Kako da budem sigura da je sve cisto?

[ ArtifeX @ 23.07.2011. 08:25 ] @

Juce sam bio pokpio nesto sa neta tacnije [ TR/Dropper.Gen Trojan ] skenirao sam sa Avirom samo sistemsku particiju, pocistio je sto je imao, zatim sam pustio malwarebytes da skenira sistemsku particiju, nije nasao nista, ali sam nesto i dalje sumnjicav. Ovo je sadrzaj iz DDS log file-a ako neko moze da izanalizira ima li sta mailciozno ili je sve cisto...

Code:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Administrator at 9:02:31 on 2011-07-23
Microsoft Black 7 VIII   6.1.7600.0.1252.1.1033.18.1791.954 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla\Firefox\firefox.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://online.bancaintesabeograd.com/Retail/default.aspx
mURLSearchHooks: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll
mURLSearchHooks: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll
BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll
TB: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
uRun: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROCKET~1.LNK - C:\Program Files (x86)\RocketDock\RocketDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: bancaintesabeograd.com\online
TCP: Interfaces\{0E135962-A012-4A6F-9FBD-2D3BF5FAE354} : NameServer = 172.26.22.100,8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll
BHO-X64: CescrtHlpr Object: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
BHO-X64:     Babylon toolbar helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: PandoraTV Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64:     Ask Toolbar BHO - No File
TB-X64: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - C:\Program Files (x86)\Firefox_Extreme\tbFire.dll
TB-X64: PandoraTV Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [P17Helper] Rundll32 P17.dll,P17Helper
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [BabylonToolbar] "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\86f1een7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2436433&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Firefox Extreme Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2436433&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2436433&q=
FF - component: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\86f1een7.default\extensions\{2be15141-5d7c-44e4-a3bf-3196d5c46d60}\components\FFExternalAlert.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\86f1een7.default\extensions\{2be15141-5d7c-44e4-a3bf-3196d5c46d60}\components\RadioWMPCore.dll
FF - component: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\86f1een7.default\extensions\[email protected]\components\SnarlInterfaceMozilla.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\Mozilla\Firefox\plugins\npVE3D.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\86f1een7.default\extensions\[email protected]\plugins\npCoralIETab.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Better Gmail 2: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Hostname in Titlebar: bughunter2@hostnameintitlebar - %profile%\extensions\bughunter2@hostnameintitlebar
FF - Ext: Chromifox Basic: [email protected] - %profile%\extensions\[email protected]
FF - Ext: IE Tab +: [email protected] - %profile%\extensions\[email protected]
FF - Ext: United States English Spellchecker: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FaviconizeTab: [email protected] - %profile%\extensions\[email protected]
FF - Ext: NASA Night Launch: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Pronounce: [email protected] - %profile%\extensions\[email protected]
FF - Ext: RapidShare DownloadHelper: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Strata40: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Tab Progress Bar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Google Translator for Firefox: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Ubiquity: [email protected] - %profile%\extensions\[email protected]
FF - Ext: MacOSX Theme: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9} - %profile%\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
FF - Ext: ErrorZilla Plus: {03651b2d-eb7d-4be7-af1b-dc0cd162dd54} - %profile%\extensions\{03651b2d-eb7d-4be7-af1b-dc0cd162dd54}
FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: BlackX: {239c61a8-e55f-11db-8314-0800200c9a66} - %profile%\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
FF - Ext: Firefox Extreme Toolbar: {2be15141-5d7c-44e4-a3bf-3196d5c46d60} - %profile%\extensions\{2be15141-5d7c-44e4-a3bf-3196d5c46d60}
FF - Ext: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - %profile%\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Mozilla Archive Format: {7f57cf46-4467-4c2d-adfa-0cba7c507e54} - %profile%\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
FF - Ext: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - %profile%\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - %profile%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: FennecFox: {989e9382-d540-4189-88d1-fc54a949a387} - %profile%\extensions\{989e9382-d540-4189-88d1-fc54a949a387}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: myFireFox: {e213bb8f-8ebd-11db-96b7-005056c00008} - %profile%\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: CustomizeGoogle: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} - %profile%\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
FF - Ext: PC Sync 2 Synchronisation Extension: [email protected] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
.
============= SERVICES / DRIVERS ===============
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-25 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-25 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R3 P1764;Creative SB Audigy LS;C:\Windows\system32\drivers\P1764.sys --> C:\Windows\system32\drivers\P1764.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-9 136176]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-1-25 13080]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-9 136176]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
.
=============== Created Last 30 ================
.
2011-07-22 21:44:59    --------    d-----w-    C:\Users\Administrator\AppData\Roaming\Malwarebytes
2011-07-22 21:44:51    --------    d-----w-    C:\ProgramData\Malwarebytes
2011-07-22 21:44:48    25912    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2011-07-22 21:35:12    --------    d-----w-    C:\Users\Administrator\AppData\Local\Mozilla
2011-07-22 21:34:21    --------    d-----w-    C:\Program Files\Mozilla
.
==================== Find3M  ====================
.
2011-07-02 10:23:26    88288    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2011-05-14 11:55:40    404640    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH:  9:03:15,33 ===============

Sta tacno radi [ TR/Dropper.Gen Trojan ] kakvu stetu pravi i da li treda da uradim jos neki scan???