MyCity » Ambulanta -> Arhiva Ambulante » Adware.virtumonde.fp application

Adware.virtumonde.fp application

Napisano na dan: 4.4.2008

Strana:
1
2
3

Adware.virtumonde.fp application

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

bogibogo Poslao: 10 Apr 2008 07:51 Idi na vrh
offline bogibogo Novi MyCity građanin Pridružio: 04 Apr 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! fajl sam uspešno aploudao!

Profil

helen1 Poslao: 10 Apr 2008 20:05 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8630 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Privremeno iskljuciti antivirus program dok odradimo ovo (AMON modul u NOD32 postaviti na Disabled). Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\uvaltsqf.exe C:\WINDOWS\system32\ovyvnuoi.ini C:\WINDOWS\system32\rppxungf.ini C:\WINDOWS\system32\cbehcrqlonmpsj.bmp C:\WINDOWS\system32\mmax_goog.ini C:\WINDOWS\system32\mlsnqpobihsj.bmp C:\WINDOWS\system32\doralsfilgfih.bmp C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\system32\wujfoqmm.dll C:\WINDOWS\system32\gebyw.dll C:\WINDOWS\system32\Drivers\Btg18.sys C:\WINDOWS\system32\Drivers\Cua13.sys C:\WINDOWS\system32\Drivers\Cvb63.sys C:\WINDOWS\system32\Drivers\Icy85.sys C:\WINDOWS\system32\Drivers\Mjp17.sys C:\WINDOWS\system32\Drivers\Nbl18.sys C:\WINDOWS\system32\Drivers\Tey86.sys C:\WINDOWS\system32\Drivers\Uhd85.sys C:\WINDOWS\system32\Drivers\Wxh31.sys C:\WINDOWS\system32\Drivers\Xrl86.sys C:\WINDOWS\system32\Drivers\Xtq74.sys C:\WINDOWS\system32\Drivers\Yqf53.sys Driver:: Btg18.sys Cua13.sys Cvb63.sys Icy85.sys Mjp17.sys Nbl18.sys Tey86.sys Uhd85.sys Wxh31.sys Xrl86.sys Xtq74.sys Yqf53.sys Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16CD11C4-B6E8-40DC-B005-E25B4D770B88}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BM835d6043"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxuvv] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Btg18.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cua13.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cvb63.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Icy85.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mjp17.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nbl18.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tey86.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uhd85.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wxh31.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xrl86.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xtq74.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yqf53.sys] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bogibogo Poslao: 11 Apr 2008 08:25 Idi na vrh
offline bogibogo Novi MyCity građanin Pridružio: 04 Apr 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-08.10 - XP 2008-04-11 8:19:02.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.526 [GMT 2:00] Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\XP\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\system32\cbehcrqlonmpsj.bmp C:\WINDOWS\system32\doralsfilgfih.bmp C:\WINDOWS\system32\Drivers\Btg18.sys C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\Drivers\Cua13.sys C:\WINDOWS\system32\Drivers\Cvb63.sys C:\WINDOWS\system32\Drivers\Icy85.sys C:\WINDOWS\system32\Drivers\Mjp17.sys C:\WINDOWS\system32\Drivers\Nbl18.sys C:\WINDOWS\system32\Drivers\Tey86.sys C:\WINDOWS\system32\Drivers\Uhd85.sys C:\WINDOWS\system32\Drivers\Wxh31.sys C:\WINDOWS\system32\Drivers\Xrl86.sys C:\WINDOWS\system32\Drivers\Xtq74.sys C:\WINDOWS\system32\Drivers\Yqf53.sys C:\WINDOWS\system32\gebyw.dll C:\WINDOWS\system32\mlsnqpobihsj.bmp C:\WINDOWS\system32\mmax_goog.ini C:\WINDOWS\system32\ovyvnuoi.ini C:\WINDOWS\system32\rppxungf.ini C:\WINDOWS\system32\uvaltsqf.exe C:\WINDOWS\system32\wujfoqmm.dll . TimedOut: progfile.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\XP\Start Menu\Programs\Startup\DW_Start.lnk C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\system32\_000006_.tmp.dll C:\WINDOWS\system32\cbehcrqlonmpsj.bmp C:\WINDOWS\system32\doralsfilgfih.bmp C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\mlsnqpobihsj.bmp C:\WINDOWS\system32\mmax_goog.ini C:\WINDOWS\system32\ovyvnuoi.ini C:\WINDOWS\system32\rppxungf.ini C:\WINDOWS\system32\uvaltsqf.exe . ((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))) . 2008-04-11 07:54 . 2008-04-11 07:54 <DIR> d-------- C:\WINDOWS\LastGood 2008-04-09 15:06 . 2008-04-09 15:06 <DIR> d-------- C:\VundoFix Backups 2008-04-09 14:15 . 2008-04-09 14:15 <DIR> d-------- C:\WINDOWS\system32\sl-SI 2008-04-09 13:53 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-04-09 13:53 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-04-09 13:53 . 2007-07-01 05:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-04-09 13:53 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-04-09 13:53 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-04-09 13:53 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-04-09 13:53 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-04-09 13:53 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-04-09 13:53 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-04 13:10 . 2008-04-04 13:10 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-04 09:44 . 2008-04-04 09:44 <DIR> d-------- C:\Program Files\Windows Defender 2008-04-04 08:55 . 2008-04-04 08:55 1,823 --a------ C:\WINDOWS\mozver.dat 2008-04-04 08:09 . 2008-04-04 08:13 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-04-01 10:44 . 2008-04-01 10:44 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-01 10:44 . 2008-04-01 10:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-01 10:44 . 2008-04-01 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-28 10:43 . 2008-03-31 09:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-26 15:24 . 2008-04-09 15:04 16 --a------ C:\WINDOWS\popcinfo.dat 2008-03-26 14:54 . 2008-03-26 14:57 <DIR> d-------- C:\Program Files\Bejeweled 2 Deluxe 2008-03-26 14:54 . 2008-03-26 14:54 720,896 --a------ C:\WINDOWS\iun6002ev.exe 2008-03-26 14:27 . 2008-03-26 14:54 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-03-26 11:30 . 2008-03-26 11:30 <DIR> d-------- C:\Documents and Settings\XP\Application Data\GRETECH 2008-03-26 11:30 . 2008-03-26 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH 2008-03-26 08:57 . 2008-04-09 09:18 564 --a------ C:\WINDOWS\system32\MRT.INI 2008-03-26 08:56 . 2008-03-26 08:56 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-03-25 15:07 . 2008-03-25 15:07 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2008-03-25 14:54 . 2008-03-25 14:54 <DIR> d-------- C:\Program Files\ESET 2008-03-25 14:54 . 2008-03-25 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-03-25 11:29 . 2008-03-25 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-03-25 11:11 . 2008-03-25 11:11 <DIR> d-------- C:\Program Files\Common Files\Control Panels 2008-03-25 11:09 . 2008-03-25 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM 2008-03-25 10:56 . 2008-03-25 10:56 <DIR> d-------- C:\Program Files\QuickTime 2008-03-25 10:48 . 2007-02-20 17:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-03-25 10:48 . 2007-02-20 17:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-03-25 10:41 . 2008-03-25 10:41 <DIR> d-------- C:\Program Files\Bonjour 2008-03-25 10:37 . 2008-03-25 10:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-03-25 10:27 . 2008-03-25 10:27 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Nero 2008-03-25 10:23 . 2008-03-25 10:23 <DIR> d-------- C:\Program Files\Nero 2008-03-25 10:23 . 2008-03-28 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-03-25 10:01 . 2008-03-25 10:03 <DIR> d-------- C:\Program Files\TIS 2008 2008-03-20 14:26 . 2008-03-20 14:26 0 --a------ C:\WINDOWS\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-25 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-03-25 09:13 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-22 08:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-02-22 08:05 --------- d-----w C:\Program Files\Autodesk 2008-02-22 08:05 --------- d-----w C:\Program Files\AutoCAD 2005 2008-02-22 08:04 --------- d-----w C:\Program Files\AnswerWorks 4.0 2008-02-22 08:00 --------- d-----w C:\Documents and Settings\XP\Application Data\Autodesk 2008-02-22 08:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-02-20 10:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-02-20 10:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-02-20 10:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SET9B76.tmp 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\SETC3E7.tmp 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\SET9B05.tmp 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\SETC3DF.tmp 2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\SET9B06.tmp 2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\SETC3E0.tmp 2008-02-16 22:29 3,059,712 ----a-w C:\WINDOWS\system32\SET9B93.tmp 2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\SETC3F5.tmp 2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\SET9B8A.tmp 2008-02-16 08:59 659,456 ------w C:\WINDOWS\system32\SETC3F1.tmp 2008-02-16 08:59 615,936 ----a-w C:\WINDOWS\system32\SET9B8B.tmp 2008-02-16 08:59 615,936 ------w C:\WINDOWS\system32\SETC3F2.tmp 2008-02-16 08:59 474,112 ----a-w C:\WINDOWS\system32\SET9B8C.tmp 2008-02-16 08:59 474,112 ------w C:\WINDOWS\system32\SETC3F3.tmp 2008-02-16 08:59 1,494,528 ----a-w C:\WINDOWS\system32\SET9B8D.tmp 2008-02-16 08:59 1,494,528 ------w C:\WINDOWS\system32\SETC3F4.tmp 2008-02-16 08:59 1,023,488 ----a-w C:\WINDOWS\system32\SET9B9D.tmp 2008-02-16 08:59 1,023,488 ------w C:\WINDOWS\system32\SETC3F7.tmp 2008-02-15 09:06 351,744 ----a-w C:\WINDOWS\system32\SETC3F8.tmp 2008-02-15 09:06 351,744 ----a-w C:\WINDOWS\system32\SET9BA0.tmp . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll + 2007-08-14 01:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll - 2007-08-14 01:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll + 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll - 2006-09-07 00:43:16 14,048 ------w C:\WINDOWS\system32\spmsg.dll + 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\system32\spmsg.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 14:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-07-27 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11] S0 Btg18;Btg18;C:\WINDOWS\system32\Drivers\Btg18.sys [] S0 Cua13;Cua13;C:\WINDOWS\system32\Drivers\Cua13.sys [] S0 Cvb63;Cvb63;C:\WINDOWS\system32\Drivers\Cvb63.sys [] S0 Icy85;Icy85;C:\WINDOWS\system32\Drivers\Icy85.sys [] S0 Mjp17;Mjp17;C:\WINDOWS\system32\Drivers\Mjp17.sys [] S0 Nbl18;Nbl18;C:\WINDOWS\system32\Drivers\Nbl18.sys [] S0 Tey86;Tey86;C:\WINDOWS\system32\Drivers\Tey86.sys [] S0 Uhd85;Uhd85;C:\WINDOWS\system32\Drivers\Uhd85.sys [] S0 Wxh31;Wxh31;C:\WINDOWS\system32\Drivers\Wxh31.sys [] S0 Xrl86;Xrl86;C:\WINDOWS\system32\Drivers\Xrl86.sys [] S0 Xtq74;Xtq74;C:\WINDOWS\system32\Drivers\Xtq74.sys [] S0 Yqf53;Yqf53;C:\WINDOWS\system32\Drivers\Yqf53.sys [] . Contents of the 'Scheduled Tasks' folder "2008-04-11 05:56:19 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-04-11 08:21:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-11 8:21:59 ComboFix-quarantined-files.txt 2008-04-11 06:21:53 ComboFix2.txt 2008-04-09 12:42:24 Pre-Run: 230,222,049,280 bytes free Post-Run: 230,205,587,456 bytes free . 2008-04-11 05:55:18 --- E O F ---

Profil

helen1 Poslao: 12 Apr 2008 18:50 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8630 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: Btg18 Cua13 Cvb63 Icy85 Mjp17 Nbl18 Tey86 Uhd85 Wxh31 Xrl86 Xtq74 Yqf53` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bogibogo Poslao: 14 Apr 2008 09:09 Idi na vrh
offline bogibogo Novi MyCity građanin Pridružio: 04 Apr 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-08.10 - XP 2008-04-14 8:59:08.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.533 [GMT 2:00] Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\XP\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . TimedOut: progfile.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_XRL86 -------\Legacy_XTQ74 -------\Service_Cua13 -------\Service_Cvb63 -------\Service_Icy85 -------\Service_Mjp17 -------\Service_Nbl18 -------\Service_Tey86 -------\Service_Uhd85 -------\Service_Wxh31 -------\Service_Xrl86 -------\Service_Xtq74 -------\Service_Yqf53 ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))) . 2008-04-09 15:06 . 2008-04-09 15:06 <DIR> d-------- C:\VundoFix Backups 2008-04-09 14:15 . 2008-04-09 14:15 <DIR> d-------- C:\WINDOWS\system32\sl-SI 2008-04-09 13:53 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-04-09 13:53 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-04-09 13:53 . 2007-07-01 05:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-04-09 13:53 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-04-09 13:53 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-04-09 13:53 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-04-09 13:53 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-04-09 13:53 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-04-09 13:53 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-04 13:10 . 2008-04-04 13:10 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-04 09:44 . 2008-04-04 09:44 <DIR> d-------- C:\Program Files\Windows Defender 2008-04-04 08:55 . 2008-04-04 08:55 1,823 --a------ C:\WINDOWS\mozver.dat 2008-04-04 08:09 . 2008-04-04 08:13 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-04-01 10:44 . 2008-04-01 10:44 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-01 10:44 . 2008-04-01 10:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-01 10:44 . 2008-04-01 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-28 10:43 . 2008-03-31 09:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-26 15:24 . 2008-04-14 08:47 16 --a------ C:\WINDOWS\popcinfo.dat 2008-03-26 14:54 . 2008-03-26 14:57 <DIR> d-------- C:\Program Files\Bejeweled 2 Deluxe 2008-03-26 14:54 . 2008-03-26 14:54 720,896 --a------ C:\WINDOWS\iun6002ev.exe 2008-03-26 14:27 . 2008-03-26 14:54 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-03-26 11:30 . 2008-03-26 11:30 <DIR> d-------- C:\Documents and Settings\XP\Application Data\GRETECH 2008-03-26 11:30 . 2008-03-26 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH 2008-03-26 08:57 . 2008-04-09 09:18 564 --a------ C:\WINDOWS\system32\MRT.INI 2008-03-26 08:56 . 2008-03-26 08:56 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-03-25 15:07 . 2008-03-25 15:07 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2008-03-25 14:54 . 2008-03-25 14:54 <DIR> d-------- C:\Program Files\ESET 2008-03-25 14:54 . 2008-03-25 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-03-25 11:29 . 2008-03-25 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-03-25 11:11 . 2008-03-25 11:11 <DIR> d-------- C:\Program Files\Common Files\Control Panels 2008-03-25 11:09 . 2008-03-25 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM 2008-03-25 10:56 . 2008-03-25 10:56 <DIR> d-------- C:\Program Files\QuickTime 2008-03-25 10:48 . 2007-02-20 17:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-03-25 10:48 . 2007-02-20 17:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-03-25 10:41 . 2008-03-25 10:41 <DIR> d-------- C:\Program Files\Bonjour 2008-03-25 10:37 . 2008-03-25 10:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-03-25 10:27 . 2008-03-25 10:27 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Nero 2008-03-25 10:23 . 2008-03-25 10:23 <DIR> d-------- C:\Program Files\Nero 2008-03-25 10:23 . 2008-03-28 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-03-25 10:01 . 2008-03-25 10:03 <DIR> d-------- C:\Program Files\TIS 2008 2008-03-20 14:26 . 2008-03-20 14:26 0 --a------ C:\WINDOWS\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-25 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-03-25 09:13 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-22 08:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-02-22 08:05 --------- d-----w C:\Program Files\Autodesk 2008-02-22 08:05 --------- d-----w C:\Program Files\AutoCAD 2005 2008-02-22 08:04 --------- d-----w C:\Program Files\AnswerWorks 4.0 2008-02-22 08:00 --------- d-----w C:\Documents and Settings\XP\Application Data\Autodesk 2008-02-22 08:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-02-20 10:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-02-20 10:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-02-20 10:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll + 2007-08-14 01:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll - 2007-08-14 01:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll + 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll - 2006-09-07 00:43:16 14,048 ------w C:\WINDOWS\system32\spmsg.dll + 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\system32\spmsg.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 14:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-07-27 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11] S0 Btg18;Btg18;C:\WINDOWS\system32\Drivers\Btg18.sys [] . Contents of the 'Scheduled Tasks' folder "2008-04-14 05:59:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-04-14 09:03:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************ . Completion time: 2008-04-14 9:06:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-14 07:06:08 ComboFix2.txt 2008-04-11 06:21:59 ComboFix3.txt 2008-04-09 12:42:24 Pre-Run: 230,214,127,616 bytes free Post-Run: 230,203,351,040 bytes free . 2008-04-14 05:58:12 --- E O F ---

Profil

helen1 Poslao: 14 Apr 2008 20:46 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8630 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: Btg18` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bogibogo Poslao: 15 Apr 2008 08:50 Idi na vrh
offline bogibogo Novi MyCity građanin Pridružio: 04 Apr 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-08.10 - XP 2008-04-15 8:35:22.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.531 [GMT 2:00] Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\XP\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . TimedOut: progfile.dat ((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))) . 2008-04-09 15:06 . 2008-04-09 15:06 <DIR> d-------- C:\VundoFix Backups 2008-04-09 14:15 . 2008-04-09 14:15 <DIR> d-------- C:\WINDOWS\system32\sl-SI 2008-04-09 13:53 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-04-09 13:53 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-04-09 13:53 . 2007-07-01 05:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-04-09 13:53 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-04-09 13:53 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-04-09 13:53 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-04-09 13:53 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-04-09 13:53 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-04-09 13:53 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-04 13:10 . 2008-04-04 13:10 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-04 09:44 . 2008-04-04 09:44 <DIR> d-------- C:\Program Files\Windows Defender 2008-04-04 08:55 . 2008-04-04 08:55 1,823 --a------ C:\WINDOWS\mozver.dat 2008-04-04 08:09 . 2008-04-04 08:13 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-04-01 10:44 . 2008-04-01 10:44 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-01 10:44 . 2008-04-01 10:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-01 10:44 . 2008-04-01 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-28 10:43 . 2008-03-31 09:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-26 15:24 . 2008-04-14 14:40 16 --a------ C:\WINDOWS\popcinfo.dat 2008-03-26 14:54 . 2008-03-26 14:57 <DIR> d-------- C:\Program Files\Bejeweled 2 Deluxe 2008-03-26 14:54 . 2008-03-26 14:54 720,896 --a------ C:\WINDOWS\iun6002ev.exe 2008-03-26 14:27 . 2008-03-26 14:54 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-03-26 11:30 . 2008-03-26 11:30 <DIR> d-------- C:\Documents and Settings\XP\Application Data\GRETECH 2008-03-26 11:30 . 2008-03-26 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH 2008-03-26 08:57 . 2008-04-09 09:18 564 --a------ C:\WINDOWS\system32\MRT.INI 2008-03-26 08:56 . 2008-03-26 08:56 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-03-25 15:07 . 2008-03-25 15:07 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2008-03-25 14:54 . 2008-03-25 14:54 <DIR> d-------- C:\Program Files\ESET 2008-03-25 14:54 . 2008-03-25 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-03-25 11:29 . 2008-03-25 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-03-25 11:11 . 2008-03-25 11:11 <DIR> d-------- C:\Program Files\Common Files\Control Panels 2008-03-25 11:09 . 2008-03-25 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM 2008-03-25 10:56 . 2008-03-25 10:56 <DIR> d-------- C:\Program Files\QuickTime 2008-03-25 10:48 . 2007-02-20 17:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-03-25 10:48 . 2007-02-20 17:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-03-25 10:41 . 2008-03-25 10:41 <DIR> d-------- C:\Program Files\Bonjour 2008-03-25 10:37 . 2008-03-25 10:37 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-03-25 10:27 . 2008-03-25 10:27 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Nero 2008-03-25 10:23 . 2008-03-25 10:23 <DIR> d-------- C:\Program Files\Nero 2008-03-25 10:23 . 2008-03-28 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-03-25 10:01 . 2008-03-25 10:03 <DIR> d-------- C:\Program Files\TIS 2008 2008-03-20 14:26 . 2008-03-20 14:26 0 --a------ C:\WINDOWS\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-25 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-03-25 09:13 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-22 08:05 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-02-22 08:05 --------- d-----w C:\Program Files\Autodesk 2008-02-22 08:05 --------- d-----w C:\Program Files\AutoCAD 2005 2008-02-22 08:04 --------- d-----w C:\Program Files\AnswerWorks 4.0 2008-02-22 08:00 --------- d-----w C:\Documents and Settings\XP\Application Data\Autodesk 2008-02-22 08:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-02-20 10:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-02-20 10:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-02-20 10:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SET9B76.tmp 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\SETC3E7.tmp 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\SET9B05.tmp 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\SETC3DF.tmp 2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\SET9B06.tmp 2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\SETC3E0.tmp 2008-02-16 22:29 3,059,712 ----a-w C:\WINDOWS\system32\SET9B93.tmp 2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\SETC3F5.tmp 2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\SET9B8A.tmp 2008-02-16 08:59 659,456 ------w C:\WINDOWS\system32\SETC3F1.tmp 2008-02-16 08:59 615,936 ----a-w C:\WINDOWS\system32\SET9B8B.tmp 2008-02-16 08:59 615,936 ------w C:\WINDOWS\system32\SETC3F2.tmp 2008-02-16 08:59 474,112 ----a-w C:\WINDOWS\system32\SET9B8C.tmp 2008-02-16 08:59 474,112 ------w C:\WINDOWS\system32\SETC3F3.tmp 2008-02-16 08:59 1,494,528 ----a-w C:\WINDOWS\system32\SET9B8D.tmp 2008-02-16 08:59 1,494,528 ------w C:\WINDOWS\system32\SETC3F4.tmp 2008-02-16 08:59 1,023,488 ----a-w C:\WINDOWS\system32\SET9B9D.tmp 2008-02-16 08:59 1,023,488 ------w C:\WINDOWS\system32\SETC3F7.tmp 2008-02-15 09:06 351,744 ----a-w C:\WINDOWS\system32\SETC3F8.tmp 2008-02-15 09:06 351,744 ----a-w C:\WINDOWS\system32\SET9BA0.tmp . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll + 2007-08-14 01:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll - 2007-08-14 01:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll + 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll - 2006-09-07 00:43:16 14,048 ------w C:\WINDOWS\system32\spmsg.dll + 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 12:44:58 282,624 ----a-w C:\WINDOWS\system32\spool\drivers\color\MXF_SDK_GenericContainer_DV_r.4.1.1.223.dll + 2007-11-30 12:44:58 151,552 ----a-w C:\WINDOWS\system32\spool\drivers\color\MXF_SDK_GenericContainer_MPEG_ESAudio_r.4.1.1.223.dll + 2007-11-30 12:44:56 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\color\MXF_SDK_GenericContainer_Wave_r.4.1.1.223.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 14:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 14:06 40048] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-07-27 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11] S0 Btg18;Btg18;C:\WINDOWS\system32\Drivers\Btg18.sys [] . Contents of the 'Scheduled Tasks' folder "2008-04-15 05:56:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-04-15 08:37:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-15 8:38:29 ComboFix-quarantined-files.txt 2008-04-15 06:38:24 ComboFix2.txt 2008-04-14 07:06:16 ComboFix3.txt 2008-04-11 06:21:59 ComboFix4.txt 2008-04-09 12:42:24 Pre-Run: 229,611,831,296 bytes free Post-Run: 229,600,989,184 bytes free . 2008-04-14 05:58:12 --- E O F ---

Profil

helen1 Poslao: 15 Apr 2008 19:57 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8630 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skeniraj komp sa GMER-om i postavi log da proverimo da nema nekih rootkitova... Uradi sledeće: Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Prikaci nam fajlove uz poruku.

Profil

bogibogo Poslao: 16 Apr 2008 08:44 Idi na vrh
offline bogibogo Novi MyCity građanin Pridružio: 04 Apr 2008 Poruke: 15	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo uradio sam sledeče scan-ove. [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici]

Profil

helen1 Poslao: 18 Apr 2008 07:36 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8630 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi RegASSASSIN. Dvoklikom pokreni program i u polje za unos teksta iskopiraj sledeće: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Btg18 Klikni na Delete taster.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Adware.virtumonde.fp application

Ko je trenutno na forumu

Ukupno su 1842 korisnika na forumu :: 144 registrovanih, 6 sakrivenih i 1692 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 10x10.9, Ageofloneliness, ALEXV, amonsrb, AMX72, annon, aramis s, Arsenije, Aska, Asparagus, Bahuss, bakos022, bambulic, black venom, Bojan85, bojankrstc, Bojke549, Bosnjo, brundo65, bunker, cekic, CheefCoach, chichabg, crazydkure, Darko Jovanovic, darkojbn, Despot Đurađ, DezurniOperativni, djonsule, Dovla, draganca, draganl, Dragon Order, DragoslavS, DrMrPr, Duh sa sekirom, dule10savic, Dzoni2412, Džekson, Feller, FOX, Fructo, gajasvi, gajca1977, Gama, Geodezist58, Georgius, ghoost, Giskard, Goldman, Halabit, halkin gol, Hans Gajger, hugoxz, ikan, Ivan001, ivran064, Jager715510, jarovitt, joca83, Jomini, Kichma, kovacicbozo, Kriglord, Kubovac, Lepi Jova, ljuba, LjubisaR, M74AB3, MajorPaton, Marija88, Marko00, MaRtInsrbija1993, mercedesamg, MidnighT_AlieN, miki69, mikki jons, mikrimaus, milenko crazy north, milikonst, MiljanXD, Milometer, mir, MiroslavD, Mićko, mkukoleca, MrG, nemkea71, nenad81, nenooo, neutrino, niksa517, nixos, nuke92, opt1, Papadubi, Pekman, Petar888, Pilence, procesor, RajkoB, raketaš, Regrut Boskica, Resnica, RJ, Romibrat, rovac, S-lash, sabros, sap, sasa76, Savantije, septembar, Shajlok, Shinobi, shlauf, Sone1983, stegonosa, Stojan Mrsavi, strelac07, synergia, Tandrčak, Tila Painen, tritonus, Tumansky, vaci, Vaske8990, veljko82, vespa nikola, Viceroy, vidra1, voja64, Webb, XBMC, yrraf, Zastava, zax22r, zombicar153, zoran77, zubri, ZZZ, Žrnov, 1107, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by