TR/Drroper.Gen Trojan

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pomoć kako da se rešim dotičnog, hvala?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:15 PM, on 5/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\meda\Desktop\tf4\tf4.exe

O2 - BHO: IEocx Class - {06ec6572-7280-485a-a712-c380526bc048} - C:\WINDOWS\ieocx.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{209C6F72-27CF-4355-B40F-8EDA15BD5D7E}: NameServer = 89.216.49.4 82.117.194.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{209C6F72-27CF-4355-B40F-8EDA15BD5D7E}: NameServer = 89.216.49.4 82.117.194.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{209C6F72-27CF-4355-B40F-8EDA15BD5D7E}: NameServer = 89.216.49.4 82.117.194.2
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3139 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,

Klikni desnim tasterom na Avira ikonicu ( ) u donjem, desnom uglu ekrana i deštikliraj AntiVir Guard Enable.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

----------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-05-12.02 - meda 05/12/2009 21:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.719 [GMT 2:00]
Running from: c:\documents and settings\meda\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: ZoneAlarm Pro Firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://winpcdown99.com
.
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-11 20:01 . 2009-05-11 20:01 -------- d--h--w c:\windows\system32\GroupPolicy
2009-05-11 17:54 . 2009-05-11 17:54 -------- d-----w c:\program files\GSpot
2009-05-11 15:23 . 2009-05-11 15:23 -------- d-----w c:\documents and settings\meda\Local Settings\Application Data\Sunbelt Software
2009-05-11 15:13 . 2009-05-11 16:05 -------- d-----w c:\documents and settings\meda\Application Data\Lavasoft
2009-05-11 08:13 . 2009-05-11 08:14 -------- d-----w c:\program files\Winamp
2009-05-11 08:13 . 2009-05-11 08:40 -------- d-----w c:\documents and settings\meda\Application Data\Winamp
2009-05-11 07:37 . 2009-05-11 07:37 -------- d-----w C:\DriveKey
2009-05-08 18:08 . 2009-05-08 18:08 -------- d-----w c:\documents and settings\meda\Application Data\Alien Skin
2009-05-08 16:48 . 2009-05-08 16:54 -------- d-----w c:\program files\New Folder
2009-05-08 16:24 . 2007-03-21 18:39 1060864 ----a-w c:\windows\system32\MFC71.DLL
2009-05-08 16:24 . 2009-05-08 16:24 -------- d-----w c:\program files\Symantec
2009-05-07 21:02 . 2009-05-07 21:02 -------- d-----w c:\documents and settings\meda\Local Settings\Application Data\ACD Systems
2009-05-07 21:02 . 2009-05-07 21:02 -------- d-----w c:\documents and settings\meda\Application Data\ACD Systems
2009-05-07 19:31 . 2009-05-07 19:31 -------- d-----w c:\documents and settings\meda\Application Data\Publish Providers
2009-05-07 19:31 . 2009-05-11 18:07 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-07 19:31 . 2009-05-11 17:57 -------- d-----w c:\documents and settings\meda\Application Data\Sony
2009-05-07 19:31 . 2009-05-07 19:31 -------- d-----w c:\documents and settings\meda\Local Settings\Application Data\Sony
2009-05-07 11:50 . 2009-05-07 11:50 -------- d-----w c:\documents and settings\meda\Local Settings\Application Data\Ahead
2009-05-07 10:24 . 2009-05-07 10:24 -------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-07 10:24 . 2009-05-07 10:25 -------- d-----w c:\program files\Common Files\ACD Systems
2009-05-07 10:24 . 2009-05-07 10:24 -------- d-----w c:\program files\ACD Systems
2009-05-07 10:20 . 2009-05-07 10:20 -------- d-----w c:\program files\Vstplugins
2009-05-07 10:20 . 2009-05-07 10:20 -------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-05-07 10:19 . 2009-05-07 10:19 -------- d-----w c:\program files\Sony
2009-05-07 10:04 . 2009-05-07 10:04 -------- d-----w c:\program files\MSBuild
2009-05-07 10:04 . 2009-05-07 10:04 434392 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-07 10:01 . 2009-05-07 10:01 -------- d-----w c:\documents and settings\meda\Local Settings\Application Data\Downloaded Installations
2009-05-07 10:01 . 2009-05-07 10:01 -------- d-----w c:\windows\system32\XPSViewer
2009-05-07 10:00 . 2009-05-07 10:00 -------- d-----w c:\program files\Reference Assemblies
2009-05-07 09:59 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-05-07 09:59 . 2006-10-16 14:10 23856 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-07 08:25 . 2009-05-09 17:46 -------- d-----w c:\program files\Unlocker
2009-05-07 08:22 . 2009-05-07 08:22 -------- d-----w c:\program files\Common Files\EZB Systems
2009-05-07 08:22 . 2009-05-07 08:22 -------- d-----w c:\program files\UltraISO
2009-05-07 08:21 . 2009-05-07 08:21 -------- d-----w c:\documents and settings\meda\Application Data\Sony Setup
2009-05-07 08:20 . 2009-05-07 08:20 -------- d-----w c:\program files\Everstrike Software
2009-05-07 08:20 . 2009-05-07 08:20 -------- d-----w c:\program files\Common Files\Everstrike Software
2009-05-07 08:14 . 2009-05-07 08:15 -------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-05-07 08:13 . 2009-05-07 08:13 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-07 07:36 . 2004-03-02 15:37 125184 ------w c:\windows\system32\drivers\imagesrv.sys
2009-05-07 07:36 . 2004-03-02 15:37 5504 ------w c:\windows\system32\drivers\imagedrv.sys
2009-05-07 07:35 . 2000-06-26 09:45 106496 ----a-w c:\windows\system32\TwnLib20.dll
2009-05-07 07:35 . 2004-07-26 15:16 262144 ------w c:\windows\system32\ImagXR7.dll
2009-05-07 07:35 . 2004-07-26 15:16 471040 ------w c:\windows\system32\ImagXRA7.dll
2009-05-07 07:35 . 2004-07-26 15:16 476320 ------w c:\windows\system32\ImagXpr7.dll
2009-05-07 07:35 . 2004-07-26 15:16 1568768 ------w c:\windows\system32\ImagX7.dll
2009-05-07 07:35 . 2001-07-09 09:50 155648 ----a-w c:\windows\system32\NeroCheck.exe
2009-05-07 07:35 . 2009-05-07 07:35 -------- d-----w c:\program files\Common Files\Ahead
2009-05-07 07:35 . 2009-05-07 07:35 -------- d-----w c:\program files\Ahead
2009-05-07 06:48 . 2009-05-07 06:49 -------- d-----w c:\windows\system32\ZoneLabs
2009-05-07 06:48 . 2009-05-07 06:48 -------- d-----w c:\program files\Zone Labs
2009-05-07 06:41 . 2009-05-07 06:41 -------- d-----w c:\documents and settings\meda\Application Data\Symantec
2009-05-07 06:41 . 2009-05-07 06:41 -------- d-----w c:\documents and settings\meda\Local Settings\Application Data\Symantec_Corporation
2009-05-06 23:00 . 2009-05-06 23:00 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-06 22:29 . 2009-05-08 16:54 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-06 22:18 . 2009-05-08 17:13 -------- d-----w c:\documents and settings\meda\Local Settings\Application Data\Adobe
2009-05-06 22:16 . 2009-05-06 22:16 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-05-06 22:09 . 2001-05-11 18:54 -------- d-----w c:\program files\Common Files\Adobe
2009-05-06 21:33 . 2009-03-24 14:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-06 21:33 . 2009-05-06 21:33 -------- d-----w c:\program files\Avira
2009-05-06 21:33 . 2009-05-06 21:33 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-06 15:01 . 2004-08-03 23:15 60800 ----a-w c:\windows\system32\drivers\sysaudio.sys
2009-05-06 15:01 . 2004-08-03 23:07 6400 ----a-w c:\windows\system32\drivers\splitter.sys
2009-05-06 15:01 . 2004-08-03 22:39 142464 ----a-w c:\windows\system32\drivers\aec.sys
2009-05-06 15:01 . 2004-08-03 23:07 2944 ----a-w c:\windows\system32\drivers\drmkaud.sys
2009-05-06 15:01 . 2004-08-03 22:58 4992 ----a-w c:\windows\system32\drivers\MSPQM.sys
2009-05-06 15:01 . 2001-08-17 14:00 54272 ----a-w c:\windows\system32\drivers\swmidi.sys
2009-05-06 15:01 . 2004-08-03 23:07 52864 ----a-w c:\windows\system32\drivers\DMusic.sys
2009-05-06 15:01 . 2004-08-03 23:15 82944 ----a-w c:\windows\system32\drivers\wdmaud.sys
2009-05-06 15:01 . 2004-08-03 23:07 171776 ----a-w c:\windows\system32\drivers\kmixer.sys
2009-05-06 15:01 . 2004-08-03 22:58 7552 ----a-w c:\windows\system32\drivers\MSKSSRV.sys
2009-05-06 15:01 . 2004-08-03 22:58 5376 ----a-w c:\windows\system32\drivers\MSPCLOCK.sys
2009-05-06 15:01 . 2001-08-17 13:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-05-06 15:00 . 2004-08-03 22:59 57472 ----a-w c:\windows\system32\drivers\redbook.sys
2009-05-06 15:00 . 2001-08-17 14:00 2944 ----a-w c:\windows\system32\drivers\msmpu401.sys
2009-05-06 15:00 . 2004-08-03 21:15 145792 -c--a-w c:\windows\system32\dllcache\portcls.sys
2009-05-06 15:00 . 2004-08-03 21:15 145792 ----a-w c:\windows\system32\drivers\portcls.sys
2009-05-06 15:00 . 2004-08-03 22:56 4096 -c--a-w c:\windows\system32\dllcache\ksuser.dll
2009-05-06 15:00 . 2004-08-03 22:56 4096 ----a-w c:\windows\system32\ksuser.dll
2009-05-06 15:00 . 2004-08-03 21:08 60288 -c--a-w c:\windows\system32\dllcache\drmk.sys
2009-05-06 15:00 . 2004-08-03 21:08 60288 ----a-w c:\windows\system32\drivers\drmk.sys
2009-05-06 15:00 . 2004-08-03 23:08 10624 ----a-w c:\windows\system32\drivers\gameenum.sys
2009-05-06 15:00 . 2004-08-04 00:56 74240 ----a-w c:\windows\system32\usbui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 19:30 . 2009-05-08 21:00 0 ---ha-w c:\documents and settings\meda\Application Data\BIT4D54.tmp
2009-05-12 06:50 . 2009-05-12 06:50 19936766 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_05_12_08_47_40_full.dmp.zip
2009-05-12 06:32 . 2009-05-12 06:32 20028050 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_05_12_01_23_34_full.dmp.zip
2009-05-09 20:19 . 2009-05-09 20:22 2157568 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-05-09 15:15 . 2009-05-09 20:22 2123776 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-05-08 16:27 . 2009-05-08 16:26 19163389 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_05_08_18_25_35_full.dmp.zip
2009-05-08 15:09 . 2009-05-08 15:09 19081073 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_05_08_17_07_49_full.dmp.zip
2009-05-07 21:40 . 2009-05-07 21:43 1890816 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-05-07 21:40 . 2009-05-07 21:43 434688 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-05-07 15:22 . 2009-05-07 15:25 1709056 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-05-07 15:22 . 2009-05-07 15:25 598016 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-05-07 13:30 . 2009-05-06 13:20 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-07 10:26 . 2009-05-06 13:50 252160 ----a-w c:\documents and settings\meda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-06 14:28 . 2009-05-06 14:28 -------- d-----w c:\program files\Webteh
2009-05-06 14:27 . 2009-05-06 14:27 -------- d-----w c:\program files\Xvid
2009-05-06 14:27 . 2009-05-06 14:27 -------- d-----w c:\program files\DirectVobSub
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SATARAID5.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk
backup=c:\windows\pss\SATARAID5.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/6/2009 11:33 PM 108289]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys [11/19/2004 5:07 PM 101488]

--- Other Services/Drivers In Memory ---

*Deregistered* - PROCEXP113
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LFAgent - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-12 21:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-12 21:36
ComboFix-quarantined-files.txt 2009-05-12 19:36

Pre-Run: 26,263,801,856 bytes free
Post-Run: 26,441,887,744 bytes free

174

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kako ti se ispoljava problem. Imas li log od antivirusa?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 13 Maj 2009 10:27

Stalno se iznova startovao nakon svakog restarta pc-ja, av ga nije uspešno čisti. Za sad posle combofixa ga nema u tom folderu.



Avira AntiVir Personal
Report file date: Monday, May 11, 2009 21:14

Scanning for 1385351 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : meda
Computer name : MOTA-27362EE36D

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 07:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 19:33:26
ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 4/30/2009 21:51:45
ANTIVIR3.VDF : 7.1.3.178 195584 Bytes 5/8/2009 18:59:03
Engineversion : 8.2.0.166
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/6/2009 21:54:28
AESCRIPT.DLL : 8.1.1.81 385401 Bytes 5/8/2009 18:59:24
AESCN.DLL : 8.1.1.10 127348 Bytes 5/6/2009 21:54:07
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 17:24:41
AEPACK.DLL : 8.1.3.16 397686 Bytes 5/8/2009 18:59:22
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/26/2009 19:01:56
AEHEUR.DLL : 8.1.0.128 1757559 Bytes 5/8/2009 18:59:18
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/26/2009 19:01:56
AEGEN.DLL : 8.1.1.42 348531 Bytes 5/8/2009 18:59:05
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 13:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 5/6/2009 21:52:08
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 09:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 10:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 09:19:48

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: -PHISH,

Start of the scan: Monday, May 11, 2009 21:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
23 processes with 23 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S0QSQWDY\zodcr[1].gif
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WC9KKIL3\izucbusf[1].bmp
[DETECTION] Is the TR/Dropper.Gen Trojan

Beginning disinfection:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S0QSQWDY\zodcr[1].gif
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a6c7c25.qua'!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WC9KKIL3\izucbusf[1].bmp
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a7d7c30.qua'!


End of the scan: Monday, May 11, 2009 21:25
Used time: 11:11 Minute(s)

The scan has been done completely.

3274 Scanned directories
110575 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
110572 Files not concerned
1738 Archives were scanned
1 Warnings
3 Notes

Dopuna: 13 Maj 2009 11:05

Ima ovde još posla., upravo sad dva loga avire od pokušaja da se upiše nešto u folder 'C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\...

date/time 5/13/2009, 10.44.08
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CJU1ILIJ\bdjksqnr[1].png.
Action performed: Deny access

Virus or unwanted program 'HIDDENEXT/Crypted [heuristic]'
detected in file 'C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CJU1ILIJ\bdjksqnr[1].png.
Action performed: Deny access

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ja ne vidim nista sporno ovde. Avira radi svoj posao izgleda dobro.

Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok slažemo se log je čist.
Reci mi samo dali ovaj svap mogu da smanjim- C:\pagefile.sys ,koji je težak 1.5GB.Imam 1GB rama na kompu.
Hvala