Jos novih zaraza :)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 30 Dec 2009 1:45

Dakle posle ciscenja sa combo fix , uzmem i skeniram racunar sa avirom , avira je nasla oko 15 infekcija za vecinu je stavila da su malware ili spy . Ne znam kako da ih izbrisem a evo avirinog loga


Avira AntiVir Personal
Report file date: Tuesday, December 29, 2009 22:20

Scanning for 1487304 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SLOVIC

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 8.11.2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13.10.2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 21:19:12
VBASE002.VDF : 7.10.1.1 2048 Bytes 19.11.2009 21:19:12
VBASE003.VDF : 7.10.1.2 2048 Bytes 19.11.2009 21:19:12
VBASE004.VDF : 7.10.1.3 2048 Bytes 19.11.2009 21:19:12
VBASE005.VDF : 7.10.1.4 2048 Bytes 19.11.2009 21:19:12
VBASE006.VDF : 7.10.1.5 2048 Bytes 19.11.2009 21:19:12
VBASE007.VDF : 7.10.1.6 2048 Bytes 19.11.2009 21:19:12
VBASE008.VDF : 7.10.1.7 2048 Bytes 19.11.2009 21:19:12
VBASE009.VDF : 7.10.1.8 2048 Bytes 19.11.2009 21:19:12
VBASE010.VDF : 7.10.1.9 2048 Bytes 19.11.2009 21:19:12
VBASE011.VDF : 7.10.1.10 2048 Bytes 19.11.2009 21:19:12
VBASE012.VDF : 7.10.1.11 2048 Bytes 19.11.2009 21:19:12
VBASE013.VDF : 7.10.1.79 209920 Bytes 25.11.2009 21:19:13
VBASE014.VDF : 7.10.1.128 197632 Bytes 30.11.2009 21:19:15
VBASE015.VDF : 7.10.1.178 195584 Bytes 7.12.2009 21:19:17
VBASE016.VDF : 7.10.1.224 183296 Bytes 14.12.2009 21:19:19
VBASE017.VDF : 7.10.1.247 182272 Bytes 15.12.2009 21:19:20
VBASE018.VDF : 7.10.2.30 198144 Bytes 21.12.2009 21:19:22
VBASE019.VDF : 7.10.2.63 187392 Bytes 24.12.2009 21:19:24
VBASE020.VDF : 7.10.2.64 2048 Bytes 24.12.2009 21:19:24
VBASE021.VDF : 7.10.2.65 2048 Bytes 24.12.2009 21:19:24
VBASE022.VDF : 7.10.2.66 2048 Bytes 24.12.2009 21:19:24
VBASE023.VDF : 7.10.2.67 2048 Bytes 24.12.2009 21:19:24
VBASE024.VDF : 7.10.2.68 2048 Bytes 24.12.2009 21:19:24
VBASE025.VDF : 7.10.2.69 2048 Bytes 24.12.2009 21:19:24
VBASE026.VDF : 7.10.2.70 2048 Bytes 24.12.2009 21:19:24
VBASE027.VDF : 7.10.2.71 2048 Bytes 24.12.2009 21:19:24
VBASE028.VDF : 7.10.2.72 2048 Bytes 24.12.2009 21:19:24
VBASE029.VDF : 7.10.2.73 2048 Bytes 24.12.2009 21:19:25
VBASE030.VDF : 7.10.2.74 2048 Bytes 24.12.2009 21:19:25
VBASE031.VDF : 7.10.2.89 195072 Bytes 29.12.2009 21:19:26
Engineversion : 8.2.1.122
AEVDF.DLL : 8.1.1.2 106867 Bytes 8.11.2009 06:38:52
AESCRIPT.DLL : 8.1.3.4 586105 Bytes 29.12.2009 21:19:43
AESCN.DLL : 8.1.3.0 127348 Bytes 29.12.2009 21:19:41
AESBX.DLL : 8.1.1.1 246132 Bytes 8.11.2009 06:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 29.12.2009 21:19:40
AEPACK.DLL : 8.2.0.3 422261 Bytes 8.11.2009 06:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 8.11.2009 06:38:38
AEHEUR.DLL : 8.1.0.189 2195833 Bytes 29.12.2009 21:19:39
AEHELP.DLL : 8.1.9.0 237943 Bytes 29.12.2009 21:19:30
AEGEN.DLL : 8.1.1.82 369014 Bytes 29.12.2009 21:19:29
AEEMU.DLL : 8.1.1.0 393587 Bytes 8.11.2009 06:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 29.12.2009 21:19:27
AEBB.DLL : 8.1.0.3 53618 Bytes 8.11.2009 06:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26.8.2009 14:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.3.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2.2.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.5.2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13.10.2009 11:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, December 29, 2009 22:20

Starting search for hidden objects.
'126951' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'ekrn.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'VoipStunt.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'DTVSchdl.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'tsnp2std.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '70' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{6E875449-692D-4AFC-AE29-A25ED5EFAD6A}\RP157\A0137420.exe
[DETECTION] Is the TR/Trash.Gen Trojan
Begin scan in 'D:\'
D:\TMbot Travian Manager (zabranjeno)ED BY SalaR.rar
[0] Archive type: RAR
--> TravianManager1.9.5\uninstall.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
D:\Corel Ulead DVD MovieFactory Pro 7.00.398 [RH]\CU.DVDMF.PRO_7.00.398_[RH].rar
[0] Archive type: RAR
--> Corel Ulead DVD MovieFactory Pro 7.00.398\CU.DVDMF.PRO.7_Setup.exe
[1] Archive type: CAB SFX (self extracting)
--> \Data1.cab
[2] Archive type: CAB (Microsoft)
--> _62272B6AEA29939E90345A352D4795BC
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> \Document\ReadMe\English\ReadMe.htm
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\TravianManager1.9.5\uninstall.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Begin scan in 'E:\'
E:\After Effects Plugins\Panopticum New Year Toy v1.0.rar
[0] Archive type: RAR
--> Panopticum New Year Toy v1.0\Keygen.exe
[DETECTION] Is the TR/Agent.17152 Trojan
E:\Nod32 3.0.621.0 Finally with a fix\NOD32_v3_FiX_1.1-TemDono.exe
[DETECTION] Is the TR/PSW.Delf.CRW Trojan
E:\Programi\Italianski recnik\LoveMatch.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/LoveMatch.A back-door program
E:\Programi\New Folder (4)\Col_(All_Error_s).rar
[0] Archive type: RAR
--> Col (All Error's).exe
[DETECTION] Is the TR/Dropper.Gen Trojan
E:\Programi\New Folder (4)\subdownloader1[1].2.9.exe
[DETECTION] Is the TR/Agent.6847437 Trojan
E:\Programi\New Folder (4)\Download\Col_(All_Error_s).rar
[0] Archive type: RAR
--> Col (All Error's).exe
[DETECTION] Is the TR/Dropper.Gen Trojan
E:\Programi\New Folder (4)\Download\subdownloader1[1].2.9.exe
[DETECTION] Is the TR/Agent.6847437 Trojan
E:\Sredjeni programi\Total Video Converter 3.11+(zabranjeno).rar
[0] Archive type: RAR
--> Total Video Converter 3.11+(zabranjeno)\(zabranjeno)\(zabranjeno).exe
[DETECTION] Is the TR/Spy.13312.A Trojan
Begin scan in 'F:\'

Beginning disinfection:
C:\System Volume Information\_restore{6E875449-692D-4AFC-AE29-A25ED5EFAD6A}\RP157\A0137420.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[WARNING] The file was ignored!
D:\TMbot Travian Manager (zabranjeno)ED BY SalaR.rar
[WARNING] The file was ignored!
D:\TravianManager1.9.5\uninstall.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
E:\After Effects Plugins\Panopticum New Year Toy v1.0.rar
[WARNING] The file was ignored!
E:\Nod32 3.0.621.0 Finally with a fix\NOD32_v3_FiX_1.1-TemDono.exe
[DETECTION] Is the TR/PSW.Delf.CRW Trojan
[WARNING] The file was ignored!
E:\Programi\Italianski recnik\LoveMatch.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/LoveMatch.A back-door program
[WARNING] The file was ignored!
E:\Programi\New Folder (4)\Col_(All_Error_s).rar
[WARNING] The file was ignored!
E:\Programi\New Folder (4)\subdownloader1[1].2.9.exe
[DETECTION] Is the TR/Agent.6847437 Trojan
[WARNING] The file was ignored!
E:\Programi\New Folder (4)\Download\Col_(All_Error_s).rar
[WARNING] The file was ignored!
E:\Programi\New Folder (4)\Download\subdownloader1[1].2.9.exe
[DETECTION] Is the TR/Agent.6847437 Trojan
[WARNING] The file was ignored!
E:\Sredjeni programi\Total Video Converter 3.11+(zabranjeno).rar
[WARNING] The file was ignored!


End of the scan: Wednesday, December 30, 2009 01:08
Used time: 2:43:28 Hour(s)

The scan has been done completely.

19919 Scanned directories
661175 Files were scanned
11 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
661163 Files not concerned
5969 Archives were scanned
14 Warnings
1 Notes
126951 Objects were scanned with rootkit scan
0 Hidden objects were found

Dopuna: 30 Dec 2009 1:46

A desava se sledece sve "normalno" radi ali je net dosta sporiji ! Malo i komp baguje

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To su sve detekcije sa particije koja nije sistemska, i koja se u nasim logovima ne vidi.
Osim ovaj: System Volume Information

Jesi li bio deinstalirao ComboFix?

Ove detekcije sa D: i E: particije su uglavnom sve neki krekovi ili zabranjene stvari.

Ako ti ne treba to, probaj da Avira pregazi.

Ja ne znam sad kako Avira to radi, ali svugde pise Ignore, jesi to ti stiskao Ignore?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nisam stiskao ignore . Da izbrisao sam Combo Fix onda kada ste mi rekli . Dal mogu rucno da pobrisem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo sa D i E, mozes rucno, ako ti nije vazno, ti krekovi.

A, C:\System Volume Information\_restore{6E875449-692D-4AFC-AE29-A25ED5EFAD6A}\RP157\A0137420.exe mozes resiti tako sto ces iskljuciti System Restore, pa ga ukljuciti.

Evo uputstvo:

For Windows XP:

1: Right click on the My Computer icon on your desktop and select properties.
2: Click on the system restore tab.
3: Check the box that says "Turn off system restore on all drives". Click OK.
4: Click Yes if you are prompted to restart the computer.
5: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.