Problem sa virusima

Problem sa virusima

offline
  • Pridružio: 31 Jan 2010
  • Poruke: 5
  • Gde živiš: Nis

Napisano: 08 Jul 2010 17:58

Avira mi je nasla neke trojance i obrisala ih je...




Evo i log-ova radi detaljnije provere:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 16:37:39.12 on Thu 07/08/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.511.161 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\acs.exe
D:\Program files 2\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TP-LINK\TP-LINK 54M Wireless Client Utility\TWCU.exe
D:\Program files 2\Avira\AntiVir Desktop\avgnt.exe
D:\Program files 2\MCShield.exe
D:\Program files 2\MCShieldTray.exe
D:\Program files 2\Avira\AntiVir Desktop\avguard.exe
D:\Program files 2\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Opera 10.60 Alpha\opera.exe
C:\WINDOWS\system32\dllhost.exe
d:\program files 2\avira\antivir desktop\avcenter.exe
C:\Documents and Settings\Administrator\Desktop\Ambulanta\dds.scr

============== Pseudo HJT Report ===============

mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\youtube downloader toolbar\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live pomagač za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\youtube downloader toolbar\SearchSettings.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\1.0\youtubedownloaderToolbarIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\1.0\youtubedownloaderToolbarIE.dll
uRun: [MCShield] d:\program files 2\MCShield.exe
uRun: [MCShieldTray] d:\program files 2\MCShieldTray.exe
uRun: [MS Shell Services] c:\program files\teslain kidlogger\MainWnd.exe -m
uRunServices: [MS Shell Services] c:\program files\teslain kidlogger\MainWnd.exe -m
mRun: [TWCU] "c:\program files\tp-link\tp-link 54m wireless client utility\TWCU.exe" -nogui
mRun: [avgnt] "d:\program files 2\avira\antivir desktop\avgnt.exe" /min
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files 2\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files 2\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\rxk4o6ro.default\
FF - component: c:\program files\youtube downloader toolbar\ff\components\youtubedownloaderToolbarFF.dll
FF - component: c:\program files\youtube downloader toolbar\ssff\components\SearchSettingsFF.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\opera 10.60 alpha\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10.60 alpha\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 10.60 alpha\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 10.60 alpha\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 10.60 alpha\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 10.60 alpha\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 10.60 alpha\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 10.60 alpha\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera 10.60 alpha\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;d:\program files 2\avira\antivir desktop\avgio.sys [2010-7-8 11608]
R1 SASDIFSV;SASDIFSV;d:\program files 2\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\program files 2\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files 2\avira\antivir desktop\sched.exe [2010-7-8 135336]
R2 AntiVirService;Avira AntiVir Guard;d:\program files 2\avira\antivir desktop\avguard.exe [2010-7-8 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-8 60936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-1-25 54752]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-2-19 380928]
S4 fsssvc;Usluga Windows Live Porodična bezbednost;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-07-08 13:29:15 0 d-----w- c:\docume~1\admini~1\applic~1\Avira
2010-07-08 02:22:32 0 d-----w- c:\windows\system32\NtmsData
2010-07-08 02:15:16 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-08 02:15:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-07-07 23:06:35 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent
2010-07-02 18:08:37 0 d-----w- c:\docume~1\admini~1\applic~1\MCShield
2010-07-02 18:07:10 0 d-----w- c:\docume~1\admini~1\applic~1\URSoft
2010-07-01 18:37:21 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-01 18:37:21 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-07-01 18:19:35 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-07-01 17:59:57 0 d-----w- c:\docume~1\admini~1\applic~1\RapidTyping
2010-07-01 17:59:13 0 d-----w- c:\docume~1\admini~1\applic~1\TypingMaster7
2010-06-21 21:55:29 0 d-----w- c:\docume~1\admini~1\applic~1\Skinux
2010-06-21 18:46:31 0 d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2010-06-21 18:42:42 0 d-----w- c:\program files\common files\Kodak
2010-06-21 18:41:54 0 d-----w- c:\program files\Kodak
2010-06-21 15:41:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Kodak
2010-06-21 15:18:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-06-21 15:18:48 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-21 15:18:48 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-20 18:13:34 0 d-----w- c:\docume~1\admini~1\applic~1\YouTube Downloader
2010-06-20 18:13:33 0 d-----w- c:\docume~1\admini~1\applic~1\Search Settings
2010-06-14 16:32:07 0 d-----w- c:\docume~1\admini~1\applic~1\Teleca

==================== Find3M ====================


============= FINISH: 16:38:28.82 ===============








mycity.rs/must-login.png



mycity.rs/must-login.png


mycity.rs/must-login.png

Hvala unapred!!!

Dopuna: 08 Jul 2010 18:04

Zaboravi i ovaj log :


mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav.

Nisi gmer1 log napravio po uputstvu.

Arrow Ponovo isprati uputstvo i postavi samo taj log (gmer1):
-> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 31 Jan 2010
  • Poruke: 5
  • Gde živiš: Nis

mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

U log-ovima nema tragova malware-a.

Pozdrav.

Ko je trenutno na forumu
 

Ukupno su 578 korisnika na forumu :: 5 registrovanih, 1 sakriven i 572 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, bato, cikadeda, JOntra, slonic_tonic