Milion problema... verovatno virus.

1

Milion problema... verovatno virus.

offline
  • Pridružio: 13 Nov 2009
  • Poruke: 13

Dobar dan. Dođoh ovde na preporuku jednog poznanika da vam izložim jedan problem. A možda i više problema.

Imam PC:
Intel celeron 3.20 ghz procesor
ASUS P5LD2-X/133 matična
ASUS EN8500GT Silent Magic grafika
2 gb Ram-a
500gb WD

Windows XP sp3, za zaštitu koristim skoro instalirani KIS 2010 i Symantec antivirus neki najnoviji... Pre dve-tri nedelje sam imao ESET Smart Security 4 i nije mi se svidelo kako odrađuje posao. Imam i MBAM i on me dobro služi.

Što se ostalih informacija tiče, kablovski net 2 mbit... Everest mi detektuje temperature od 59 stepeni na grafičkoj, 73 stepena na procesoru i 40 na HDD-u Exclamation Da li je to normalno? Nešto i ne verujem da jeste...

Kompjuter sam kupio pre 4 meseca od druga. Jedino što je različito je grafička. On je imao ''GF 6800GT'' a ja imam ''EN8500gt silent''. E sad, on je bez ikakvih problema igrao i Assassins Creed i Mass Effect i Oblivion a meni secka sve što instaliram. Dobro, jedino mi Motocross Madness 2 nije seckao ali to je na nivou Minesweepera. Laughing

Zašto baguju? Windows mi je sveže instaliran i čistio sam komp od virusa...
I da li su ove temperature normalne?
I da li je kombinacija KIS/Symentec/MBAM dobra protiv virusa/trojanaca/gamadi ?
I, konačno, ako je virus sa USB-a (imam ih 3 u kući i svi se koriste redovno) kako da zaštitim komp od flash diskova?

Što se logova tiče, imam za DDS ali GMER nemam, mogu sutra da pošaljem ako se ne ubijem do tad. GMER-ov prvi sken je trajao od pre sat i po do malo pre i dok je sken bio u toku iskočio mi je BSCOD... NA SVEŽE INSTALIRAN WIN! da ne poveruje čovek GUZ - Glavom U Zid svako normalan bi se do sad ubio :


DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 16:43:03.23 on Wed 01/06/2010
Internet Explorer: 6.0.2900.5508 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1375 [GMT 1:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\antivir firewall\KIS\program KIS\klwtblfs.exe
C:\Documents and Settings\Administrator.EXPERIEN-1AFD23\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.mini20.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie_rsearch.html
uDefault_Page_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie_rsearch.html
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\program files\antivir firewall\kis\program kis\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - d:\program files\antivir firewall\kis\program kis\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Google Update] "c:\documents and settings\administrator.experien-1afd23\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AVP] "d:\program files\antivir firewall\kis\program kis\avp.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\admini~1.exp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\admini~1.exp\startm~1\programs\startup\regist~1.lnk - d:\program files\ac\register\RegistrationReminder.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 0 (0x0)
mPolicies-explorer: Start_ShowMyComputer = 1 (0x1)
mPolicies-explorer: Start_ShowMyDocs = 1 (0x1)
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-explorer: Start_ShowRun = 1 (0x1)
mPolicies-explorer: Start_ShowSearch = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
dPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - d:\program files\antivir firewall\kis\program kis\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - d:\program files\antivir firewall\kis\program kis\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: klogon - c:\windows\system32\klogon.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: d:\progra~1\antivi~1\kis\progra~1\mzvkbd3.dll,d:\progra~1\antivi~1\kis\progra~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.exp\applic~1\mozilla\firefox\profiles\6ublqx5n.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\administrator.experien-1afd23\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-12-30 315408]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-30 102448]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091231.017\naveng.sys [2010-1-1 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091231.017\navex15.sys [2010-1-1 1323568]
S0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2009-3-31 125952]
S2 AVP;Kaspersky Internet Security;d:\program files\antivir firewall\kis\program kis\avp.exe [2009-10-20 340456]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2010-1-5 25832]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-23 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-23 8320]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]

=============== Created Last 30 ================

2010-01-05 15:04:22 0 d-----w- c:\docume~1\alluse~1.win\applic~1\BioWare
2010-01-05 14:46:21 0 d-----w- c:\windows\system32\AGEIA
2010-01-05 14:45:07 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-05 13:58:08 0 d-----w- c:\program files\common files\BioWare
2010-01-05 13:54:32 0 d-----w- c:\docume~1\alluse~1.win\applic~1\DAEMON Tools Lite
2010-01-05 13:54:28 0 d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-05 13:51:19 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-05 13:51:18 0 d-----w- c:\docume~1\admini~1.exp\applic~1\DAEMON Tools Lite
2010-01-04 21:55:50 54156 ---ha-w- c:\windows\QTFont.qfn
2010-01-04 21:55:50 1409 ----a-w- c:\windows\QTFont.for
2010-01-04 15:28:47 0 d-----w- c:\program files\Guitar Pro 5
2010-01-04 14:17:03 0 d-----w- c:\docume~1\admini~1.exp\applic~1\Ubisoft
2010-01-03 22:22:25 0 d-----w- c:\program files\SystemRequirementsLab
2010-01-03 20:05:49 0 d-----w- c:\docume~1\admini~1.exp\applic~1\Malwarebytes
2010-01-03 20:05:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-03 20:05:42 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 20:05:42 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-01-03 17:36:07 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2010-01-03 17:36:06 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2010-01-03 17:36:05 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-01-03 17:36:04 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2010-01-03 17:36:03 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-01-03 17:36:01 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-01-03 17:36:01 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-01-03 03:37:54 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-02 10:15:26 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-02 10:15:26 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-01-02 10:10:49 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-01-02 10:09:13 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-01-02 10:09:02 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-02 10:08:28 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-02 10:08:20 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-01-02 10:08:12 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-02 10:07:07 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-02 10:05:32 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-02 10:05:17 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-02 10:05:14 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-02 10:03:46 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-02 10:03:38 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-01-02 10:02:18 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-02 10:02:17 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-01-02 10:02:17 1203922 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-01-02 10:02:15 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-01-01 15:49:23 20 ---h--w- c:\docume~1\alluse~1.win\applic~1\PKP_DLdu.DAT
2010-01-01 15:49:23 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Importer
2010-01-01 15:34:03 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-01 15:34:03 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-31 16:12:33 76 ----a-w- c:\windows\system32\asr_edlan
2009-12-30 18:11:52 117821 ----a-w- c:\windows\system32\asr_33673.exe
2009-12-30 18:11:11 77 ----a-w- c:\windows\system32\asr_xoswk
2009-12-30 17:24:55 0 ----a-w- c:\windows\vpc32.INI
2009-12-30 16:37:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-30 16:37:17 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-30 16:37:17 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-30 16:37:17 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-30 16:37:11 0 d-----w- c:\program files\Symantec AntiVirus
2009-12-30 16:35:21 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2009-12-30 16:35:20 0 d-----w- c:\program files\Symantec
2009-12-30 16:35:20 0 d-----w- c:\program files\common files\Symantec Shared
2009-12-30 16:35:20 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Symantec
2009-12-30 15:56:03 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-30 15:56:03 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-30 15:55:19 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Kaspersky Lab
2009-12-30 15:44:42 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Kaspersky Lab Setup Files
2009-12-29 18:13:48 306947 ----a-w- c:\windows\IsUninst.exe
2009-12-29 18:07:15 0 d-----w- c:\program files\hp deskjet 845c series
2009-12-29 18:04:15 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-12-29 18:04:15 32768 ----a-w- c:\windows\system32\hpgtmcro.dll
2009-12-29 18:04:15 126976 ----a-w- c:\windows\system32\hpgt34tk.dll
2009-12-29 18:04:15 101376 ----a-w- c:\windows\system32\hpgt34.dll
2009-12-29 18:04:14 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-29 15:54:43 0 d-----w- c:\program files\eMule
2009-12-29 12:33:28 116 ----a-w- c:\windows\NeroDigital.ini
2009-12-28 19:22:25 0 ----a-w- c:\windows\Irremote.ini
2009-12-28 15:01:02 0 d-----w- c:\docume~1\admini~1.exp\applic~1\LimeWire
2009-12-28 11:27:40 0 d-----w- c:\program files\Search_USA
2009-12-27 16:50:53 0 d-----w- c:\documents and settings\administrator.experien-1afd23\Tracing
2009-12-26 19:35:12 0 d-----w- c:\program files\GetData
2009-12-26 14:28:13 0 d-----w- c:\docume~1\admini~1.exp\applic~1\OpenOffice.org
2009-12-24 13:15:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-24 13:15:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-24 11:57:06 0 d-----w- c:\docume~1\admini~1.exp\applic~1\.purple
2009-12-24 11:56:43 0 d-----w- c:\program files\Pidgin
2009-12-24 11:56:35 0 d-----w- c:\program files\common files\GTK
2009-12-24 11:53:19 0 d-----w- c:\docume~1\admini~1.exp\applic~1\mIRC
2009-12-23 16:52:14 0 d-----w- c:\docume~1\admini~1.exp\applic~1\BitTorrent
2009-12-23 16:42:00 0 d-----w- c:\program files\BitTorrent
2009-12-23 16:41:09 0 d-----w- c:\program files\AskBarDis
2009-12-23 14:46:56 0 d-----w- c:\docume~1\admini~1.exp\applic~1\CheckPoint
2009-12-23 14:46:43 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-23 14:04:59 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Nokia
2009-12-23 13:54:54 29696 ----a-r- c:\windows\system32\drivers\l251x86.sys
2009-12-23 13:54:39 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2009-12-23 13:54:39 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2009-12-23 13:52:53 16126464 ------r- c:\windows\RTHDCPL.exe
2009-12-23 13:52:52 2157568 ------r- c:\windows\MicCal.exe
2009-12-23 13:52:49 69632 ------r- c:\windows\Alcmtr.exe
2009-12-23 13:52:48 2808832 ------r- c:\windows\alcwzrd.exe
2009-12-23 13:52:47 299008 ------r- c:\windows\system32\ALSndMgr.cpl
2009-12-23 13:52:45 520192 ------r- c:\windows\RtlExUpd.dll
2009-12-23 13:52:45 315392 ----a-w- c:\windows\HideWin.exe
2009-12-23 13:50:41 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-12-23 13:50:40 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-23 13:50:40 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-23 13:50:39 0 d-----w- c:\program files\ffdshow
2009-12-23 13:49:12 10995 ----a-w- c:\windows\Ascd_log.ini
2009-12-23 13:48:38 10751 ----a-w- c:\windows\Ascd_tmp.ini
2009-12-23 13:48:26 10288 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-12-23 13:38:14 53693 ----a-r- c:\windows\UNDPX2A.sys
2009-12-23 13:38:14 135168 ----a-r- c:\windows\UNDPX2A.exe
2009-12-23 13:30:44 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-12-23 13:30:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-23 13:30:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-23 13:30:19 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-23 13:30:19 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-23 13:26:41 0 d-sh--w- c:\documents and settings\all users.windows\DRM
2009-12-23 13:26:30 488 ---ha-r- c:\windows\system32\WindowsLogon.manifest
2009-12-23 13:26:30 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-12-23 13:26:23 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-12-23 13:26:23 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-12-23 13:26:23 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-12-23 13:26:23 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-12-23 13:26:23 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-12-23 13:26:23 749 ---ha-r- c:\windows\system32\cdplayer.exe.manifest
2009-12-23 13:24:56 23040 ----a-w- c:\windows\system32\fltMc.exe
2009-12-23 13:22:59 4933 ----a-w- c:\windows\system32\wbem\hform.xsl
2009-12-23 13:21:48 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-12-23 13:21:03 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-12-23 13:20:48 0 d-----w- c:\docume~1\alluse~1.win\applic~1\NVIDIA Corporation
2009-12-23 13:20:10 74240 ----a-w- c:\windows\system32\usbui.dll
2009-12-23 13:17:43 4444 ----a-w- c:\windows\system32\pid.PNF
2009-12-23 13:17:01 0 d-----r- c:\documents and settings\all users.windows\Documents
2009-12-23 13:16:58 16674 ----a-r- c:\windows\SET8.tmp
2009-12-23 13:15:51 73254 ----a-w- C:\DriverPack_MassStorage_wnt5_x86-32.ini
2009-12-23 13:15:51 420 ----a-w- C:\DriverPack_CPU_wnt5_x86-32.ini
2009-12-23 13:15:51 0 d-----w- C:\D
2009-12-23 13:14:37 950 ----a-w- c:\windows\system32\$winnt$.inf

==================== Find3M ====================

2010-01-01 15:49:10 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-12-23 13:24:18 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-20 19:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-09-07 08:11:54 19555 ----a-w- c:\program files\common files\nywafukuro.db

============= FINISH: 16:43:48.14 ===============



mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Dobro ti Badnje Vece i dobrodosao na forum smešak

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091231.017\naveng.sys [2010-1-1 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091231.017\navex15.sys [2010-1-1 1323568]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-12-30 315408]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]


Da li znas sta je ovo?

To su drajveri od Kasperskog i Simanteka(obe kompanije poznate po kompleksnoj zastiti )

Imas srecu sto uopste mozes da bootujes sistem

'Ajde deinstaliraj jedan od njih pa ce da pricamo Wink

Takodje, kolko se ja secam uputstva za otvaranje teme ovde, postoji i alternativa Gmer-u.

offline
  • Pridružio: 13 Nov 2009
  • Poruke: 13

Napisano: 06 Jan 2010 20:03

Dobro Badnje veče i vama dobri ljudi Mr. Green

Citat:Da li znas sta je ovo?

da znam, ne bih dolazio ođe Bebee Dol

Citat:Imas srecu sto uopste mozes da bootujes sistem

Pa ček, koja je onda normalna kombinacija Antivirusa i firewall-a... Koja dva se ne kolju Question Probao sam kombinaciju Nod+ZoneAlarm i šuplje je ko švajcarski sir... Neutral Koji fw se neće klati sa Symantec-om?

Evo ga RootRepeal log:


mycity.rs/must-login.png

Dopuna: 06 Jan 2010 20:52

Zaboravio sam da kažem, izbrisao sam KIS Smile

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Citat:da znam, ne bih dolazio ođe

Surprised Pa dao sam ti odgovor. Drajveri od Kasperskog i Simanteka Smile

Ti si imao Kapsersky internet security koji u sebi sadrzi Antivirus+antistpyware+antispam+firewall+sta jos vec ne znam ni sam

i Symantec Antivirus

Da li me pratis Wink


Free solucije su sasvim ok :

Besplatni av programi :

Avast! Home Edition
Avira AntiVir Personal Edition
Microsoft Security Essentials
AVG Anti-Virus Free Edition

Besplatan FW :


Comodo Internet Security
Online Armor Free
PC Tools Firewall Plus
Outpost Firewall Free

Elem,

Uploaduj mi sledeci fajl na proveru :

c:\windows\system32\asr_33673.exe

Preko sledece forme :

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 13 Nov 2009
  • Poruke: 13

diarno ::Citat:da znam, ne bih dolazio ođe

Surprised Pa dao sam ti odgovor. Drajveri od Kasperskog i Simanteka Smile



Znam, sprdam se... Odgovorio sam ti na retoričko pitanje "znaš li šta je ovo?"... Very Happy

uploadovao sam onaj fajl Wink

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Files to delete:
c:\windows\system32\asr_edlan
c:\windows\system32\asr_33673.exe
c:\windows\system32\asr_xoswk


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.

offline
  • Pridružio: 13 Nov 2009
  • Poruke: 13

c:\windows\system32\asr_33673.exe

ovo sam očistio avastom koji si mi dao Wink a ova druga dva nije ni detektovao kao pretnju. Da pokrenem ovo što si mi dao (Avengera) ili sam već rešio problem Avastom?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Uhh..nije trebalo da menjas Antivirus programe dok radimo... Mozes ih obrisati i rucno...

Kakvo je sad stanje..Ako ces koristiti Avast moras i symantec AV obrisati... Posle samo instaliraj FW i to je to.

offline
  • Pridružio: 13 Nov 2009
  • Poruke: 13

Napisano: 07 Jan 2010 12:45

Simantek sam obrisao naravno... Ne bih istu grešku ponovio dvaput.

ovo je Avengerov log (u ovom kodu koji si mi dao, samo sam obrisao ono što je avast već našao a to je c:\windows\system32\asr_33673.exe ) :

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\asr_edlan" deleted successfully.
File "c:\windows\system32\asr_xoswk" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Dopuna: 07 Jan 2010 12:47

Zaboravih da pitam, šta je sa temperaturama?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ok ovde smo zavrsili

Sto se tice temperatura tu bas nisam neki poznavalac materije al kolko ja znam 40 za HDD i 59 za GPU su ok temperature..za procesor..ne znam..

Posto kazes da ti iskace i BSOD ..Najbolje bi bilo da potrazis pomoc u windows podforumu..Otvori temu i detlajno opisi svoj problem i okaci sliku tog BSOD-a ili pak ispisi sta na njemu pise. U ambulanti se bavimo samo malware-om Smile


Programe koje smo ovd koristili slobodno mozes obrisati.

pozz...

Ko je trenutno na forumu
 

Ukupno su 491 korisnika na forumu :: 24 registrovanih, 6 sakrivenih i 461 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, _Sale, A.R.Chafee.Jr., Apok, ArmyBoss, babaroga, caesar, darios, Dorcolac, jaeger, Marko Marković, mercedesamg, Mercury, MrNo, nenad81, repac, Singidunumac, theNedjeljko, virked, vlvl, W123, x9, Yugoskala55, zuxbg