[ ArtifeX @ 23.07.2011. 08:25 ] @
Juce sam bio pokpio nesto sa neta tacnije [ TR/Dropper.Gen Trojan ] skenirao sam sa Avirom samo sistemsku particiju, pocistio je sto je imao, zatim sam pustio malwarebytes da skenira sistemsku particiju, nije nasao nista, ali sam nesto i dalje sumnjicav. Ovo je sadrzaj iz DDS log file-a ako neko moze da izanalizira ima li sta mailciozno ili je sve cisto... Code: . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by Administrator at 9:02:31 on 2011-07-23 Microsoft Black 7 VIII 6.1.7600.0.1252.1.1033.18.1791.954 [GMT 2:00] . AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla\Firefox\firefox.exe C:\Windows\system32\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = https://online.bancaintesabeograd.com/Retail/default.aspx mURLSearchHooks: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll mURLSearchHooks: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll TB: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll uRun: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [P17Helper] Rundll32 P17.dll,P17Helper mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE mRun: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I mRun: [<NO NAME>] mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROCKET~1.LNK - C:\Program Files (x86)\RocketDock\RocketDock.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL Trusted Zone: bancaintesabeograd.com\online TCP: Interfaces\{0E135962-A012-4A6F-9FBD-2D3BF5FAE354} : NameServer = 172.26.22.100,8.8.8.8 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll BHO-X64: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll BHO-X64: Babylon toolbar helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: PandoraTV Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File TB-X64: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll TB-X64: PandoraTV Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [P17Helper] Rundll32 P17.dll,P17Helper mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE mRun-x64: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I mRun-x64: [(Default)] mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\86f1een7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2436433&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Firefox Extreme Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2436433&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2436433&q= FF - component: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\86f1een7.default\extensions\{2be15141-5d7c-44e4-a3bf-3196d5c46d60}\components\FFExternalAlert.dll FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\86f1een7.default\extensions\{2be15141-5d7c-44e4-a3bf-3196d5c46d60}\components\RadioWMPCore.dll FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\86f1een7.default\extensions\[email protected]\components\SnarlInterfaceMozilla.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files\Mozilla\Firefox\plugins\npVE3D.dll FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\86f1een7.default\extensions\[email protected]\plugins\npCoralIETab.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Better Gmail 2: [email protected] - %profile%\extensions\[email protected] FF - Ext: Hostname in Titlebar: bughunter2@hostnameintitlebar - %profile%\extensions\bughunter2@hostnameintitlebar FF - Ext: Chromifox Basic: [email protected] - %profile%\extensions\[email protected] FF - Ext: IE Tab +: [email protected] - %profile%\extensions\[email protected] FF - Ext: United States English Spellchecker: [email protected] - %profile%\extensions\[email protected] FF - Ext: FaviconizeTab: [email protected] - %profile%\extensions\[email protected] FF - Ext: NASA Night Launch: [email protected] - %profile%\extensions\[email protected] FF - Ext: Pronounce: [email protected] - %profile%\extensions\[email protected] FF - Ext: RapidShare DownloadHelper: [email protected] - %profile%\extensions\[email protected] FF - Ext: Strata40: [email protected] - %profile%\extensions\[email protected] FF - Ext: Tab Progress Bar: [email protected] - %profile%\extensions\[email protected] FF - Ext: Google Translator for Firefox: [email protected] - %profile%\extensions\[email protected] FF - Ext: Ubiquity: [email protected] - %profile%\extensions\[email protected] FF - Ext: MacOSX Theme: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9} - %profile%\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9} FF - Ext: ErrorZilla Plus: {03651b2d-eb7d-4be7-af1b-dc0cd162dd54} - %profile%\extensions\{03651b2d-eb7d-4be7-af1b-dc0cd162dd54} FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} FF - Ext: BlackX: {239c61a8-e55f-11db-8314-0800200c9a66} - %profile%\extensions\{239c61a8-e55f-11db-8314-0800200c9a66} FF - Ext: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - %profile%\extensions\{2be15141-5d7c-44e4-a3bf-3196d5c46d60} FF - Ext: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - %profile%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008} FF - Ext: Mozilla Archive Format: {7f57cf46-4467-4c2d-adfa-0cba7c507e54} - %profile%\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54} FF - Ext: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - %profile%\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - %profile%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: FennecFox: {989e9382-d540-4189-88d1-fc54a949a387} - %profile%\extensions\{989e9382-d540-4189-88d1-fc54a949a387} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} FF - Ext: myFireFox: {e213bb8f-8ebd-11db-96b7-005056c00008} - %profile%\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008} FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} FF - Ext: CustomizeGoogle: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} - %profile%\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb} FF - Ext: PC Sync 2 Synchronisation Extension: [email protected] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync . ============= SERVICES / DRIVERS =============== . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-25 136360] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-25 269480] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R3 P1764;Creative SB Audigy LS;C:\Windows\system32\drivers\P1764.sys --> C:\Windows\system32\drivers\P1764.sys [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-9 136176] S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-1-25 13080] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-9 136176] S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?] . =============== Created Last 30 ================ . 2011-07-22 21:44:59 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes 2011-07-22 21:44:51 -------- d-----w- C:\ProgramData\Malwarebytes 2011-07-22 21:44:48 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-22 21:35:12 -------- d-----w- C:\Users\Administrator\AppData\Local\Mozilla 2011-07-22 21:34:21 -------- d-----w- C:\Program Files\Mozilla . ==================== Find3M ==================== . 2011-07-02 10:23:26 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2011-05-14 11:55:40 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl . ============= FINISH: 9:03:15,33 =============== Sta tacno radi [ TR/Dropper.Gen Trojan ] kakvu stetu pravi i da li treda da uradim jos neki scan??? |