MyCity » Ambulanta -> Arhiva Ambulante » trojan:(

trojan:(

Napisano na dan: 2.3.2009

trojan:(

Sledeća strana

Pagination

Odgovori

bojanp Poslao: 02 Mar 2009 11:47 Idi na vrh
offline bojanp Građanin Pridružio: 28 Feb 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo loga: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:23:45, on 02.03.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5329 bytes Dopuna: 02 Mar 2009 11:47 evo sta pronadje avg "Virus identified Win32/Themida";"C:\WINDOWS\system32\fq.exe";"Infected";"02.03.2009, 11:19:34";"File";"C:\Documents and Settings\User\Desktop\TFAK5\tfak.exe" "Virus identified Win32/Themida";"C:\WINDOWS\system32\fq.exe";"Infected";"02.03.2009, 10:24:03";"File";"C:\WINDOWS\system32\svchost.exe" "Virus identified Win32/Themida";"C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP783\A0099065.exe";"Moved to Virus Vault";"28.02.2009, 14:43:09";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "Virus identified Win32/Themida";"C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP782\A0098026.exe";"Moved to Virus Vault";"28.02.2009, 14:43:04";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "Virus identified Win32/Themida";"C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP782\A0098025.exe";"Moved to Virus Vault";"28.02.2009, 14:43:04";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "Trojan horse BackDoor.Agent.SQI";"C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP782\A0098024.exe";"Moved to Virus Vault";"28.02.2009, 14:43:03";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "Adware Generic.GHN";"C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP782\A0098023.exe";"Moved to Virus Vault";"28.02.2009, 14:42:57";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "Adware Generic.GHN";"C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP782\A0098018.exe";"Moved to Virus Vault";"28.02.2009, 14:42:51";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "Virus found Win32/PolyCrypt";"C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP782\A0098015.exe";"Moved to Virus Vault";"28.02.2009, 14:42:49";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "Trojan horse BackDoor.Agent.SQI";"C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP761\A0094687.exe";"Moved to Virus Vault";"28.02.2009, 14:42:12";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "Runtime packed fsg";"C:\Program Files\GRETECH\GomPlayer\Dodge.dll";"Added to PUP exceptions";"28.02.2009, 14:33:24";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "Virus identified Win32/Themida";"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QP4TRCJB\x[2]";"Moved to Virus Vault";"28.02.2009, 14:24:57";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "Virus identified Win32/Themida";"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QP4TRCJB\x[1]";"Moved to Virus Vault";"28.02.2009, 14:24:56";"File";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "Trojan horse Generic3.TF";"C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP782\A0098014.exe";"Moved to Virus Vault";"27.02.2009, 13:22:33";"File";"C:\WINDOWS\system32\svchost.exe" "Trojan horse Generic3.TF";"C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP782\A0098014.exe";"Infected";"27.02.2009, 11:54:59";"File";"C:\WINDOWS\system32\svchost.exe" "Virus identified Win32/Themida";"C:\WINDOWS\system32\fa.exe";"Moved to Virus Vault";"27.02.2009, 10:21:02";"File";"C:\WINDOWS\system32\svchost.exe" "Runtime packed upack";"C:\Program Files\ACD Systems\ACDSee\8.0\ACDSee8.exe";"Added to PUP exceptions";"26.02.2009, 12:05:20";"File";"C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe" "Runtime packed upack";"C:\Program Files\ACD Systems\ACDSee\8.0\ACDSee8.exe";"Added to PUP exceptions";"26.02.2009, 12:04:42";"File";"C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe" "Virus identified Win32/Themida";"C:\WINDOWS\system32\mq.exe";"Infected";"26.02.2009, 11:50:15";"File";"C:\WINDOWS\system32\svchost.exe" "Virus identified Win32/Themida";"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V09PDN11\x[1]";"Infected";"26.02.2009, 11:50:09";"File";"C:\WINDOWS\system32\svchost.exe" "Trojan horse Generic3.TF";"C:\Program Files\GetData\Recover My Files\RecoverMyFiles.exe";"Moved to Virus Vault";"26.02.2009, 8:27:12";"File";"C:\WINDOWS\system32\rundll32.exe" "Virus found Win32/PolyCrypt";"C:\Documents and Settings\User\winpad23.exe";"Infected";"26.02.2009, 8:26:54";"File";"C:\WINDOWS\explorer.exe" "Trojan horse BackDoor.Agent.SQI";"C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe";"Deleted";"26.02.2009, 8:26:27";"File";"C:\WINDOWS\explorer.exe" "Virus identified Win32/Themida";"C:\WINDOWS\System32\ng.exe";"Moved to Virus Vault";"26.02.2009, 8:22:48";"File";"C:\WINDOWS\System32\svchost.exe"

Profil

bobby Poslao: 02 Mar 2009 12:20 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

bojanp Poslao: 02 Mar 2009 12:49 Idi na vrh
offline bojanp Građanin Pridružio: 28 Feb 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-26.02 - User 2009-03-02 12:40:31.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.93 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\zastita racunara\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning enabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 ))))))))))))))))))))))))))))))) . 2009-03-02 11:22 . 2009-03-02 11:22 <DIR> d-------- c:\program files\Trend Micro 2009-02-28 16:05 . 2009-03-02 11:22 <DIR> d-------- C:\USBNoRisk 2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes 2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-28 14:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-28 14:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-27 07:11 . 2009-02-27 07:12 <DIR> d-------- c:\program files\Trojan Remover 2009-02-27 07:11 . 2009-02-27 07:11 <DIR> d-------- c:\documents and settings\User\Application Data\Simply Super Software 2009-02-27 07:11 . 2009-02-27 12:18 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-27 07:11 . 2009-02-27 07:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-02-27 07:11 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2009-02-27 07:11 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2009-02-27 07:11 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2009-02-27 07:11 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll 2009-02-27 07:11 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2009-02-26 08:23 . 2009-03-02 12:31 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-02-26 07:42 . 2009-03-02 12:36 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 1 2009-02-26 07:42 . 2009-02-26 07:42 0 --a------ c:\windows\nsreg.dat 2009-02-26 07:39 . 2009-03-02 07:09 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-02-26 07:39 . 2009-02-26 07:51 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-02-26 07:39 . 2009-02-26 07:51 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-02-26 07:39 . 2009-02-26 07:51 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-02-26 07:38 . 2009-02-26 07:38 <DIR> d-------- c:\program files\AVG 2009-02-26 07:38 . 2009-02-26 07:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2004-06-09 14:03 832,728 ----a-w c:\program files\NPSWF32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "NCLaunch"="c:\windows\NCLAUNCH.EXe" [2006-09-15 40960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-26 1601304] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-15 1214856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-26 07:51 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.i263"= i263_32.drv "msacm.imc"= imc32.acm "msacm.divxa32"= msaud32_divx.acm "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-26 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-26 107272] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-26 903960] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-26 298264] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] S3 Baic2ickpwm;Baic2ickpwm; [x] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2007-03-12 19034] S3 ulusbc;NEC 616 CONTROL Driver;c:\windows\system32\drivers\ulusbc.sys [2006-05-09 43264] S3 ulusbe;NEC 616 ENUMERATION Driver;c:\windows\system32\drivers\ulusbe.sys [2006-05-09 12928] S3 ulusbm;NEC 616 Modem Driver;c:\windows\system32\drivers\ulusbm.sys [2006-05-09 36352] S3 ulusbo;NEC 616 OBEX Port Driver;c:\windows\system32\drivers\ulusbo.sys [2006-05-09 33920] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\o8r94e3e.default\ FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-03-02 12:41:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql] "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER" . Completion time: 2009-03-02 12:42:58 ComboFix-quarantined-files.txt 2009-03-02 11:42:56 Pre-Run: 56,646,270,976 bytes free Post-Run: 56,773,758,976 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 137

Profil

bobby Poslao: 02 Mar 2009 12:58 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ciji je sada ovo racunar? Ovo nije ni jedan od dva racunara koja ti je helen1 resavao skoro. Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: Baic2ickpwm` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bojanp Poslao: 02 Mar 2009 13:11 Idi na vrh
offline bojanp Građanin Pridružio: 28 Feb 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! mreza je cudo, ulecu kao ludi Dopuna: 02 Mar 2009 13:11 ComboFix 09-02-26.02 - User 2009-03-02 12:57:03.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.177 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\zastita racunara\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning enabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Baic2ickpwm ((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 ))))))))))))))))))))))))))))))) . 2009-03-02 11:22 . 2009-03-02 11:22 <DIR> d-------- c:\program files\Trend Micro 2009-02-28 16:05 . 2009-03-02 11:22 <DIR> d-------- C:\USBNoRisk 2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes 2009-02-28 14:22 . 2009-02-28 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-28 14:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-28 14:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-27 07:11 . 2009-02-27 07:12 <DIR> d-------- c:\program files\Trojan Remover 2009-02-27 07:11 . 2009-02-27 07:11 <DIR> d-------- c:\documents and settings\User\Application Data\Simply Super Software 2009-02-27 07:11 . 2009-02-27 12:18 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-02-27 07:11 . 2009-02-27 07:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-02-27 07:11 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2009-02-27 07:11 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2009-02-27 07:11 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2009-02-27 07:11 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll 2009-02-27 07:11 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2009-02-26 08:23 . 2009-03-02 12:31 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-02-26 07:42 . 2009-03-02 12:42 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 1 2009-02-26 07:42 . 2009-02-26 07:42 0 --a------ c:\windows\nsreg.dat 2009-02-26 07:39 . 2009-03-02 07:09 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-02-26 07:39 . 2009-02-26 07:51 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-02-26 07:39 . 2009-02-26 07:51 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-02-26 07:39 . 2009-02-26 07:51 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-02-26 07:38 . 2009-02-26 07:38 <DIR> d-------- c:\program files\AVG 2009-02-26 07:38 . 2009-02-26 07:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2004-06-09 14:03 832,728 ----a-w c:\program files\NPSWF32.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "NCLaunch"="c:\windows\NCLAUNCH.EXe" [2006-09-15 40960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-26 1601304] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-15 1214856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-26 07:51 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.i263"= i263_32.drv "msacm.imc"= imc32.acm "msacm.divxa32"= msaud32_divx.acm "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "msacm.l3fhg"= mp3fhg.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-26 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-26 107272] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-26 903960] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-26 298264] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2007-03-12 19034] S3 ulusbc;NEC 616 CONTROL Driver;c:\windows\system32\drivers\ulusbc.sys [2006-05-09 43264] S3 ulusbe;NEC 616 ENUMERATION Driver;c:\windows\system32\drivers\ulusbe.sys [2006-05-09 12928] S3 ulusbm;NEC 616 Modem Driver;c:\windows\system32\drivers\ulusbm.sys [2006-05-09 36352] S3 ulusbo;NEC 616 OBEX Port Driver;c:\windows\system32\drivers\ulusbo.sys [2006-05-09 33920] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\o8r94e3e.default\ FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-03-02 13:01:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql] "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER" . ------------------------ Other Running Processes ------------------------ . c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe . ************************************************************************ . Completion time: 2009-03-02 13:03:30 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-02 12:03:27 ComboFix2.txt 2009-03-02 11:43:00 Pre-Run: 56,768,126,976 bytes free Post-Run: 56,693,956,608 bytes free 152

Profil

bobby Poslao: 02 Mar 2009 13:25 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ja ne vidim nista vise sporno. Ima li na oko vidljivih simptoma? Javlja li tvoj AV jos nesto?

Profil

bojanp Poslao: 02 Mar 2009 13:29 Idi na vrh
offline bojanp Građanin Pridružio: 28 Feb 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! za sada nista, hvala jos jednom. Postavicu u novom topiku nesto sto mi je nog blokirao a dolazi sa mreze, da pogledas jer izgleda je tu negde problem

Profil

bobby Poslao: 02 Mar 2009 13:43 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hajde jos samo deinstaliraj ComboFix: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

MyCity » Ambulanta -> Arhiva Ambulante » trojan:(

Ko je trenutno na forumu

Ukupno su 1055 korisnika na forumu :: 56 registrovanih, 4 sakrivenih i 995 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Air_Force_82, AleksSE, amadeus, Arhiv, Ata81, avijacija, bojan581, Boskovic, ccoogg123, Deki Duga Devetka, del boy, dule10savic, Egzekutor13, EXIT78, Goran_, Jozo74, kinez88, lcc, Leonov, LUDI, m0nstrum_, marko308, mercedesamg, Mig 29, milanovic, milenko crazy north, Milija Mimovic, Mzee, N.e.m.a.nj.a., Naum T, Novakomp, novator, Pale2025, Petar888, predragc, PrincipL, rakivan, redstar72, RS28, ruger357, s0ne, sekretar, Sićko, sombrero, SOVO515, Su 57, Superastro, US_Rank_0, Valter071, vaso1, Vatreni Zmaj, voja64, vuksa72, XRF_d, Zrcalo, ZZZ

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by