MyCity » Ambulanta -> Arhiva Ambulante » provera loga

provera loga

Napisano na dan: 30.3.2009

provera loga
Sledeća strana Pagination

Idi na vrh

Poslao: 30 Mar 2009 09:53
Idi na vrh
offline
  • Pridružio: 28 Feb 2009
  • Poruke: 46

AVG mi je jutros javio postajanje infekcije

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:22:16, on 30.03.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\ht1.exe
C:\Program Files\Trend Micro\HijackThis\HT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6177 bytes

Dopuna: 30 Mar 2009 9:53

evo i log iz avg-a

"Trojan horse Downloader.Zlob_r.FD.dropper";"C:\WINDOWS\temp\wpv881238107706.exe";"Moved to Virus Vault";"30.03.2009, 9:37:37";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Downloader.Generic8.ACZB";"C:\WINDOWS\system32\wbem\grpconv.exe";"Moved to Virus Vault";"30.03.2009, 9:37:17";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Downloader.Generic8.ACZB";"C:\WINDOWS\system32\wbem\grpconv.exe";"Infected";"30.03.2009, 9:19:17";"File";"C:\WINDOWS\system32\userinit.exe"
"Trojan horse Rootkit-Agent.CW";"C:\WINDOWS\system32\drivers\ati64si.sys";"Infected";"30.03.2009, 7:48:07";"File";"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe"
"Trojan horse Rootkit-Agent.CW";"C:\WINDOWS\system32\drivers\ati64si.sys";"Infected";"30.03.2009, 7:48:07";"File";"C:\Documents and Settings\User\Local Settings\temp\BNC.tmp"
"Trojan horse Rootkit-Agent.CW";"C:\WINDOWS\system32\drivers\ati64si.sys";"Moved to Virus Vault";"30.03.2009, 7:48:04";"File";"C:\Program Files\Spyware Terminator\sp_rsser.exe"
"Trojan horse Agent2.BMR";"C:\Documents and Settings\User\User.exe";"Infected";"30.03.2009, 7:14:06";"File";"C:\Program Files\Trojan Remover\Trjscan.exe"
"Trojan horse Downloader.Zlob_r.FD.dropper";"C:\WINDOWS\temp\wpv881238107706.exe";"Infected";"27.03.2009, 14:43:15";"File";"C:\WINDOWS\system32\svchost.exe"
"Trojan horse Downloader.Zlob_r.FD.dropper";"C:\WINDOWS\temp\wpv881238107706.exe";"Infected";"27.03.2009, 14:42:55";"File";"C:\Program Files\Spyware Terminator\sp_rsser.exe"
"Trojan horse Downloader.Zlob_r.FD.dropper";"C:\WINDOWS\temp\wpv881238107706.exe";"Infected";"27.03.2009, 14:42:24";"File";"C:\Program Files\Spyware Terminator\sp_rsser.exe"

Poslao: 30 Mar 2009 16:19
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface).
* Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



Takođe, isključi Trojan Remover i Spyware Terminator.





Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 30 Mar 2009 17:09
Idi na vrh
offline
  • Pridružio: 28 Feb 2009
  • Poruke: 46

ComboFix 09-03-29.04 - User 2009-03-30 17:03:11.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.112 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\wiaserva.log

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-17 08:54 . 2009-03-17 09:13 <DIR> d-------- C:\???-2009-?????
2009-03-12 07:50 . 2009-03-12 07:50 <DIR> d-------- c:\windows\system32\LogFiles
2009-03-04 14:08 . 2009-03-04 14:08 <DIR> d-------- c:\program files\Google
2009-03-04 14:04 . 2009-03-30 16:54 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-04 14:04 . 2009-03-04 14:04 <DIR> d-------- c:\program files\Crawler
2009-03-04 14:04 . 2009-03-30 09:47 <DIR> d-------- c:\documents and settings\User\Application Data\Spyware Terminator
2009-03-04 14:04 . 2009-03-30 07:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-04 14:04 . 2009-03-04 14:04 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-03 14:10 . 2008-05-08 14:28 202,752 --------- c:\windows\system32\dllcache\rmcast.sys
2009-03-03 14:09 . 2008-12-11 13:57 333,184 --------- c:\windows\system32\dllcache\srv.sys
2009-03-03 14:09 . 2008-05-01 16:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-03-03 14:08 . 2008-10-24 13:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-03 14:01 . 2008-12-21 01:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-03-03 14:01 . 2007-04-17 11:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-03 14:01 . 2007-03-08 07:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-03 14:01 . 2008-04-11 20:50 683,520 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-03-03 14:01 . 2008-12-21 01:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-03 14:01 . 2008-12-21 01:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-03 14:01 . 2008-12-21 01:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-03-03 14:01 . 2008-12-21 01:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-03-03 14:01 . 2008-12-21 01:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-03 14:01 . 2008-12-19 11:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-03 13:59 . 2008-09-04 18:42 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-03-03 13:59 . 2008-10-15 18:57 332,800 --------- c:\windows\system32\dllcache\netapi32.dll
2009-03-03 13:59 . 2008-10-03 12:15 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2009-03-02 12:22 . 2009-03-02 12:22 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 15:22 . 2009-03-30 09:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 15:22 . 2009-02-28 15:22 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes
2009-02-28 15:22 . 2009-02-28 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-28 15:22 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 15:22 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-27 08:11 . 2009-03-03 14:02 <DIR> d-------- c:\program files\Trojan Remover
2009-02-27 08:11 . 2009-02-27 08:11 <DIR> d-------- c:\documents and settings\User\Application Data\Simply Super Software
2009-02-27 08:11 . 2009-03-03 14:02 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-27 08:11 . 2009-02-27 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-02-27 08:11 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-02-27 08:11 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-02-27 08:11 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-02-27 08:11 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-02-27 08:11 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-02-26 09:23 . 2009-03-30 13:26 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-26 08:42 . 2009-03-30 17:01 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 1
2009-02-26 08:42 . 2009-02-26 08:42 0 --a------ c:\windows\nsreg.dat
2009-02-26 08:39 . 2009-03-30 07:13 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-26 08:39 . 2009-02-26 08:51 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-26 08:39 . 2009-02-26 08:51 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-26 08:39 . 2009-02-26 08:51 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-26 08:38 . 2009-02-26 08:38 <DIR> d-------- c:\program files\AVG
2009-02-26 08:38 . 2009-02-26 08:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 20:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2004-06-09 14:03 832,728 ----a-w c:\program files\NPSWF32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2006-09-15 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-26 1601304]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-15 1214856]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-04 2233856]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-26 08:51 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-26 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-26 107272]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-04 142592]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-26 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-26 298264]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2007-03-12 19034]
S3 ulusbc;NEC 616 CONTROL Driver;c:\windows\system32\drivers\ulusbc.sys [2006-05-09 43264]
S3 ulusbe;NEC 616 ENUMERATION Driver;c:\windows\system32\drivers\ulusbe.sys [2006-05-09 12928]
S3 ulusbm;NEC 616 Modem Driver;c:\windows\system32\drivers\ulusbm.sys [2006-05-09 36352]
S3 ulusbo;NEC 616 OBEX Port Driver;c:\windows\system32\drivers\ulusbo.sys [2006-05-09 33920]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\o8r94e3e.default\
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 1\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-30 17:05:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
Completion time: 2009-03-30 17:06:13
ComboFix-quarantined-files.txt 2009-03-30 15:06:11
ComboFix2.txt 2009-03-04 11:29:34

Pre-Run: 57,494,851,584 bytes free
Post-Run: 57,500,983,296 bytes free

179 --- E O F --- 2009-03-04 11:25:55

Poslao: 30 Mar 2009 18:07
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

U root-u C diska postoji folder koji u nazivu sadrži broj 2009 - da li ti je poznato šta se nalazi u folderu?

Ako jeste, onda ovde nema bilo šta problematično i preostaje ti da uradiš sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

MyCity » Ambulanta -> Arhiva Ambulante » provera loga

Ko je trenutno na forumu
 

Ukupno su 1044 korisnika na forumu :: 49 registrovanih, 4 sakrivenih i 991 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aramis s, ArchaBasha, babaroga, Bubimir, chica, Denaya, Dimitrije Paunovic, Doca, Duh sa sekirom, galerija, HrcAk47, kolle.the.kid, kraJo, Krusarac, laurusri, Lidija, ljuba, maiden6657, MB120mm, mercedesamg, Mercury, Milometer, milutin134, MiroslavD, mkukoleca, mnn2, moldway, nenad81, Panter, pedja.st, Polemarchoi, Posmatrac77OKB, pristinski korpus, procesor, proka89, r77adder, royst33, Sirius, sombrero, stagezin, Tila Painen, tmanda323, Valter071, vathra, Vlada78, vladaa012, voja64, vukdra, Wrangler