Možda tražite i:
Molim za proveru loga
Molim za proveru HJ
Molim za proveru
Molim proveru loga,sumnjam na zarazu

MyCity » Ambulanta -> Arhiva Ambulante » virtumonde-molim proveru

virtumonde-molim proveru

Napisano na dan: 28.4.2008

virtumonde-molim proveru

Sledeća strana

Pagination

Odgovori

nesa2409 Poslao: 28 Apr 2008 20:24 Idi na vrh
offline nesa2409 Građanin Pridružio: 29 Mar 2006 Poruke: 34 Gde živiš: Leskovac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! koristim WIN XP SP2, takodje i avast koji mi prijavljuje sledecu infekciju: c:/windows/system32 Win32:Virtumonde-JA molim za pomoc! hvala Logfile of HijackThis v1.99.1 Scan saved at 20:21:07, on 28.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\svehost.exe C:\WINDOWS\system32\lxdccoms.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\ana i andjela\Desktop\provera\provera.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.imesh.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\tuvUNecA.dll O2 - BHO: (no name) - {BCA0AEFD-9DC3-4134-8546-E1307BEE5C1F} - C:\WINDOWS\system32\geBqPIbY.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O8 - Extra context menu item: Preuzmi sa FlashGet-om - C:\PROGRA~1\FLASHGET\jc_link.htm O8 - Extra context menu item: Preuzmi sve sa FlashGet-om - C:\PROGRA~1\FLASHGET\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: tuvUNecA - C:\WINDOWS\SYSTEM32\tuvUNecA.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

Profil

helen1 Poslao: 28 Apr 2008 20:33 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vidim da si i na Krstarici trazio pomoc u vezi ovog slucaja? http://forum.krstarica.com/showthread.php?p=6477151 Ti si mislio na dva razlicita foruma da ti ljudi daju iste alate. Posto sam i ja hteo da ti predlozim Vundo Fix?

Profil

nesa2409 Poslao: 28 Apr 2008 20:36 Idi na vrh
offline nesa2409 Građanin Pridružio: 29 Mar 2006 Poruke: 34 Gde živiš: Leskovac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! da, tamo sam nešto odradio ali mi i dalje prijavljuje greške! u svakom slučaju hvala

Profil

helen1 Poslao: 28 Apr 2008 20:39 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pomocicemo, samo pitam. Odluci se, ili mi ili Krstarica. Ne mozemo paralelno. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

nesa2409 Poslao: 28 Apr 2008 20:53 Idi na vrh
offline nesa2409 Građanin Pridružio: 29 Mar 2006 Poruke: 34 Gde živiš: Leskovac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-27.3 - ana i andjela 2008-04-28 20:44:12.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.76 [GMT 2:00] Running from: C:\Documents and Settings\ana i andjela\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Program Files\AntiSpywareMaster C:\WINDOWS\Config\csrss.exe C:\WINDOWS\pskt.ini C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\geBqPIbY.dll C:\WINDOWS\system32\geBuUlLD.dll C:\WINDOWS\system32\hgGvuTKd.dll C:\WINDOWS\system32\jgxkdyvl.ini C:\WINDOWS\system32\lRtBLkkj.ini C:\WINDOWS\system32\lRtBLkkj.ini2 C:\WINDOWS\system32\lvydkxgj.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mexicprq.dll C:\WINDOWS\system32\mfuemnxm.ini C:\WINDOWS\system32\mlJDwVLE.dll C:\WINDOWS\system32\obchywxx.ini C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\svehost.exe C:\WINDOWS\system32\tuvUNecA.dll C:\WINDOWS\system32\txjuvcmx.dll C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\wvUoPijj.dll C:\WINDOWS\system32\xmcvujxt.ini C:\WINDOWS\system32\xnbundwp.dll C:\WINDOWS\system32\YbIPqBeg.ini C:\WINDOWS\system32\YbIPqBeg.ini2 ----- BITS: Possible infected sites ----- hxxp://77.91.228.186 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))) . 2008-04-27 06:31 . 2008-04-28 19:26 109,756 --a------ C:\WINDOWS\BM6b7ef851.xml 2008-04-23 21:07 . 2008-04-23 21:07 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_29952.LOG 2008-04-23 21:07 . 2008-04-23 21:07 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_54316.LOG 2008-04-23 21:07 . 2008-04-23 21:07 0 --ah----- C:\Documents and Settings\ana i andjela\NTUSER.DAT_TU_48360.LOG 2008-04-22 18:31 . 2008-04-22 18:34 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-04-20 11:29 . 2008-04-20 11:29 <DIR> d-------- C:\Program Files\EnglDict 2008-04-20 11:29 . 1997-01-15 23:00 192,272 --a------ C:\WINDOWS\system32\MCI32.OCX 2008-04-20 11:29 . 1998-06-18 04:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll 2008-04-16 19:26 . 2008-04-16 19:26 <DIR> d-------- C:\Program Files\My Scene(TM) 2008-04-15 18:55 . 2008-04-15 18:55 98,304 --------- C:\WINDOWS\system32\CmdLineExt.dll 2008-04-14 19:02 . 2008-04-14 19:02 <DIR> d-------- C:\Program Files\QuickTime 2008-04-14 19:01 . 2008-04-14 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-08 15:13 . 2008-04-08 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games 2008-04-06 14:52 . 2008-04-06 14:52 <DIR> d-------- C:\Program Files\Cosmo Bots Full Version 2008-04-06 14:49 . 2008-04-06 14:49 <DIR> d-------- C:\Program Files\PopCap Games 2008-04-06 14:22 . 2008-04-06 14:22 1,964 --a------ C:\WINDOWS\ST5UNST.005 2008-04-06 14:21 . 2008-04-06 14:21 1,964 --a------ C:\WINDOWS\ST5UNST.004 2008-04-03 21:09 . 2008-04-03 21:09 <DIR> d-------- C:\Program Files\DNA 2008-04-03 21:09 . 2008-04-03 21:09 <DIR> d-------- C:\Program Files\BitTorrent 2008-04-03 21:09 . 2008-04-03 21:09 <DIR> d-------- C:\Documents and Settings\ana i andjela\Application Data\DNA 2008-04-03 21:09 . 2008-04-03 21:09 <DIR> d-------- C:\Documents and Settings\ana i andjela\Application Data\BitTorrent 2008-03-31 20:03 . 2008-03-31 20:03 1,964 --a------ C:\WINDOWS\ST5UNST.003 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-06 12:10 43,520 ------w C:\WINDOWS\system32\CmdLineExt03.dll 2008-04-03 19:17 94,208 ----a-w C:\WINDOWS\Media\csrss.exe 2008-03-27 18:59 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE . ------- Sigcheck ------- 2004-08-03 21:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys 2004-08-03 21:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-03 21:09 287040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624] "LXDCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-23 00:05 102400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Updates"="svehost.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUNecA] tuvUNecA.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageFox.lnk] backup=C:\WINDOWS\pss\ImageFox.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] -r------- 2003-03-20 00:21 1855488 C:\WINDOWS\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckDialer] C:\Program Files\Hispasec\CheckDialer\ChkDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcamon] --a------ 2007-02-06 01:32 20480 C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2004-12-09 15:38 1937408 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2005-11-15 20:31 33792 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\System32\\lxdccoms.exe"= "C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"= "C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Opera\\Opera.exe"= R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-02-13 01:56] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 22:56] S3 mpr_freader;MPR FileReader Driver;C:\Program Files\Multi Password Recovery\mpr_freader.sys [] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2008-04-18 15:28:24 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-28 20:50:24 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\PROGRAM FILES\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************ . Completion time: 2008-04-28 20:51:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-28 18:51:46 Pre-Run: 3,696,508,928 bytes free Post-Run: 3,625,009,152 bytes free 175

Profil

helen1 Poslao: 28 Apr 2008 21:57 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\BM6b7ef851.xml C:\WINDOWS\Media\csrss.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Updates"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUNecA]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

nesa2409 Poslao: 29 Apr 2008 06:40 Idi na vrh
offline nesa2409 Građanin Pridružio: 29 Mar 2006 Poruke: 34 Gde živiš: Leskovac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! za vreme skeniranja sa Combofix avast mi je izbacio poruku da je našao neki virus koji sam obrisao i combofih je nastavio dalje sa skeniranjem. evo loga ComboFix 08-04-27.3 - ana i andjela 2008-04-29 6:34:34.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT 2:00] Running from: C:\Documents and Settings\ana i andjela\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\ana i andjela\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\BM6b7ef851.xml C:\WINDOWS\Media\csrss.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM6b7ef851.xml C:\WINDOWS\iexplore.exe C:\WINDOWS\Media\csrss.exe . ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))) . 2008-04-28 21:25 . 2008-04-28 21:25 <DIR> d-------- C:\logs 2008-04-23 21:07 . 2008-04-23 21:07 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_29952.LOG 2008-04-23 21:07 . 2008-04-23 21:07 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_54316.LOG 2008-04-23 21:07 . 2008-04-23 21:07 0 --ah----- C:\Documents and Settings\ana i andjela\NTUSER.DAT_TU_48360.LOG 2008-04-22 18:31 . 2008-04-22 18:34 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-04-20 11:29 . 2008-04-20 11:29 <DIR> d-------- C:\Program Files\EnglDict 2008-04-20 11:29 . 1997-01-15 23:00 192,272 --a------ C:\WINDOWS\system32\MCI32.OCX 2008-04-20 11:29 . 1998-06-18 04:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll 2008-04-16 19:26 . 2008-04-16 19:26 <DIR> d-------- C:\Program Files\My Scene(TM) 2008-04-15 18:55 . 2008-04-15 18:55 98,304 --------- C:\WINDOWS\system32\CmdLineExt.dll 2008-04-14 19:02 . 2008-04-14 19:02 <DIR> d-------- C:\Program Files\QuickTime 2008-04-14 19:01 . 2008-04-14 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-08 15:13 . 2008-04-08 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games 2008-04-06 14:52 . 2008-04-06 14:52 <DIR> d-------- C:\Program Files\Cosmo Bots Full Version 2008-04-06 14:49 . 2008-04-06 14:49 <DIR> d-------- C:\Program Files\PopCap Games 2008-04-06 14:22 . 2008-04-06 14:22 1,964 --a------ C:\WINDOWS\ST5UNST.005 2008-04-06 14:21 . 2008-04-06 14:21 1,964 --a------ C:\WINDOWS\ST5UNST.004 2008-04-03 21:09 . 2008-04-03 21:09 <DIR> d-------- C:\Program Files\DNA 2008-04-03 21:09 . 2008-04-03 21:09 <DIR> d-------- C:\Program Files\BitTorrent 2008-04-03 21:09 . 2008-04-03 21:09 <DIR> d-------- C:\Documents and Settings\ana i andjela\Application Data\DNA 2008-04-03 21:09 . 2008-04-03 21:09 <DIR> d-------- C:\Documents and Settings\ana i andjela\Application Data\BitTorrent 2008-03-31 20:03 . 2008-03-31 20:03 1,964 --a------ C:\WINDOWS\ST5UNST.003 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-06 12:10 43,520 ------w C:\WINDOWS\system32\CmdLineExt03.dll 2008-03-27 18:59 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-03-15 01:46 1,206,366 ----a-w C:\WINDOWS\wrar371.exe . ------- Sigcheck ------- 2004-08-03 21:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys 2004-08-03 21:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-04-28_20.51.14.16 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-28 18:49:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-29 04:25:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-29 04:25:36 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_490.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-03 21:09 287040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624] "LXDCCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-23 00:05 102400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageFox.lnk] backup=C:\WINDOWS\pss\ImageFox.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] -r------- 2003-03-20 00:21 1855488 C:\WINDOWS\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckDialer] C:\Program Files\Hispasec\CheckDialer\ChkDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcamon] --a------ 2007-02-06 01:32 20480 C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2004-12-09 15:38 1937408 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2005-11-15 20:31 33792 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\System32\\lxdccoms.exe"= "C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"= "C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Opera\\Opera.exe"= R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-02-13 01:56] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 22:56] S3 mpr_freader;MPR FileReader Driver;C:\Program Files\Multi Password Recovery\mpr_freader.sys [] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-18 15:28:24 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-29 06:36:44 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXDCCATS = rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-29 6:37:28 ComboFix-quarantined-files.txt 2008-04-29 04:37:26 ComboFix2.txt 2008-04-28 18:51:58 Pre-Run: 3,566,821,376 bytes free Post-Run: 3,561,750,528 bytes free 144

Profil

helen1 Poslao: 29 Apr 2008 17:40 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

nesa2409 Poslao: 29 Apr 2008 19:37 Idi na vrh
offline nesa2409 Građanin Pridružio: 29 Mar 2006 Poruke: 34 Gde živiš: Leskovac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! odradio sam i ovo. sada dobro radi! hvala puno na pomoći pozz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virtumonde-molim proveru

Ko je trenutno na forumu

Ukupno su 1224 korisnika na forumu :: 55 registrovanih, 7 sakrivenih i 1162 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: amaterSRB, Apok, Areal84, babaroga, Ben Roj, bigfoot, Bobrock1, crnitrn, deLacy, delrey, DPera, draganca, dushan, FileFinder, FOX, galerija, goxin, Grah0, HrcAk47, ILGromovnik, Joco Skljoco, Karla, kjkszpj, Kubovac, ladro, Leonov, Lieutenant, madza, Marko Marković, Metanoja, MrNo, novator, ObelixSRB, Oscar, ozzy, Parker, pein, radoznao, rodoljub, ruger357, S1Mk3, Sirius, slonic_tonic, Steeeefan, stegonosa, styg, Tores, Trpe Grozni, vladulns, W123, wizzardone, wolf431, ZetaMan, zixmix, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by