TrojanDownloader.Dadobra.CP

TrojanDownloader.Dadobra.CP

offline
  • Pridružio: 02 Jun 2007
  • Poruke: 19

Logfile of HijackThis v1.99.1
Scan saved at 10:15:57, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\StopHid.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Documents and Settings\Administrator\Desktop\Problem\ResavanjeProblema.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [StopHid] StopHid.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

Imam AVG koji posle skeniranja ne prikazuje nista neobicno ali spyware doctor je pronasao trojanca iz naslova i odradio sam sa njim uklanjanje. Cini mi se da je sistem malo usporen a firefox nesto sporije otvara pocetnu stranicu. Takodje kad odem na link softpedie firefox obavezno prekida vezu. Da li je ovo neki problem?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Postavljeni logfile je čist, no možemo odraditi još jednu dodatnu proveru.



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 02 Jun 2007
  • Poruke: 19

ComboFix 08-07-26.1 - Administrator 2008-07-27 12:28:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.157 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-26 19:31 . 2008-07-26 19:31 <DIR> d-------- C:\Program Files\mEliteSoftware
2008-07-26 10:22 . 2008-07-26 10:40 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-26 10:22 . 2008-07-26 10:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-07-26 10:22 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-26 10:22 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-26 10:22 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-26 10:22 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-26 00:36 . 2008-07-27 12:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-22 22:29 . 2008-07-22 22:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVS4YOU
2008-07-22 22:28 . 2008-07-22 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-07-22 22:27 . 2008-07-23 00:33 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-07-22 22:27 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-07-22 22:27 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-07-22 22:27 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-07-22 22:27 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-07-22 19:37 . 2008-07-22 20:08 <DIR> d-------- C:\Temp
2008-07-22 19:01 . 2004-11-18 11:49 45,534 --a------ C:\WINDOWS\system32\drivers\eusk3usb.sys
2008-07-22 19:01 . 2004-11-18 11:49 45,277 --a------ C:\WINDOWS\system32\drivers\skeyusb.sys
2008-07-22 19:01 . 2004-11-18 11:49 24,786 --a------ C:\WINDOWS\system32\drivers\eusk2par.sys
2008-07-22 17:45 . 2008-07-22 17:45 <DIR> d-------- C:\Program Files\MSECache
2008-07-22 14:28 . 2008-07-22 14:28 <DIR> d-------- C:\Scenes
2008-07-22 14:28 . 2008-07-22 19:14 <DIR> d-------- C:\KD
2008-07-21 21:44 . 2008-07-21 21:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-07-21 21:32 . 2008-07-21 21:32 0 --a------ C:\WINDOWS\iPlayer.INI
2008-07-21 15:07 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-07-21 15:06 . 2008-07-21 15:07 <DIR> d-------- C:\Program Files\The Rosetta Stone
2008-07-20 22:40 . 2008-07-20 22:41 656 --a------ C:\WINDOWS\xpa194.xct
2008-07-20 22:09 . 2008-07-20 22:16 <DIR> d-------- C:\Program Files\CONTACT
2008-07-20 20:26 . 2008-07-20 20:26 22 --a------ C:\WINDOWS\benson.INI
2008-07-20 20:18 . 2008-07-20 20:18 200,104 ---h----- C:\treeinfo.wc
2008-07-20 20:12 . 2008-07-20 20:26 <DIR> d-------- C:\Program Files\Morton Benson
2008-07-20 20:11 . 2008-07-20 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-20 19:31 . 2008-07-20 19:31 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-19 20:18 . 2008-07-19 20:18 <DIR> d-------- C:\Program Files\CCleaner
2008-07-19 14:24 . 2008-07-26 21:00 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-19 14:24 . 2008-07-19 14:24 <DIR> d-------- C:\Program Files\AVG
2008-07-19 14:24 . 2008-07-25 22:36 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-19 14:24 . 2008-07-19 22:35 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-19 14:24 . 2008-07-19 22:35 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-07-19 14:24 . 2008-07-19 22:35 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-16 09:50 . 2008-07-16 09:50 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-15 21:06 . 2008-07-15 21:06 1,964 --a------ C:\WINDOWS\ST5UNST.000
2008-07-15 18:12 . 2008-07-15 18:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-07-02 14:09 . 2008-07-19 15:19 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-01 17:44 . 2008-07-01 17:44 <DIR> d-------- C:\OS
2008-07-01 14:44 . 2008-07-01 14:44 812,086 --a------ C:\WINDOWS\ACD Wallpaper.bmp
2008-07-01 13:12 . 2008-07-19 14:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 10:19 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-07-27 09:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-27 07:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-07-25 21:01 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-19 12:02 --------- d-----w C:\Program Files\URUSoft
2008-07-19 12:01 --------- d-----w C:\Program Files\Google
2008-07-02 12:09 --------- d-----w C:\Program Files\UltraISO
2008-07-01 13:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-07-01 11:08 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-01 11:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-27 15:36 --------- d-----r C:\Program Files\TypingMaster
2008-06-15 08:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-03 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 11:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-28 11:36 --------- d-----w C:\Program Files\a.e.t. europe b.v
2008-03-21 17:50 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2005-09-09 06:40 56 --sh--r C:\WINDOWS\system32\9E08AB8B01.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:37 21898024]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-10-15 16:19 2582288]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 14:17 1937408]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 20:17 222592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 12:13 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 12:14 69632]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 08:37 217088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016]
"PVR Agent"="C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe" [2006-04-15 00:11 759296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 18:00 98304]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-25 22:36 1235736]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 23:12 577536 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2004-12-27 16:02 550912 C:\WINDOWS\mHotkey.exe]
"StopHid"="StopHid.exe" [2003-10-06 10:22 40960 C:\WINDOWS\StopHid.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Remote Control.lnk - C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe [2007-10-11 11:43:59 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-19 22:35]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-25 22:36]
R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-25 22:36]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-25 22:36]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-19 22:35]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 16:19]
R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2006-09-07 15:17]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2004-11-18 11:49]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2004-08-04 00:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ec89210-77e1-11dc-abc3-001617d29728}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-RegistryMechanic - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.com/
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
C:\WINDOWS\Downloaded Program Files\SGCMSCCD.DLL


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-27 12:30:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
Completion time: 2008-07-27 12:31:18
ComboFix-quarantined-files.txt 2008-07-27 10:31:14

Pre-Run: 14,518,337,536 bytes free
Post-Run: 14,672,814,080 bytes free

168



Ne znam da li sam dobro odradio jer je windows izbacio prozor da ne moze da otvori neki fajl jer ne prepoznaje program koji treba da ga otvori (tu sam samo odradio opciju cancel) a onda je i spyware doctor isto izbacio da je neki tojanac u pitanju pa sam ga iskljucio i onda je combo odradio do kraja ovaj .txt izvestaj.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Čist log. Ovde nema malware-a.

Obriši folder C:\qoobox


Pominješ probleme sa Firefox-om - pokušaj sa instalacijom najnovije verzije, možda pomogne.

offline
  • Pridružio: 02 Jun 2007
  • Poruke: 19

Ok, zahvaljujem na extra brzim odgovorima - stvarno ste najbolji!

Obrisao C:\qoobox, da li je potrebno da deinstaliram ComboFix? Takodje sta da uradim sa new folderom koji sam napravio zbog prvog programa HiJack, da li i to da brisem - deinstaliram i kako?

Sto se tice FireFox-a imam instaliranu verziju 3 Beta4, ima li nesto novije?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Deinstalacija CF-a bi ti obrisala sve stare System Restore tačke (što je poželjno ako je kompjuter bio inficiran).
Pošto ja ovde ne vidim nikakav trag malware-a, smatram da za tim nema potrebe.

Folder u kome se nalazi HijackThis možeš obrisati.

Firefox 3 je, koliko znam, izašao iz beta faze, tako da bi trebalo da postoji novija verzija.

offline
  • Pridružio: 02 Jun 2007
  • Poruke: 19

Obrisan folder sa HijackThis, za CF cu da razmislim, nisu mi potrebne stare Restore tacke uopste.

U svakom slucaju problem nije bio, izvinjavam se na oduzimanju vremena i veliko HVALA.

pozzz

Ko je trenutno na forumu
 

Ukupno su 626 korisnika na forumu :: 21 registrovanih, 4 sakrivenih i 601 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bato, bladesu, Brada i Gibanica, brundo65, dejoglina, DonRumataEstorski, dragoljub11987, ekozelj, ILGromovnik, karevski, kybonacci, mikki jons, nemkea71, Ognjen D., opt1, PEGIN, QStorm, Sass Drake, sovanova95, Steeeefan, VJ