|
Poslao: 09 Jul 2010 21:25
|
offline
- kostolac
- Građanin
- Pridružio: 21 Dec 2005
- Poruke: 228
- Gde živiš: Kostolac
|
Napisano: 09 Jul 2010 21:15
Jer moze pomoc ? 
Evo loga sa DDS-om
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administratori.NET at 21:13:56,65 on pet 09.07.2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2666 [GMT 2:00]
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Administratori.NET\Desktop\dds.scr
============== Pseudo HJT Report ===============
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\imon.dll
TCP: {C5B58871-BFA8-4D22-A4E3-D3388CB5352D} = 212.200.191.166,212.200.190.166
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2010-7-9 507904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
=============== Created Last 30 ================
2010-07-09 19:49:35 0 d-----w- c:\program files\common files\ODBC
2010-07-09 19:49:32 0 d-----w- c:\program files\common files\SpeechEngines
2010-07-09 19:49:14 0 d-----r- c:\documents and settings\all users\Documents
2010-07-09 18:44:53 0 d-----w- c:\program files\Eset
2010-07-09 18:33:30 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-09 18:33:27 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-09 18:33:27 0 d-----w- c:\docume~1\admini~1.net\applic~1\SUPERAntiSpyware.com
2010-07-09 18:33:17 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-07-09 18:17:08 0 d-----w- c:\program files\Realtek
2010-07-09 18:00:16 0 d-sh--w- c:\documents and settings\all users\DRM
2010-07-09 18:00:03 0 d--h--w- c:\program files\WindowsUpdate
2010-07-09 17:59:23 0 d-----w- c:\program files\common files\MSSoap
2010-07-09 17:58:19 0 d-----w- c:\program files\Online Services
2010-07-09 17:58:13 0 d-----w- c:\program files\Messenger
2010-07-09 17:58:10 0 d-----w- c:\program files\MSN Gaming Zone
2010-07-09 17:57:37 0 d-----w- c:\program files\Windows NT
==================== Find3M ====================
2010-07-09 18:44:44 502368 ----a-w- c:\windows\system32\drivers\amon.sys
2010-07-09 18:44:44 270336 ----a-w- c:\windows\system32\imon.dll
2010-07-09 18:16:43 315392 ----a-w- c:\windows\HideWin.exe
2010-07-09 17:58:38 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2006-06-24 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
============= FINISH: 21:14:03,39 ===============
Dopuna: 09 Jul 2010 21:25
Problem je sledeci.
Prilikom pokretanja Win-a program SuperAntiSpyware je izbacio upozorenje da je blokirao neke procese i pojavio se plavi ekran i ugasio mi je racunar. Probao sam da ga ocistim iz safe moda ali nije mogao jer je pronasao preko 1000 trojanaca, pa sam podignuo sistem ponovo medjutim isto se desava i posle formatiranja C particije i instalacije SuperAnti.....
Molim za pomoc
Dopuna: 09 Jul 2010 21:25
https://www.mycity.rs/must-login.png
|
|
|
|
|
|
|
|
|
|
|
Poslao: 09 Jul 2010 21:48
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6104
|
Hajde ponovo pokreni SuperAntiSpyware i klikni na Preferences
prebaci na tab Statistics/logs i postavi mi zadnji log koji je napravio SAS
|
|
|
|
|
|
|
Poslao: 09 Jul 2010 22:00
|
offline
- kostolac
- Građanin
- Pridružio: 21 Dec 2005
- Poruke: 228
- Gde živiš: Kostolac
|
Napisano: 09 Jul 2010 21:51
Cim ukljucim SuperAnti... odmah mi blokira komp i ugasi mi racunar, tako da ne mogu to da odradim. Jedino iz safe moda da probam ?
Dopuna: 09 Jul 2010 22:00
Probao sam iz safe moda i na tabu Statistic/Logs nema nista ali sam kliknuo na mali prozor od SuperAnti... koji mi izbacuje to upozorenje i tamo stoji da je na nekoliko mesta pronasao neki trojanac ali neznam kako da iskopiram ili sacuvam to jer nema nigde koliko ja vidim
A sta je onaj fajl HideWin.exe sto se vidi u onom logu gore ?
|
|
|
|
|
|
|
Poslao: 09 Jul 2010 23:05
|
offline
- magna86
- Anti Malware Fighter
Rank 2
- Pridružio: 21 Jun 2008
- Poruke: 6104
|
Hajde napravi screenshot SuperAntiSpyware-a.
Uslikaj mi to upozorenje sto ti izbacuje i to gde pise da je nasao neke trojance.
Ali tako da se vide detektovani fajlovi.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Napravi screenshot u safe modu...
