MyCity » Ambulanta -> Arhiva Ambulante » virtumonde.dll, antivirus 2009

virtumonde.dll, antivirus 2009

Napisano na dan: 27.8.2008

virtumonde.dll, antivirus 2009

Sledeća strana

Pagination

Odgovori

Starday Poslao: 27 Avg 2008 08:38 Idi na vrh
offline Starday Građanin Pridružio: 25 Okt 2006 Poruke: 276	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! skinuo sam preko torenta adobe acrobat 9.11 koji zapravo nije bio to već nekakav virtualmonde (tako tvrdi spybot S&D). sada mi povremeno otvara hxxp://errorslogs-page202.com/2009/1/_freescan.php?aid=77052201 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:27, on 2008-08-27 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\taskswitch.exe E:\Microsoft Office 2007\Office12\GrooveMonitor.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=082908 serial=DR12WEX-1504397-KTY lang=EN O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [GrooveMonitor] "E:\Microsoft Office 2007\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe 0 1 3 9 12 15 16 17 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft Office 2007\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 12177 bytes

Profil

helen1 Poslao: 27 Avg 2008 12:10 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozzz * Klikni desnim tasterom na Norton Antivirus ikonicu ( u donjem, desnom uglu ekrana i izaberi Disable Auto Protect. * Zatim izaberi željeno trajanje (npr. 5 sati) i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. - Zatim skinuti file sa ovog linka na Desktop. - Pokrenuti file dvoklikom i ispratiti uputstva. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Starday Poslao: 27 Avg 2008 13:16 Idi na vrh
offline Starday Građanin Pridružio: 25 Okt 2006 Poruke: 276	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uradio sam kako ste rekli. ovo je log. ComboFix 08-08-26.02 - Administrator 2008-08-27 12:52:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.407 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\My Documents\My Recieved Files\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\SENDDYA2\bin.clearspring.com C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\SENDDYA2\static.youku.com C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com C:\WINDOWS\BM43138f7b.txt C:\WINDOWS\system\oeminfo.ini C:\WINDOWS\system32\emeqfbwf.dll C:\WINDOWS\system32\fwbfqeme.ini C:\WINDOWS\system32\ggPAaaHk.ini C:\WINDOWS\system32\ggPAaaHk.ini2 C:\WINDOWS\system32\kHaaAPgg.dll C:\WINDOWS\system32\lkvqgsxc.ini C:\WINDOWS\system32\pMDvwuSK.dll C:\WINDOWS\system32\ufyepqxo.exe . ((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))) . 2008-08-27 11:43 . 2008-08-27 11:43 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-08-27 10:32 . 2008-08-27 10:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Orbit 2008-08-27 10:28 . 2008-08-27 10:28 <DIR> d-------- C:\downloads 2008-08-27 10:28 . 2008-08-27 10:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\GrabPro 2008-08-27 09:35 . 2008-08-27 09:35 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-27 09:35 . 2008-08-27 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-27 09:34 . 2008-08-27 09:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-26 15:09 . 2008-08-26 15:09 0 --a------ C:\WINDOWS\BM43138f7b.xml 2008-08-26 09:31 . 2008-08-26 10:31 149 --a------ C:\WINDOWS\wininit.ini 2008-08-22 10:49 . 2008-08-22 10:49 <DIR> d-------- C:\Program Files\Cosmi 2008-08-22 10:49 . 2008-08-22 10:49 <DIR> d-------- C:\Program Files\Common Files\Cosmi 2008-08-22 10:49 . 2008-08-22 10:49 <DIR> d-------- C:\Program Files\Common Files\Borland Shared 2008-08-22 10:49 . 1997-07-10 10:36 299,008 --a------ C:\WINDOWS\system32\SKY32V3C.DLL 2008-08-22 10:49 . 1996-05-07 19:59 47,104 --a------ C:\WINDOWS\system32\D2HTLS32.DLL 2008-08-22 10:49 . 1996-02-28 15:47 28,976 --a------ C:\WINDOWS\system32\D2HTOOLS.DLL 2008-08-22 10:49 . 2008-08-22 10:49 0 --a------ C:\WINDOWS\PROTOCOL.INI 2008-08-21 07:59 . 2008-08-21 07:59 <DIR> d-------- C:\Program Files\MagicISO 2008-08-20 12:05 . 2008-08-20 12:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ABBYY 2008-08-20 12:00 . 2008-08-20 12:00 <DIR> d-------- C:\Program Files\Common Files\ABBYY 2008-08-20 11:58 . 2008-08-20 12:04 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0 2008-08-20 11:58 . 2008-08-21 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ABBYY 2008-08-20 07:26 . 2008-08-25 11:31 2,828 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2008-08-20 07:26 . 2008-08-20 07:26 8 -r-hs---- C:\Documents and Settings\All Users\Application Data\F99E9C3E86.sys 2008-08-20 07:24 . 2008-08-20 07:24 <DIR> d-------- C:\Program Files\Common Files\Protexis 2008-08-20 07:24 . 2008-08-20 07:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel 2008-08-20 07:22 . 2008-08-20 07:30 <DIR> d-------- C:\Program Files\Corel 2008-08-20 07:22 . 2008-08-20 07:22 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-08-18 08:29 . 2008-08-18 08:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero 2008-08-18 08:27 . 2008-08-18 08:27 <DIR> d-------- C:\Program Files\Nero 2008-08-18 08:27 . 2008-08-18 08:28 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-08-18 08:27 . 2008-08-18 08:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-08-13 09:49 . 2008-08-13 09:49 131,584 --a------ C:\Program Files\KB27888.exe 2008-08-13 09:49 . 2008-08-13 09:49 126,976 --a------ C:\WINDOWS\wxml56164.dll 2008-08-05 09:17 . 2008-08-05 09:17 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-08-04 10:27 . 2008-08-04 10:27 135,680 --a------ C:\Program Files\KB51942.exe 2008-08-04 10:27 . 2008-08-04 10:27 131,072 --a------ C:\WINDOWS\wxmlua.dll 2008-07-30 13:20 . 2008-07-30 13:20 <DIR> d-------- C:\WINDOWS\system32\ivtMobCache 2008-07-30 13:20 . 2008-07-30 13:20 1,260 --a------ C:\WINDOWS\system32\SHORTCUT.INI 2008-07-30 13:20 . 2008-08-15 13:34 215 --a------ C:\WINDOWS\BsMobileModel.ini 2008-07-30 13:19 . 2008-08-25 11:24 4,535 --a------ C:\WINDOWS\system32\LOCALSERVICE.INI 2008-07-30 13:19 . 2008-08-25 11:23 126 --a------ C:\WINDOWS\system32\REMOTEDEVICE.INI 2008-07-30 13:19 . 2008-08-25 11:21 107 --a------ C:\WINDOWS\system32\LOCALDEVICE.INI 2008-07-30 13:18 . 2008-07-30 13:18 131,072 --a------ C:\WINDOWS\winxml2a.dll 2008-07-30 13:10 . 2008-07-30 13:10 0 --a------ C:\WINDOWS\system32\BSPRINT.INI 2008-07-30 13:09 . 2008-07-30 13:09 <DIR> d-------- C:\Program Files\IVT Corporation 2008-07-30 13:09 . 2008-07-30 13:10 32 --a------ C:\WINDOWS\0 2008-07-30 13:09 . 2008-07-30 13:09 0 --a------ C:\WINDOWS\system32\0 2008-07-28 14:24 . 2008-07-28 14:24 <DIR> d-------- C:\Program Files\Manage PC Shut Down 2008-07-28 08:35 . 2008-08-27 12:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent 2008-07-28 08:34 . 2008-07-28 08:34 <DIR> d-------- C:\Program Files\DNA 2008-07-28 08:34 . 2008-07-28 08:34 <DIR> d-------- C:\Program Files\BitTorrent 2008-07-28 08:34 . 2008-08-27 13:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-27 11:06 8,046,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-27 11:04 96,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-27 11:04 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-08-27 11:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit 2008-08-27 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon 2008-08-27 08:35 --------- d-----w C:\Program Files\Orbitdownloader 2008-08-22 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-21 12:43 --------- d-----w C:\Program Files\Opera 2008-08-21 05:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-20 10:31 --------- d-----w C:\Program Files\Java 2008-08-20 05:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel 2008-08-08 11:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Shareaza 2008-08-06 10:39 --------- d-----w C:\Program Files\Winamp 2008-08-06 10:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp 2008-08-01 11:03 --------- d-----w C:\Program Files\Foxit Software 2008-07-30 11:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-17 11:07 40,960 ----a-w C:\WINDOWS\BMW 6 Series Coupé.dll 2008-07-17 11:07 302,244 ----a-w C:\WINDOWS\BMW 6 Series Coupé.scr 2008-07-17 11:07 3,623,851 ----a-w C:\WINDOWS\BMW 6 Series Coupé.exe 2008-07-16 11:59 --------- d-----w C:\Program Files\Microsoft Bootvis 2008-07-10 11:00 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-10 10:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-07-10 10:23 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-07-09 12:19 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-07-09 07:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2008-07-07 09:52 --------- d-----w C:\Program Files\Avant Browser 2008-06-24 14:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-06-06 12:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-28 08:34 341824] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 16:06 1840424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30 85184] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384] "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632] "GrooveMonitor"="E:\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 23:49 3116768] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-07-09 20:51 229888] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe] "nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 2:19:50 AM 217193] Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [11/20/2007 9:14:02 AM 1707208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "E:\\Microsoft Office 2007\\Office12\\GROOVE.EXE"= "E:\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\IEPro\\MiniDM.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-01-21 19:28] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 21:03] R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-07-09 20:51] R2 BsMobileCS;BsMobileCS;C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 18:26] R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2005-06-10 11:01] R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15] R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 12:33] R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2008-06-04 18:28] R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-01-21 19:28] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-09 08:01] S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2005-09-02 18:49] S3 Usbtmc;ausbtmc;C:\WINDOWS\system32\Drivers\ausbtmc.sys [2003-04-10 13:35] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f2e6fa3-62ad-11dd-abc5-001583b3d1a5}] \Shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe . - - - - ORPHANS REMOVED - - - - WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file) HKCU-Run-FUIClearHis - C:\Program Files\FreshDevices\FreshUI\freshui.exe HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe HKLM-Run-CorelDRAW Graphics Suite 11b - C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mtxe25uq.default\ FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF -: plugin - C:\Program Files\Microsoft Silverlight\npctrl.1.0.21115.0.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - C:\Program Files\Opera 9.5 beta\program\plugins\npdsplay.dll FF -: plugin - C:\Program Files\Opera 9.5 beta\program\plugins\NPSWF32.dll FF -: plugin - C:\Program Files\Opera 9.5 beta\program\plugins\npwmsdrm.dll FF -: plugin - C:\Program Files\Opera\program\plugins\nppl3260.dll FF -: plugin - C:\Program Files\Opera\program\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-27 13:05:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\MATLAB7\bin\win32\MATLAB.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\WINDOWS\system32\wbem\wmiadap.exe . ************************************************************************ . Completion time: 2008-08-27 13:10:52 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2008-08-27 11:10:47 Pre-Run: 63,986,229,248 bytes free Post-Run: 63,947,571,200 bytes free 240 --- E O F --- 2007-10-30 11:34:27

Profil

helen1 Poslao: 27 Avg 2008 18:00 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\Program Files\KB27888.exe C:\WINDOWS\wxml56164.dll C:\Program Files\KB51942.exe C:\WINDOWS\wxmlua.dll C:\WINDOWS\winxml2a.dll` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Starday Poslao: 28 Avg 2008 07:16 Idi na vrh
offline Starday Građanin Pridružio: 25 Okt 2006 Poruke: 276	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-08-26.02 - Administrator 2008-08-28 7:06:42.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.477 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Program Files\KB27888.exe C:\Program Files\KB51942.exe C:\WINDOWS\winxml2a.dll C:\WINDOWS\wxml56164.dll C:\WINDOWS\wxmlua.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\KB27888.exe C:\Program Files\KB51942.exe C:\WINDOWS\winxml2a.dll C:\WINDOWS\wxml56164.dll C:\WINDOWS\wxmlua.dll . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))) . 2008-08-27 11:43 . 2008-08-27 11:43 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-08-27 10:32 . 2008-08-27 10:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Orbit 2008-08-27 10:28 . 2008-08-27 10:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\GrabPro 2008-08-27 09:35 . 2008-08-27 09:35 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-27 09:35 . 2008-08-27 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-27 09:34 . 2008-08-27 09:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-26 15:09 . 2008-08-26 15:09 0 --a------ C:\WINDOWS\BM43138f7b.xml 2008-08-26 09:31 . 2008-08-26 10:31 149 --a------ C:\WINDOWS\wininit.ini 2008-08-22 10:49 . 2008-08-22 10:49 <DIR> d-------- C:\Program Files\Cosmi 2008-08-22 10:49 . 2008-08-22 10:49 <DIR> d-------- C:\Program Files\Common Files\Cosmi 2008-08-22 10:49 . 2008-08-22 10:49 <DIR> d-------- C:\Program Files\Common Files\Borland Shared 2008-08-22 10:49 . 1997-07-10 10:36 299,008 --a------ C:\WINDOWS\system32\SKY32V3C.DLL 2008-08-22 10:49 . 1996-05-07 19:59 47,104 --a------ C:\WINDOWS\system32\D2HTLS32.DLL 2008-08-22 10:49 . 1996-02-28 15:47 28,976 --a------ C:\WINDOWS\system32\D2HTOOLS.DLL 2008-08-22 10:49 . 2008-08-22 10:49 0 --a------ C:\WINDOWS\PROTOCOL.INI 2008-08-21 07:59 . 2008-08-21 07:59 <DIR> d-------- C:\Program Files\MagicISO 2008-08-20 12:05 . 2008-08-20 12:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ABBYY 2008-08-20 12:00 . 2008-08-20 12:00 <DIR> d-------- C:\Program Files\Common Files\ABBYY 2008-08-20 11:58 . 2008-08-20 12:04 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0 2008-08-20 11:58 . 2008-08-21 08:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ABBYY 2008-08-20 07:26 . 2008-08-25 11:31 2,828 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2008-08-20 07:26 . 2008-08-20 07:26 8 -r-hs---- C:\Documents and Settings\All Users\Application Data\F99E9C3E86.sys 2008-08-20 07:24 . 2008-08-20 07:24 <DIR> d-------- C:\Program Files\Common Files\Protexis 2008-08-20 07:24 . 2008-08-20 07:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel 2008-08-20 07:22 . 2008-08-20 07:30 <DIR> d-------- C:\Program Files\Corel 2008-08-20 07:22 . 2008-08-20 07:22 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-08-18 08:29 . 2008-08-18 08:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero 2008-08-18 08:27 . 2008-08-18 08:27 <DIR> d-------- C:\Program Files\Nero 2008-08-18 08:27 . 2008-08-18 08:28 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-08-18 08:27 . 2008-08-18 08:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-08-05 09:17 . 2008-08-05 09:17 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR 2008-07-30 13:20 . 2008-07-30 13:20 <DIR> d-------- C:\WINDOWS\system32\ivtMobCache 2008-07-30 13:20 . 2008-07-30 13:20 1,260 --a------ C:\WINDOWS\system32\SHORTCUT.INI 2008-07-30 13:20 . 2008-08-15 13:34 215 --a------ C:\WINDOWS\BsMobileModel.ini 2008-07-30 13:19 . 2008-08-25 11:24 4,535 --a------ C:\WINDOWS\system32\LOCALSERVICE.INI 2008-07-30 13:19 . 2008-08-25 11:23 126 --a------ C:\WINDOWS\system32\REMOTEDEVICE.INI 2008-07-30 13:19 . 2008-08-25 11:21 107 --a------ C:\WINDOWS\system32\LOCALDEVICE.INI 2008-07-30 13:10 . 2008-07-30 13:10 0 --a------ C:\WINDOWS\system32\BSPRINT.INI 2008-07-30 13:09 . 2008-07-30 13:09 <DIR> d-------- C:\Program Files\IVT Corporation 2008-07-30 13:09 . 2008-07-30 13:10 32 --a------ C:\WINDOWS\0 2008-07-30 13:09 . 2008-07-30 13:09 0 --a------ C:\WINDOWS\system32\0 2008-07-28 14:24 . 2008-07-28 14:24 <DIR> d-------- C:\Program Files\Manage PC Shut Down 2008-07-28 08:35 . 2008-08-28 07:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent 2008-07-28 08:34 . 2008-07-28 08:34 <DIR> d-------- C:\Program Files\DNA 2008-07-28 08:34 . 2008-07-28 08:34 <DIR> d-------- C:\Program Files\BitTorrent 2008-07-28 08:34 . 2008-08-28 06:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-28 05:09 8,278,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-28 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon 2008-08-28 05:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit 2008-08-28 04:51 98,432 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-27 11:04 4,021,760 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2008-08-27 11:04 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-08-27 08:35 --------- d-----w C:\Program Files\Orbitdownloader 2008-08-26 12:39 4,646,954 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-08-26 12:25 2,384,384 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2008-08-22 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-21 12:43 --------- d-----w C:\Program Files\Opera 2008-08-21 05:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-20 10:31 --------- d-----w C:\Program Files\Java 2008-08-20 05:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel 2008-08-08 11:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Shareaza 2008-08-06 10:39 --------- d-----w C:\Program Files\Winamp 2008-08-06 10:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp 2008-08-01 11:03 --------- d-----w C:\Program Files\Foxit Software 2008-07-30 11:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-17 11:07 40,960 ----a-w C:\WINDOWS\BMW 6 Series Coupé.dll 2008-07-17 11:07 302,244 ----a-w C:\WINDOWS\BMW 6 Series Coupé.scr 2008-07-17 11:07 3,623,851 ----a-w C:\WINDOWS\BMW 6 Series Coupé.exe 2008-07-16 11:59 --------- d-----w C:\Program Files\Microsoft Bootvis 2008-07-10 11:00 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-10 10:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-07-10 10:23 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-07-09 18:40 98,403 ----a-w C:\WINDOWS\system32\Bs2Res.dll 2008-07-09 12:19 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-07-09 08:48 540,758 ----a-w C:\WINDOWS\system32\Bscdlg.dll 2008-07-09 07:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-07 09:52 --------- d-----w C:\Program Files\Avant Browser 2008-07-03 12:15 143,450 ----a-w C:\WINDOWS\system32\BsCommon.dll 2008-06-24 14:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-06-10 13:00 225,364 ----a-w C:\WINDOWS\system32\BsSDK.dll 2008-06-09 06:01 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-06-06 12:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-06-06 12:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2008-06-04 16:30 9,728 ----a-w C:\WINDOWS\system32\BsMonUI.dll 2008-06-04 16:30 57,430 ----a-w C:\WINDOWS\system32\btfunc.dll 2008-06-04 16:30 53,248 ----a-w C:\WINDOWS\system32\HtmPrintHelper.dll 2008-06-04 16:30 405,589 ----a-w C:\WINDOWS\system32\BsUI.dll 2008-06-04 16:30 278,647 ----a-w C:\WINDOWS\system32\outlookAddin.dll 2008-06-04 16:30 18,432 ----a-w C:\WINDOWS\system32\BsMonSvr.dll 2008-06-04 16:29 622,693 ----a-w C:\WINDOWS\system32\BSShell.dll 2008-06-04 16:29 114,788 ----a-w C:\WINDOWS\system32\BsProfileFunc.dll 2008-06-04 16:29 114,774 ----a-w C:\WINDOWS\system32\versit.dll 2008-06-04 16:28 94,314 ----a-w C:\WINDOWS\system32\BsHelpCSps.dll 2008-06-04 16:28 520,307 ----a-w C:\WINDOWS\system32\BlueSoleilCSps.dll 2008-06-04 16:27 28,766 ----a-w C:\WINDOWS\system32\PlayerCtrl.dll 2008-06-04 16:27 28,672 ----a-w C:\WINDOWS\system32\BsMobileCSps.dll 2008-06-04 16:27 118,880 ----a-w C:\WINDOWS\system32\BsMobileSDK.dll 2008-06-04 16:26 28,760 ----a-w C:\WINDOWS\system32\BsTrace.dll 2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\divx.dll 2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-27_13.10.23.81 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-27 10:49:14 62,490 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-08-28 05:03:30 62,490 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-08-27 10:49:14 400,954 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-08-28 05:03:30 400,954 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-28 08:34 341824] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 16:06 1840424] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30 85184] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384] "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632] "GrooveMonitor"="E:\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 23:49 3116768] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-07-09 20:51 229888] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 09:28 16126464 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2007-04-04 11:22 1822720 C:\WINDOWS\SkyTel.exe] "nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 2:19:50 AM 217193] Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [11/20/2007 9:14:02 AM 1707208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "E:\\Microsoft Office 2007\\Office12\\GROOVE.EXE"= "E:\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\IEPro\\MiniDM.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-01-21 19:28] R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 21:03] R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-07-09 20:51] R2 BsMobileCS;BsMobileCS;C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 18:26] R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2005-06-10 11:01] R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15] R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 12:33] R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2008-06-04 18:28] R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-01-21 19:28] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-09 08:01] S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2005-09-02 18:49] S3 Usbtmc;ausbtmc;C:\WINDOWS\system32\Drivers\ausbtmc.sys [2003-04-10 13:35] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f2e6fa3-62ad-11dd-abc5-001583b3d1a5}] \Shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 07:09:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-28 7:11:03 ComboFix-quarantined-files.txt 2008-08-28 05:10:56 ComboFix2.txt 2008-08-27 11:10:53 Pre-Run: 63,461,769,216 bytes free Post-Run: 63,434,088,448 bytes free 225 --- E O F --- 2007-10-30 11:34:27

Profil

helen1 Poslao: 28 Avg 2008 09:00 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje?

Profil

Starday Poslao: 28 Avg 2008 09:29 Idi na vrh
offline Starday Građanin Pridružio: 25 Okt 2006 Poruke: 276	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema više onih simptoma i Spybot S&D ga više ne pronalazi, ali mi sada ne radi antivirus (traži instalacioni CD).

Profil

helen1 Poslao: 28 Avg 2008 16:28 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kad trazi instalacioni CD? Kad pokusas ponovo da ga pokrenes?

Profil

Starday Poslao: 02 Sep 2008 13:14 Idi na vrh
offline Starday Građanin Pridružio: 25 Okt 2006 Poruke: 276	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kad god kliknem na neku datoteku ili folder ili kad ga pokušam pokrenuti preko start/all programs. U trayu se više ne pojavljuje njegova ikona. Ali nema više veze, deinstalirao sam ga i instalirao AVG 8. Hvala u svakom slučaju.

Profil

helen1 Poslao: 02 Sep 2008 13:26 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi jos ovo: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore Pozzz

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virtumonde.dll, antivirus 2009

Ko je trenutno na forumu

Ukupno su 1161 korisnika na forumu :: 37 registrovanih, 5 sakrivenih i 1119 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, bbogdan, Ben Roj, Bobrock1, bokisha253, BORUTUS, BraneS, cavatina, cinoeye, darcaud, Darko8, DejanCG, Denaya, DH, Dr.Strangelove, goxin, ivan979, K-1A, Karla, kolle.the.kid, krkalon, Kubovac, kybonacci, Marko Marković, Matija, Mendonca, Mravojed, nemkea71, Prašinar, procesor, Sirius, SR-3m, suton, uruk, vathra, vladulns, zlatkoa987

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by