MyCity » Ambulanta -> Arhiva Ambulante » Virtumonde

Virtumonde

Napisano na dan: 13.3.2008

Virtumonde

Sledeća strana

Pagination

Odgovori

spike Poslao: 13 Mar 2008 12:43 Idi na vrh
offline spike Novi MyCity građanin Pridružio: 13 Mar 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Cao ja sam nov na forumu i treba mi vasa pomoc... Uleteo mi je Virtumonde i nema sanse da ga skinem...probao sam sa VunoFixom i malo sam se zezao sa Hijack this ali nisam bas nesto ves tu..Evo sta mi prijavljuje Hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:42:10 PM, on 3/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {ADA4AB54-F034-41A4-9A68-95DF06976B68} - C:\WINDOWS\system32\mljjhig.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" /c O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - [Link mogu videti samo ulogovani korisnici] O20 - Winlogon Notify: mljjhig - C:\WINDOWS\SYSTEM32\mljjhig.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O24 - Desktop Component 0: (no name) - [Link mogu videti samo ulogovani korisnici] -- End of file - 6504 bytes Molim za pomoc...hvala unapred

Profil

helen1 Poslao: 13 Mar 2008 12:54 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobro dosao, Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

spike Poslao: 13 Mar 2008 13:39 Idi na vrh
offline spike Novi MyCity građanin Pridružio: 13 Mar 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo log-a od Combo fixa: ComboFix 08-03-10.1 - markor 2008-03-13 13:16:20.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.899 [GMT 1:00] Running from: C:\Documents and Settings\markor\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 ))))))))))))))))))))))))))))))) . 2008-03-13 13:12 . 2008-03-13 13:12 0 --a------ C:\WINDOWS\system32\SBRC.dat 2008-03-13 13:12 . 2008-03-13 13:12 0 --a------ C:\WINDOWS\system32\SBFC.dat 2008-03-13 13:11 . 2008-03-13 13:11 <DIR> d-------- C:\Documents and Settings\markor\Application Data\Sunbelt Software 2008-03-13 13:11 . 2008-03-13 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software 2008-03-13 13:10 . 2008-03-13 13:10 <DIR> d-------- C:\Program Files\Sunbelt Software 2008-03-13 11:40 . 2008-03-13 11:40 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-03-13 11:24 . 2008-03-13 11:24 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-13 11:14 . 2008-03-13 11:42 <DIR> d-------- C:\VundoFix Backups 2008-03-13 10:58 . 2008-03-13 10:58 41,984 --a------ C:\WINDOWS\system32\mljjhig.dll 2008-03-13 10:52 . 2008-03-13 10:52 <DIR> d-------- C:\Program Files\EKAf Incorporated 2008-03-03 10:56 . 2008-03-03 10:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-03 10:56 . 2008-03-03 10:56 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-28 10:00 . 2008-02-28 10:00 <DIR> d-------- C:\Program Files\Real 2008-02-28 10:00 . 2008-02-28 10:00 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-02-28 09:59 . 2008-02-28 10:00 <DIR> d-------- C:\Program Files\Common Files\Real 2008-02-28 09:49 . 2008-02-28 10:09 <DIR> d-------- C:\Program Files\Super Internet TV 2008-02-27 11:31 . 2008-02-27 11:31 <DIR> d-------- C:\Documents and Settings\markor\Application Data\fltk.org 2008-02-27 09:01 . 2008-02-27 09:02 <DIR> d-------- C:\Program Files\TVUPlayer 2008-02-27 09:01 . 2008-02-27 09:01 <DIR> d-------- C:\Program Files\TVAnts 2008-02-27 09:01 . 2008-02-27 09:01 <DIR> d-------- C:\Documents and Settings\markor\Application Data\TVU Networks 2008-02-27 09:00 . 2008-02-27 09:01 <DIR> d-------- C:\Program Files\Satellite TV for PC 2008-02-18 09:58 . 2008-02-18 09:58 <DIR> d-------- C:\Program Files\Telenor 2008-02-14 12:56 . 2008-02-14 12:56 <DIR> d-------- C:\Documents and Settings\markor\Application Data\vlc 2008-02-14 12:52 . 2008-02-14 12:52 <DIR> d-------- C:\Program Files\VideoLAN 2008-02-14 12:51 . 2008-02-14 12:51 <DIR> d-------- C:\Documents and Settings\markor\Application Data\vtcmovies 2008-02-14 12:51 . 2008-02-14 12:51 <DIR> d-------- C:\Documents and Settings\markor\Application Data\vtc_language 2008-02-14 12:51 . 2008-02-14 12:51 <DIR> d-------- C:\Documents and Settings\markor\Application Data\vtc_demo_setup 2008-02-14 12:51 . 2008-02-14 12:51 <DIR> d-------- C:\Documents and Settings\markor\Application Data\VTC Preferences Folder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-13 11:24 --------- d-----w C:\Program Files\XoftSpySE 2008-03-13 10:02 --------- d-----w C:\Documents and Settings\markor\Application Data\uTorrent 2008-03-12 10:28 --------- d-----w C:\Program Files\Planplus 2008-02-08 00:43 --------- d-----w C:\Program Files\ESET 2008-02-06 12:24 --------- d-----w C:\Program Files\Neoretix 2008-02-04 10:09 --------- d-----w C:\Documents and Settings\markor\Application Data\Nokia 2008-02-01 10:11 --------- d-----w C:\Program Files\SourceTec 2008-02-01 10:06 --------- d-----w C:\Documents and Settings\markor\Application Data\Nokia Multimedia Player 2008-02-01 10:03 --------- d-----w C:\Program Files\DIFX 2008-02-01 10:02 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-02-01 10:02 --------- d-----w C:\Program Files\Nokia 2008-02-01 10:02 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-02-01 10:02 --------- d-----w C:\Program Files\Common Files\Nokia 2008-02-01 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-01-31 12:02 --------- d-----w C:\Program Files\uTorrent 2008-01-28 10:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-28 10:01 --------- d-----w C:\Documents and Settings\markor\Application Data\U3 2008-01-17 15:53 --------- d-----w C:\Program Files\sdc205 2008-01-17 13:05 --------- d-----w C:\Program Files\Torrent-Search 2008-01-17 13:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-17 13:04 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-17 10:55 --------- d-----w C:\Program Files\SystemRequirementsLab . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ADA4AB54-F034-41A4-9A68-95DF06976B68}] 2008-03-13 10:58 41984 --a------ C:\WINDOWS\system32\mljjhig.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-09-24 12:27 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25 94208] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 17:28 93640] "Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-26 13:59 949376] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-28 09:59 185896] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{ADA4AB54-F034-41A4-9A68-95DF06976B68}"= C:\WINDOWS\system32\mljjhig.dll [2008-03-13 10:58 41984] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjhig] mljjhig.dll 2008-03-13 10:58 41984 C:\WINDOWS\system32\mljjhig.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-05-23 11:02 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SMSERIAL"=sm56hlpr.exe "AlcWzrd"=ALCWZRD.EXE "Alcmtr"=ALCMTR.EXE "SoundMan"=SOUNDMAN.EXE "RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\WINDOWS\\system32\\mcoinstall.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "C:\\Program Files\\Evil Msn\\Evil Msn 3.0.exe"= "C:\\Program Files\\sdc205\\StrongDC.exe"= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-11-01 17:45] S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 17:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c233b09f-cd87-11dc-a56c-0013cef19ab1}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-03-07 16:16:19 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe "2008-03-13 12:23:43 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2008-03-10 07:50:34 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-13 13:24:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\mljjhig.dll PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\MSN Messenger\usnsvc.exe . ************************************************************************ . Completion time: 2008-03-13 13:31:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-13 12:31:19 . 2008-03-12 10:02:03 --- E O F ---

Profil

helen1 Poslao: 13 Mar 2008 18:25 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\mljjhig.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ADA4AB54-F034-41A4-9A68-95DF06976B68}] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{ADA4AB54-F034-41A4-9A68-95DF06976B68}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjhig]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

spike Poslao: 14 Mar 2008 09:05 Idi na vrh
offline spike Novi MyCity građanin Pridružio: 13 Mar 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala ti puno !!! Ocistio ga je, konacno Evo log fila, da li treba jos nesto da uradim: ComboFix 08-03-10.1 - markor 2008-03-14 8:54:29.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.945 [GMT 1:00] Running from: C:\Documents and Settings\markor\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\markor\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\mljjhig.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mljjhig.dll . ((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 ))))))))))))))))))))))))))))))) . 2008-03-13 13:12 . 2008-03-13 13:12 0 --a------ C:\WINDOWS\system32\SBRC.dat 2008-03-13 13:12 . 2008-03-13 13:12 0 --a------ C:\WINDOWS\system32\SBFC.dat 2008-03-13 13:11 . 2008-03-13 13:11 <DIR> d-------- C:\Documents and Settings\markor\Application Data\Sunbelt Software 2008-03-13 11:40 . 2008-03-13 11:40 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2008-03-13 11:24 . 2008-03-13 11:24 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-13 11:14 . 2008-03-13 11:42 <DIR> d-------- C:\VundoFix Backups 2008-03-13 10:52 . 2008-03-13 10:52 <DIR> d-------- C:\Program Files\EKAf Incorporated 2008-03-03 10:56 . 2008-03-03 10:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-03 10:56 . 2008-03-03 10:56 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-28 10:00 . 2008-02-28 10:00 <DIR> d-------- C:\Program Files\Real 2008-02-28 10:00 . 2008-02-28 10:00 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-02-28 09:59 . 2008-02-28 10:00 <DIR> d-------- C:\Program Files\Common Files\Real 2008-02-28 09:49 . 2008-02-28 10:09 <DIR> d-------- C:\Program Files\Super Internet TV 2008-02-27 11:31 . 2008-02-27 11:31 <DIR> d-------- C:\Documents and Settings\markor\Application Data\fltk.org 2008-02-27 09:01 . 2008-02-27 09:02 <DIR> d-------- C:\Program Files\TVUPlayer 2008-02-27 09:01 . 2008-02-27 09:01 <DIR> d-------- C:\Program Files\TVAnts 2008-02-27 09:01 . 2008-02-27 09:01 <DIR> d-------- C:\Documents and Settings\markor\Application Data\TVU Networks 2008-02-27 09:00 . 2008-02-27 09:01 <DIR> d-------- C:\Program Files\Satellite TV for PC 2008-02-18 09:58 . 2008-02-18 09:58 <DIR> d-------- C:\Program Files\Telenor 2008-02-14 12:56 . 2008-02-14 12:56 <DIR> d-------- C:\Documents and Settings\markor\Application Data\vlc 2008-02-14 12:52 . 2008-02-14 12:52 <DIR> d-------- C:\Program Files\VideoLAN 2008-02-14 12:51 . 2008-02-14 12:51 <DIR> d-------- C:\Documents and Settings\markor\Application Data\vtcmovies 2008-02-14 12:51 . 2008-02-14 12:51 <DIR> d-------- C:\Documents and Settings\markor\Application Data\vtc_language 2008-02-14 12:51 . 2008-02-14 12:51 <DIR> d-------- C:\Documents and Settings\markor\Application Data\vtc_demo_setup 2008-02-14 12:51 . 2008-02-14 12:51 <DIR> d-------- C:\Documents and Settings\markor\Application Data\VTC Preferences Folder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-14 07:58 --------- d-----w C:\Documents and Settings\markor\Application Data\uTorrent 2008-03-13 11:24 --------- d-----w C:\Program Files\XoftSpySE 2008-03-12 10:28 --------- d-----w C:\Program Files\Planplus 2008-02-08 00:43 --------- d-----w C:\Program Files\ESET 2008-02-06 12:24 --------- d-----w C:\Program Files\Neoretix 2008-02-04 10:09 --------- d-----w C:\Documents and Settings\markor\Application Data\Nokia 2008-02-01 10:11 --------- d-----w C:\Program Files\SourceTec 2008-02-01 10:06 --------- d-----w C:\Documents and Settings\markor\Application Data\Nokia Multimedia Player 2008-02-01 10:03 --------- d-----w C:\Program Files\DIFX 2008-02-01 10:02 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-02-01 10:02 --------- d-----w C:\Program Files\Nokia 2008-02-01 10:02 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-02-01 10:02 --------- d-----w C:\Program Files\Common Files\Nokia 2008-02-01 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2008-01-31 12:02 --------- d-----w C:\Program Files\uTorrent 2008-01-28 10:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-28 10:01 --------- d-----w C:\Documents and Settings\markor\Application Data\U3 2008-01-17 15:53 --------- d-----w C:\Program Files\sdc205 2008-01-17 13:05 --------- d-----w C:\Program Files\Torrent-Search 2008-01-17 13:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-17 13:04 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-17 10:55 --------- d-----w C:\Program Files\SystemRequirementsLab . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-13 11:10:41 63,814 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-13 12:28:45 63,814 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-13 11:10:41 405,160 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-13 12:28:45 405,160 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-09-24 12:27 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25 94208] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056] "InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 17:28 93640] "Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-26 13:59 949376] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-28 09:59 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-05-23 11:02 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SMSERIAL"=sm56hlpr.exe "AlcWzrd"=ALCWZRD.EXE "Alcmtr"=ALCMTR.EXE "SoundMan"=SOUNDMAN.EXE "RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "C:\\WINDOWS\\system32\\mcoinstall.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "C:\\Program Files\\Evil Msn\\Evil Msn 3.0.exe"= "C:\\Program Files\\sdc205\\StrongDC.exe"= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-11-01 17:45] S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 17:22] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c233b09f-cd87-11dc-a56c-0013cef19ab1}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-03-07 16:16:19 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe "2008-03-14 07:59:35 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2008-03-10 07:50:34 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-03-14 08:59:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\MSN Messenger\usnsvc.exe . ************************************************************************ . Completion time: 2008-03-14 9:02:41 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-14 08:02:37 ComboFix2.txt 2008-03-13 12:31:25 . 2008-03-12 10:02:03 --- E O F ---

Profil

helen1 Poslao: 14 Mar 2008 18:48 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

spike Poslao: 18 Mar 2008 09:56 Idi na vrh
offline spike Novi MyCity građanin Pridružio: 13 Mar 2008 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! HVALA TI PUNO....sve radi kao i pre veliki pozdrav,

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virtumonde

Ko je trenutno na forumu

Ukupno su 1129 korisnika na forumu :: 87 registrovanih, 12 sakrivenih i 1030 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Aleksa 3215, amaterSRB, Andrija357, Ata81, bankulen, Bobrock1, boj.an, bokisha253, bolimejoli, Boris90, borya90, ccoogg123, cemix, DalmatinacMF, Dambi, Dare, Denaya, djile1, djordje92sm, doom83, draganl, feanor, Frunze, GH69, gomago, GORDI, Istman, ivan1973, ivanR164, jalos, JK, Jomini, kljift, Kobrim, Konda, kovinacc, Kubovac, kunktator, Leteća Krofna, ljuba, loon123, LostInSpaceandTime, lucko1, lukac, M74AB3, macak44, mack8, Magistar78, Marko Marković, mikrimaus, milenko crazy north, Mitrast, moldway, Mrav Obrad, niksa517, Nobunaga, Novakomp, opt1, Panter, Pavle29L, pein, Povratak1912, predragc, Prečanin30, randja26, raptorsi, raster12, rikirubio, Rogan33, Rusmir, Slingshot, Srki94, Str2022, Timočka Divizija, tuja, vargas, vathra, Velizar Laro, VJ, vladas87, voja64, Volkcho, vuksa72, XBMC, Zavulon, zeka013

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by