MyCity » Ambulanta -> Arhiva Ambulante » Trojan horse BackDoor Generic_r.EO

Trojan horse BackDoor Generic_r.EO

Napisano na dan: 15.2.2009

Strana:
1
2

Trojan horse BackDoor Generic_r.EO

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Svetlana_LSN Poslao: 15 Feb 2009 00:50 Idi na vrh
offline Svetlana_LSN Građanin Pridružio: 04 Avg 2008 Poruke: 37	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav! Na svakih 10-ak minuta AVG mi registruje virus naslovljen u nazivu teme. Putanja je: C:\Documents and Settings\Media\Local Settings\temp Bila bih veoma zahvalna ukoliko bi neko mogao da mi pomogne. Evo i loga: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:33:16 AM, on 2/15/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Prevx\prevx.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\SEC\Natural Color Pro\NCProTray.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\Fast.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Media\Desktop\Proba\TR3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = comodo.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Windows Video Drivers] C:\RECYCLER\S-1-5-21-3289545935-9251731632-595881002-5076\winlogon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: NCProTray.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9880 bytes Konekcija: 4096/384

Profil

helen1 Poslao: 15 Feb 2009 01:06 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Pokrenite Spybot S&D Kliknite Mode stavku u meniju Odaberite Advance Mode Na traci levo kliknite na Tools Kliknite na Resident Destiklirajte Resident Tea-Timer Zatvorite Spybot S&D Restartujte kompjuter. - Zatim skinuti program sa ovog linka na Desktop. - Pokrenuti ga dvoklikom i ispratiti uputstva. Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje. ---------------------------------------------- * Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana. * Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu. * U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------------ Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Svetlana_LSN Poslao: 15 Feb 2009 01:42 Idi na vrh
offline Svetlana_LSN Građanin Pridružio: 04 Avg 2008 Poruke: 37	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala Vam na brzom odgovoru. Sledi ComboFix log: ComboFix 09-02-12.03 - Media 2009-02-15 1:27:01.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.71 [GMT 1:00] Running from: c:\documents and settings\Media\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) FW: COMODO Firewall enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 ))))))))))))))))))))))))))))))) . 2009-02-15 01:15 . 2009-02-15 01:15 677,888 -r-hs---- c:\windows\system32\drivers\NirCmd.exe 2009-02-14 23:40 . 2009-02-14 23:40 <DIR> d-------- c:\program files\Prevx 2009-02-14 23:40 . 2009-02-14 23:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-02-14 23:40 . 2009-02-14 23:40 21,512 --a------ c:\windows\system32\drivers\pxscan.sys 2009-02-14 23:40 . 2009-02-14 23:40 64 --a------ c:\windows\wininit.ini 2009-02-03 23:01 . 2009-02-10 23:59 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-03 23:01 . 2009-02-03 23:01 1,409 --a------ c:\windows\QTFont.for 2009-02-01 22:58 . 2009-02-01 22:59 <DIR> d-------- c:\program files\MP3 CD Converter 2009-01-29 22:55 . 2009-01-29 22:55 <DIR> d-------- c:\documents and settings\Media\Application Data\SpinTop Games 2009-01-29 22:54 . 2009-01-29 22:54 <DIR> d-------- c:\windows\Mystery P I The New York Fortune 2009-01-27 20:34 . 2009-01-27 20:34 <DIR> d-------- c:\windows\Luxor Quest for the Afterlife 2009-01-27 20:34 . 2009-01-27 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo 2009-01-25 21:46 . 2006-06-01 10:11 42,648 -ra------ c:\windows\system32\usbport.sys 2009-01-25 21:46 . 2006-06-01 10:11 21,155 -ra------ c:\windows\system32\ser2up.vxd 2009-01-25 21:33 . 2009-01-25 21:33 <DIR> d-------- c:\program files\Common Files\PCSuite 2009-01-25 21:32 . 2009-01-25 21:32 <DIR> d-------- c:\program files\Common Files\Nokia 2009-01-25 21:32 . 2006-07-17 02:53 30,368 -ra------ c:\windows\system32\drivers\usb2vcom.sys 2009-01-25 21:32 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2009-01-25 21:28 . 2009-01-25 21:28 <DIR> d-------- c:\program files\PC Connectivity Solution 2009-01-25 21:26 . 2009-01-25 21:32 <DIR> d-------- c:\program files\Nokia 2009-01-25 17:19 . 2009-01-25 17:19 <DIR> d-------- c:\windows\Chocolate Shop Frenzy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-15 00:15 359,040 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-02-14 23:08 --------- d-----w c:\documents and settings\Media\Application Data\uTorrent 2009-02-14 12:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-12 00:36 --------- d-----w c:\program files\AIMP2 2009-02-10 21:49 --------- d-----w c:\documents and settings\Media\Application Data\Skype 2009-02-10 07:10 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-29 07:04 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-29 07:04 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-29 07:04 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-29 07:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-26 00:38 --------- d-----w c:\documents and settings\Media\Application Data\Nokia 2009-01-25 21:11 --------- d-----w c:\documents and settings\Media\Application Data\PC Suite 2009-01-25 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite 2009-01-25 20:26 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-01-12 22:19 --------- d-----w c:\documents and settings\All Users\Application Data\DivoGames 2009-01-12 18:50 --------- d-----w c:\documents and settings\Media\Application Data\Fabulous Finds 2009-01-04 21:06 2,829 ----a-w c:\windows\War3Unin.pif 2009-01-04 21:06 139,264 ----a-w c:\windows\War3Unin.exe 2009-01-03 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\PlayPond 2009-01-01 12:34 --------- d-----w c:\documents and settings\Media\Application Data\World-LooM 2008-12-21 22:47 --------- d-----w c:\documents and settings\Media\Application Data\Samsung 2008-12-21 22:41 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-21 22:41 --------- d-----w c:\program files\Samsung 2008-12-20 16:49 147,192 ----a-w c:\windows\system32\guard32.dll 2008-12-20 16:49 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys 2008-12-15 19:55 --------- d-----w c:\program files\Free MSN Emoticons Pack 1 2008-11-21 01:26 112 ----a-w C:\tw0001.dat 2007-01-23 11:46 312 ----a-w c:\documents and settings\Media\Application Data\bbbconfig.dat 2007-02-25 15:48 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys 2009-02-15 01:15 359040 3bb4b08619c111c7be8bda07aa0de6a2 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] "Windows Video Drivers"="c:\recycler\S-1-5-21-3289545935-9251731632-595881002-5076\winlogon.exe" [2009-02-07 89600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 163840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304] "COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-08-07 278264] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-02 1797880] "COMODO Internet Security"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-02 1797880] "Acrobat Assistant 8.0"="d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-11-25 295606] Adobe Acrobat Synchronizer.lnk - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-10-20 49220] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-29 08:04 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.divxa32"= msaud32_divx.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk] backup=c:\windows\pss\Watch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinNC - Launch WinNC - multiplelicense (external programming station).lnk] backup=c:\windows\pss\WinNC - Launch WinNC - multiplelicense (external programming station).lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^3DO Registration.lnk] backup=c:\windows\pss\3DO Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^H3 The Shadow of Death(TM).lnk] backup=c:\windows\pss\H3 The Shadow of Death(TM).lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^MostFun.lnk] backup=c:\windows\pss\MostFun.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast! HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-05-16 08:27 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2006-09-29 21:58 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2006-03-18 03:24 184320 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2005-12-07 22:57 30208 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] -ra------ 2003-09-23 10:06 88363 c:\windows\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -ra------ 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -ra------ 2006-05-18 07:27 16207872 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LIVESRV"=2 (0x2) "VSSERV"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\AoEII\\age2_x1\\age2_x1.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"= "c:\\Documents and Settings\\Media\\My Documents\\Duke3D.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "d:\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10317:TCP"= 10317:TCP:BitComet 10317 TCP "10317:UDP"= 10317:UDP:BitComet 10317 UDP "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-14 21512] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-11 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-11 107272] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-08-07 101776] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-08-07 31504] R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2007-03-18 120320] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-11 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 298264] R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-14 4107832] R2 NirSoft Service Controler;NirSoft Service Controler;c:\windows\system32\drivers\NirCmd.exe [2009-02-15 677888] S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [2009-01-25 30368] --- Other Services/Drivers In Memory --- NewlyCreated - NIRSOFT_SERVICE_CONTROLER [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.comodo.com/search/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Media\Application Data\Mozilla\Firefox\Profiles\edbk3j11.default\ FF - prefs.js: browser.startup.homepage - FF - component: c:\documents and settings\Media\Application Data\Mozilla\Firefox\Profiles\edbk3j11.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-15 01:29:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1DA74357-36D9-7A50-261E-C9DC78F35153}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jaiklmgegkkhfbkipdpe"=hex:6a,61,68,68,67,6e,61,6e,6a,69,6a,6d,64,67,61,6b,6f, 66,68,61,00,00 "iakkjndomnpbnnfhip"=hex:6a,61,68,68,67,6e,61,6e,6a,69,6a,6d,64,67,61,6b,6f,66, 68,61,00,1a [HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:ac,24,63,52,7e,0d,8f,49,9f,62,93,36,b8,39,68,76,ab,b2,c7,54,21,e6,ee, f5,0b,87,a7,57,31,af,4b,95,02,0f,6e,0d,9c,40,a0,af,1d,c3,4b,f6,02,8c,10,41,\ "??"=hex:66,16,d0,f7,71,61,e5,12,51,6c,06,2e,c0,18,58,6b . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(848-) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-15 1:34:32 ComboFix-quarantined-files.txt 2009-02-15 00:33:46 Pre-Run: 3,494,682,624 bytes free Post-Run: 3,496,476,672 bytes free 259

Profil

helen1 Poslao: 15 Feb 2009 02:07 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovi proceduru sa gasenjem zastite i uradi sledece: Otvoriti Notepad i iskopirati sledeci tekst: `DirLook:: C:\Documents and Settings\Media\Local Settings\temp` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Svetlana_LSN Poslao: 15 Feb 2009 02:36 Idi na vrh
offline Svetlana_LSN Građanin Pridružio: 04 Avg 2008 Poruke: 37	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo i novog loga: ComboFix 09-02-12.03 - Media 2009-02-15 2:22:06.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.97 [GMT 1:00] Running from: c:\documents and settings\Media\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Media\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) FW: COMODO Firewall enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 ))))))))))))))))))))))))))))))) . 2009-02-15 01:15 . 2009-02-15 01:15 677,888 -r-hs---- c:\windows\system32\drivers\NirCmd.exe 2009-02-14 23:40 . 2009-02-14 23:40 <DIR> d-------- c:\program files\Prevx 2009-02-14 23:40 . 2009-02-14 23:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-02-14 23:40 . 2009-02-14 23:40 21,512 --a------ c:\windows\system32\drivers\pxscan.sys 2009-02-14 23:40 . 2009-02-14 23:40 64 --a------ c:\windows\wininit.ini 2009-02-03 23:01 . 2009-02-10 23:59 54,156 --ah----- c:\windows\QTFont.qfn 2009-02-03 23:01 . 2009-02-03 23:01 1,409 --a------ c:\windows\QTFont.for 2009-02-01 22:58 . 2009-02-01 22:59 <DIR> d-------- c:\program files\MP3 CD Converter 2009-01-29 22:55 . 2009-01-29 22:55 <DIR> d-------- c:\documents and settings\Media\Application Data\SpinTop Games 2009-01-29 22:54 . 2009-01-29 22:54 <DIR> d-------- c:\windows\Mystery P I The New York Fortune 2009-01-27 20:34 . 2009-01-27 20:34 <DIR> d-------- c:\windows\Luxor Quest for the Afterlife 2009-01-27 20:34 . 2009-01-27 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo 2009-01-25 21:46 . 2006-06-01 10:11 42,648 -ra------ c:\windows\system32\usbport.sys 2009-01-25 21:46 . 2006-06-01 10:11 21,155 -ra------ c:\windows\system32\ser2up.vxd 2009-01-25 21:33 . 2009-01-25 21:33 <DIR> d-------- c:\program files\Common Files\PCSuite 2009-01-25 21:32 . 2009-01-25 21:32 <DIR> d-------- c:\program files\Common Files\Nokia 2009-01-25 21:32 . 2006-07-17 02:53 30,368 -ra------ c:\windows\system32\drivers\usb2vcom.sys 2009-01-25 21:32 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2009-01-25 21:28 . 2009-01-25 21:28 <DIR> d-------- c:\program files\PC Connectivity Solution 2009-01-25 21:26 . 2009-01-25 21:32 <DIR> d-------- c:\program files\Nokia 2009-01-25 17:19 . 2009-01-25 17:19 <DIR> d-------- c:\windows\Chocolate Shop Frenzy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-15 00:15 359,040 ------w c:\windows\system32\drivers\tcpip.sys 2009-02-14 23:08 --------- d-----w c:\documents and settings\Media\Application Data\uTorrent 2009-02-14 12:53 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-12 00:36 --------- d-----w c:\program files\AIMP2 2009-02-10 21:49 --------- d-----w c:\documents and settings\Media\Application Data\Skype 2009-02-10 07:10 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-29 07:04 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-29 07:04 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-29 07:04 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-29 07:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-26 00:38 --------- d-----w c:\documents and settings\Media\Application Data\Nokia 2009-01-25 21:11 --------- d-----w c:\documents and settings\Media\Application Data\PC Suite 2009-01-25 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite 2009-01-25 20:26 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-01-12 22:19 --------- d-----w c:\documents and settings\All Users\Application Data\DivoGames 2009-01-12 18:50 --------- d-----w c:\documents and settings\Media\Application Data\Fabulous Finds 2009-01-04 21:06 2,829 ----a-w c:\windows\War3Unin.pif 2009-01-04 21:06 139,264 ----a-w c:\windows\War3Unin.exe 2009-01-03 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\PlayPond 2009-01-01 12:34 --------- d-----w c:\documents and settings\Media\Application Data\World-LooM 2008-12-21 22:47 --------- d-----w c:\documents and settings\Media\Application Data\Samsung 2008-12-21 22:41 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-21 22:41 --------- d-----w c:\program files\Samsung 2008-12-20 16:49 147,192 ----a-w c:\windows\system32\guard32.dll 2008-12-20 16:49 101,776 ----a-w c:\windows\system32\drivers\cmdguard.sys 2008-12-15 19:55 --------- d-----w c:\program files\Free MSN Emoticons Pack 1 2008-11-21 01:26 112 ----a-w C:\tw0001.dat 2007-01-23 11:46 312 ----a-w c:\documents and settings\Media\Application Data\bbbconfig.dat 2007-02-25 15:48 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\Media\Local Settings\temp ---- 2009-02-15 02:11 31404 --a------ c:\documents and settings\Media\Local Settings\temp\pcsuitecheck_new.xml 2009-02-15 02:11 174 --a------ c:\documents and settings\Media\Local Settings\temp\addonscheck.xml 2009-02-15 02:11 1427 --a------ c:\documents and settings\Media\Local Settings\temp\flashgot.edbk3j11.default\FlashGot.exe.test 2009-02-15 02:10 61 --a------ c:\documents and settings\Media\Local Settings\temp\libFNP_events.log 2009-02-15 02:10 160428 -ra------ c:\documents and settings\Media\Local Settings\temp\NGLATempNokia\Nokia Sans Wide Bold v3.1.ttf 2009-02-15 02:10 160428 --a------ c:\documents and settings\Media\Local Settings\temp\NGLATempNokia\qt_temp.Hp1696 2009-02-15 02:10 157296 -ra------ c:\documents and settings\Media\Local Settings\temp\NGLATempNokia\Nokia Sans Wide Italic v3.1.ttf 2009-02-15 02:10 157296 --a------ c:\documents and settings\Media\Local Settings\temp\NGLATempNokia\qt_temp.Uh1696 2009-02-15 02:10 156520 -ra------ c:\documents and settings\Media\Local Settings\temp\NGLATempNokia\Nokia Sans Wide BolIta v3.1.ttf 2009-02-15 02:10 156520 --a------ c:\documents and settings\Media\Local Settings\temp\NGLATempNokia\qt_temp.gq1696 2009-02-15 02:10 13946 --a------ c:\documents and settings\Media\Local Settings\temp\NGLALog.txt 2009-01-25 21:34 143840 --a------ c:\documents and settings\Media\Local Settings\temp\NGLATempNokia\Nokia Sans Wide v3.1.ttf ------- Sigcheck ------- 2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys 2009-02-15 01:15 359040 3bb4b08619c111c7be8bda07aa0de6a2 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-02-15_ 1.31.16.85 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-15 01:10:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_820.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 163840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304] "COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-08-07 278264] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-12-02 1797880] "Acrobat Assistant 8.0"="d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-11-25 295606] Adobe Acrobat Synchronizer.lnk - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-10-20 49220] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 01000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-29 08:04 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll "msacm.divxa32"= msaud32_divx.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk] backup=c:\windows\pss\Watch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinNC - Launch WinNC - multiplelicense (external programming station).lnk] backup=c:\windows\pss\WinNC - Launch WinNC - multiplelicense (external programming station).lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^3DO Registration.lnk] backup=c:\windows\pss\3DO Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^H3 The Shadow of Death(TM).lnk] backup=c:\windows\pss\H3 The Shadow of Death(TM).lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Media^Start Menu^Programs^Startup^MostFun.lnk] backup=c:\windows\pss\MostFun.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-05-16 08:27 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2006-09-29 21:58 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2006-03-18 03:24 184320 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2005-12-07 22:57 30208 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] -ra------ 2003-09-23 10:06 88363 c:\windows\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -ra------ 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -ra------ 2006-05-18 07:27 16207872 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LIVESRV"=2 (0x2) "VSSERV"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\AoEII\\age2_x1\\age2_x1.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"= "c:\\Documents and Settings\\Media\\My Documents\\Duke3D.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "d:\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10317:TCP"= 10317:TCP:BitComet 10317 TCP "10317:UDP"= 10317:UDP:BitComet 10317 UDP "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-14 21512] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-11 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-11 107272] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-08-07 101776] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-08-07 31504] R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2007-03-18 120320] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-11 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-11 298264] R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-14 4107832] R2 NirSoft Service Controler;NirSoft Service Controler;c:\windows\system32\drivers\NirCmd.exe [2009-02-15 677888] S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [2009-01-25 30368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . - - - - ORPHANS REMOVED - - - - HKCU-Run-Windows Video Drivers - c:\recycler\S-1-5-21-3289545935-9251731632-595881002-5076\winlogon.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.comodo.com/search/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local IE: Append to existing PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - d:\dokumenti\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Media\Application Data\Mozilla\Firefox\Profiles\edbk3j11.default\ FF - prefs.js: browser.startup.homepage - FF - component: c:\documents and settings\Media\Application Data\Mozilla\Firefox\Profiles\edbk3j11.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-15 02:24:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1DA74357-36D9-7A50-261E-C9DC78F35153}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jaiklmgegkkhfbkipdpe"=hex:6a,61,68,68,67,6e,61,6e,6a,69,6a,6d,64,67,61,6b,6f, 66,68,61,00,00 "iakkjndomnpbnnfhip"=hex:6a,61,68,68,67,6e,61,6e,6a,69,6a,6d,64,67,61,6b,6f,66, 68,61,00,1a [HKEY_USERS\S-1-5-21-1123561945-2025429265-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY] "??"=hex:ac,24,63,52,7e,0d,8f,49,9f,62,93,36,b8,39,68,76,ab,b2,c7,54,21,e6,ee, f5,0b,87,a7,57,31,af,4b,95,02,0f,6e,0d,9c,40,a0,af,1d,c3,4b,f6,02,8c,10,41,\ "??"=hex:66,16,d0,f7,71,61,e5,12,51,6c,06,2e,c0,18,58,6b . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(848-) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-15 2:28:23 ComboFix-quarantined-files.txt 2009-02-15 01:27:26 ComboFix2.txt 2009-02-15 00:34:34 Pre-Run: 3,469,877,248 bytes free Post-Run: 3,455,774,720 bytes free 267

Profil

helen1 Poslao: 15 Feb 2009 11:13 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi sledeci fajl na proveru: c:\windows\system32\drivers\NirCmd.exe preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

Svetlana_LSN Poslao: 15 Feb 2009 11:21 Idi na vrh
offline Svetlana_LSN Građanin Pridružio: 04 Avg 2008 Poruke: 37	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav helen1, Tog fajla nema.

Profil

helen1 Poslao: 15 Feb 2009 11:25 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi prvo ovo: Windows XP Klikni Start taster (u levom donjem uglu). Izaberi My Computer. Selektuj Tools meni i klikni na Folder Options. Selektuj View na vrhu, unutar Hidden files and folders grupe selektuj Show hidden files and folders. Skini kvačicu sa Hide file extensions for known types. Skini kvačicu sa Hide protected operating system files (recommended). Klikni YES. Klikni OK. zipuj/raruj taj fajl i onda ga posalji.

Profil

Svetlana_LSN Poslao: 15 Feb 2009 11:28 Idi na vrh
offline Svetlana_LSN Građanin Pridružio: 04 Avg 2008 Poruke: 37	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-ovala sam NirCmd.exe.

Profil

helen1 Poslao: 15 Feb 2009 13:10 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci svu zastitu: Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\drivers\NirCmd.exe Driver:: NirSoft Service Controler` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojan horse BackDoor Generic_r.EO

Ko je trenutno na forumu

Ukupno su 823 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 817 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, Milos ZA, Neutral-M, Panter, pein, VJ

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by