ws2_32.dll trojan pomoc!

Freelander1111

Freelander1111

Primećen član
Poruka
990
Pozdrav svima, treba mi mala pomoc. Imam AVG i problem sa gore navedenim trojancem. Ne daje mi mogucnost da se obrise. Zagljucan je pod tim nazivom u win/sys32/

hj log je sledeci



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:01:29, on 13.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\New Folder\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Documents and Settings\Free\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Free\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Free\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Free\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Free\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Free\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Free\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
D:\afdsedfsd\sdfs\sfsd\s.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://RealDesktop.toolbaroptions.com/?tmp=toolbar_RealDesktop_homepage&prt=realdesktb04ie&v=15
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://RealDesktop.toolbaroptions.com/?tmp=toolbar_RealDesktop_homepage&prt=realdesktb04ie&v=15
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://RealDesktop.toolbaroptions.com/?tmp=toolbar_RealDesktop_homepage&prt=realdesktb04ie&v=15
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\New Folder\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7864 bytes
 
Пробај да скенираш и SDFix-ом, на том линку ћеш наћи и линк за скидање поменутог програма и упутство како се користи. Искрено, горњи лог не показује да имаш некакав проблем. Да AVG не види опет неке "фантомске" вирусе, можда? :think:
 
cvrlebg:
Skeniraj Malwarebytesom (update-ovanim), i postavi log ovde.
Kliknite za proširenje...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4310

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.7.2010 23:17:42
mbam-log-2010-07-13 (23-17-42).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 213691
Time elapsed: 43 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srenum (Rootkit.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Free\Local Settings\Temp\bpvou.exe.vir (Virus.Agent) -> No action taken.
C:\Documents and Settings\Free\Local Settings\Temporary Internet Files\Content.IE5\2G3A6AB3\wzdytaicxe[1].htm (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\Free\Local Settings\Temporary Internet Files\Content.IE5\8NUIL9XI\iickf[1].htm (Trojan.Kates) -> No action taken.
C:\RECYCLER\S-1-5-21-6033109792-0558163602-966563732-6800\mgrls32.exe.vir (Worm.Autorun.B) -> No action taken.
C:\WINDOWS\system32\drivers\srenum.sys.vir (Rootkit.Agent) -> No action taken.
D:\staro d\filmovi\Corel-Photo-Album-7.00.21 - AIO AxxO\crack.exe (Malware.Packer) -> No action taken.
C:\WINDOWS\system32\msrun.exe (Trojan.Agent) -> No action taken.
 
SDFix: Version 1.240
Run by Administrator on uto 13.07.2010 at 23:36

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-13 23:40:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:84,19,70,75,19,e9,a4,10,d8,f2,72,51,32,76,a2,a3,45,07,91,38,1d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,3a,34,d6,e1,63,5e,58,c0,6a,53,26,c4,0c,30,22,46,..
"khjeh"=hex:82,db,71,d7,f2,df,17,b2,7c,1e,c4,f5,b6,09,95,cf,3b,f3,71,04,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:33,9a,fb,d7,38,d0,13,ac,11,22,c5,f6,35,9a,40,c3,9a,1a,28,5a,85,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:84,19,70,75,19,e9,a4,10,d8,f2,72,51,32,76,a2,a3,45,07,91,38,1d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,3a,34,d6,e1,63,5e,58,c0,6a,53,26,c4,0c,30,22,46,..
"khjeh"=hex:82,db,71,d7,f2,df,17,b2,7c,1e,c4,f5,b6,09,95,cf,3b,f3,71,04,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:33,9a,fb,d7,38,d0,13,ac,11,22,c5,f6,35,9a,40,c3,9a,1a,28,5a,85,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\\Program Files\\AVG\\AVG8\\avgam.exe"="C:\\Program Files\\AVG\\AVG8\\avgam.exe:*:Enabled:avgam.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"D:\\New Folder\\UnrealEngine3\\Binaries\\MOHA.exe"="D:\\New Folder\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\\Program Files\\Novation\\Automap\\AutomapServer.exe"="C:\\Program Files\\Novation\\Automap\\AutomapServer.exe:*:Enabled:Novation Automap Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Wed 4 Nov 2009 1,168,216 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 13 Jul 2010 952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 2 Jul 2010 25,335,187 ..SH. --- "C:\Documents and Settings\Free\Local Settings\Temp\Automap-3.5.exe"

Finished!
 
ws2_32.dll nije trojanc niti virus već deo windows operativnog sistema. Kao takav može biti "inficiran" nekim malicioznim programom. Problem se manifestuje kroz nemogućnost pokretanja mnogih programa, a javlja se poruka o grešci The application failed to initialize (0xc0000022) ili sl. Objasni simptome koji se javljaju kod tvog kompa. I naravno, instaliraj KIS 2011, imaš mesec dana probno besplatno korišćenje, uradi update i full skan i rešićeš se problema.
 
Poslednja izmena:
Prijavite se ili registrujte da biste poslali poruku.

Slične teme

jolemisa
Moze li pomoc.
Odgovora
23
Pregleda
601
Nemoguća Могућност
Nemoguća Могућност
N
Gorenje sudomašina u kvaru - Potrebna pomoć
Odgovora
4
Pregleda
350
mip163
M
falconcrest
Pomoć !!!! Odgovarajući USB za PlayStation 5 ?
Odgovora
23
Pregleda
620
Buntovnik_Bez_Razloga
Buntovnik_Bez_Razloga

Back
Top