MyCity » Ambulanta -> Arhiva Ambulante » Trojan Horse Packed.Protector.C

Trojan Horse Packed.Protector.C

Napisano na dan: 14.12.2009

Trojan Horse Packed.Protector.C

Sledeća strana

Pagination

Odgovori

vuduu Poslao: 14 Dec 2009 00:59 Idi na vrh
offline vuduu Novi MyCity građanin Pridružio: 14 Dec 2009 Poruke: 1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pozdrav,imam problem sa gore navedenim virusom,pokusao sam da ga izbrisem sa 10 antivirusa i nije nista pomoglo...Koristim adsl 4mb na laptopu preko wifi..Evo log file sam uradio preko programa DDS. DDS (Ver_09-12-01.01) - NTFSx86 Run by Milos Scekic at 0:37:01.96 on Mon 12/14/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.765.82 [GMT 1:00] AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\T-Mobile Internet Manager\UIExec.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\av_md.exe C:\Documents and Settings\Milos Scekic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Milos Scekic\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL$ASI\Binn\sqlservr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\System32\alg.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = [Link mogu videti samo ulogovani korisnici] uSearch Page = [Link mogu videti samo ulogovani korisnici] mSearchAssistant = [Link mogu videti samo ulogovani korisnici] BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [Google Update] "c:\documents and settings\milos scekic\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [reader_s] c:\documents and settings\milos scekic\reader_s.exe uRun: [av_md] c:\documents and settings\milos scekic\av_md.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TouchPadHotKey] c:\program files\fsc\touchpad hotkey utility\TouchPad_HotKey.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [UIExec] "c:\program files\t-mobile internet manager\UIExec.exe" mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [av_md] c:\windows\system32\av_md.exe mRun: [Regedit32] c:\windows\system32\regedit.exe mRun: [reader_s] c:\windows\system32\reader_s.exe mRun: [sysgif32] c:\windows\temp\~TMF.tmp StartupFolder: c:\docume~1\miloss~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\documents and settings\milos scekic\start menu\programs\startup\siszyd32.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\fsc\wireless utility\WirelessSelector.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [Link mogu videti samo ulogovani korisnici] Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\miloss~1\applic~1\mozilla\firefox\profiles\y3ygl0je.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici] FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll FF - plugin: c:\documents and settings\milos scekic\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-1 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-1 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-1 108552] =============== Created Last 30 ================ 2009-12-13 23:36:42 524288 ----a-w- C:\dds.scr 2009-12-13 23:35:06 15872 ----a-w- C:\pr6432.exe 2009-12-13 23:27:34 1 ----a-w- c:\documents and settings\milos scekic\oashdihasidhasuidhiasdhiashdiuasdhasd 2009-12-13 23:24:00 1316 ----a-w- C:\ComboFix.exe 2009-12-13 23:14:38 147616 -c--a-w- c:\windows\system32\dllcache\atapi.sys 2009-12-13 14:20:21 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat 2009-12-12 21:03:46 0 ----a-w- c:\windows\system32\drivers\vmxbjwze.sys 2009-12-02 10:06:03 27708 ----a-w- c:\windows\system32\av_md.exe 2009-12-02 10:05:59 20 ----a-w- c:\docume~1\miloss~1\applic~1\fvgqad.dat 2009-12-01 17:22:56 4 ----a-w- c:\docume~1\miloss~1\applic~1\avdrn.dat 2009-11-30 15:47:51 42496 ----a-w- C:\MENADZMENT - okvirna pitanja za I kolokvijum.doc 2009-11-30 15:47:19 83968 ----a-w- C:\Okvirni set pitanja iz Ekonomije.doc 2009-11-30 14:38:58 0 d-----w- c:\docume~1\alluse~1\applic~1\id Software 2009-11-30 14:38:03 3987456 ----a-w- C:\QuakeLiveNP_277.msi ==================== Find3M ==================== 2009-12-13 23:14:38 147616 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-12-01 17:28:18 182912 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-11-30 15:25:31 214488 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-11-30 14:39:18 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-11-30 14:39:14 2373712 ----a-w- c:\windows\system32\pbsvc.exe 2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll 2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-25 05:56:36 662016 ----a-w- c:\windows\system32\wininet.dll 2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-16 15:42:22 52083 ----a-w- c:\program files\EULA.eng ============= FINISH: 0:42:25.67 =============== [Link mogu videti samo ulogovani korisnici]

Profil

diarno Poslao: 14 Dec 2009 11:05 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema druge..zao mi je..imas fajl infektora novije generacije..imas rootkit novije generacije...Imas par trojanaca..crva...Sve bi to moglo da se sredi da nije fajl infektora... [Link mogu videti samo ulogovani korisnici]

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Trojan Horse Packed.Protector.C

Ko je trenutno na forumu

Ukupno su 1263 korisnika na forumu :: 81 registrovanih, 12 sakrivenih i 1170 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 015, 33 bren, 4. Ozrenska, A.R.Chafee.Jr., AirSremac, AK - 230, aleph_one, alke12, Ares12356, AS, Asparagus, Belac91, Ben Roj, Bosnjo, boxbole, branko7, bunker, Car89, damir55555, dankisha, darionis, Deki Duga Devetka, Denaya, Dimitrise93, Dioniss, DonRumataEstorski, DrNeoCortex, Duh sa sekirom, dusanobr, Džekson, famoso, GeoM, gobrad, goran.vvv, Grebostrek, GveX, Hans Gajger, HogarStrashni, igorkozar83, jarovitt, jodzula, jon istvan, K-1A, Koser, Kriglord, Krin, Kruger, Krusarac, LostInSpaceandTime, Magarac, MaschinenPistole, mercedesamg, Miki01, Miki281, MiloradKomadic, mladen.zovko, Otto Grunf, proka89, rakivan, RommelBL, sabros, saputnik plavetnila, sasa87, Sirius, sslay, StalniPromatrač, Stevan Visoki, stingD, strn, tamno.nebo, tritonus, Tvrtko I, varda, vidra boy, Vlada78, Wehicle, zzapNDjuric99, Đurđevdan, 1107, 79693, 223223

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by