Možda tražite i:
Trojan horse BackDoor Generic_r.EO
Trojan Generic BT
problem sa trojan.generic resen{valjda}

MyCity » Ambulanta -> Arhiva Ambulante » Trojan.BackDoor.Generic_r.EO

Trojan.BackDoor.Generic_r.EO

Napisano na dan: 15.2.2009

Trojan.BackDoor.Generic_r.EO

Sledeća strana

Pagination

Odgovori

teMplaryum Poslao: 15 Feb 2009 12:59 Idi na vrh
offline teMplaryum Novi MyCity građanin Pridružio: 15 Feb 2009 Poruke: 1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozz, Muci me vec nekoliko dana. Sa vremena na vreme cujem kako klikce modem, kao da je u pitanju dialer, a AVG mi stalno prijavljuje zarazene fajlove u Temp direktorjumu (npr. xxx.EXE, x je cifra). Elem, outputi slede: ------------------------------------------------- hijackthis.log ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:47:59, on 15.2.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ksenija\Desktop\Takmicenje\TR3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Windows Video Drivers] C:\RECYCLER\S-1-5-21-5288718441-8513211206-132098279-6573\winlogon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7179 bytes ------------------------------------------------- ComboFix.txt (dobijen po uputstvima sa mycity.rs/Ambulanta/Trojan-horse-BackDoor-Generic-r-EO.html) ------------------------------------------------- ComboFix 09-02-14.01 - Ksenija 2009-02-15 12:39:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.512 [GMT 1:00] Running from: c:\documents and settings\Ksenija\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\winlogon.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 ))))))))))))))))))))))))))))))) . 2009-02-14 10:58 . 2009-02-14 10:58 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-14 10:58 . 2009-02-14 12:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-13 10:10 . 1980-01-01 00:00 92,208 -ra------ c:\windows\system32\WING.DLL 2009-02-13 10:10 . 1980-01-01 00:00 12,800 -ra------ c:\windows\system32\WING32.DLL 2009-02-13 10:09 . 1980-01-01 00:00 188,960 -ra------ c:\windows\system\WINGDE.DLL 2009-02-13 10:09 . 1980-01-01 00:00 92,208 -ra------ c:\windows\system\WING.DLL 2009-02-13 10:09 . 1980-01-01 00:00 12,800 -ra------ c:\windows\system\WING32.DLL 2009-02-13 10:09 . 1980-01-01 00:00 6,992 -ra------ c:\windows\system\DISPDIB.DLL 2009-02-13 10:09 . 1980-01-01 00:00 6,736 -ra------ c:\windows\system\WINGDIB.DRV 2009-02-13 10:09 . 1980-01-01 00:00 5,024 -ra------ c:\windows\system\WINGPAL.WND 2009-02-13 10:09 . 1980-01-01 00:00 1,966 -ra------ c:\windows\system\DVA.386 2009-02-13 09:43 . 1996-12-11 03:00 32,768 --------- c:\windows\SKUNINST.EXE 2009-02-13 09:43 . 1996-12-26 03:00 31,744 --------- c:\windows\SonicKUS.DLL 2009-02-13 09:43 . 1996-12-11 03:00 22,528 --------- c:\windows\MsgV2US.DLL 2009-02-13 09:42 . 2009-02-13 10:09 <DIR> d-------- C:\SEGA 2009-02-13 09:42 . 1994-09-16 14:00 792,576 --a------ c:\windows\system32\mfc30d.dll 2009-02-13 09:42 . 2009-02-13 09:43 355 --a------ c:\windows\Sonic3K.INI 2009-02-13 09:42 . 2009-02-13 09:42 27 --a------ C:\beavis.bmh 2009-02-11 10:54 . 2009-02-11 12:24 174 --a------ c:\windows\wcx_ftp.ini 2009-02-11 10:52 . 2009-02-11 10:53 <DIR> d-------- C:\totalcmd 2009-02-11 10:52 . 2009-02-11 12:24 602 --a------ c:\windows\wincmd.ini 2009-02-11 10:52 . 2008-07-29 07:04 545 --a------ c:\windows\UC.PIF 2009-02-11 10:52 . 2008-07-29 07:04 545 --a------ c:\windows\RAR.PIF 2009-02-11 10:52 . 2008-07-29 07:04 545 --a------ c:\windows\PKZIP.PIF 2009-02-11 10:52 . 2008-07-29 07:04 545 --a------ c:\windows\PKUNZIP.PIF 2009-02-11 10:52 . 2008-07-29 07:04 545 --a------ c:\windows\NOCLOSE.PIF 2009-02-11 10:52 . 2008-07-29 07:04 545 --a------ c:\windows\LHA.PIF 2009-02-11 10:52 . 2008-07-29 07:04 545 --a------ c:\windows\ARJ.PIF 2009-02-02 19:51 . 2009-02-02 19:51 <DIR> d-------- c:\program files\Interplay 2009-02-02 19:51 . 2009-02-02 19:51 <DIR> d-------- c:\documents and settings\Ksenija\WINDOWS 2009-02-02 19:51 . 1998-01-23 12:22 304,128 --a------ c:\windows\IsUninst.exe 2009-01-27 18:02 . 2009-01-27 18:02 <DIR> d-------- c:\program files\Common Files\INCA Shared 2009-01-27 18:00 . 2003-07-21 04:17 5,174 --a------ c:\windows\system32\nppt9x.vxd 2009-01-27 18:00 . 2005-01-04 19:43 4,682 --a------ c:\windows\system32\npptNT2.sys 2009-01-20 16:13 . 2009-01-20 16:19 <DIR> d-------- c:\program files\McDonaldsFairies 2009-01-20 12:23 . 2009-01-20 12:29 <DIR> d-------- c:\program files\McDonaldsDragons 2009-01-19 01:00 . 2009-01-19 01:00 <DIR> d-------- c:\program files\MSXML 4.0 2009-01-17 11:42 . 2009-01-17 11:42 <DIR> d-------- c:\documents and settings\Ksenija\Application Data\Samsung 2009-01-17 11:33 . 2009-01-17 16:54 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers 2009-01-17 11:33 . 2009-01-17 11:33 <DIR> d-------- c:\program files\DIFX 2009-01-17 11:33 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll 2009-01-17 11:33 . 2007-05-02 11:11 109,704 --a------ c:\windows\system32\drivers\ss_mdm.sys 2009-01-17 11:33 . 2007-05-02 11:11 83,592 --a------ c:\windows\system32\drivers\ss_bus.sys 2009-01-17 11:33 . 2007-05-02 11:11 15,112 --a------ c:\windows\system32\drivers\ss_mdfl.sys 2009-01-17 11:33 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_whnt.sys 2009-01-17 11:33 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_wh.sys 2009-01-17 11:33 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_cmnt.sys 2009-01-17 11:33 . 2007-05-02 11:11 12,424 --a------ c:\windows\system32\drivers\ss_cm.sys 2009-01-17 11:33 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico 2009-01-17 11:32 . 2009-01-17 11:32 <DIR> d-------- c:\program files\Samsung 2009-01-17 11:32 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-13 20:10 --------- d-----w c:\documents and settings\Ksenija\Application Data\FrostWire 2009-02-13 17:47 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-02-13 17:46 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-13 17:46 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-02-13 17:46 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-02-11 11:25 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-11 10:08 --------- d-----w c:\documents and settings\Ksenija\Application Data\uTorrent 2009-01-29 21:20 --------- d-----w c:\program files\AskBarDis 2009-01-17 10:38 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-17 10:38 --------- d-----w c:\program files\Common Files\Adobe 2009-01-02 21:21 --------- d-----w c:\documents and settings\Ksenija\Application Data\Canon 2008-12-31 14:54 --------- d-----w c:\program files\iStar 2008-12-30 09:51 --------- d-----w c:\program files\Musicnotes 2008-12-26 09:30 --------- d-----w c:\documents and settings\Ksenija\Application Data\gtk-2.0 2008-12-16 19:12 --------- d-----w c:\program files\eRightSoft 2008-12-16 19:12 --------- d-----w c:\program files\AviSynth 2.5 2008-11-17 18:31 502,272 ----a-w c:\windows\system32\winlogon.exe 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll . ------- Sigcheck ------- 2008-11-17 19:31 502272 6e8ca4fcb30282f216f5db9dd58a5f81 c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-08 22:08 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-09-08 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-09-08 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-06 68856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Windows Video Drivers"="c:\recycler\S-1-5-21-5288718441-8513211206-132098279-6573\winlogon.exe" [2009-02-11 89600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-13 1601304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-13 18:46 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "msacm.divxa32"= msaud32_divx.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "d:\\Dile i Momo\\Games\\Adventures\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-18 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-18 107272] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-18 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-18 298264] R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\phtvtune.sys [2008-11-17 24608] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-23 33752] S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adf76d69-b4d7-11dd-b8fd-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adf76d6a-b4d7-11dd-b8fd-806d6172696f}] \Shell\AutoRun\command - F:\setup.exe . - - - - ORPHANS REMOVED - - - - HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe HKLM-Run-POINTER - point32.exe . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uSearch Page = [Link mogu videti samo ulogovani korisnici] uSearch Bar = [Link mogu videti samo ulogovani korisnici] uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici] IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Ksenija\Application Data\Mozilla\Firefox\Profiles\yuu1smrs.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - about:neterror?e=query&u= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-02-15 12:40:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-02-15 12:41:35 ComboFix-quarantined-files.txt 2009-02-15 11:41:28 Pre-Run: 1.023.037.440 bytes free Post-Run: 1,038,258,176 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 197 --- E O F --- 2009-02-11 11:27:14 ------------------------------------------------- Hvala unapred, Dimitrije

Profil

dr_Bora Poslao: 15 Feb 2009 13:53 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav Dimitrije... Poslednja stvar koju treba da radiš je da pratiš uputstva data drugima. Vaši problemi su daleko od istih. Aktiviraj prikaz skrivenih file-ova/foldera: [Link mogu videti samo ulogovani korisnici] Skini sledeću arhivu: [Link mogu videti samo ulogovani korisnici] Raspakuj arhivu u sledeći folder: C:\WINDOWS\system32\dllcache Znači, nakon ovoga gore treba da postoji file: C:\WINDOWS\system32\dllcache\winlogon.exe Nakon toga dvoklikom pokreni ComboFix i postavi log koji dobiješ.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojan.BackDoor.Generic_r.EO

Ko je trenutno na forumu

Ukupno su 987 korisnika na forumu :: 58 registrovanih, 3 sakrivenih i 926 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Apok, Arshavin, Asteker, bojcistv, Bombarder, Botovac, CCCP, Centauro, Chainsaw, dejan1972, Djokislav, doktor097, Dukelander, Electron, fijufijukrozkapiju55, g_g, gajca1977, Halabit, ILGromovnik, Jaz, king111, Kozi-RS, kreker, Kruger, kulus, Malahit, Marko1238, MarkoW, maxim_von_burdengate, mercedesamg, milbos, milenko crazy north, Mis uz pusku, Mldo, Mrav Obrad, mrav pesadinac, nemkea71, Nobunaga, ozzy, Petarvu, punto, Qvazimodo, raster12, royst33, ruma, s0ne, Sale0501, Sharpshooter, spot4chulle, tvlada, ulogovan, Vanderx, Vlad000, vrlenija, ween, YugoSlav, zgoljo, ZlatniRez

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by