Možda tražite i:
W32.Spybot.Worm,BackDoor.IRC.Bot i W32.Harakit da li je reg?
IRC klient!
irc script&firewall...

MyCity » Ambulanta -> Arhiva Ambulante » Backdoor.IRC.ZGE

Backdoor.IRC.ZGE

Napisano na dan: 18.2.2009

Strana:
1
2
3

Backdoor.IRC.ZGE

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

caca nikitovic Poslao: 18 Feb 2009 15:15 Idi na vrh
offline caca nikitovic Novi MyCity građanin Pridružio: 18 Feb 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:22:50, on 19.2.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe C:\Program Files\FWT Wireless Connect\FWTConnect.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Documents and Settings\Korisnik\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = as.starware.com/dp/search?product=ssearch&a.....src_id=406 (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {12f85003-1f21-488f-ae45-d6239fc1f029} - C:\Program Files\Starware406\bin\Starware406.dll (file missing) O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\jccatch.dll (file missing) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\getflash.dll (file missing) O3 - Toolbar: Starware Casual Games Toolbar - {45a2e207-6bba-49e0-bce2-e2542f0ad7b7} - C:\Program Files\Starware406\bin\Starware406.dll (file missing) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunServices: [Paner cPanle] cPanele.com O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [hohohhaha] C:\WINDOWS\system32\dk\calling.com O4 - HKCU\..\Run: [windows service firewall] C:\RECYCLER\S-1-5-21-1864628071-2133632385-330520986-2593\isl.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet.exe (file missing) O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....7446189140 O17 - HKLM\System\CCS\Services\Tcpip\..\{38A82974-FC18-4693-8430-A788DEFAE750}: NameServer = 212.200.191.166 212.200.190.166 O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\qxchost.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Service Starter: Lerex (SRVStarter_Lerex) - Eng. Usama El-Mokadem - C:\WINDOWS\system32\Juchdp.exe O23 - Service: Service Starter: nerw (SRVStarter_nerw) - Eng. Usama El-Mokadem - C:\WINDOWS\system32\Juchdp.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 8476 bytes Postovanje za eksperte! Imam problem za koji se nadam da nije veliki. Pomenuti virus je otkriven na sl. lokaciji C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe Bitdefender ga je prepoznao ali nije uspeo da ga otkloni. Cak sam htela da izbrisem taj folder ali nije moguce. Inace otkriven je jos pre mozda 2 meseca ali nije bilo smetnji u radu racunara, pa sam ga ignorisala. Ali sada, kada se konektujem s vremena na vreme se otvara prozorcic Personal Settings - prazan i za 3-4 sekunde izbaci na kratko lokaciju RECYCLER... i ugasi se sam od sebe (nema one dugmice u uglu). Desava se da ako je otvoren neki folder, zatvara i njega. Sta da mu radim??????????????

Profil

diarno Poslao: 18 Feb 2009 15:32 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Pre sledeceg postupka iskljuci Bitdefender; Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

caca nikitovic Poslao: 20 Feb 2009 14:35 Idi na vrh
offline caca nikitovic Novi MyCity građanin Pridružio: 18 Feb 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-19.01 - Korisnik 2009-02-21 14:18:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.610 [GMT 1:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Starware406 c:\documents and settings\All Users\Application Data\Starware406\buttons\1270_button_1b_def.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\1271_button_1b_def.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\1271_button_1b_over.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\Button_50.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\Button_60.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\Button_70.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\FindIt.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\FindItHot.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\findithotxp.png c:\documents and settings\All Users\Application Data\Starware406\buttons\finditxp.png c:\documents and settings\All Users\Application Data\Starware406\buttons\logo.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\logoxp.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\Weather.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\WeatherHot.bmp c:\documents and settings\All Users\Application Data\Starware406\buttons\weatherhotxp.png c:\documents and settings\All Users\Application Data\Starware406\buttons\weatherxp.png c:\documents and settings\All Users\Application Data\Starware406\contexts\error.xml c:\documents and settings\All Users\Application Data\Starware406\contexts\Related.xml c:\documents and settings\All Users\Application Data\Starware406\contexts\Travel.xml c:\documents and settings\All Users\Application Data\Starware406\images\walertXP.bmp c:\documents and settings\All Users\Application Data\Starware406\SimpleUpdate\ProductMessagingConfig.xml c:\documents and settings\All Users\Application Data\Starware406\SimpleUpdate\ProductMessagingConfig.xml.backup c:\documents and settings\All Users\Application Data\Starware406\SimpleUpdate\SimpleUpdateConfig.xml c:\documents and settings\All Users\Application Data\Starware406\SimpleUpdate\SimpleUpdateConfig.xml.backup c:\documents and settings\All Users\Application Data\Starware406\SimpleUpdate\TimerManagerConfig.xml c:\documents and settings\All Users\Application Data\Starware406\SimpleUpdate\TimerManagerConfig.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406 c:\documents and settings\Korisnik\Application Data\Starware406\BrowserSearch\BrowserSearch.xml c:\documents and settings\Korisnik\Application Data\Starware406\BrowserSearch\BrowserSearch.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\Button_5\Button_5Options.xml c:\documents and settings\Korisnik\Application Data\Starware406\Button_5\Button_5Options.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\Button_6\Button_6Options.xml c:\documents and settings\Korisnik\Application Data\Starware406\Button_6\Button_6Options.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\Button_7\Button_7Options.xml c:\documents and settings\Korisnik\Application Data\Starware406\Button_7\Button_7Options.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\Casual_Games_News\Casual_Games_NewsOptions.xml c:\documents and settings\Korisnik\Application Data\Starware406\Casual_Games_News\Casual_Games_NewsOptions.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\Configurator\Configurator.xml c:\documents and settings\Korisnik\Application Data\Starware406\Configurator\Configurator.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\ErrorSearch\ErrorSearchOptions.xml c:\documents and settings\Korisnik\Application Data\Starware406\ErrorSearch\ErrorSearchOptions.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\Layouts\ToolbarLayout.xml c:\documents and settings\Korisnik\Application Data\Starware406\Layouts\ToolbarLayout.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\Manager\ManagerOptions.xml c:\documents and settings\Korisnik\Application Data\Starware406\Manager\ManagerOptions.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\Play_Games\Play_GamesOptions.xml c:\documents and settings\Korisnik\Application Data\Starware406\Play_Games\Play_GamesOptions.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\RelatedSearch\RelatedSearchOptions.xml c:\documents and settings\Korisnik\Application Data\Starware406\RelatedSearch\RelatedSearchOptions.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\Toolbar\TBProductsOptions.xml c:\documents and settings\Korisnik\Application Data\Starware406\Toolbar\TBProductsOptions.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\ToolbarLogo\ToolbarLogoOptions.xml c:\documents and settings\Korisnik\Application Data\Starware406\ToolbarLogo\ToolbarLogoOptions.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\ToolbarSearch\ToolbarSearchOptions.xml c:\documents and settings\Korisnik\Application Data\Starware406\ToolbarSearch\ToolbarSearchOptions.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\TravelSearch\TravelSearchOptions.xml c:\documents and settings\Korisnik\Application Data\Starware406\TravelSearch\TravelSearchOptions.xml.backup c:\documents and settings\Korisnik\Application Data\Starware406\Weather\AlertArchive.xml c:\documents and settings\Korisnik\Application Data\Starware406\Weather\WeatherOptions.xml c:\documents and settings\Korisnik\Application Data\Starware406\Weather\WeatherOptions.xml.backup c:\program files\Starware406 c:\program files\Starware406\icons\star_16.ico c:\program files\Starware406\icons\Thumbs.db c:\program files\Starware406\Starware406Config.xml c:\program files\Starware406\Starware406Uninstall.exe c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MICROSOFT_AGENT -------\Service_Microsoft Agent ((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 ))))))))))))))))))))))))))))))) . 2009-02-19 12:18 . 2009-02-19 12:24 5,637,845 --a------ c:\program files\youtubedownloader.exe 2009-02-18 18:03 . 2009-02-18 18:03 <DIR> d-------- c:\program files\Secunia 2009-02-18 17:47 . 2009-02-18 17:47 <DIR> d-------- c:\program files\EA Games 2009-02-10 15:13 . 2009-02-10 15:13 <DIR> d-------- c:\windows\Sun 2009-02-10 15:12 . 2009-02-10 15:12 <DIR> d-------- c:\program files\Java 2009-02-10 15:12 . 2009-02-10 15:12 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-10 15:12 . 2009-02-10 15:12 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-10 15:00 . 2009-02-10 15:00 607,640 --a------ C:\xpiinstall-6u11-fcs-bin-b90-windows-i586-25_nov_2008(2).exe 2009-02-01 19:31 . 2009-02-18 17:48 620 --a------ c:\windows\eReg.dat 2009-01-28 21:52 . 2009-01-28 21:52 <DIR> d-------- c:\program files\Oberon Media 2009-01-28 21:52 . 2009-01-28 21:52 <DIR> d-------- c:\program files\Common Files\Oberon Media 2009-01-28 14:19 . 2009-01-28 14:19 287 --a------ c:\windows\EReg072.dat 2009-01-28 14:18 . 2009-01-28 14:18 <DIR> d-------- c:\program files\Electronic Arts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-21 13:10 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender 2009-02-18 17:05 --------- d-----w c:\program files\YouTube Downloader 2009-02-18 16:49 12,464 ----a-w c:\windows\system32\drivers\secdrv.sys 2009-01-28 20:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-03 15:47 1,851,544 ----a-w C:\install_flash_player.exe 2008-10-26 21:39 583 ----a-w c:\program files\Default.jcd 2008-10-26 21:34 275 ----a-w c:\program files\FGUpdate3.ini 2008-10-26 21:34 1,098 ----a-w c:\program files\fgbhocfg.ini 2008-10-26 21:34 0 ----a-w c:\program files\FGUpdate2.ini 2008-10-26 21:34 0 ----a-w c:\program files\Default.bk1 2008-08-11 18:09 424 ----a-w c:\program files\fgres1.ini 2007-09-25 09:33 22,486 ----a-w c:\program files\cd.ico 2007-09-25 09:29 18,296 ----a-w c:\program files\WHATSNEW.TXT 2008-11-18 16:45 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-11-18 16:45 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-11-18 16:45 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-11-18 16:45 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-11-18 16:45 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2007-03-23 14:52 56,552 --sha-w c:\windows\system32\Juchdp.exe 2008-07-01 06:07 18,988 --sha-w c:\windows\system32\ortecxar.pif 2008-07-01 07:11 391 --sha-w c:\windows\system32\vburcs.cmd 2008-07-17 19:53 4,673 --sha-w c:\windows\system32\wrda.sys . ------- Sigcheck ------- 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\tcpip.sys 2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\system32\dllcache\tcpip.sys 2004-08-03 22:14 359040 6a603809f598332dbedd535bdbce313e c:\windows\system32\drivers\tcpip.sys 2004-08-03 23:56 2114048 abb26a155bc1e404bead274fd7549475 c:\windows\explorer.exe 2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 c:\windows\FlyakiteOSX\Backup\explorer.exe 2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 c:\windows\FlyakiteOSX\TempFiles\explorer.exe 2008-04-14 01:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\explorer.exe 2004-08-03 23:56 2114048 abb26a155bc1e404bead274fd7549475 c:\windows\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-12 1722880] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 136600] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.EXE] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "SMSERIAL"="sm56hlpr.exe" [2004-12-28 c:\windows\sm56hlpr.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Korisnik\Start Menu\Programs\Startup\ Y'z Toolbar.lnk - c:\windows\BricoPacks\Longhorn Inspirat\YzToolBar\YzToolBar.exe [2002-09-29 90112] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.AP41"= APmpg4v1.dll "msacm.divxa32"= DivXa32.acm "msacm.l3codec"= L3codecp.acm "vidc.xvid"= xvid.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0smrgdf c:\program files\iolo\System Mechanic 5" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "d:\\igrarije\\Warcraft III\\Warcraft III.exe"= R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys [2008-05-12 133120] S2 SRVStarter_Lerex;Service Starter: Lerex;c:\windows\system32\Juchdp.exe [2008-07-02 56552] S2 SRVStarter_nerw;Service Starter: nerw;c:\windows\system32\Juchdp.exe [2008-07-02 56552] S3 Nec7d3;Nec7d3; [x] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-10-27 7808] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64e58a74-b6f4-11dc-a8a2-81599d0b2bab}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs . - - - - ORPHANS REMOVED - - - - HKCU-Run-hohohhaha - c:\windows\system32\dk\calling.com HKCU-Run-windows service firewall - c:\recycler\S-1-5-21-1864628071-2133632385-330520986-2593\isl.exe HKLM-Run-Device Detector - DevDetect.exe HKLM-RunServices-Paner cPanle - cPanele.com . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore IE: &Download All with FlashGet - c:\program files\jc_all.htm IE: &Download with FlashGet - c:\program files\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\1he95k9q.default\ FF - prefs.js: browser.startup.homepage - FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-21 14:21:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SRVStarter_Lerex] "ImagePath"="\"c:\windows\system32\Juchdp.exe\" /Name:SRVStarter_Lerex /App:\"c:\WINNT\system32\Juchde.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SRVStarter_nerw] "ImagePath"="\"c:\windows\system32\Juchdp.exe\" /Name:SRVStarter_nerw /App:\"c:\WINDOWS\system32\Juchde.exe\"" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-839522115-1659004503-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(740) c:\windows\system32\SETUPAPI.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(796) c:\windows\system32\SETUPAPI.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\ACD Systems\EN\DevDetect.exe c:\windows\system32\wscntfy.exe . ************************************************************************* . Completion time: 2009-02-21 14:24:49 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-21 13:24:47 Pre-Run: 12.672.917.504 bytes free Post-Run: 12,640,243,712 bytes free 241 --- E O F --- 2008-11-29 15:44:07 Pozdrav, evo i ovog izvestaja!

Profil

diarno Poslao: 20 Feb 2009 20:53 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ukljuci prikaz skrivenih fajlova : http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html I uploaduj mi sledeci fajl : c:\windows\system32\Juchdp.exe Preko sledece forme : http://www.mycity.rs/ambulanta-upload.php

Profil

caca nikitovic Poslao: 21 Feb 2009 14:51 Idi na vrh
offline caca nikitovic Novi MyCity građanin Pridružio: 18 Feb 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Gotovo! Uploadovala sam ga!

Profil

diarno Poslao: 21 Feb 2009 17:15 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A sad mi uploaduj : c:\WINDOWS\system32\Juchde.exe

Profil

caca nikitovic Poslao: 21 Feb 2009 17:40 Idi na vrh
offline caca nikitovic Novi MyCity građanin Pridružio: 18 Feb 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vec jesam, vise puta. Izasla je poruka da sam "uspesno uploadovala i da obavestim lice koje mi pomaze".

Profil

diarno Poslao: 21 Feb 2009 17:43 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da, ali ovaj sad koji ti trazim se razlikuje od onog prethodnog

Profil

caca nikitovic Poslao: 21 Feb 2009 22:37 Idi na vrh
offline caca nikitovic Novi MyCity građanin Pridružio: 18 Feb 2009 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Taj fajl nemam?!

Profil

diarno Poslao: 22 Feb 2009 00:32 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sorry, ovo se malo oduzilo jer imam neku nedoumicu oko odredjenih fajlova, pa pokusavam sa kolegama da nadjem optimalno resenje Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\ortecxar.pif c:\windows\system32\wrda.sys c:\windows\system32\Juchdp.exe c:\WINDOWS\system32\Juchde.exe Driver:: SRVStarter_Lerex SRVStarter_nerw Nec7d3 Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64e58a74-b6f4-11dc-a8a2-81599d0b2bab}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Backdoor.IRC.ZGE

Ko je trenutno na forumu

Ukupno su 951 korisnika na forumu :: 36 registrovanih, 11 sakrivenih i 904 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, Bobrock1, bojank, cavatina, cikadeda, Danijel99, Dimitrije Paunovic, djboj, Djokkinen, DonRumataEstorski, DPera, dragoljub11987, drimer, Georgius, gorican, JimmyNapoli, Kaplar2, Karla, Koridor, Kubovac, ladro, loon123, lucko1, Mercury, milenko crazy north, Milometer, Mixelotti, ozzy, Rogan33, S-lash, Sirius, Tvrtko I, Webb, x9, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by