csrcs.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nakon skeniranja od virusa pojavljuje se da ne moze da nadje csrcs.exe.Znam da je to maliciozni fajl od koga je ostao string u registriju.
Saljem log fajl pa posavetujte sta dalje...




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:56, on 30.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
H:\Alat masine\Programi\Mašina\TR3.exe\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.bearshare.com/intl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: (no name) - {53c780ba-798f-484b-ba7c-ab7865eab4fa} - C:\WINDOWS\system32\cteeonfy.dll
O2 - BHO: (no name) - {73d5df04-0cff-4a18-92fe-21ee0904688a} - C:\WINDOWS\system32\cteeonfy.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: (no name) - {87846b16-ed24-401a-9cd1-bb782ce1ac99} - c:\windows\system32\eocltmm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ORBta - {ada8c222-95d2-47b5-950b-aebc0a508839} - C:\WINDOWS\system32\spria.dll (file missing)
O2 - BHO: 796525 helper - {e7f15ac4-e0a9-43f0-921b-70dfea621220} - C:\WINDOWS\system32\796525\796525.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll (file missing)
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O4 - HKLM\..\Run: [5583] C:\otrmvxoq.exe
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: WinampAgent.lnk = C:\Program Files\Winamp\winampa.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF7B8E01-B194-4A61-91D4-2D1CFCBDE1D1}: NameServer = 195.178.32.2,212.200.13.13
O20 - Winlogon Notify: fffbfebac - C:\WINDOWS\system32\fffbfebac.dll (file missing)
O20 - Winlogon Notify: notifyc - C:\WINDOWS\
O20 - Winlogon Notify: uwmcetax - C:\WINDOWS\SYSTEM32\eocltmm.dll
O22 - SharedTaskScheduler: (no name) - {AF0BE91A-D92D-44F5-9581-64F629762E5A} - C:\WINDOWS\system32\ccc.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\Identity Protection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O24 - Desktop Component 0: (no name) - static.bht.furka.com/galerijamale/89924-71734-559254-IMG_3729.jpg
O24 - Desktop Component 1: (no name) - static.bht.furka.com/galerijamale/89924-71734-559247-IMG_3644.jpg
O24 - Desktop Component 2: (no name) - static.bht.furka.com/galerijamale/23484-207.....CN2024.JPG
O24 - Desktop Component 3: (no name) - static.bht.furka.com/galerijamale/89924-71734-559256-IMG_3744.jpg
O24 - Desktop Component 4: (no name) - static.bht.furka.com/galerijamale/89924-71734-590639-DSCN0623_11111.jpg
O24 - Desktop Component 5: (no name) - static.bht.furka.com/galerijamale/23484-207.....CN2019.JPG

--
End of file - 5501 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Zašto nemaš instaliran antivirus?




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.