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-09 20:36 --------- d-----w C:\Program Files\Electronic Arts 2008-02-08 22:10 --------- d-----w C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\LimeWire 2008-02-08 12:13 --------- d-----w C:\Program Files\ESET 2008-02-06 18:06 --------- d-----w C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\uTorrent 2008-02-06 14:33 --------- d-----w C:\Program Files\Valve 2008-02-06 14:30 --------- d-----w C:\Program Files\Sports Interactive 2008-02-01 15:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-27 22:38 --------- d-----w C:\Program Files\MSN Messenger 2008-01-27 22:38 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-01 17:07 7,780 ----a-w C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\FMCodec.dat 2007-12-18 11:41 --------- d-----w C:\Program Files\LHM2006 2007-12-14 15:00 --------- d-----w C:\Program Files\Dexter . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16C4CC4D-559A-40CA-927A-F59BD019E904}] 2008-01-28 22:35 26688 --a------ C:\WINDOWS\system32\cvjxpcyx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "Gadwin PrintScreen 4.0"="D:\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-04-20 15:40 507904] "Pile Pop"="C:\DOCUME~1\KORISN~1.ALI\APPLIC~1\PHONEW~1\five one.exe" [ ] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "FFTI"="C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\Mozilla\Firefox\Profiles\ng641r0p.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12 90112] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-08-23 06:50 917504] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "PWRISOVM.EXE"="C:\Program Files\Power ISO 3.8\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704] "WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-12-06 15:57 69632] "WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-12-04 11:01 372736] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720] "Application Process"="rndsvc.exe" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvtrq] wvuvtrq.dll R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-08-07 09:50] R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-08-07 09:53] R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-08-07 13:10] R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-08-07 09:56] R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-08-07 09:54] R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-08-07 14:04] R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 15:55] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-02-12 18:00:02 C:\WINDOWS\Tasks\A992A89991E95FB9.job" - c:\docume~1\korisn~1.ali\applic~1\phonew~1\Amen Bib Seek.exe "2008-02-08 11:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-13 19:43:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\Program Files\Eset\pr_imon.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************ . Completion time: 2008-02-13 19:48:30 - machine was rebooted [Korisnik] ComboFix-quarantined-files.txt 2008-02-13 18:48:23 . 2008-01-10 11:09:56 --- E O F ---

Profil

helen1 Poslao: 12 Feb 2008 20:45 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\cvjxpcyx.dll C:\WINDOWS\Tasks\A992A89991E95FB9.job Folder:: c:\docume~1\korisn~1.ali\applic~1\phonew~1 Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16C4CC4D-559A-40CA-927A-F59BD019E904}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pile Pop"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Application Process"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvtrq]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

draavid Poslao: 12 Feb 2008 21:16 Idi na vrh
offline draavid Novi MyCity građanin Pridružio: 12 Feb 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ComboFix 08-02-13.1 - Korisnik 2008-02-13 21:09:37.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.137 [GMT 1:00] Running from: C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\cvjxpcyx.dll C:\WINDOWS\Tasks\A992A89991E95FB9.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\korisn~1.ali\applic~1\phonew~1 c:\docume~1\korisn~1.ali\applic~1\phonew~1\A19B8F74 C:\WINDOWS\system32\cvjxpcyx.dll C:\WINDOWS\Tasks\A992A89991E95FB9.job . ((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))) . 2008-02-12 19:29 . 2004-08-03 23:56 388,608 --a------ C:\kmd.exe 2008-02-12 16:08 . 2008-02-12 16:08 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-12 16:08 . 2008-02-12 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-12 16:07 . 2008-02-12 16:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-09 21:34 . 2005-06-24 16:24 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-02-09 21:34 . 2004-12-10 09:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax 2008-02-07 13:44 . 2008-02-08 16:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-07 13:44 . 2008-02-07 13:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 12:31 . 2008-02-07 12:31 <DIR> d-------- C:\Program Files\Rockstar Games 2008-02-04 13:12 . 2008-02-04 13:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-02-01 16:06 . 2008-02-01 16:06 125 --a--c--- C:\ioSpecial.ini 2008-01-31 18:15 . 2008-01-31 18:15 <DIR> d-------- C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\Oberon Games 2008-01-31 18:15 . 2008-01-31 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games 2008-01-22 10:21 . 2008-01-24 10:58 114 --a------ C:\WINDOWS\BMd7a31896.xml 2008-01-16 19:47 . 2008-02-13 19:32 22 --a------ C:\WINDOWS\pskt.ini 2008-01-13 18:37 . 2008-01-13 18:59 <DIR> d-------- C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 14:06 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-09 20:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-09 20:36 --------- d-----w C:\Program Files\Electronic Arts 2008-02-08 22:10 --------- d-----w C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\LimeWire 2008-02-08 12:13 --------- d-----w C:\Program Files\ESET 2008-02-06 18:06 --------- d-----w C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\uTorrent 2008-02-06 14:33 --------- d-----w C:\Program Files\Valve 2008-02-06 14:30 --------- d-----w C:\Program Files\Sports Interactive 2008-02-01 15:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-27 22:38 --------- d-----w C:\Program Files\MSN Messenger 2008-01-27 22:38 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-01 17:07 7,780 ----a-w C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\FMCodec.dat 2008-01-01 08:16 74,540 ----a-w C:\WINDOWS\system32\shrbdnit.dll 2007-12-19 09:00 74,540 ----a-w C:\WINDOWS\system32\yqkquobs.dll 2007-12-18 11:41 --------- d-----w C:\Program Files\LHM2006 2007-12-14 16:46 127,040 ----a-w C:\WINDOWS\system32\tkronmxp.dll 2007-12-14 15:00 --------- d-----w C:\Program Files\Dexter 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "Gadwin PrintScreen 4.0"="D:\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-04-20 15:40 507904] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "FFTI"="C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\Mozilla\Firefox\Profiles\ng641r0p.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12 90112] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-08-23 06:50 917504] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "PWRISOVM.EXE"="C:\Program Files\Power ISO 3.8\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704] "WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-12-06 15:57 69632] "WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-12-04 11:01 372736] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-08-07 09:50] R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-08-07 09:53] R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-08-07 13:10] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-08-07 09:56] R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-08-07 09:54] R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-08-07 14:04] R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 15:55] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-02-08 11:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-13 21:12:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\Program Files\Eset\pr_imon.dll . Completion time: 2008-02-13 21:12:53 ComboFix-quarantined-files.txt 2008-02-13 20:12:38 ComboFix2.txt 2008-02-13 18:48:31 . 2008-01-10 11:09:56 --- E O F ---

Profil

helen1 Poslao: 12 Feb 2008 21:52 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\shrbdnit.dll C:\WINDOWS\system32\yqkquobs.dll C:\WINDOWS\system32\tkronmxp.dll` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

draavid Poslao: 12 Feb 2008 21:59 Idi na vrh
offline draavid Novi MyCity građanin Pridružio: 12 Feb 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-02-13.1 - Korisnik 2008-02-13 21:53:39.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.111 [GMT 1:00] Running from: C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\shrbdnit.dll C:\WINDOWS\system32\tkronmxp.dll C:\WINDOWS\system32\yqkquobs.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\shrbdnit.dll C:\WINDOWS\system32\tkronmxp.dll C:\WINDOWS\system32\yqkquobs.dll . ((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))) . 2008-02-12 19:29 . 2004-08-03 23:56 388,608 --a------ C:\kmd.exe 2008-02-12 16:08 . 2008-02-12 16:08 <DIR> d-------- C:\Program Files\Lavasoft 2008-02-12 16:08 . 2008-02-12 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-12 16:07 . 2008-02-12 16:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-09 21:34 . 2005-06-24 16:24 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-02-09 21:34 . 2004-12-10 09:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax 2008-02-07 13:44 . 2008-02-08 16:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-07 13:44 . 2008-02-07 13:44 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 12:31 . 2008-02-07 12:31 <DIR> d-------- C:\Program Files\Rockstar Games 2008-02-04 13:12 . 2008-02-04 13:12 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-02-01 16:06 . 2008-02-01 16:06 125 --a--c--- C:\ioSpecial.ini 2008-01-31 18:15 . 2008-01-31 18:15 <DIR> d-------- C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\Oberon Games 2008-01-31 18:15 . 2008-01-31 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games 2008-01-22 10:21 . 2008-01-24 10:58 114 --a------ C:\WINDOWS\BMd7a31896.xml 2008-01-16 19:47 . 2008-02-13 19:32 22 --a------ C:\WINDOWS\pskt.ini 2008-01-13 18:37 . 2008-01-13 18:59 <DIR> d-------- C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 14:06 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-09 20:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-09 20:36 --------- d-----w C:\Program Files\Electronic Arts 2008-02-08 22:10 --------- d-----w C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\LimeWire 2008-02-08 12:13 --------- d-----w C:\Program Files\ESET 2008-02-06 18:06 --------- d-----w C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\uTorrent 2008-02-06 14:33 --------- d-----w C:\Program Files\Valve 2008-02-06 14:30 --------- d-----w C:\Program Files\Sports Interactive 2008-02-01 15:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-27 22:38 --------- d-----w C:\Program Files\MSN Messenger 2008-01-27 22:38 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-01 17:07 7,780 ----a-w C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\FMCodec.dat 2007-12-18 11:41 --------- d-----w C:\Program Files\LHM2006 2007-12-14 15:00 --------- d-----w C:\Program Files\Dexter 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "Gadwin PrintScreen 4.0"="D:\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-04-20 15:40 507904] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "FFTI"="C:\Documents and Settings\Korisnik.ALIEN-A7BFB5A78\Application Data\Mozilla\Firefox\Profiles\ng641r0p.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12 90112] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-08-23 06:50 917504] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "PWRISOVM.EXE"="C:\Program Files\Power ISO 3.8\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704] "WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-12-06 15:57 69632] "WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-12-04 11:01 372736] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-08-07 09:50] R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-08-07 09:53] R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-08-07 13:10] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-08-07 09:56] R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-08-07 09:54] R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-08-07 14:04] R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 15:55] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-02-08 11:16:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-02-13 21:55:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\Program Files\Eset\pr_imon.dll . Completion time: 2008-02-13 21:56:29 ComboFix-quarantined-files.txt 2008-02-13 20:56:13 ComboFix2.txt 2008-02-13 20:12:54 ComboFix3.txt 2008-02-13 18:48:31 . 2008-01-10 11:09:56 --- E O F ---

Profil

helen1 Poslao: 12 Feb 2008 22:08 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj nam na proveru sledeci fajl: C:\kmd.exe preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

Profil

draavid Poslao: 12 Feb 2008 22:15 Idi na vrh
offline draavid Novi MyCity građanin Pridružio: 12 Feb 2008 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadao sam.

Profil

helen1 Poslao: 12 Feb 2008 22:42 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obrisi fajl: C:\kmd.exe

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Win32/Adware.Virtumonde.FP

Ko je trenutno na forumu

Ukupno su 1235 korisnika na forumu :: 38 registrovanih, 10 sakrivenih i 1187 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: amaterSRB, amstel, Apok, Areal84, armor, babaroga, Brana01, BraneS, CheefCoach, Dannyboy, DPera, DragoslavS, elenemste, goxin, havoc995, ILGromovnik, jukeboxer, Karla, Luka Blažević, moldway, NoOneEver Dreams, Oscar, ozzy, pein, rasok, repac, royst33, Sale.S, sasa87, sombrero, Tvrtko I, vathra, Vlad000, Vlada1389, Webb, zdrebac, žeks62, 223223

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by