Trojan horse SHeur2.ZBD

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pre par dana pri pokusaju da se ulogujem na SBB nalog, pojavio mi se Trojan horse SHeur2.ZDB koji ne mogu da uklonim, naravno, a smesten je u system32 i System Volume Information. Da li postoji drugi nacin brisanja istog sem reinstalacije kompa? Evo u prilogu i loga:


DDS (Ver_09-11-24.02) - NTFSx86
Run by Milena at 23:20:17.54 on Thu 11/26/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.28 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Milena\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.mini20.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [ATI Launchpad] "c:\program files\ati multimedia\main\launchpd.exe"
uRun: [ATI DeviceDetect] c:\program files\ati multimedia\main\ATIDtct.EXE
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\milena\applic~1\mozilla\firefox\profiles\50yn6ieh.default\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-1-1 97408]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-31 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-31 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-31 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-31 285392]
R3 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [2009-10-31 13824]

=============== Created Last 30 ================


==================== Find3M ====================

2009-10-31 10:00:29 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 23:20:46.03 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png


Unapred hvala na pomoci!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo i ComboFix loga:

ComboFix 09-11-26.02 - Milena 11/27/2009 18:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.229 [GMT 1:00]
Running from: c:\documents and settings\Milena\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.

2009-11-26 17:05 . 2009-11-26 17:05 235520 ----a-w- c:\documents and settings\Milena\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-11-26 17:05 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Milena\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-11-23 16:22 . 2009-11-23 16:22 -------- d-----w- C:\DeltaBanka
2009-11-22 22:32 . 2009-11-22 22:32 0 ----a-w- c:\windows\nsreg.dat
2009-11-22 22:32 . 2009-11-22 22:32 -------- d-----w- c:\documents and settings\Milena\Local Settings\Application Data\Mozilla
2009-11-22 08:32 . 2009-10-31 19:21 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-11-21 19:37 . 2009-11-21 19:37 -------- d-----w- c:\program files\JoWooD
2009-11-21 04:36 . 2009-11-21 04:36 -------- d-----w- c:\documents and settings\Milena\Application Data\vlc
2009-11-21 04:32 . 2009-11-21 04:32 -------- d-----w- c:\program files\VideoLAN
2009-11-20 22:39 . 2009-11-20 22:48 -------- d-----w- c:\program files\eMule
2009-11-17 00:23 . 2009-11-17 00:23 -------- d-----w- c:\program files\QuickTime
2009-11-16 23:40 . 2009-11-16 23:40 -------- d-----w- c:\program files\FDRLab
2009-11-16 22:44 . 2009-11-16 22:44 -------- d-----w- c:\program files\Passware
2009-11-13 08:06 . 2009-11-13 08:06 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-13 08:06 . 2009-11-13 08:06 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-13 08:06 . 2009-11-10 08:09 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-13 08:06 . 2009-11-10 08:09 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-13 08:06 . 2009-11-10 08:09 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-13 08:06 . 2009-10-31 19:21 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-10 08:09 . 2009-10-31 19:22 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-11-10 08:08 . 2009-11-10 08:08 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-10 08:08 . 2009-10-31 19:21 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-11-08 01:46 . 2009-11-08 01:46 -------- d-----w- c:\program files\YouTube Downloader
2009-11-05 20:23 . 2009-11-22 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-11-05 20:16 . 2009-11-22 09:29 -------- d-----w- c:\program files\Autodesk
2009-11-05 20:16 . 2009-11-22 09:29 -------- d-----w- c:\documents and settings\Milena\Local Settings\Application Data\Autodesk
2009-11-05 20:13 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-11-05 17:54 . 2009-11-05 17:54 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-05 17:53 . 2009-11-05 17:54 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-11-05 17:53 . 2009-11-05 18:24 -------- d-----w- c:\documents and settings\Milena\Application Data\DAEMON Tools Lite
2009-11-05 17:53 . 2009-11-05 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-11-05 16:26 . 2009-11-17 23:13 -------- d-----w- c:\documents and settings\Milena\Application Data\BitTorrent
2009-11-05 16:26 . 2009-11-05 16:26 -------- d-----w- c:\program files\BitTorrent
2009-11-04 21:22 . 2009-11-27 16:31 -------- d-----w- c:\documents and settings\Milena\Application Data\ATI MMC
2009-11-04 21:20 . 2009-11-17 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI MMC
2009-11-04 21:11 . 2009-11-04 21:11 -------- d-----w- c:\program files\Common Files\ATI
2009-11-04 21:11 . 2009-11-04 21:11 -------- d-----w- c:\program files\ATI Multimedia
2009-11-04 21:10 . 2009-11-04 21:10 -------- d-----w- c:\windows\Downloaded Installations
2009-11-04 21:08 . 2009-11-04 21:08 -------- d-----w- c:\program files\msaccrt
2009-11-04 18:23 . 2009-11-04 18:23 9158 ----a-r- c:\documents and settings\Milena\Application Data\Microsoft\Installer\{2EAB346D-6073-4FD7-AFC0-B035ABC82A67}\ARPPRODUCTICON.exe
2009-11-04 18:23 . 2009-11-04 18:23 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-11-04 18:23 . 2009-11-04 18:23 -------- d-----w- c:\program files\DIFX
2009-11-04 18:23 . 2009-11-04 18:23 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-04 18:23 . 2009-11-04 18:23 -------- d-----w- c:\program files\USB TV
2009-11-04 18:22 . 2009-11-04 18:22 -------- d-----w- c:\documents and settings\Milena\Application Data\InstallShield
2009-11-04 13:21 . 2009-11-06 11:03 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-11-04 13:21 . 2009-11-04 13:21 8 --sh--r- c:\documents and settings\All Users\Application Data\CA775620AE.sys
2009-11-04 13:21 . 2009-11-22 09:33 -------- d-----w- c:\documents and settings\Milena\Application Data\Corel
2009-11-04 01:07 . 2009-11-04 01:07 -------- d-----w- c:\documents and settings\Milena\Application Data\AdobeUM
2009-11-04 01:03 . 2009-11-04 01:03 -------- d-----w- c:\windows\Cache
2009-11-02 23:38 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-11-02 23:37 . 2009-11-02 23:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-02 23:36 . 2009-11-02 23:37 -------- d-----w- c:\windows\SHELLNEW
2009-11-02 23:36 . 2009-11-02 23:36 -------- d-----w- c:\program files\Microsoft.NET
2009-11-02 23:34 . 2009-11-02 23:34 -------- d-----r- C:\MSOCache
2009-11-02 23:14 . 2008-04-14 04:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-11-02 23:12 . 2008-04-14 04:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2009-11-02 23:09 . 2007-08-10 19:46 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-11-02 23:08 . 2009-11-02 23:08 -------- d-----w- c:\windows\EHome
2009-11-02 18:00 . 2009-11-02 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-11-02 17:54 . 2009-11-02 17:54 -------- d-----w- c:\documents and settings\Milena\Local Settings\Application Data\Downloaded Installations
2009-11-02 16:52 . 2009-11-02 16:52 -------- d-----w- c:\documents and settings\Milena\Application Data\GRETECH
2009-11-02 16:51 . 2009-11-02 16:51 -------- d-----w- c:\program files\GRETECH
2009-11-01 01:08 . 2009-11-22 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-11-01 00:58 . 2009-11-01 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-11-01 00:40 . 2009-11-04 13:18 -------- d-----w- c:\documents and settings\Milena\Local Settings\Application Data\Adobe
2009-11-01 00:37 . 2009-11-01 00:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-01 00:31 . 2009-11-04 01:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-31 23:19 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-31 23:19 . 2004-08-03 23:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-31 23:19 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-31 21:28 . 2009-11-22 21:10 38808 ----a-w- c:\documents and settings\Milena\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 21:27 . 2009-11-04 21:16 -------- d-----w- c:\documents and settings\Milena\Local Settings\Application Data\ATI
2009-10-31 21:27 . 2009-11-04 21:16 -------- d-----w- c:\documents and settings\Milena\Application Data\ATI
2009-10-31 21:27 . 2009-10-31 21:27 129 ----a-w- c:\documents and settings\Milena\Local Settings\Application Data\fusioncache.dat
2009-10-31 21:27 . 2009-11-04 21:16 -------- d-----w- c:\documents and settings\Milena\Local Settings\Application Data\ApplicationHistory
2009-10-31 21:00 . 2004-08-25 11:52 516096 ------w- c:\windows\system32\ati2sgag.exe
2009-10-31 20:59 . 2009-11-04 21:17 -------- d-----w- c:\program files\ATI Technologies
2009-10-31 20:56 . 2009-10-31 20:56 -------- d-----w- C:\ATI
2009-10-31 20:54 . 2009-10-31 20:54 -------- d-----w- c:\windows\system32\URTTEMP
2009-10-31 20:36 . 2009-10-31 20:36 -------- d-----w- c:\program files\Common Files\NVIDIA Shared
2009-10-31 20:36 . 2009-11-04 21:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-31 20:36 . 2009-10-31 20:36 -------- d-----w- c:\program files\NVIDIA Corporation
2009-10-31 20:36 . 2004-05-20 09:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2009-10-31 20:36 . 2004-06-18 13:57 172032 ----a-w- c:\windows\system32\nvuide.exe
2009-10-31 20:35 . 2004-01-29 01:22 159744 ----a-w- c:\windows\system32\nvuenet.exe
2009-10-31 20:35 . 2004-06-24 17:57 172032 ----a-w- c:\windows\system32\nvusmb.exe
2009-10-31 20:35 . 2004-06-24 17:57 172032 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-31 20:35 . 2004-06-24 17:57 172032 ----a-w- c:\windows\system32\nvumctl.exe
2009-10-31 20:35 . 2004-04-27 14:22 172032 ----a-w- c:\windows\system32\nvugart.exe
2009-10-31 20:34 . 2009-10-31 21:00 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-31 20:34 . 2009-10-31 20:34 -------- d-----w- C:\NVIDIA
2009-10-31 19:37 . 2009-10-31 19:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-31 19:37 . 2009-11-27 17:21 -------- d-----w- c:\documents and settings\Milena\Application Data\skypePM
2009-10-31 19:36 . 2009-11-27 17:28 -------- d-----w- c:\documents and settings\Milena\Application Data\Skype
2009-10-31 19:36 . 2009-10-31 19:36 -------- d-----w- c:\program files\Common Files\Skype
2009-10-31 19:36 . 2009-10-31 19:36 -------- d-----r- c:\program files\Skype
2009-10-31 19:36 . 2009-10-31 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-31 19:29 . 2009-10-31 19:29 -------- d-----w- c:\documents and settings\Milena\Local Settings\Application Data\Opera
2009-10-31 19:29 . 2009-10-31 19:29 -------- d-----w- c:\program files\Opera
2009-10-31 19:23 . 2009-10-16 11:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-10-31 19:22 . 2009-11-04 11:02 -------- d-----w- C:\$AVG
2009-10-31 19:22 . 2009-10-31 19:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-31 19:22 . 2009-11-10 08:09 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-31 19:22 . 2009-10-31 19:22 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-31 19:22 . 2009-10-31 19:22 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-31 19:22 . 2009-11-27 17:14 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-31 19:22 . 2009-10-31 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-31 19:21 . 2009-10-31 19:21 -------- d-----w- c:\program files\AVG
2009-10-31 19:21 . 2009-10-31 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-31 18:27 . 2009-10-31 18:27 -------- d-----w- c:\documents and settings\Milena\Local Settings\Application Data\Identities
2009-10-31 18:25 . 2009-10-31 18:25 -------- d-s---w- c:\documents and settings\Milena\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 17:27 . 2009-11-04 17:24 -------- d-----w- c:\documents and settings\Milena\Application Data\Winamp
2009-11-04 17:27 . 2009-11-04 17:24 -------- d-----w- c:\program files\Winamp
2009-11-02 23:21 . 2009-10-31 10:02 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-31 10:03 . 2009-10-31 10:03 -------- d-----w- c:\program files\microsoft frontpage
2009-10-31 10:00 . 2009-10-31 10:00 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 11:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2005-03-18 102400]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2005-03-18 53248]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-17 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2009-11-4 81997]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-31 19:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [1/1/2004 1:34 AM 97408]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/31/2009 8:22 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/31/2009 8:22 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/31/2009 8:21 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/31/2009 8:21 PM 285392]
R3 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [10/31/2009 11:43 AM 13824]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/5/2009 6:54 PM 691696]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.mini20.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
FF - ProfilePath - c:\documents and settings\Milena\Application Data\Mozilla\Firefox\Profiles\50yn6ieh.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{24cc1362-11c6-4918-a2c0-b9ee5a563185} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE UninstallGUI



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-11-27 18:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-11-27 18:41
ComboFix-quarantined-files.txt 2009-11-27 17:41

Pre-Run: 8,973,967,360 bytes free
Post-Run: 11,030,134,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E29D78CE7C5733B3237337C3C3CBE9A0

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo sve izgleda OK.

Kada ti se pojavi to obavestenje o Trojancu?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 27 Nov 2009 19:37

Pri svakom restartu kompa, a zatim i pri prekidanju sleep moda. AVG ga navodno obrise ali samo "privremeno" jer se pojavi ponovo. Evo saljem i Prt SCR za svaki slucaj.

Dopuna: 27 Nov 2009 19:39

Ups, zaboravih na fajl :-)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preporucio bih ti da instaliras Firewall.

Inace komp je cist.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK i hvala puno!