Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

TrojanDropper.agent.dgo.virus

[es] :: Zaštita :: TrojanDropper.agent.dgo.virus

[ Pregleda: 2942 | Odgovora: 3 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

pskibola
Petar Veliki
Škola

Član broj: 170690
Poruke: 17
*.adsl.net.t-com.hr.



Profil

icon TrojanDropper.agent.dgo.virus01.03.2008. u 10:04 - pre 196 meseci
Zna li netko kako maknuti TrojanDropper.agent.dgo.virus. Imam NOD32 ne može ga obrisati.
 
Odgovor na temu

yeljko

Član broj: 97908
Poruke: 580
87.250.119.*



+4 Profil

icon Re: TrojanDropper.agent.dgo.virus01.03.2008. u 11:53 - pre 196 meseci
Pokusaj sa Spybot Search & Destroy.
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-a-1.sezampro.yu.



+3779 Profil

icon Re: TrojanDropper.agent.dgo.virus01.03.2008. u 12:48 - pre 196 meseci
Skini HijackThis i Combofix uradi skeniranje i sa jednim i sa drugim i okachi logove ovde na temi... Dok skeniraju ne diraj tastaturu i mis... Evo linkova za skidanje:

http://download.bleepingcomputer.com/hijackthis/HiJackThis.zip

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
Odgovor na temu

kamicak

Član broj: 38051
Poruke: 630
89.110.199.*



+156 Profil

icon Re: TrojanDropper.agent.dgo.virus10.07.2008. u 18:17 - pre 192 meseci
Evo ako može meni neko da pomogne, virus je
Tr/agent.28288 , i ne mogu da ga obrišem.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50, on 2008-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Easy\TV Capture\RemoteCtl.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E1C1B31-4579-44AA-A470-872950762F9C} - C:\WINDOWS\system32\yayyVnlM.dll (file missing)
O2 - BHO: (no name) - {A8B78371-C90B-408A-9A4D-7F0578ADCEB6} - C:\WINDOWS\system32\msconf32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B67F3684-4E43-45C2-AA19-9C3B5010D29E} - C:\WINDOWS\system32\fccBuuvT.dll (file missing)
O2 - BHO: (no name) - {D95A625D-A0FC-4729-A626-B68642946481} - C:\WINDOWS\system32\jkkHWNgh.dll
O2 - BHO: (no name) - {FCD9CAC6-4F24-4111-9A4E-768648679C82} - C:\WINDOWS\system32\khfEUOFu.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: sqvgnrpx - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe /wait
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071608 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [lphce9aj0encn] C:\WINDOWS\system32\lphce9aj0encn.exe
O4 - HKLM\..\Run: [SMrhca9aj0encn] C:\Program Files\rhca9aj0encn\rhca9aj0encn.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [2ccb9429] rundll32.exe "C:\WINDOWS\system32\wcvhvgeg.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TV Capture Remote Control.lnk = C:\Program Files\Easy\TV Capture\RemoteCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: jkkHWNgh - C:\WINDOWS\SYSTEM32\jkkHWNgh.dll
O21 - SSODL: fsrpknov - {A23ABC76-D1D3-42B5-86C0-1C4F56C92EAF} - C:\WINDOWS\fsrpknov.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6028 bytes



ComboFix 08-07-09.5 - zole 2008-07-10 20:54:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.44 [GMT 2:00]
Running from: c:\Documents and Settings\zole\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\zole\Application Data\rhca9aj0encn
C:\Documents and Settings\zole\ravmonlog
C:\Program Files\PCPrivacyCleaner
C:\WINDOWS\egxk.exe
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\blphce9aj0encn.scr
C:\WINDOWS\system32\gegvhvcw.ini
C:\WINDOWS\system32\iveodymq.ini
C:\WINDOWS\system32\lbcuwgxv.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MlnVyyay.ini
C:\WINDOWS\system32\MlnVyyay.ini2
C:\WINDOWS\system32\mtwbmegu.ini
C:\WINDOWS\system32\phce9aj0encn.bmp
C:\WINDOWS\system32\qmmkegqw.ini
C:\WINDOWS\system32\svwojvyv.dll
C:\WINDOWS\system32\TvuuBccf.ini
C:\WINDOWS\system32\TvuuBccf.ini2
C:\WINDOWS\system32\uFOUEfhk.ini
C:\WINDOWS\system32\uFOUEfhk.ini2
C:\WINDOWS\system32\ugembwtm.dll
C:\WINDOWS\system32\unwylajq.ini
C:\WINDOWS\system32\vyvjowvs.ini
C:\WINDOWS\system32\wcffeggo.ini
C:\WINDOWS\system32\wcvhvgeg.dll
C:\WINDOWS\system32\wqgekmmq.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-10 20:36 . 2008-07-10 20:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-10 19:29 . 2008-07-10 19:38 2,714 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-10 17:46 . 2008-07-10 17:46 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-09 19:16 . 2008-07-09 19:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-09 19:16 . 2008-07-09 19:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 19:16 . 2008-07-09 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-09 19:06 . 2008-07-10 20:35 260 --a------ C:\WINDOWS\wininit.ini
2008-07-09 18:58 . 2008-07-10 17:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-08 12:46 . 2008-07-08 12:46 <DIR> d-------- C:\Program Files\Avira
2008-07-08 12:46 . 2008-07-08 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-08 12:06 . 2008-07-08 12:06 28,288 --a------ C:\WINDOWS\system32\jkkHWNgh.dll
2008-07-08 12:05 . 2008-07-08 11:01 188,416 --------- C:\WINDOWS\sqvgnrpx.dll_tobedeleted
2008-07-01 17:48 . 2008-07-01 17:48 <DIR> d-------- C:\Documents and Settings\zole\Application Data\Corel
2008-07-01 17:46 . 2008-07-01 17:46 <DIR> d-------- C:\Program Files\Corel
2008-07-01 17:46 . 2008-07-01 17:46 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-06-25 16:39 . 2008-06-25 16:39 <DIR> d-------- C:\Program Files\Beach Soccer
2008-06-25 15:18 . 2008-06-25 15:18 <DIR> d-------- C:\Program Files\Fiat
2008-06-20 09:26 . 2008-06-20 09:26 <DIR> d-------- C:\Program Files\uTorrent
2008-06-20 09:26 . 2008-07-10 20:58 <DIR> d-------- C:\Documents and Settings\zole\Application Data\uTorrent
2008-06-17 11:47 . 2008-06-17 11:48 <DIR> d-------- C:\Program Files\ECR Tool
2008-06-13 08:44 . 2008-06-17 11:53 <DIR> d-------- C:\Program Files\EcrTool_SR
2008-06-12 17:21 . 2008-06-12 17:21 <DIR> d-------- C:\Program Files\Tame
2008-06-12 17:18 . 2008-06-12 17:18 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-10 18:33 . 2008-06-23 19:29 175 --a------ C:\WINDOWS\cdplayer.ini
2008-06-10 18:30 . 2008-06-10 18:30 <DIR> d-------- C:\Program Files\Real
2008-06-10 18:30 . 2008-06-10 18:30 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-10 18:30 . 2008-06-10 18:30 <DIR> d-------- C:\Program Files\Common Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 17:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-09 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 16:36 --------- d-----w C:\Documents and Settings\zole\Application Data\Lavasoft
2008-07-01 15:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 15:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-12 15:22 2,855 ----a-w C:\WINDOWS\_default.pif
2008-06-10 16:30 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-06-10 16:29 --------- d-----w C:\Program Files\Google
2008-06-09 09:05 --------- d-----w C:\Program Files\SAGEM
2008-06-09 06:45 --------- d-----w C:\Program Files\Easy
2008-06-06 20:39 --------- d-----w C:\Program Files\Canon
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-07-04 19:48 3,001 --sha-w C:\Documents and Settings\zole\ppUser.dat
.

------- Sigcheck -------

2004-09-01 06:00 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D95A625D-A0FC-4729-A626-B68642946481}]
2008-07-08 12:06 28288 --a------ C:\WINDOWS\system32\jkkHWNgh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-09 12:44 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10 49263]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 18:38 221184]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-05 20:26:35 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]
TV Capture Remote Control.lnk - C:\Program Files\Easy\TV Capture\RemoteCtl.exe [2008-06-09 08:45:54 143360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{D95A625D-A0FC-4729-A626-B68642946481}"= "C:\WINDOWS\system32\jkkHWNgh.dll" [2008-07-08 12:06 28288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHWNgh]
2008-07-08 12:06 28288 C:\WINDOWS\system32\jkkHWNgh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= C:\WINDOWS\878Map.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Kamicak\\Kasa\\ECR2\\EcrTool_SR\\ECRSrvAPI.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18327:TCP"= 18327:TCP:NortonAV
"15442:TCP"= 15442:TCP:NortonAV
"18596:TCP"= 18596:TCP:NortonAV
"17095:TCP"= 17095:TCP:NortonAV
"13955:TCP"= 13955:TCP:NortonAV
"18182:TCP"= 18182:TCP:NortonAV
"13138:TCP"= 13138:TCP:NortonAV
"17520:TCP"= 17520:TCP:NortonAV
"16228:TCP"= 16228:TCP:NortonAV
"14072:TCP"= 14072:TCP:NortonAV
"12427:TCP"= 12427:TCP:NortonAV
"18638:TCP"= 18638:TCP:NortonAV
"14667:TCP"= 14667:TCP:NortonAV
"16656:TCP"= 16656:TCP:NortonAV
"13800:TCP"= 13800:TCP:NortonAV
"13936:TCP"= 13936:TCP:NortonAV
"16769:TCP"= 16769:TCP:NortonAV
"14222:TCP"= 14222:TCP:NortonAV
"14331:TCP"= 14331:TCP:NortonAV
"16080:TCP"= 16080:TCP:NortonAV
"14675:TCP"= 14675:TCP:NortonAV
"16615:TCP"= 16615:TCP:NortonAV
"14272:TCP"= 14272:TCP:NortonAV
"14743:TCP"= 14743:TCP:NortonAV
"17276:TCP"= 17276:TCP:NortonAV
"12925:TCP"= 12925:TCP:NortonAV
"16604:TCP"= 16604:TCP:NortonAV
"15501:TCP"= 15501:TCP:NortonAV
"13590:TCP"= 13590:TCP:NortonAV
"14737:TCP"= 14737:TCP:NortonAV
"16911:TCP"= 16911:TCP:NortonAV
"16224:TCP"= 16224:TCP:NortonAV
"17060:TCP"= 17060:TCP:NortonAV
"17361:TCP"= 17361:TCP:NortonAV
"17476:TCP"= 17476:TCP:NortonAV
"17218:TCP"= 17218:TCP:NortonAV
"18114:TCP"= 18114:TCP:NortonAV
"18185:TCP"= 18185:TCP:NortonAV
"14724:TCP"= 14724:TCP:NortonAV
"17366:TCP"= 17366:TCP:NortonAV
"16971:TCP"= 16971:TCP:NortonAV
"14129:TCP"= 14129:TCP:NortonAV
"15095:TCP"= 15095:TCP:NortonAV
"17061:TCP"= 17061:TCP:NortonAV
"17722:TCP"= 17722:TCP:NortonAV
"13224:TCP"= 13224:TCP:NortonAV
"13152:TCP"= 13152:TCP:NortonAV
"14770:TCP"= 14770:TCP:NortonAV
"13210:TCP"= 13210:TCP:NortonAV
"16728:TCP"= 16728:TCP:NortonAV
"17687:TCP"= 17687:TCP:NortonAV
"13622:TCP"= 13622:TCP:NortonAV
"17899:TCP"= 17899:TCP:NortonAV
"13946:TCP"= 13946:TCP:NortonAV
"13780:TCP"= 13780:TCP:NortonAV
"13856:TCP"= 13856:TCP:NortonAV
"13776:TCP"= 13776:TCP:NortonAV
"12578:TCP"= 12578:TCP:NortonAV
"15185:TCP"= 15185:TCP:NortonAV

R2 BT848;MPEG.TV, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2003-06-26 05:56]
R2 BTTUNER;BtTuner, WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2003-06-26 05:56]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2003-06-26 05:56]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2002-12-27 21:14]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2002-12-27 21:14]
S2 AVPCC;AVP Control Centre Service;C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\autorun.exe

.
- - - - ORPHANS REMOVED - - - -

BHO-{7E1C1B31-4579-44AA-A470-872950762F9C} - C:\WINDOWS\system32\yayyVnlM.dll
BHO-{A8B78371-C90B-408A-9A4D-7F0578ADCEB6} - C:\WINDOWS\system32\msconf32.dll
BHO-{B67F3684-4E43-45C2-AA19-9C3B5010D29E} - C:\WINDOWS\system32\fccBuuvT.dll
BHO-{FCD9CAC6-4F24-4111-9A4E-768648679C82} - C:\WINDOWS\system32\khfEUOFu.dll
Toolbar-{9437C997-89E6-4B84-A745-BEFD3A910FF5} - C:\WINDOWS\sqvgnrpx.dll
HKLM-Run-AVPCC - C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe
HKLM-Run-lphce9aj0encn - C:\WINDOWS\system32\lphce9aj0encn.exe
HKLM-Run-SMrhca9aj0encn - C:\Program Files\rhca9aj0encn\rhca9aj0encn.exe
HKLM-Run-2ccb9429 - C:\WINDOWS\system32\wcvhvgeg.dll
SSODL-fsrpknov-{A23ABC76-D1D3-42B5-86C0-1C4F56C92EAF} - C:\WINDOWS\fsrpknov.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 21:01:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\jkkHWNgh.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-10 21:04:57 - machine was rebooted [zole]
ComboFix-quarantined-files.txt 2008-07-10 19:04:34

Pre-Run: 8,792,997,888 bytes free
Post-Run: 8,793,092,096 bytes free

228
 
Odgovor na temu

[es] :: Zaštita :: TrojanDropper.agent.dgo.virus

[ Pregleda: 2942 | Odgovora: 3 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.