|
U toku rada komp mi izbaci poruku da IE ne moze ucitati trazenu stranu.Prilikom skeniranja kompa, AVG mi je prijavio Trojanca:
Infection:
Trojan horse SHeur2.BTEC
Object:
C:\Documents and settings\All users\Documents\Settings\cbss.dll
Result:
Moved to Virus Vault
Process:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Takodje mi je i Malwarebytes' Anti-Malware prijavio sledece:
Inficirani kljuèevi u registru: 1
Inficirani kljuèevi u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> No action taken.
Nakon sto je zavrseno skeniranje sa Malware-om komp mi se resetovao.
Pokusao sam sa HEAL kada je AVG prijavio trojanca ali nije pomoglo.
Sta raditi?
Evo logova...
DDS (Ver_09-09-29.01) - NTFSx86
Run by Milan at 17:11:53.89 on Fri 11/27/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.237 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\WinFast\WFDTV\DVBTAP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Bandoo\BndCore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Milan\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.krstarica.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0 ce\reader\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: TBSB00982 Class: {da3d342f-ff20-4e31-9e82-22334155730c} - c:\program files\antbar\ant.com toolbar\tbu02012\tbcore3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\bandoo\plugins\ie\ieplugin.dll
BHO: TBSB00982 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\antbar\ant.com toolbar\tbcore3.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - c:\program files\antbar\ant.com toolbar\tbu02012\tbcore3.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WinFast Schedule] c:\program files\winfast\wfdtv\WFWIZ.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\milan\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236764830906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236778031203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: cbssreg - c:\documents and settings\all users\documents\settings\cbss.dll
AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-2 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-2 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-2 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-28 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-28 297752]
R2 Bandoo Coordinator;Bandoo Coordinator;c:\progra~1\bandoo\Bandoo.exe [2009-9-6 1516480]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-7-5 10752]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-2 38224]
R3 PAC7302;Eye 312;c:\windows\system32\drivers\PAC7302.SYS [2009-11-23 457856]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-11-23 31616]
S2 gupdate1c98d25e3423983;Google Update Service (gupdate1c98d25e3423983);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
=============== Created Last 30 ================
2009-11-23 20:07 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-11-23 20:02 <DIR> --d--r-- c:\program files\Skype
2009-11-23 19:11 <DIR> --d----- c:\docume~1\milan\applic~1\Reallusion
2009-11-23 16:10 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-11-23 16:10 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-11-23 16:08 81 ---shr-- c:\windows\CT4CET.bin
2009-11-23 16:07 5,632,000 a------- c:\windows\system32\RLVirtualCamera.ocx
2009-11-23 16:07 31,616 a------- c:\windows\system32\drivers\RLVrtAuCbl.sys
2009-11-23 16:07 <DIR> --d----- c:\program files\common files\Reallusion
2009-11-23 16:07 <DIR> --d----- c:\program files\Reallusion
2009-11-23 16:02 457,856 a------- c:\windows\system32\drivers\PAC7302.SYS
2009-11-23 16:02 48,128 a------- c:\windows\system32\Remove.exe
2009-11-23 16:02 302 a------- c:\windows\system32\Remover.ini
2009-11-23 16:02 <DIR> --d----- c:\program files\common files\Eye 312
2009-11-23 16:02 6,656 a------- c:\windows\system32\CoInst_070614.dll
2009-11-23 16:02 129,024 a------- c:\windows\system32\SP7302.ax
2009-11-23 16:02 14,336 a------- c:\windows\system32\P7302USD.dll
2009-11-23 16:02 566 a------- c:\windows\system32\SP7302.ini
2009-11-23 16:02 <DIR> --d----- c:\windows\PixArt
2009-11-23 16:02 <DIR> --d----- c:\program files\common files\Pac7302
2009-11-19 02:56 <DIR> --d----- c:\docume~1\milan\applic~1\EA
2009-11-19 02:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EA
2009-11-16 23:24 <DIR> --d----- c:\program files\Advanced GIF Animator
2009-11-16 23:18 6,144 a--sh--- C:\Thumbs.db
2009-11-15 02:33 <DIR> --d----- c:\docume~1\milan\applic~1\DScaler4
2009-11-06 10:30 <DIR> --d----- c:\program files\common files\Adobe Systems Shared
2009-11-06 10:09 <DIR> --d----- c:\program files\Photoshop CS2
2009-10-30 08:34 <DIR> --d----- c:\windows\SSMaui Wowee
2009-10-30 08:34 49,664 a------- c:\windows\SSMaui Wowee.scr
2009-10-30 08:33 802,816 a------- c:\windows\FeedingFrenzy.scr
2009-10-30 08:33 57,344 a------- c:\windows\system32\Big Kahuna Reef.scr
2009-10-30 08:32 389,120 a------- c:\windows\Adventure Inlay.scr
2009-10-30 08:32 <DIR> --d----- c:\program files\GameHouse Games Collection
==================== Find3M ====================
2009-10-25 10:38 3,398 a------- c:\windows\system32\PerfStringBackup.TMP
2009-09-23 22:18 7,060 a------- c:\documents and settings\milan\FMCodec.dat
2009-08-07 14:48 5,543 a------- c:\program files\Yurecnik.ini
2009-01-17 17:03 258 a------- c:\program files\Mini-YuRecnik.ini
2009-01-17 16:59 28,702 a------- c:\program files\Uninstal.exe
2009-01-17 16:59 1,998 a------- c:\program files\uninstal.log
1999-08-02 10:47 387,072 a------- c:\program files\YuRecnik.exe
1999-08-02 10:40 219,648 a------- c:\program files\MiniYuRecnik.exe
1999-08-02 10:35 9,559 a------- c:\program files\YURECNIK.HLP
1999-08-02 10:35 57 a------- c:\program files\Yurecnik.CNT
1999-07-29 10:43 2,447,472 a------- c:\program files\Reci.dat
1996-09-06 13:08 30,070 a------- c:\program files\Fb_deflt.dic
1996-02-23 16:26 469,504 a------- c:\program files\Fb_11k8.dll
1996-02-23 15:59 34,816 a------- c:\program files\Fb_spch.dll
1996-02-23 15:48 4,608 a------- c:\program files\Fb_timer.dll
1996-02-23 15:46 29,184 a------- c:\program files\Fb_ngn.exe
1996-02-23 15:21 16,896 a------- c:\program files\Uraspec.exe
1996-02-23 15:17 18,432 a------- c:\program files\Dictmgr.exe
1993-11-29 09:32 16,896 a------- c:\program files\Monologw.exe
============= FINISH: 17:12:46.25 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
Napominjem da sam tek iz cetvrtog puta uspeo da skeniram komp sa GMER-om.
|
Preuzmi 
