MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima

Problem sa virusima

Napisano na dan: 17.2.2010

Problem sa virusima
Sledeća strana Pagination

Idi na vrh

Poslao: 17 Feb 2010 21:40
Idi na vrh
offline
  • Pridružio: 17 Feb 2010
  • Poruke: 3

Potrebna pomoc AVG prijavljuje puno trojanaca, malwera i dr.
P
DDS (Ver_09-12-01.01) - NTFSx86
Run by Nemanja at 20:05:33.82 on 17-Feb-10
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1033 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
G:\Programi\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
udefault_page_url = [Link mogu videti samo ulogovani korisnici]
uWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: &Security Update: {35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} - c:\windows\system32\win32extension.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [L07AXLRD_5981828] "c:\program files\microsoft student\microsoft student with encarta premium 2007 dvd\EDICT.EXE" -m
uRun: [PersonalSec] c:\program files\personalsec\psecurity.exe
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\nemanja\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-system: DisableTaskMgr =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-11 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-11 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-11 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-11 285392]

=============== Created Last 30 ================


==================== Find3M ====================

2010-02-11 20:30:21 314880 ----a-w- c:\windows\IsUninst.exe
2010-02-11 20:29:40 435200 ----a-r- c:\windows\N00038993-Mortal Kombat 4-Setup.exe
2010-02-11 17:04:22 768544 ----a-w- c:\windows\system32\nvcplui.exe
2010-02-11 16:49:22 217088 ----a-w- c:\windows\Alcrmv.exe
2010-02-02 12:03:30 28072 ----a-w- c:\windows\fonts\theresignhead_1.ttf
2010-02-02 12:03:30 24904 ----a-w- c:\windows\fonts\theresigntext_2.ttf
2010-02-02 12:03:30 24732 ----a-w- c:\windows\fonts\therechat.ttf
2010-02-02 12:03:30 24584 ----a-w- c:\windows\fonts\nockc___.ttf
2010-02-02 12:03:30 24356 ----a-w- c:\windows\fonts\theresigntext_1.ttf
2010-02-02 12:03:30 23208 ----a-w- c:\windows\fonts\theresignhead_3.ttf
2010-02-02 12:03:30 22436 ----a-w- c:\windows\fonts\theresignhead_2.ttf
2010-01-13 13:43:59 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-01-13 13:43:58 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 14:11:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-21 14:11:08 17616 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2006-04-16 13:29:02 670202 ----a-w- c:\program files\Tablic igrica.exe

============= FINISH: 20:05:56.14 ===============

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]



Poslao: 17 Feb 2010 21:54
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Citat:ukoliko zaštitni softver koji koristite nešto detektuje, a ne može da ukloni, napišite/iskopirajte nazive detektovanih datoteka u poruku;



Poslao: 17 Feb 2010 22:18
Idi na vrh
offline
  • Pridružio: 17 Feb 2010
  • Poruke: 3

Trojan Horse Generic 16.BGRV
Win32/HIDRAG.AS
Trojan Horse Backdoor.Bifrose.BN, skenirano sa AVG-om

Poslao: 17 Feb 2010 22:25
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Koji fajlovi...za koje fajlove je detektovao ovaj malware? Imena i putanje istih..Najbolje da uslikas.

Poslao: 18 Feb 2010 19:45
Idi na vrh
offline
  • Pridružio: 17 Feb 2010
  • Poruke: 3

Poslao: 18 Feb 2010 21:55
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Obrisi taj folder sa igricama.. Pusti Full scan i javi jel jos negde nalazi ovaj virus?

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima

Ko je trenutno na forumu
 

Ukupno su 1777 korisnika na forumu :: 155 registrovanih, 12 sakrivenih i 1610 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 10x10.9, 357magnum, aco76, Aleksandar Tomić, aleksandar1888, Aleksandar1991, AleksSE, Andrija357, Apis Dr, Apok, aramis s, Asparagus, Avalon015, avijacija, babaroga, Bbbggg1979, bestguarder, Bobrock1, Bojcca, bojcistv, bokicacar, boranin45, boromir, bounty hunters, Brankojle, BrcakRS, BWG, Cicumile, crnirocko, CrveniSolaris, cuculo, cyprus, dane007, dd11ll, Deki Duga Devetka, delboy, Demi87, Dolinc, dukajov, Dzoni2412, Džekson, Ercomero, Fulcrum-A, gale48, hugoxz, Igrutinovic, ikan, InzenjerBL, IvanM1984, Jablan, jalos, Jaz, Jezekijel, jon istvan, Još malo pa deda, Kajzer Soze, Kapo64, kihot, Kobrim, Koca Popovic, kondenzator, Koridor, kozhedub, Kurgan, laurusri, Levi, liki83, lima, livada123, Lj_ubo, LjutaGuja, loon123, luka1978, lukisa, Magistar78, Mahovljani, maiden6657, Mane88, MarijaC84, markoskjk, MarsRed, mat, mgolub, Mig 29, Miki 84, mikrimaus, Miler88, MiljanXD, Milos82, Milovan Dinic, Milun24, milutin134, mino bosanac, Miškić, Naturelo, Natuzzi, niksa517, oblivion, operniki, ozzy, pein, Pero Petković, Petjan, Pewac21, PlayerOne, PMsnow, Pururin, raptorsi, Recce, Rogan33, ruma, s putnik, sevenino, shlauf, Singidunumac, skylab1111, sombrero, sony771, Srky Boy, Srpska zauvjek, sspp, StalniPromatrač, stefan95, steksi, styg, suponik, tachinni, Tandrkalo, Tintoreto, tm, tmanda323, tomigun, ujke, vensla, Vlad000, Vlada78, vladetije, vladulns, Vojin, vukan0799, Welky, XBMC, yiyi, zdrebac, Zec, Zeka_Peka, zoran-ruma, Zorge, zrno, Zukov, zvomar, zziko, |_MeD_|, Šraf, 79693