Avira detektuje neke hidden objects

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Imam Aviru Free Antivirus,na kojoj svakodnevno idem na update i sve je uredu.Ako je potrebno ovako izgleda:

Kada idem na scan system(ne bas svaki dan,vec svakih 4-5 dana)ne mogu cekati,odnosno stalno gledati sta se desava nego radim nesto drugo i pojavljuje mi se ovo:
.Nit znam sta znaci nit znam sta treba dalje.Zatim kad se to pocelo pojavljivati.Uzeo sam racunar sa sistemom i AV to je bio ESET NOD 32 Antivirus 4.Posle toga mi je dosao covjek i nesto radio na racunaru i rekao da je to neka ilegalna verzija te da instaliram Aviru (to je bilo pocetkom aprila).Nisam siguran odkad se ovo pojavljuje ali mislim da je otpocetka.Danas sam je obrisao i instalirao ponovo ali na engleskom i opet isto
To ima u
Ovoj temi.
Ako je potrebno koristim ADSL internet.
Ovo je DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 17:33:39 on 2012-04-29
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.162 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe
D:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ba/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [EPSON SX130 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatihje.exe /fu "c:\windows\temp\E_S1E27.tmp" /EF "HKCU"
uRun: [ABBYY Screenshot Reader Bonus] "c:\program files\abbyy finereader 9.0 sprint\Bonus.ScreenshotReader.exe" -autorun
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [BitTorrent] "d:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [MCShield Monitor] d:\program files\mcshield\mcshieldrtm.exe
mRun: [LClock] c:\program files\lclock\LClock.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - d:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4D0B667C-E326-415F-B9FA-7E027DD52D20} : DhcpNameServer = 192.168.100.252
TCP: Interfaces\{A4D76A66-66B9-48D9-8489-E533EEF74A10} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {FC88681F-4735-4f2f-9514-C21BAC737CF8} - rundll32.exe advpack.dll,LaunchINFSection MU.inf,MUWeb.Install
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-6-24 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-6-24 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-6-24 13616]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-29 36000]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\program files\hwinfo32\HWiNFO32.SYS [2012-4-14 21752]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-4-29 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-4-29 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-4-29 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-29 74640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-29 13:18:05 -------- d-----w- c:\documents and settings\administrator\application data\Avira
2012-04-29 13:12:04 -------- d-----w- c:\program files\Ask.com
2012-04-29 13:12:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AskToolbar
2012-04-29 13:11:32 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-29 13:11:32 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-29 13:11:31 -------- d-----w- c:\program files\Avira
2012-04-29 13:11:31 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-04-26 15:57:16 -------- d-----w- c:\documents and settings\administrator\local settings\application data\assembly
2012-04-25 19:43:58 -------- d-----w- c:\windows\pss
2012-04-25 14:25:13 -------- d-----w- c:\windows\Downloaded Installations
2012-04-24 20:19:55 -------- d-----w- c:\documents and settings\all users\application data\MCShield
2012-04-22 13:56:23 -------- d-----w- c:\documents and settings\all users\application data\Readon
2012-04-22 13:28:41 175616 ----a-w- c:\windows\system32\unrar.dll
2012-04-22 11:10:10 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Readon_Technology
2012-04-16 19:14:33 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment
2012-04-16 15:55:19 49152 ----a-w- c:\windows\system32\DSndUp.exe
2012-04-16 15:55:19 45056 ----a-w- c:\windows\system32\CleanUp.exe
2012-04-16 15:55:19 -------- d-----w- c:\program files\Analog Devices
2012-04-12 09:00:41 -------- d--h--w- c:\windows\msdownld.tmp
2012-04-12 08:55:19 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-04-11 18:06:09 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2012-04-11 18:06:09 148480 ------w- c:\windows\system32\dllcache\imagehlp.dll
2012-04-10 18:54:24 155648 ----a-w- c:\windows\system32\igfxres.dll
2012-04-10 18:53:18 10528768 ----a-r- c:\windows\system32\RTLCPL.EXE
2012-04-10 18:53:17 577536 ----a-r- c:\windows\SOUNDMAN.EXE
2012-04-10 18:53:17 4027840 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS
2012-04-10 18:53:17 18804736 ----a-r- c:\windows\system32\ALSNDMGR.CPL
2012-04-10 18:53:17 147456 ----a-r- c:\windows\system32\RTLCPAPI.dll
2012-04-10 18:53:16 315392 ------r- c:\windows\alcupd.exe
2012-04-10 18:53:16 217088 ----a-r- c:\windows\Alcrmv.exe
2012-04-10 18:52:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2012-04-10 18:45:46 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-04-10 18:45:41 65536 ----a-w- c:\windows\system32\iAlmCoIn_v3691.dll
2012-04-10 18:34:36 -------- d-----w- c:\documents and settings\administrator\local settings\application data\SlimWare Utilities Inc
2012-04-10 18:32:13 -------- d-----w- c:\documents and settings\administrator\application data\GlarySoft
2012-04-10 18:24:29 -------- d-----w- c:\program files\Glary Utilities
2012-04-10 18:15:19 -------- d-----w- c:\documents and settings\all users\application data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-04-03 17:28:35 -------- d-----w- c:\windows\system32\NtmsData
2012-04-01 18:27:12 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 14:21:27 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
.
==================== Find3M ====================
.
2012-04-16 16:08:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 10:58:17 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:30:16 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 13:11:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-18 13:11:13 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2012-02-07 09:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:34:28,51 ===============



https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Klikni na Start i biraj Run;
U prozoru koji se otvori ukucaj sledeći tekst:

Za Windows XP - %allusersprofile%\Application Data\Avira\AntiVir Desktop\LOGFILES
Za Windows Vistu ili Windows 7 - %programdata%\Avira\AntiVir Desktop\LOGFILES i pritisni taster Enter.

Primer za Windows 7 je na sledećoj slici:



Sadržaj foldera arhiviraj (ZIP ili RAR) i prikači na forum.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 29 Apr 2012 19:17

Nece,pokazuje mi ovo:


Dopuna: 29 Apr 2012 19:20

Ili ovo sa 7-zip

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Napisano: 29 Apr 2012 19:21

Stavi da ti arhiva bude napravljena na Desktop-u.

Dopuna: 29 Apr 2012 19:23

Ukoliko ni to ne pomogne, napravi novi fodler na Desktopu i u njega kopiraj sve fajlove koje možeš sem tog što ti se nalazi na screenshotu. Onda zapakuj taj folder u arhivu i prikači ga uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Citat:Stavi da ti arhiva bude napravljena na Desktop-u.
Ako je to ovo:

onda ne moze
dobijem ovo:

Citat:Ukoliko ni to ne pomogne, napravi novi fodler na Desktopu i u njega kopiraj sve fajlove koje možeš sem tog što ti se nalazi na screenshotu. Onda zapakuj taj folder u arhivu i prikači ga uz poruku.
Pa ne moram ja to raditi ako vam nije potreban fajl koji nemoze.Ja sam napravio .zip datoteku sa 8 fajlova a ima 9. i to u onom folderu sto sam dobio nakon Run
ako moze bez tog fajla ja cu odmah okaciti

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Okači tu arhivu što si već napravio.

• 1Ovo se svidja korisniku: Sass Drake
  
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 29 Apr 2012 19:36

https://www.mycity.rs/must-login.png

Dopuna: 29 Apr 2012 19:52

Usput da napomenem kad se pojavilo ovo

isao sam na NO i jos skenira

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

U postavljenim izvještajima nema tragova aktivne infekcije.

Hidden objects koje je Avira prijavila su legitimni(nisu maliciozni) i većina njih pripada Avirinom SearchFree Toolbar plus Web Protection Updater. Taj „problem” bi trebalo da nestane nakon nekoliko restarta sudeći po ovom objašnjenju.





Idi u Start -> Control Panel -> Add or Remove Programs i deinstaliraj sljedeće programe ako ih ne koristiš:

Ask Toolbar
BasicScan 1.0 build 115
Windows iLivid Toolbar





Obavezno posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.



Pozdrav...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ako su ti Hidden objects koje je Avira prijavila iz Avirinog SearchFree Toolbar plus Web Protection Updater-a pa mogu li ga obrisati

• 1Ovo se svidja korisniku: mcrule
  
  Registruj se da bi pohvalio/la poruku!

Obriši ga ako želiš, mada nema potrebe za tim.