MyCity » Ambulanta -> Arhiva Ambulante » virtumonde

virtumonde

Napisano na dan: 7.9.2008

virtumonde

Sledeća strana

Pagination

Odgovori

-fallen-one- Poslao: 07 Sep 2008 00:26 Idi na vrh
offline -fallen-one- Novi MyCity građanin Pridružio: 06 Sep 2008 Poruke: 5 Gde živiš: Croatia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ej dečki mogu se i ja prikrpat sa istim problemom? pošto sam ziher da imam virtumondo ... i borim se s njim već kojih mjesec i više, pa mi je jedna poznanica sa foruma BBC odavde preporučila ovaj sajt i rekla da ste joj pomogli ... pa bilo bi super da i meni možete! evo log od comboboxa, ako treba, stavit ću i od hijackthisa! ComboFix 08-09-05.02 - -fallen-one- 2008-09-07 0:03:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.769 [GMT 2:00] Running from: C:\Documents and Settings\-fallen-one-\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\BM8ff2dc0d.txt C:\WINDOWS\system32\actskn43.ocx C:\WINDOWS\system32\HkTvvyxx.ini C:\WINDOWS\system32\HkTvvyxx.ini2 C:\WINDOWS\system32\njjoisgt.ini C:\WINDOWS\system32\twwEffii.ini C:\WINDOWS\system32\twwEffii.ini2 C:\WINDOWS\system32\ufrwvwsl.ini C:\WINDOWS\system32\wxFOnnmp.ini C:\WINDOWS\system32\wxFOnnmp.ini2 ----- BITS: Possible infected sites ----- hxxp://pornotube8.net . ((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))) . 2008-09-04 00:04 . 2008-09-04 00:05 <DIR> d-------- C:\Program Files\Unlocker 2008-09-03 17:01 . 2008-09-03 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-09-03 17:00 . 2008-09-03 22:30 <DIR> d-------- C:\Program Files\Security Task Manager 2008-09-03 16:45 . 2008-09-06 20:34 <DIR> dr-h----- C:\Documents and Settings\-fallen-one-\Recent 2008-09-01 11:04 . 2008-09-01 11:04 16,734 --a------ C:\Planet Funk - Static (2006).torrent 2008-09-01 10:43 . 2008-09-01 10:59 <DIR> d-------- C:\Planet Funk - Static (2006) 2008-08-30 22:41 . 2008-08-30 22:41 <DIR> d-------- C:\Program Files\PowerISO 2008-08-17 16:10 . 2008-08-17 16:10 0 --a------ C:\CEPx56C7.tmp 2008-08-08 16:10 . 2008-08-17 14:10 1,108 --a------ C:\WINDOWS\CDPLAYER.UNI 2008-08-08 10:01 . 2008-08-08 10:01 3,689,452 --a------ C:\MVI_1215.mp3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 21:52 --------- d-----w C:\Documents and Settings\-fallen-one-\Application Data\uTorrent 2008-09-05 08:36 --------- d-----w C:\Documents and Settings\-fallen-one-\Application Data\Winamp 2008-09-03 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-31 08:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-30 08:50 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-25 09:58 --------- d-----w C:\Program Files\Winamp 2008-08-15 14:00 --------- d-----w C:\Program Files\DivX 2008-08-01 08:46 --------- d-----w C:\Program Files\Dictionary 2008-07-25 21:29 --------- d-----w C:\Program Files\DOSBox-0.70 2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-07-14 09:57 --------- d-----w C:\Program Files\Java 2008-07-08 21:10 --------- d-----w C:\Documents and Settings\-fallen-one-\Application Data\dvdcss 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 11:21 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-15 20:12 3,532 ----a-w C:\drmHeader.bin 2002-08-25 17:22 448,000 ----a-w C:\Program Files\Elitepad.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MAXadsl - Provjera prometa"="C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe" [2007-10-01 726528] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-05 94208] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-01 921600] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 286720] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 823296] "AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-30 1235736] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "TrackPointSrv"="tp4serv.exe" [2005-07-13 C:\WINDOWS\system32\tp4serv.exe] "TP4EX"="tp4ex.exe" [2005-10-17 C:\WINDOWS\system32\TP4EX.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\-fallen-one-\Start Menu\Programs\Startup\ Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2007-11-18 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-06 00:45 28672 C:\WINDOWS\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-11-30 21:16 24576 C:\WINDOWS\system32\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.ac3filter"= ac3filter.acm "msacm.divxa32"= divxa32.acm [HKLM\~\startupfolder\C:^Documents and Settings^-fallen-one-^Start Menu^Programs^Startup^HDDlife.lnk] path=C:\Documents and Settings\-fallen-one-\Start Menu\Programs\Startup\HDDlife.lnk backup=C:\WINDOWS\pss\HDDlife.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch] --a------ 2007-10-22 12:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Misc\\Games\\Nesticle\\NESTCL95.EXE"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20046:TCP"= 20046:TCP:BitComet 20046 TCP "20046:UDP"= 20046:UDP:BitComet 20046 UDP "12666:TCP"= 12666:TCP:BitComet 12666 TCP "12666:UDP"= 12666:UDP:BitComet 12666 UDP R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928] R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2005-04-20 16384] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 76040] R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2003-12-02 53248] R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 13840] S3 kwwalpgr;kwwalpgr;C:\DOCUME~1\-FALLE~1\LOCALS~1\Temp\kwwalpgr.sys [ ] S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2007-12-20 30816] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 98840] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5BAFD7A1-42AE-B0CF-7B26-BED9BB7708E0}] C:\WINDOWS:antiporn.exe . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{AF2C392C-AC67-43E3-9B71-FAAF85C36892} - (no file) Notify-hgGxWnNf - hgGxWnNf.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\-fallen-one-\Application Data\Mozilla\Firefox\Profiles\1cemh2my.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-09-07 00:10:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tphklock.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\NetLimiter\nl_lsp.dll -> C:\WINDOWS\system32\nl_msgc.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ibmpmsvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\ESET\nod32krn.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************ . Completion time: 2008-09-07 0:18:12 - machine was rebooted [-fallen-one-] ComboFix-quarantined-files.txt 2008-09-06 22:17:43 Pre-Run: 8,010,543,104 bytes free Post-Run: 7,983,525,888 bytes free 193 --- E O F --- 2008-08-15 01:06:09

Profil

bobby Poslao: 07 Sep 2008 00:40 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa dobro, zasto ljudi bas vole da rade na svoju ruku, nije mi jasno... Prvo, ComboFix je alatka koja menja stanje na racunaru, tako da nama sada HijackThis log nije isti ako ga uradis nakon pokretanja ComboFixa... Hajde sada lepo pogledaj teme izdvojene sa Vazno u forumu Ambulanta, pa postavi ovde HijackThis log kako je u jednoj od tih tema opisano.

Profil

-fallen-one- Poslao: 07 Sep 2008 09:22 Idi na vrh
offline -fallen-one- Novi MyCity građanin Pridružio: 06 Sep 2008 Poruke: 5 Gde živiš: Croatia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! aw crap ... ispričavam se ... nadam se da nisam previše poremetila tjek ... evo hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:17:58, on 7.9.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\gearsec.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\tp4serv.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MAXadsl - Provjera prometa] C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D6E8BDC3-1D9A-45A1-9EDB-4E45251C8ECF}: NameServer = 192.168.20.3 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7958 bytes

Profil

bobby Poslao: 07 Sep 2008 12:21 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini program ADSScan odavde: http://www.mc-antivirus-test.com/modules/PDdownloa.....amp;lid=17 - startuj program i klikni na Select input folder and scan - otvorice se dijalog za izbor foldera. - tu odaberi ceo drajv C: - sacekaj dok se skeniranje zavrsi (moze potrajati par minuta do par desetina minuta). - kada se zavrsi skeniranje, na listi u gornjem delu programa treba da se pojavi sledeca stavka: Citat:c:\windows:antiporn - stikliraj polje ispred te linije - klikni na Select output folder and copy - pojavice se dijalog za snimanje fajla. Odaberi neki folder u koji mozes da snimis fajl koji nam treba. - posalji mi taj fajl da ga analiziram. Upload ces uraditi preko sledece forme: http://www.mycity.rs/ambulanta-upload.php

Profil

-fallen-one- Poslao: 07 Sep 2008 13:31 Idi na vrh
offline -fallen-one- Novi MyCity građanin Pridružio: 06 Sep 2008 Poruke: 5 Gde živiš: Croatia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! hm, skenirala sam C, no nemam "c:\windows:antiporn" taj dio. da li još uvijek hočeš taj fajl?

Profil

bobby Poslao: 07 Sep 2008 16:22 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Neka, probacemo na drugi nacin. Otvoriti Notepad i iskopirati sledeci tekst: `ADS:: c:\windows Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5BAFD7A1-42AE-B0CF-7B26-BED9BB7708E0}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Napisi mi i kako se sada ponasa racunar. Ima li jos nekih vidljivih simptoma?

Profil

-fallen-one- Poslao: 07 Sep 2008 19:48 Idi na vrh
offline -fallen-one- Novi MyCity građanin Pridružio: 06 Sep 2008 Poruke: 5 Gde živiš: Croatia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! whoa ... zakon, nema simptoma, hijack više ništa ne pokazuje, nema čudnih fajlova u system32, nod i avg me ne gnjavi svakih sat vremena ... nice! i, khm ... još jednom se ispričavam, znat ću za sljedeći put

Profil

bobby Poslao: 07 Sep 2008 20:04 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A jesi li odradila ovo sto sam ti napisao u zadnjoj poruci? Ukoliko jesi, gde je log koji si ovde trebala da mi postavis?

Profil

-fallen-one- Poslao: 07 Sep 2008 20:12 Idi na vrh
offline -fallen-one- Novi MyCity građanin Pridružio: 06 Sep 2008 Poruke: 5 Gde živiš: Croatia	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! tak mi i treba kad letimično čitam što mi ljudi pišu ... do'oh! evo log. ComboFix 08-09-05.03 - -fallen-one- 2008-09-07 16:28:00.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.680 [GMT 2:00] Running from: C:\Documents and Settings\-fallen-one-\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\-fallen-one-\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-04 00:04 . 2008-09-04 00:05 <DIR> d-------- C:\Program Files\Unlocker 2008-09-03 17:01 . 2008-09-03 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-09-03 17:00 . 2008-09-03 22:30 <DIR> d-------- C:\Program Files\Security Task Manager 2008-09-03 16:45 . 2008-09-07 16:20 <DIR> dr-h----- C:\Documents and Settings\-fallen-one-\Recent 2008-09-01 11:04 . 2008-09-01 11:04 16,734 --a------ C:\Planet Funk - Static (2006).torrent 2008-09-01 10:43 . 2008-09-01 10:59 <DIR> d-------- C:\Planet Funk - Static (2006) 2008-08-30 22:41 . 2008-08-30 22:41 <DIR> d-------- C:\Program Files\PowerISO 2008-08-17 16:10 . 2008-08-17 16:10 0 --a------ C:\CEPx56C7.tmp 2008-08-08 16:10 . 2008-08-17 14:10 1,108 --a------ C:\WINDOWS\CDPLAYER.UNI 2008-08-08 10:01 . 2008-08-08 10:01 3,689,452 --a------ C:\MVI_1215.mp3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-07 14:30 --------- d-----w C:\Documents and Settings\-fallen-one-\Application Data\uTorrent 2008-09-05 08:36 --------- d-----w C:\Documents and Settings\-fallen-one-\Application Data\Winamp 2008-09-03 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-31 08:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-30 08:50 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-25 09:58 --------- d-----w C:\Program Files\Winamp 2008-08-15 14:00 --------- d-----w C:\Program Files\DivX 2008-08-01 08:46 --------- d-----w C:\Program Files\Dictionary 2008-07-25 21:29 --------- d-----w C:\Program Files\DOSBox-0.70 2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-07-14 09:57 --------- d-----w C:\Program Files\Java 2008-07-08 21:10 --------- d-----w C:\Documents and Settings\-fallen-one-\Application Data\dvdcss 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 11:21 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-15 20:12 3,532 ----a-w C:\drmHeader.bin 2002-08-25 17:22 448,000 ----a-w C:\Program Files\Elitepad.exe . ((((((((((((((((((((((((((((( snapshot@2008-09-07_ 0.16.57.96 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-07 07:59:30 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_6d4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MAXadsl - Provjera prometa"="C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe" [2007-10-01 726528] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-05 94208] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-01 921600] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 286720] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 823296] "AudioDeck"="C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-30 1235736] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "TrackPointSrv"="tp4serv.exe" [2005-07-13 C:\WINDOWS\system32\tp4serv.exe] "TP4EX"="tp4ex.exe" [2005-10-17 C:\WINDOWS\system32\TP4EX.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\-fallen-one-\Start Menu\Programs\Startup\ Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2007-11-18 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-06 00:45 28672 C:\WINDOWS\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-11-30 21:16 24576 C:\WINDOWS\system32\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.ac3filter"= ac3filter.acm "msacm.divxa32"= divxa32.acm [HKLM\~\startupfolder\C:^Documents and Settings^-fallen-one-^Start Menu^Programs^Startup^HDDlife.lnk] path=C:\Documents and Settings\-fallen-one-\Start Menu\Programs\Startup\HDDlife.lnk backup=C:\WINDOWS\pss\HDDlife.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch] --a------ 2007-10-22 12:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Misc\\Games\\Nesticle\\NESTCL95.EXE"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\FrostWire\\FrostWire.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20046:TCP"= 20046:TCP:BitComet 20046 TCP "20046:UDP"= 20046:UDP:BitComet 20046 UDP "12666:TCP"= 12666:TCP:BitComet 12666 TCP "12666:UDP"= 12666:UDP:BitComet 12666 UDP R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 97928] R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2005-04-20 16384] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 76040] R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2003-12-02 53248] R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2005-07-13 13840] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 98840] S3 kwwalpgr;kwwalpgr;C:\DOCUME~1\-FALLE~1\LOCALS~1\Temp\kwwalpgr.sys [ ] S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2007-12-20 30816] . Contents of the 'Scheduled Tasks' folder . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-09-07 16:30:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tphklock.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\NetLimiter\nl_lsp.dll -> C:\WINDOWS\system32\nl_msgc.dll . Completion time: 2008-09-07 16:33:59 ComboFix-quarantined-files.txt 2008-09-07 14:32:58 ComboFix2.txt 2008-09-06 22:18:30 Pre-Run: 7,487,352,832 bytes free Post-Run: 7,479,734,272 bytes free 153 --- E O F --- 2008-08-15 01:06:09

Profil

bobby Poslao: 07 Sep 2008 20:16 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK. Hajmo sada da deinstaliramo ComboFix: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virtumonde

Ko je trenutno na forumu

Ukupno su 964 korisnika na forumu :: 20 registrovanih, 3 sakrivenih i 941 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Alibaba1981, alkatraz080, bigfoot, bojank, bokisha253, Georgius, HogarStrashni, Leonov, mercedesamg, Milan A. Nikolic, milenko crazy north, rovac, sabros, savaskytec, SR-3m, Toper, vrag81, vranjanac29, WerWolf14, zixmix

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by