Problem sa trojancem.!

Problem sa trojancem.!

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Poštovani,
Pre par dana (3-4) primetio sam prilikom podizanja sistema na notebook-u Acer aspire 7520 sa windows vista home premium 32 operativnim sistemom i avira free antivirus softverom sledeće upozorenje:

Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\Windows\System32\dxtrans32.dll.
Action performed: Move file to quarantine

posle desetak uzastopnih signala u oko pola minuta i desetak pokušaja da obrišem ili stavim u karantin pomenuti fajl, signalizacija prestaje i potom računar normalno radi. Tj. ja nisam primetio neke druge aktivnosti pomenutog trojanca.
Od tad kadgod resetujem ili palim računar ponavlja se ista situacija sa desetak signal alerta i mojim pokušajima da to smirim i saniram, što mi očigledno ne uspeva, ali bar avira prestaje da me o tome upozorava.
Pokušao sam sa SmitfraudFix, nije uspelo, poruka je: access denied.!
Pokušao sa HijackjThis, koji ga je pronašao među sumnjivcima ali delete nije uspeo.!

Imam sbb-cable prepaid (do 5Mb) internet konekciju.
Osim opisanih radnji uradio sam i avira scan opisanog dxtrans32.dll. fajla i evo ga report:



Avira AntiVir Personal
Report file date: 5. oktobar 2009 20:28

Scanning for 1772828 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : Darko
Computer name : DARKO-NB

Version information:
BUILD.DAT : 9.0.0.410 Bytes 25.9.2009 11:56:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 6.8.2009 10:39:05
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.6.2009 19:55:28
ANTIVIR2.VDF : 7.1.6.50 4333568 Bytes 29.9.2009 21:09:14
ANTIVIR3.VDF : 7.1.6.68 216576 Bytes 2.10.2009 21:24:32
Engineversion : 8.2.1.33
AEVDF.DLL : 8.1.1.2 106867 Bytes 15.9.2009 20:25:19
AESCRIPT.DLL : 8.1.2.35 483707 Bytes 3.10.2009 21:24:43
AESCN.DLL : 8.1.2.5 127346 Bytes 3.9.2009 19:34:46
AERDL.DLL : 8.1.3.2 479604 Bytes 3.10.2009 21:24:43
AEPACK.DLL : 8.2.0.0 422261 Bytes 15.9.2009 20:25:19
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 12.7.2009 19:55:36
AEHEUR.DLL : 8.1.0.166 2003319 Bytes 3.10.2009 21:24:42
AEHELP.DLL : 8.1.7.0 237940 Bytes 3.9.2009 19:34:46
AEGEN.DLL : 8.1.1.67 364916 Bytes 3.10.2009 21:24:40
AEEMU.DLL : 8.1.1.0 393587 Bytes 3.10.2009 21:24:40
AECORE.DLL : 8.1.8.1 184693 Bytes 15.9.2009 20:25:18
AEBB.DLL : 8.1.0.3 53618 Bytes 9.10.2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8.9.2009 19:52:58
AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.3.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2.2.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.5.2009 14:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.4.2009 09:19:48

Configuration settings for the scan:
Jobname.............................: ShlExt
Configuration file..................: C:\Users\Darko\AppData\Local\Temp\0134b0d5.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: off
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,

Start of the scan: 5. oktobar 2009 20:28

Starting the file scan:

Begin scan in 'C:\Windows\System32\dxtrans32.dll'
C:\Windows\System32\dxtrans32.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

Beginning disinfection:
C:\Windows\System32\dxtrans32.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[WARNING] The file could not be marked for deleting after reboot. Error description: Access is denied.



End of the scan: 5. oktobar 2009 20:29
Used time: 00:00 Minute(s)

The scan has been done completely.

0 Scanned directories
1 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
1 Warnings
1 Notes

Potom sam izvršio akcije iz Vašeg uputstva.
Uz izvinjenje za prethodnu (nesmotrenu) pojavu na Vašem forumu
Pozdrav,
Darko


DDS (Ver_09-09-29.01) - NTFSx86
Run by Darko at 21:37:30,07 on uto 06.10.2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.381.1033.18.3070.1965 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Users\Darko\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\System32\alg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Darko\Downloads\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\users\darko\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Acer Tour]
mRun: [eRecoveryService]
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NexusServer] "c:\program files\common files\grass valley\procoder 3\kernel\PNXSERVR.exe" -SelfLaunch
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [USBFW] c:\program files\net studio\usb firewall\USB FireWall.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\dxtrans32.dll

============= SERVICES / DRIVERS ===============

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-8-23 13560]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-7-25 50688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-12 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-8 1153368]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2007-7-25 32256]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2007-9-11 80744]

=============== Created Last 30 ================

2009-09-28 00:57 <DIR> --d----- c:\users\darko\TEKST
2009-09-25 22:38 <DIR> --d----- c:\program files\Gadwin Systems
2009-09-25 22:36 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-25 00:06 69 a------- c:\windows\NeroDigital.ini
2009-09-22 10:57 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-09-22 10:57 15,360 a------- c:\windows\system32\pacerprf.dll
2009-09-22 10:57 147,456 a------- c:\windows\system32\Faultrep.dll
2009-09-22 10:57 125,952 a------- c:\windows\system32\wersvc.dll
2009-09-22 10:56 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-22 10:56 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-09-22 10:56 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-09-22 10:56 45,056 a------- c:\windows\system32\dataclen.dll
2009-09-22 10:56 36,864 a------- c:\windows\system32\cdd.dll
2009-09-22 10:56 180,224 a------- c:\windows\system32\scrobj.dll
2009-09-22 10:56 172,032 a------- c:\windows\system32\scrrun.dll
2009-09-22 10:56 155,648 a------- c:\windows\system32\wscript.exe
2009-09-22 10:56 135,168 a------- c:\windows\system32\wshom.ocx
2009-09-22 10:56 135,168 a------- c:\windows\system32\cscript.exe
2009-09-22 10:56 90,112 a------- c:\windows\system32\wshext.dll
2009-09-22 02:28 <DIR> --d----- C:\PerfLogs
2009-09-22 01:43 1,078,272 a------- c:\windows\system32\diagperf.dll
2009-09-22 01:42 1,405,952 a------- c:\windows\system32\ActiveContentWizard.dll
2009-09-22 01:40 246,784 a------- c:\windows\system32\drvstore.dll
2009-09-22 01:40 305,152 a------- c:\windows\system32\msdelta.dll
2009-09-22 01:40 258,560 a------- c:\windows\system32\dpx.dll
2009-09-22 01:40 35,328 a------- c:\windows\system32\mspatcha.dll
2009-09-22 01:40 6,656 a------- c:\windows\system32\kbd106.dll
2009-09-18 11:36 <DIR> --d----- c:\program files\CCleaner
2009-09-16 15:17 <DIR> --d----- c:\programdata\Apple Computer
2009-09-14 23:27 <DIR> --d----- c:\users\darko\appdata\roaming\Samsung
2009-09-14 22:53 <DIR> --d----- c:\users\darko\Bluetooth Software
2009-09-14 22:46 <DIR> --d----- c:\program files\WIDCOMM
2009-09-14 21:17 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-09-14 21:17 766 a------- c:\windows\system32\Uninstall.ico
2009-09-14 21:17 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-09-14 21:16 <DIR> --d----- c:\program files\Samsung
2009-09-14 14:27 <DIR> --d----- c:\temp\NOKIA dax
2009-09-13 03:46 <DIR> --d----- c:\users\darko\appdata\roaming\NSeries
2009-09-13 02:36 <DIR> --d----- c:\programdata\Nokia
2009-09-13 02:36 <DIR> --d----- c:\progra~2\Nokia
2009-09-13 02:36 <DIR> --d----- c:\program files\common files\Nokia
2009-09-13 02:35 <DIR> --d----- c:\programdata\PC Suite
2009-09-13 02:35 <DIR> --d----- c:\windows\Downloaded Installations
2009-09-13 02:33 <DIR> --d----- c:\program files\common files\PCSuite
2009-09-13 02:33 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-09-13 02:31 90,624 a------- c:\windows\system32\nmwcdcls.dll
2009-09-13 02:23 <DIR> --d----- c:\program files\Nokia
2009-09-09 13:25 <DIR> --d----- c:\program files\Trend Micro
2009-09-09 10:27 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-09 10:27 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-09 10:27 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-09 10:27 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-09 10:27 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-09 10:27 17,920 a------- c:\windows\system32\netevent.dll
2009-09-09 10:27 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-09 10:27 10,240 a------- c:\windows\system32\finger.exe
2009-09-09 10:27 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-09 10:27 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-09 10:27 814 a------- c:\windows\system32\wbem\WFP.MOF
2009-09-09 10:26 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-09 10:26 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-09 10:26 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-09 10:26 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-09 10:26 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-09 10:26 68,096 a------- c:\windows\system32\wlanhlp.dll
2009-09-09 10:26 64,512 a------- c:\windows\system32\wlanapi.dll
2009-09-09 10:26 15,181 a------- c:\windows\system32\gatherWirelessInfo.vbs
2009-09-09 10:26 2,334 a------- c:\windows\system32\wbem\L2SecHC.mof
2009-09-09 10:26 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-08 20:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-08 17:02 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-09-08 17:02 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-09-08 17:02 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy

==================== Find3M ====================

2009-10-03 11:06 82,171 a------- c:\programdata\nvModes.dat
2009-10-03 11:06 82,171 a------- c:\progra~2\nvModes.dat
2009-09-22 02:40 174 a--sh--- c:\program files\desktop.ini
2009-09-22 02:36 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-22 02:36 86,016 a------- c:\windows\inf\infstor.dat
2009-09-22 02:36 51,200 a------- c:\windows\inf\infpub.dat
2009-09-22 02:28 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-22 02:15 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-09-22 02:15 82,432 a------- c:\windows\system32\axaltocm.dll
2009-08-28 14:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 14:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 14:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 14:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 14:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 12:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-06 13:06 59,904 a------- c:\windows\system32\zlib1.dll
2009-08-06 13:02 286,720 a------- c:\windows\system32\libcurl.dll
2009-08-06 13:02 1,028,096 a------- c:\windows\system32\libeay32.dll
2009-08-06 13:02 196,608 a------- c:\windows\system32\ssleay32.dll
2009-08-06 13:02 143,360 a------- c:\windows\system32\libexpatw.dll
2009-07-30 10:51 119,296 a------- c:\windows\system32\dxtrans32.dll
2009-07-28 22:23 27,335 a------- c:\users\darko\appdata\roaming\nvModes.dat
2009-07-24 11:03 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-07-24 11:03 17,212 a------- c:\windows\system32\SIntf32.dll
2009-07-24 11:03 12,067 a------- c:\windows\system32\SIntf16.dll
2009-07-21 23:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 23:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 23:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 22:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 16:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 15:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 14:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 14:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 12:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-12 12:58 269,312 a------- c:\windows\system32\es.dll
2009-07-12 12:58 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-07-12 12:58 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-07-12 12:58 1,695,744 a------- c:\windows\system32\gameux.dll
2009-07-12 12:56 6,656 a------- c:\windows\system32\kbd106n.dll
2009-07-12 12:56 988,216 a------- c:\windows\system32\winload.exe
2009-07-12 12:56 927,288 a------- c:\windows\system32\winresume.exe
2009-07-12 12:56 40,960 a------- c:\windows\system32\srclient.dll
2009-07-12 12:56 615,992 a------- c:\windows\system32\ci.dll
2009-07-12 12:56 378,368 a------- c:\windows\system32\srcore.dll
2009-07-12 12:56 318,464 a------- c:\windows\system32\rstrui.exe
2009-07-12 12:56 46,592 a------- c:\windows\system32\setbcdlocale.dll
2009-07-12 12:56 19,000 a------- c:\windows\system32\kd1394.dll
2009-07-12 12:56 14,848 a------- c:\windows\system32\srdelayed.exe
2009-07-12 12:53 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-07-12 12:53 24,064 a------- c:\windows\system32\amxread.dll
2009-07-12 12:53 13,824 a------- c:\windows\system32\apilogen.dll
2009-07-11 15:54 98,816 a------- c:\windows\system32\mfps.dll
2009-07-11 15:54 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-07-11 15:54 24,576 a------- c:\windows\system32\mfpmp.exe
2009-07-11 15:54 94,720 a------- c:\windows\system32\logagent.exe
2009-07-11 15:54 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-07-11 13:43 1,645,568 a------- c:\windows\system32\connect.dll
2009-07-11 13:42 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-07-11 10:51 56 a---h--- c:\programdata\ezsidmv.dat
2009-07-11 10:51 56 a---h--- c:\progra~2\ezsidmv.dat
2009-07-11 03:47 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-07-11 03:47 61,440 a------- c:\windows\system32\winipsec.dll
2009-07-11 03:47 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-07-11 03:47 272,896 a------- c:\windows\system32\polstore.dll
2009-07-11 03:46 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-07-11 03:46 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-07-11 03:46 94,720 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-07-11 03:44 2,033,152 a------- c:\windows\system32\win32k.sys
2009-07-11 03:43 376,832 a------- c:\windows\system32\winhttp.dll
2009-07-11 03:41 296,960 a------- c:\windows\system32\gdi32.dll
2009-07-11 03:39 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-07-11 03:39 38,912 a------- c:\windows\system32\xolehlp.dll
2009-07-11 03:38 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-07-11 03:37 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-07-11 03:36 2,048 a------- c:\windows\system32\msxml3r.dll
2009-07-11 03:28 636,928 a------- c:\windows\system32\localspl.dll
2009-07-11 03:25 2,927,104 a------- c:\windows\explorer.exe
2009-07-11 03:19 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-07-11 03:19 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-07-11 03:19 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-07-11 03:18 443,392 a------- c:\windows\system32\win32spl.dll
2009-07-11 03:18 37,888 a------- c:\windows\system32\printcom.dll
2009-07-11 03:17 14,848 a------- c:\windows\system32\wshrm.dll
2009-07-11 03:10 84,480 a------- c:\windows\system32\INETRES.dll
2009-07-11 03:10 738,304 a------- c:\windows\system32\inetcomm.dll
2009-07-11 03:09 1,314,816 a------- c:\windows\system32\quartz.dll
2009-07-11 03:05 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-07-11 03:05 2,048 a------- c:\windows\system32\msxml6r.dll
2009-07-11 00:21 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-11 00:19 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-11 00:18 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-11 00:18 31,232 a------- c:\windows\system32\wuapp.exe
2006-11-02 14:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 14:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 14:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 14:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20:19 A------- 30,674 c:\windows\inf\perflib\0000\perfc.dat
2007-07-25 12:07 397,312 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe

============= FINISH: 21:38:58,40 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...




Arrow Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:


Files to delete:
c:\windows\system32\dxtrans32.dll

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs



Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Blejim tri sata na forumu, strpljivo čekajući odgovor, i onda na mejlu vidim da mi je odgovoreno još pre tri sata... Još jednom se izvinjavam za ove početničke ispade i prilažem avenger txt. Da dodam da mi se jednom restartovao komp i da je skoro istovremeno sa tekstom iskočilo ovaj put samo jedno avirino upozorenje o pomenutom trojancu:
Virus or unwanted program 'TR/Crypt.ZPACK.Gen [trojan]'
detected in file 'C:\Avenger\dxtrans32.dll.
Action performed: Move file to quarantine

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\dxtrans32.dll" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kakvo je sada stanje? Detektuje li AV nešto?

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Upravo sam resetovao comp i Avira ništa nije prijavila.! Pretpostavljam da je to sad u redu. Hvala doktori.! Ako mogu nekako da se odužim tu sam.!

ps. Mogu li sad da pobrišem ove fajlove sa desktopa, ili da ipak sačekam još neko vreme.?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Možeš obrisati sve korišćene programe i kreirane logove.

Takođe, obriši folder: C:\Avenger, a zatim isključi pa ponovo uključi System Restore:


http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html


To je sve...

offline
  • Pridružio: 10 Okt 2007
  • Poruke: 26

Uradjeno.
Sve radi kako treba.
Još jednom mnogo Vam hvala.! Prava stvar i to na srpskom.!

Ko je trenutno na forumu
 

Ukupno su 1001 korisnika na forumu :: 23 registrovanih, 2 sakrivenih i 976 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, bigfoot, Centauro, Dimitrije Paunovic, DonRumataEstorski, dragoljub11987, Džordžino, Georgius, havoc995, ILGromovnik, ivica976, Karla, kovinacc, kybonacci, m0nstrum_, milos.cbr, opt1, pein, Shilok, sovanova95, vaso1, Vlad000