MyCity » Ambulanta -> Arhiva Ambulante » win32 virtumonde problem...pomoc:)

win32 virtumonde problem...pomoc:)

Napisano na dan: 30.5.2008

win32 virtumonde problem...pomoc:)

Sledeća strana

Pagination

Odgovori

the_shashkica Poslao: 30 Maj 2008 18:19 Idi na vrh
offline the_shashkica Novi MyCity građanin Pridružio: 30 Maj 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! moj NOD32 je registrovao virtumonde i ne mogu da ga izbrisem.... evo ga log fajl iz HijackThis.....UNAPRED HVALA.... Logfile of HijackThis v1.99.1 Scan saved at 15:05:40, on 30.5.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe D:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\Program Files\Eset\nod32kui.exe D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\VIA\RAID\raid_tool.exe D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe D:\WINDOWS\system32\rundll32.exe D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe D:\Program Files\Logitech\QuickCam\Quickcam.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Macrogaming\SweetIM\SweetIM.exe D:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Eset\nod32krn.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe D:\Program Files\Common Files\Teleca Shared\Generic.exe D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe D:\Program Files\Opera\Opera.exe D:\WINDOWS\explorer.exe C:\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - D:\WINDOWS\system32\khfDvuvw.dll O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SweetIM] D:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: asia.msi.com.tw O15 - Trusted Zone: global.msi.com.tw O15 - Trusted Zone: msi.com.tw O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: Antiwpa - D:\WINDOWS\SYSTEM32\antiwpa.dll O20 - Winlogon Notify: khfDvuvw - D:\WINDOWS\SYSTEM32\khfDvuvw.dll O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

Profil

dr_Bora Poslao: 30 Maj 2008 18:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

the_shashkica Poslao: 30 Maj 2008 19:02 Idi na vrh
offline the_shashkica Novi MyCity građanin Pridružio: 30 Maj 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga i log.... ComboFix 08-05-29.1 - Saska 2008-05-30 18:33:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.116 [GMT 2:00] Running from: D:\Documents and Settings\Saska\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Documents and Settings\Saska\Application Data\FunWebProducts D:\Documents and Settings\Saska\Application Data\FunWebProducts\Data\Saska\avatar.dat D:\Documents and Settings\Saska\Application Data\FunWebProducts\Data\Saska\register.dat D:\Documents and Settings\Saska\Application Data\FunWebProducts\Data\Saska\zbucks.dat D:\Program Files\FunWebProducts D:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html D:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html D:\Program Files\MyWebSearch D:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG D:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL D:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL D:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE D:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV D:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT D:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL D:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST D:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST D:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE D:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S D:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm D:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css D:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css D:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js D:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm D:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm D:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm D:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf D:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif D:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico D:\Program Files\MyWebSearch\bar\Cache\0109C141 D:\Program Files\MyWebSearch\bar\Cache\0109DFEC D:\Program Files\MyWebSearch\bar\Cache\0109E607.bin D:\Program Files\MyWebSearch\bar\Cache\010A1C8F.bin D:\Program Files\MyWebSearch\bar\Cache\010A2660.bin D:\Program Files\MyWebSearch\bar\Cache\010A2C99.bin D:\Program Files\MyWebSearch\bar\Cache\010A412C.bin D:\Program Files\MyWebSearch\bar\Cache\files.ini D:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S D:\Program Files\MyWebSearch\bar\Game\CHESS.F3S D:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S D:\Program Files\MyWebSearch\bar\History\search2 D:\Program Files\MyWebSearch\bar\icons\CM.ICO D:\Program Files\MyWebSearch\bar\icons\MFC.ICO D:\Program Files\MyWebSearch\bar\icons\PSS.ICO D:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO D:\Program Files\MyWebSearch\bar\icons\WB.ICO D:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO D:\Program Files\MyWebSearch\bar\Message\COMMON.F3S D:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S D:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S D:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S D:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S D:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S D:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S D:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S D:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S D:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S D:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S D:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S D:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm D:\Program Files\MyWebSearch\bar\Settings\s_pid.dat D:\WINDOWS\clofghls.dll . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 ))))))))))))))))))))))))))))))) . 2008-05-27 23:17 . 2008-05-27 23:17 <DIR> d-------- D:\Documents and Settings\Saska\Application Data\Ahead 2008-05-26 23:57 . 2008-05-26 23:57 57,856 --a------ D:\WINDOWS\system32\khfDvuvw.dll 2008-05-26 23:49 . 2004-03-02 16:37 125,184 --------- D:\WINDOWS\system32\drivers\imagesrv.sys 2008-05-26 23:49 . 2004-03-02 16:37 5,504 --------- D:\WINDOWS\system32\drivers\imagedrv.sys 2008-05-26 23:48 . 2008-05-26 23:48 <DIR> d-------- D:\Program Files\Common Files\Ahead 2008-05-26 23:48 . 2008-05-26 23:48 <DIR> d-------- D:\Program Files\Ahead 2008-05-26 23:48 . 2004-07-26 16:16 1,568,768 --a------ D:\WINDOWS\system32\ImagX7.dll 2008-05-26 23:48 . 2004-07-26 16:16 476,320 --a------ D:\WINDOWS\system32\ImagXpr7.dll 2008-05-26 23:48 . 2004-07-26 16:16 471,040 --a------ D:\WINDOWS\system32\ImagXRA7.dll 2008-05-26 23:48 . 2004-07-26 16:16 262,144 --a------ D:\WINDOWS\system32\ImagXR7.dll 2008-05-26 23:48 . 2001-07-09 10:50 155,648 --a------ D:\WINDOWS\system32\NeroCheck.exe 2008-05-26 23:48 . 2000-06-26 10:45 106,496 --a------ D:\WINDOWS\system32\TwnLib20.dll 2008-05-25 13:58 . 2008-05-25 13:58 <DIR> d-------- D:\Program Files\Microsoft Games 2008-05-20 18:03 . 2008-05-20 18:03 50 --a------ D:\WINDOWS\MegaManager.INI 2008-05-18 23:03 . 2008-05-18 23:28 <DIR> d-------- D:\Program Files\iWin 2008-05-16 23:09 . 2008-05-16 23:09 <DIR> d-------- D:\Program Files\Common Files\DirectX 2008-05-14 19:09 . 2008-05-14 19:09 248 --a------ D:\WINDOWS\RomeTW.ini 2008-05-14 18:57 . 2008-05-14 18:57 <DIR> d-------- D:\Program Files\Activision 2008-05-11 20:01 . 2004-08-03 22:58 14,848 --a------ D:\WINDOWS\system32\drivers\kbdhid.sys 2008-05-11 20:01 . 2004-08-03 22:58 14,848 --a--c--- D:\WINDOWS\system32\dllcache\kbdhid.sys 2008-05-11 20:01 . 2001-08-17 13:48 12,160 --a------ D:\WINDOWS\system32\drivers\mouhid.sys 2008-05-11 20:01 . 2001-08-17 13:48 12,160 --a--c--- D:\WINDOWS\system32\dllcache\mouhid.sys 2008-05-11 20:00 . 2008-05-11 20:00 <DIR> d-------- D:\Program Files\Common Files\Logitech 2008-05-11 20:00 . 2005-04-12 19:09 159,744 --a------ D:\WINDOWS\system32\WmJoyFrc.dll 2008-05-11 20:00 . 2005-04-12 19:21 45,504 --a------ D:\WINDOWS\system32\drivers\WmXlCore.sys 2008-05-11 20:00 . 2005-04-12 19:21 22,240 --a------ D:\WINDOWS\system32\drivers\WmFilter.sys 2008-05-11 20:00 . 2005-04-12 19:21 17,632 --a------ D:\WINDOWS\system32\drivers\WmHidLo.sys 2008-05-11 20:00 . 2005-04-12 19:21 10,144 --a------ D:\WINDOWS\system32\drivers\WmBEnum.sys 2008-05-11 20:00 . 2005-04-12 19:21 5,600 --a------ D:\WINDOWS\system32\drivers\WmVirHid.sys 2008-05-11 19:50 . 2001-08-17 14:02 9,600 --a------ D:\WINDOWS\system32\drivers\hidusb.sys 2008-05-11 19:50 . 2001-08-17 14:02 9,600 --a--c--- D:\WINDOWS\system32\dllcache\hidusb.sys 2008-05-10 14:21 . 2008-05-10 14:21 <DIR> d-------- D:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-09 14:58 . 2007-07-19 02:39 490,776 -ra------ D:\WINDOWS\system32\drivers\LV561AV.SYS 2008-05-09 14:58 . 2007-07-19 02:43 490,008 -ra------ D:\WINDOWS\system32\LVUI2.dll 2008-05-09 14:58 . 2007-07-19 02:44 465,432 -ra------ D:\WINDOWS\system32\LVUI2RC.dll 2008-05-09 14:58 . 2007-07-19 02:40 416,280 -ra------ D:\WINDOWS\system32\lvcodec2.dll 2008-05-09 14:58 . 2007-07-19 02:40 195,096 -ra------ D:\WINDOWS\system32\lvci1110.dll 2008-05-09 14:58 . 2007-07-19 01:54 58,163 -ra------ D:\WINDOWS\system32\lvcoinst.ini 2008-05-09 14:58 . 2007-07-19 02:44 41,752 -ra------ D:\WINDOWS\system32\drivers\LVUSBSta.sys 2008-05-09 14:58 . 2007-07-19 01:55 19,344 -ra------ D:\WINDOWS\system32\Repository.reg 2008-05-09 14:54 . 2008-05-11 20:00 <DIR> d-------- D:\Program Files\Logitech 2008-05-09 14:54 . 2008-05-09 14:58 <DIR> d-------- D:\Program Files\Common Files\LogiShrd 2008-05-09 14:54 . 2008-05-09 14:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Logitech 2008-05-09 14:53 . 2008-05-09 14:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\LogiShrd 2008-05-06 13:42 . 2008-05-06 13:51 <DIR> d-------- D:\Program Files\TVPlayerClassic 2008-05-06 13:39 . 2008-05-07 13:22 <DIR> d-------- D:\Program Files\Conduit 2008-05-06 12:59 . 2008-05-06 12:59 <DIR> d-------- D:\Documents and Settings\Saska\Application Data\FDRLab 2008-04-27 14:10 . 2008-04-27 14:10 <DIR> d-------- D:\Program Files\Mario Forever Toolbar 2008-04-27 14:10 . 2008-04-27 14:10 407,129 --a------ D:\WINDOWS\MarioForever_Toolbar_Uninstaller_4260.exe 2008-04-27 14:08 . 2008-05-17 17:48 <DIR> d-------- D:\Program Files\Mario Forever 2008-04-23 20:30 . 2008-05-25 13:19 160 --a------ D:\WINDOWS\mafosav.INI 2008-04-22 00:15 . 2008-04-22 00:15 <DIR> d-------- D:\WINDOWS\Sun 2008-04-21 23:38 . 2008-04-21 23:38 <DIR> d-------- D:\Program Files\TravianMultiplyEN 2008-04-21 02:17 . 2008-04-21 02:17 <DIR> d-------- D:\Program Files\Travian 2008-04-10 23:40 . 2008-04-10 23:40 <DIR> d-------- D:\Program Files\DNA 2008-04-10 23:40 . 2008-04-10 23:40 <DIR> d-------- D:\Program Files\BitTorrent 2008-04-10 23:40 . 2008-04-19 00:57 <DIR> d-------- D:\Documents and Settings\Saska\Application Data\DNA 2008-04-10 23:40 . 2008-04-28 00:23 <DIR> d-------- D:\Documents and Settings\Saska\Application Data\BitTorrent 2008-04-10 23:22 . 2008-05-24 19:44 <DIR> d-------- D:\Program Files\LimeWire 2008-04-10 23:22 . 2008-04-14 01:08 <DIR> d-------- D:\Documents and Settings\Saska\Application Data\LimeWire 2008-04-08 20:13 . 2004-08-03 22:58 100,992 --a------ D:\WINDOWS\system32\drivers\bthpan.sys 2008-04-08 20:13 . 2004-08-03 22:58 100,992 --a--c--- D:\WINDOWS\system32\dllcache\bthpan.sys 2008-04-07 00:59 . 2004-08-04 00:56 159,232 --a------ D:\WINDOWS\system32\ptpusd.dll 2008-04-07 00:59 . 2004-08-03 22:58 15,104 --a------ D:\WINDOWS\system32\drivers\usbscan.sys 2008-04-07 00:59 . 2004-08-03 22:58 15,104 --a--c--- D:\WINDOWS\system32\dllcache\usbscan.sys 2008-04-07 00:59 . 2001-08-17 22:36 5,632 --a------ D:\WINDOWS\system32\ptpusb.dll 2008-04-02 23:43 . 2008-04-02 23:43 <DIR> d-------- D:\Program Files\Common Files\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-22 18:14 --------- d-----w D:\Program Files\Opera 2008-05-20 16:03 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-05-16 20:59 --------- d-----w D:\Program Files\EA GAMES 2008-05-14 05:06 4,994,546 ----a-w D:\WINDOWS\Internet Logs\tvDebug.zip 2008-04-26 18:03 3,000,320 ----a-w D:\WINDOWS\Internet Logs\xDB4.tmp 2008-04-26 18:03 2,767,360 ----a-w D:\WINDOWS\Internet Logs\xDB3.tmp 2008-04-26 02:44 2,999,296 ----a-w D:\WINDOWS\Internet Logs\xDB2.tmp 2008-04-10 21:36 --------- d-----w D:\Program Files\Azureus 2008-04-10 21:04 --------- d-----w D:\Program Files\FrostWire 2008-04-03 22:41 --------- d-----w D:\Program Files\Winamp 2008-04-03 22:40 --------- d-----w D:\Documents and Settings\Saska\Application Data\Winamp 2008-04-01 18:02 --------- d-----w D:\Program Files\Java 2008-03-31 11:49 --------- d-----w D:\Documents and Settings\Saska\Application Data\Skype 2008-03-30 20:52 --------- d-----w D:\Program Files\Battle For Troy 2008-03-29 22:21 --------- d-----w D:\Program Files\Skype 2008-03-29 22:21 --------- d-----w D:\Program Files\Common Files\Skype 2008-03-29 22:21 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype 2008-03-27 08:12 151,583 ----a-w D:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w D:\WINDOWS\system32\win32k.sys 2008-03-15 10:52 66,812 ----a-w D:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_14_00_10_16_small.dmp.zip 2008-03-13 22:11 1,086,952 ----a-w D:\WINDOWS\system32\zpeng24.dll 2008-03-01 13:06 826,368 ----a-w D:\WINDOWS\system32\wininet.dll 2008-02-26 11:59 294,912 ----a-w D:\WINDOWS\system32\msctf.dll 2008-02-20 06:51 282,624 ----a-w D:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w D:\WINDOWS\system32\dnsrslvr.dll 2008-02-12 11:56 2,695,680 ----a-w D:\WINDOWS\Internet Logs\xDB1.tmp 2008-02-01 16:07 18,487 ----a-w D:\WINDOWS\system32\Ntaccess.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54018E98-10E3-46C6-9673-2999253F9C65}] 2008-05-26 23:57 57856 --a------ D:\WINDOWS\system32\khfDvuvw.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "SweetIM"="D:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712] "msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-04 01:33 32768] "nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-12-27 04:33 949376] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SoundMan"="SOUNDMAN.EXE" [2006-04-01 07:33 77824 D:\WINDOWS\SOUNDMAN.EXE] "RaidTool"="D:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 15:54 589824] "@"="" [] "Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 D:\WINDOWS\system32\bthprops.cpl] "ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 00:11 919016] "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "LogitechCommunicationsManager"="D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984] "LogitechQuickCamRibbon"="D:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792] "NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{54018E98-10E3-46C6-9673-2999253F9C65}"= D:\WINDOWS\system32\khfDvuvw.dll [2008-05-26 23:57 57856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] antiwpa.dll 2006-07-23 00:49 5376 D:\WINDOWS\system32\antiwpa.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfDvuvw] khfDvuvw.dll 2008-05-26 23:57 57856 D:\WINDOWS\system32\khfDvuvw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "D:\\Program Files\\Opera\\Opera.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= "D:\\Program Files\\LimeWire\\LimeWire.exe"= "D:\\Program Files\\DNA\\btdna.exe"= "D:\\Program Files\\BitTorrent\\bittorrent.exe"= R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22] R2 ATIBTCAP;ATI TV Wonder Video Capture;D:\WINDOWS\system32\drivers\atibtcap.sys [2006-04-01 07:33] R2 ATIBTXBAR;ATI TV Wonder Video Crossbar;D:\WINDOWS\system32\drivers\atibtxbr.sys [2006-04-01 07:33] R2 ATIVTUTW;ATI TV Wonder TV Tuner;D:\WINDOWS\system32\drivers\ativtutw.sys [2006-04-01 07:33] R2 ATIVXSTW;ATI TV Wonder Audio Crossbar;D:\WINDOWS\system32\drivers\ativxstw.sys [2006-04-01 07:33] R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"D:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06905639-1cfb-11dd-839c-001109e8b97d}] \Shell\Auto\command - M:\activexdebugger32.exe f \Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f \Shell\explore\Command - M:\activexdebugger32.exe f \Shell\open\Command - M:\activexdebugger32.exe f Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-13 14:27:09 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-02-03 13:06:05 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-04-24 00:51:16 D:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-02-14 00:08:05 D:\WINDOWS\Tasks\Uniblue SpyEraser.job" - D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-30 18:50:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: D:\WINDOWS\system32\winlogon.exe -> D:\WINDOWS\system32\khfDvuvw.dll . Completion time: 2008-05-30 18:57:47 ComboFix-quarantined-files.txt 2008-05-30 16:57:33 Pre-Run: 16,371,871,744 bytes free Post-Run: 16,352,894,976 bytes free 284 --- E O F --- 2008-05-28 12:36:14

Profil

dr_Bora Poslao: 30 Maj 2008 19:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ukoliko imaš neki USB flash drive, priključi ga u toku narednog postupka. Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: `File:: D:\WINDOWS\system32\khfDvuvw.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54018E98-10E3-46C6-9673-2999253F9C65}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfDvuvw] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06905639-1cfb-11dd-839c-001109e8b97d}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

the_shashkica Poslao: 31 Maj 2008 11:52 Idi na vrh
offline the_shashkica Novi MyCity građanin Pridružio: 30 Maj 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! sorry shto kasnim ....evo ga log sa kraja skeniranja......pozzz ComboFix 08-05-29.1 - Saska 2008-05-30 20:42:04.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.80 [GMT 2:00] Running from: D:\Documents and Settings\Saska\Desktop\ComboFix.exe Command switches used :: D:\Documents and Settings\Saska\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: D:\WINDOWS\system32\khfDvuvw.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\WINDOWS\system32\khfDvuvw.dll . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))) . 2008-05-27 23:17 . 2008-05-27 23:17 <DIR> d-------- D:\Documents and Settings\Saska\Application Data\Ahead 2008-05-26 23:49 . 2004-03-02 16:37 125,184 --------- D:\WINDOWS\system32\drivers\imagesrv.sys 2008-05-26 23:49 . 2004-03-02 16:37 5,504 --------- D:\WINDOWS\system32\drivers\imagedrv.sys 2008-05-26 23:48 . 2008-05-26 23:48 <DIR> d-------- D:\Program Files\Common Files\Ahead 2008-05-26 23:48 . 2008-05-26 23:48 <DIR> d-------- D:\Program Files\Ahead 2008-05-26 23:48 . 2004-07-26 16:16 1,568,768 --a------ D:\WINDOWS\system32\ImagX7.dll 2008-05-26 23:48 . 2004-07-26 16:16 476,320 --a------ D:\WINDOWS\system32\ImagXpr7.dll 2008-05-26 23:48 . 2004-07-26 16:16 471,040 --a------ D:\WINDOWS\system32\ImagXRA7.dll 2008-05-26 23:48 . 2004-07-26 16:16 262,144 --a------ D:\WINDOWS\system32\ImagXR7.dll 2008-05-26 23:48 . 2001-07-09 10:50 155,648 --a------ D:\WINDOWS\system32\NeroCheck.exe 2008-05-26 23:48 . 2000-06-26 10:45 106,496 --a------ D:\WINDOWS\system32\TwnLib20.dll 2008-05-25 13:58 . 2008-05-25 13:58 <DIR> d-------- D:\Program Files\Microsoft Games 2008-05-20 18:03 . 2008-05-20 18:03 50 --a------ D:\WINDOWS\MegaManager.INI 2008-05-18 23:03 . 2008-05-18 23:28 <DIR> d-------- D:\Program Files\iWin 2008-05-16 23:09 . 2008-05-16 23:09 <DIR> d-------- D:\Program Files\Common Files\DirectX 2008-05-14 19:09 . 2008-05-14 19:09 248 --a------ D:\WINDOWS\RomeTW.ini 2008-05-14 18:57 . 2008-05-14 18:57 <DIR> d-------- D:\Program Files\Activision 2008-05-11 20:01 . 2004-08-03 22:58 14,848 --a------ D:\WINDOWS\system32\drivers\kbdhid.sys 2008-05-11 20:01 . 2004-08-03 22:58 14,848 --a--c--- D:\WINDOWS\system32\dllcache\kbdhid.sys 2008-05-11 20:01 . 2001-08-17 13:48 12,160 --a------ D:\WINDOWS\system32\drivers\mouhid.sys 2008-05-11 20:01 . 2001-08-17 13:48 12,160 --a--c--- D:\WINDOWS\system32\dllcache\mouhid.sys 2008-05-11 20:00 . 2008-05-11 20:00 <DIR> d-------- D:\Program Files\Common Files\Logitech 2008-05-11 20:00 . 2005-04-12 19:09 159,744 --a------ D:\WINDOWS\system32\WmJoyFrc.dll 2008-05-11 20:00 . 2005-04-12 19:21 45,504 --a------ D:\WINDOWS\system32\drivers\WmXlCore.sys 2008-05-11 20:00 . 2005-04-12 19:21 22,240 --a------ D:\WINDOWS\system32\drivers\WmFilter.sys 2008-05-11 20:00 . 2005-04-12 19:21 17,632 --a------ D:\WINDOWS\system32\drivers\WmHidLo.sys 2008-05-11 20:00 . 2005-04-12 19:21 10,144 --a------ D:\WINDOWS\system32\drivers\WmBEnum.sys 2008-05-11 20:00 . 2005-04-12 19:21 5,600 --a------ D:\WINDOWS\system32\drivers\WmVirHid.sys 2008-05-11 19:50 . 2001-08-17 14:02 9,600 --a------ D:\WINDOWS\system32\drivers\hidusb.sys 2008-05-11 19:50 . 2001-08-17 14:02 9,600 --a--c--- D:\WINDOWS\system32\dllcache\hidusb.sys 2008-05-10 14:21 . 2008-05-10 14:21 <DIR> d-------- D:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-05-09 14:58 . 2007-07-19 02:39 490,776 -ra------ D:\WINDOWS\system32\drivers\LV561AV.SYS 2008-05-09 14:58 . 2007-07-19 02:43 490,008 -ra------ D:\WINDOWS\system32\LVUI2.dll 2008-05-09 14:58 . 2007-07-19 02:44 465,432 -ra------ D:\WINDOWS\system32\LVUI2RC.dll 2008-05-09 14:58 . 2007-07-19 02:40 416,280 -ra------ D:\WINDOWS\system32\lvcodec2.dll 2008-05-09 14:58 . 2007-07-19 02:40 195,096 -ra------ D:\WINDOWS\system32\lvci1110.dll 2008-05-09 14:58 . 2007-07-19 01:54 58,163 -ra------ D:\WINDOWS\system32\lvcoinst.ini 2008-05-09 14:58 . 2007-07-19 02:44 41,752 -ra------ D:\WINDOWS\system32\drivers\LVUSBSta.sys 2008-05-09 14:58 . 2007-07-19 01:55 19,344 -ra------ D:\WINDOWS\system32\Repository.reg 2008-05-09 14:54 . 2008-05-11 20:00 <DIR> d-------- D:\Program Files\Logitech 2008-05-09 14:54 . 2008-05-09 14:58 <DIR> d-------- D:\Program Files\Common Files\LogiShrd 2008-05-09 14:54 . 2008-05-09 14:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Logitech 2008-05-09 14:53 . 2008-05-09 14:54 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\LogiShrd 2008-05-06 13:42 . 2008-05-06 13:51 <DIR> d-------- D:\Program Files\TVPlayerClassic 2008-05-06 13:39 . 2008-05-07 13:22 <DIR> d-------- D:\Program Files\Conduit 2008-05-06 12:59 . 2008-05-06 12:59 <DIR> d-------- D:\Documents and Settings\Saska\Application Data\FDRLab 2008-04-27 14:10 . 2008-04-27 14:10 <DIR> d-------- D:\Program Files\Mario Forever Toolbar 2008-04-27 14:10 . 2008-04-27 14:10 407,129 --a------ D:\WINDOWS\MarioForever_Toolbar_Uninstaller_4260.exe 2008-04-27 14:08 . 2008-05-17 17:48 <DIR> d-------- D:\Program Files\Mario Forever 2008-04-23 20:30 . 2008-05-25 13:19 160 --a------ D:\WINDOWS\mafosav.INI 2008-04-22 00:15 . 2008-04-22 00:15 <DIR> d-------- D:\WINDOWS\Sun 2008-04-21 23:38 . 2008-04-21 23:38 <DIR> d-------- D:\Program Files\TravianMultiplyEN 2008-04-21 02:17 . 2008-04-21 02:17 <DIR> d-------- D:\Program Files\Travian 2008-04-10 23:40 . 2008-04-10 23:40 <DIR> d-------- D:\Program Files\DNA 2008-04-10 23:40 . 2008-04-10 23:40 <DIR> d-------- D:\Program Files\BitTorrent 2008-04-10 23:40 . 2008-04-19 00:57 <DIR> d-------- D:\Documents and Settings\Saska\Application Data\DNA 2008-04-10 23:40 . 2008-04-28 00:23 <DIR> d-------- D:\Documents and Settings\Saska\Application Data\BitTorrent 2008-04-10 23:22 . 2008-05-24 19:44 <DIR> d-------- D:\Program Files\LimeWire 2008-04-10 23:22 . 2008-04-14 01:08 <DIR> d-------- D:\Documents and Settings\Saska\Application Data\LimeWire 2008-04-08 20:13 . 2004-08-03 22:58 100,992 --a------ D:\WINDOWS\system32\drivers\bthpan.sys 2008-04-08 20:13 . 2004-08-03 22:58 100,992 --a--c--- D:\WINDOWS\system32\dllcache\bthpan.sys 2008-04-07 00:59 . 2004-08-04 00:56 159,232 --a------ D:\WINDOWS\system32\ptpusd.dll 2008-04-07 00:59 . 2004-08-03 22:58 15,104 --a------ D:\WINDOWS\system32\drivers\usbscan.sys 2008-04-07 00:59 . 2004-08-03 22:58 15,104 --a--c--- D:\WINDOWS\system32\dllcache\usbscan.sys 2008-04-07 00:59 . 2001-08-17 22:36 5,632 --a------ D:\WINDOWS\system32\ptpusb.dll 2008-04-02 23:43 . 2008-04-02 23:43 <DIR> d-------- D:\Program Files\Common Files\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-31 09:42 6,156,769 ----a-w D:\WINDOWS\Internet Logs\tvDebug.zip 2008-05-22 18:14 --------- d-----w D:\Program Files\Opera 2008-05-20 16:03 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-05-16 20:59 --------- d-----w D:\Program Files\EA GAMES 2008-04-26 18:03 3,000,320 ----a-w D:\WINDOWS\Internet Logs\xDB4.tmp 2008-04-26 18:03 2,767,360 ----a-w D:\WINDOWS\Internet Logs\xDB3.tmp 2008-04-26 02:44 2,999,296 ----a-w D:\WINDOWS\Internet Logs\xDB2.tmp 2008-04-10 21:36 --------- d-----w D:\Program Files\Azureus 2008-04-10 21:04 --------- d-----w D:\Program Files\FrostWire 2008-04-03 22:41 --------- d-----w D:\Program Files\Winamp 2008-04-03 22:40 --------- d-----w D:\Documents and Settings\Saska\Application Data\Winamp 2008-04-01 18:02 --------- d-----w D:\Program Files\Java 2008-03-31 11:49 --------- d-----w D:\Documents and Settings\Saska\Application Data\Skype 2008-03-30 20:52 --------- d-----w D:\Program Files\Battle For Troy 2008-03-29 22:21 --------- d-----w D:\Program Files\Skype 2008-03-29 22:21 --------- d-----w D:\Program Files\Common Files\Skype 2008-03-29 22:21 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype 2008-03-27 08:12 151,583 ----a-w D:\WINDOWS\system32\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w D:\WINDOWS\system32\win32k.sys 2008-03-15 10:52 66,812 ----a-w D:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_14_00_10_16_small.dmp.zip 2008-03-13 22:11 1,086,952 ----a-w D:\WINDOWS\system32\zpeng24.dll 2008-03-01 13:06 826,368 ----a-w D:\WINDOWS\system32\wininet.dll 2008-02-26 11:59 294,912 ----a-w D:\WINDOWS\system32\msctf.dll 2008-02-20 06:51 282,624 ----a-w D:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w D:\WINDOWS\system32\dnsrslvr.dll 2008-02-12 11:56 2,695,680 ----a-w D:\WINDOWS\Internet Logs\xDB1.tmp 2008-02-01 16:07 18,487 ----a-w D:\WINDOWS\system32\Ntaccess.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-30_18.55.18,84 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-30 16:03:39 2,048 --s-a-w D:\WINDOWS\bootstat.dat + 2008-05-31 09:42:52 2,048 --s-a-w D:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "SweetIM"="D:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 21:15 103712] "msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-04 01:33 32768] "nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-12-27 04:33 949376] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SoundMan"="SOUNDMAN.EXE" [2006-04-01 07:33 77824 D:\WINDOWS\SOUNDMAN.EXE] "RaidTool"="D:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 15:54 589824] "Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 D:\WINDOWS\system32\bthprops.cpl] "ZoneAlarm Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 00:11 919016] "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "LogitechCommunicationsManager"="D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984] "LogitechQuickCamRibbon"="D:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792] "NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] antiwpa.dll 2006-07-23 00:49 5376 D:\WINDOWS\system32\antiwpa.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "D:\\Program Files\\Opera\\Opera.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= "D:\\Program Files\\LimeWire\\LimeWire.exe"= "D:\\Program Files\\DNA\\btdna.exe"= "D:\\Program Files\\BitTorrent\\bittorrent.exe"= R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22] R2 ATIBTCAP;ATI TV Wonder Video Capture;D:\WINDOWS\system32\drivers\atibtcap.sys [2006-04-01 07:33] R2 ATIBTXBAR;ATI TV Wonder Video Crossbar;D:\WINDOWS\system32\drivers\atibtxbr.sys [2006-04-01 07:33] R2 ATIVTUTW;ATI TV Wonder TV Tuner;D:\WINDOWS\system32\drivers\ativtutw.sys [2006-04-01 07:33] R2 ATIVXSTW;ATI TV Wonder Audio Crossbar;D:\WINDOWS\system32\drivers\ativxstw.sys [2006-04-01 07:33] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"D:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31] . Contents of the 'Scheduled Tasks' folder "2008-04-13 14:27:09 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-02-03 13:06:05 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-04-24 00:51:16 D:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-02-14 00:08:05 D:\WINDOWS\Tasks\Uniblue SpyEraser.job" - D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-31 11:43:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . D:\WINDOWS\system32\ati2evxx.exe D:\WINDOWS\system32\ati2evxx.exe D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\ESET\nod32krn.exe D:\WINDOWS\system32\wdfmgr.exe D:\WINDOWS\system32\rundll32.exe D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe D:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe D:\Program Files\Common Files\Teleca Shared\Generic.exe D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************ . Completion time: 2008-05-31 11:49:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-31 09:49:48 ComboFix2.txt 2008-05-30 16:57:52 Pre-Run: 16,309,805,056 bytes free Post-Run: 16,218,198,016 bytes free 217 --- E O F --- 2008-05-28 12:36:14

Profil

dr_Bora Poslao: 31 Maj 2008 12:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

the_shashkica Poslao: 31 Maj 2008 12:31 Idi na vrh
offline the_shashkica Novi MyCity građanin Pridružio: 30 Maj 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nema problema, sve je super:).....hvala!!!.....

Profil

MyCity » Ambulanta -> Arhiva Ambulante » win32 virtumonde problem...pomoc:)

Ko je trenutno na forumu

Ukupno su 1065 korisnika na forumu :: 56 registrovanih, 7 sakrivenih i 1002 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Apok, babaroga, Bokiboks, bokisha253, darkangel, Dimitrise93, dule10savic, FOX, Insan, Karla, kihot, kjkszpj, Klecaviks, Kubovac, kunktator, ladro, ljuba, Lubica, Marko Marković, Mi lao shu, mikrimaus, milenko crazy north, milutin134, Mixelotti, mrav pesadinac, nenad81, Nobunaga, Parker, pein, prle122, procesor, raptorsi, RJ, sasa87, Sirius, slonic_tonic, Smiljke, sovanova95, Srki94, Srle993, stalja, Stoilkovic, styg, Sumadija34, theNedjeljko, Trpe Grozni, Tvrtko I, vaso1, vathra, YU-UKI, Zoca, žeks62, 125, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by