MyCity » Ambulanta -> Arhiva Ambulante » da li imam virus

da li imam virus

Napisano na dan: 28.7.2009

da li imam virus
Sledeća strana Pagination

Idi na vrh

Poslao: 28 Jul 2009 12:18
Idi na vrh
offline
  • raco66 
  • Novi MyCity građanin
  • Pridružio: 28 Jul 2009
  • Poruke: 4

pozzzz svima
kada pokrenem racunar i nista ne radim ram-a mi je uzeto oko 300mb(cini mi se malo previse).neka neko ovo pogleda i vidi da li je virus ili je do sistema. hvala

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:06, on 28.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60341
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6950 bytes

Poslao: 28 Jul 2009 17:44
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav...

Preuzmi program DDS sa ovog, ovog ili ovog linka na Desktop.


Dvoklikom pokreni DDS;

nakon par minuta će se pojaviti poruka o završetku procesa i otvoriće se dva izveštaja;

snimi oba izveštaja na Desktop (izborom File > Save As);

dvoklikom otvori DDS.txt i iskopiraj sadržaj u temu;

file Attach.txt priloži uz poruku korišćenjem opcije Prikači fajl.

Napomena: u slučaju da zaštitni softver omete DDS u radu, privremeno deaktiviraj isti (uputstvo) i ponovo pokreni DDS.

Poslao: 29 Jul 2009 00:56
Idi na vrh
offline
  • raco66 
  • Novi MyCity građanin
  • Pridružio: 28 Jul 2009
  • Poruke: 4

DDS (Ver_09-06-26.01) - NTFSx86
Run by Raco at 0:50:24,54 on гбЁ 29.07.2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.448.92 [GMT 2:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Raco\Desktop\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60341
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpywareTerminatorUpdate] "c:\progra~1\spywar~1\SpywareTerminatorUpdate.exe"
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SpywareTerminator] "c:\progra~1\spywar~1\SpywareTerminatorShield.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: Crawler Search - tbr:iemenu
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\raco\applic~1\mozilla\firefox\profiles\y015guvb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba
FF - component: c:\documents and settings\raco\application data\idm\idmmzcc3\components\idmmzcc.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-7-13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-7-13 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-7-13 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090722.001\IDSXpx86.sys [2009-7-28 276344]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-7-12 142592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-7-13 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-12 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090727.073\NAVENG.SYS [2009-7-28 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090727.073\NAVEX15.SYS [2009-7-28 875728]

=============== Created Last 30 ================

2009-07-29 00:49 <DIR> --d-h--- c:\windows\PIF
2009-07-28 17:35 <DIR> --d----- c:\program files\WIBUKEY
2009-07-27 14:39 223,128 a------- c:\windows\system32\drivers\dtscsi.sys
2009-07-27 14:39 <DIR> --d----- c:\program files\DAEMON Tools
2009-07-27 14:01 1,205 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-07-25 16:14 <DIR> --d----- c:\program files\HDD Regenerator
2009-07-23 00:19 <DIR> --d----- c:\docume~1\raco\applic~1\VitySoft
2009-07-14 09:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-07-14 00:14 <DIR> --d----- c:\program files\Trend Micro
2009-07-13 23:52 <DIR> --dsh--- c:\documents and settings\raco\IECompatCache
2009-07-13 16:39 <DIR> --d----- c:\docume~1\raco\applic~1\Malwarebytes
2009-07-13 16:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 16:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-13 16:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 15:51 <DIR> --d----- c:\windows\Downloaded Installations
2009-07-13 15:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-07-13 15:45 <DIR> --d----- c:\program files\Symantec
2009-07-13 11:21 <DIR> --d----- c:\program files\Microsoft AntiSpyware
2009-07-12 23:38 <DIR> --dsh--- c:\documents and settings\raco\PrivacIE
2009-07-12 23:31 <DIR> --dsh--- c:\documents and settings\raco\IETldCache
2009-07-12 23:11 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-12 23:10 <DIR> --d----- c:\windows\ie8updates
2009-07-12 23:09 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-12 23:09 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-12 23:09 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-12 23:09 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-12 23:07 <DIR> -cd-h--- c:\windows\ie8
2009-07-12 23:07 <DIR> --d----- c:\windows\system32\sr-Cyrl-CS
2009-07-12 20:58 <DIR> --d----- c:\program files\Crawler
2009-07-12 20:58 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-07-12 20:58 <DIR> --d----- c:\docume~1\raco\applic~1\Spyware Terminator
2009-07-12 20:58 <DIR> --d----- c:\program files\Spyware Terminator
2009-07-12 20:19 <DIR> --d----- c:\windows\pss
2009-07-12 18:07 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-07-12 18:07 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-12 18:07 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-12 18:07 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-12 18:07 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-12 18:07 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-07-12 18:05 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-07-12 18:05 <DIR> --d----- c:\program files\Norton Internet Security
2009-07-12 18:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-07-12 18:05 <DIR> --d----- c:\program files\NortonInstaller
2009-07-12 18:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-07-12 16:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-12 16:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-12 09:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-07-11 00:38 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-11 00:29 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-11 00:29 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-11 00:29 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-07-11 00:27 <DIR> --d-h--- c:\windows\$hf_mig$
2009-07-10 23:24 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-07-10 22:56 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-07-10 22:50 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-10 22:50 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-07-10 22:48 2,142,720 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-10 22:48 2,186,112 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-10 22:48 2,020,864 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-10 22:48 2,062,976 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-10 22:34 455,936 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-10 22:00 <DIR> --d----- c:\program files\ESET
2009-07-10 21:26 5,702 a---h--- c:\windows\nod32restoretemdono.reg
2009-07-10 20:27 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-09 12:36 <DIR> --d----- c:\docume~1\raco\applic~1\IDM
2009-07-09 12:36 <DIR> --d----- c:\docume~1\raco\applic~1\DMCache
2009-07-09 12:36 <DIR> --d----- c:\program files\Internet Download Manager
2009-07-06 16:10 <DIR> --d----- c:\program files\Sony Ericsson
2009-07-06 16:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2009-07-02 16:31 69 a------- c:\windows\NeroDigital.ini
2009-07-02 16:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-07-02 15:34 <DIR> --d----- c:\documents and settings\raco\Graphisoft
2009-07-02 15:34 <DIR> --d----- c:\docume~1\raco\applic~1\Graphisoft
2009-07-02 15:27 1,253,376 a------- c:\windows\system32\WibuKe32.cpl
2009-07-02 15:26 <DIR> --d----- c:\program files\WIBU-SYSTEMS
2009-07-02 15:25 7,310 a------- c:\windows\vpd.properties
2009-07-02 15:20 <DIR> --d----- c:\program files\Graphisoft
2009-07-02 15:18 69,632 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-06-19 15:36 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-05-30 13:40 685,816 a------- c:\windows\system32\drivers\sptd.sys
2009-05-13 07:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 17:44 344,064 a------- c:\windows\system32\localspl.dll
2009-03-14 22:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031420090315\index.dat

============= FINISH: 0:52:40,35 ===============



mycity.rs/must-login.png

Poslao: 29 Jul 2009 21:22
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Što se tiče malware_a kompjuter je čist.

Što se tiče sistema u logovima se vide aktivnosti par različitih AV programa.

Koji AntiVirus koristiš sada na kompjuteru?

Poslao: 30 Jul 2009 00:36
Idi na vrh
offline
  • raco66 
  • Novi MyCity građanin
  • Pridružio: 28 Jul 2009
  • Poruke: 4

Sada trenutno koristim nortona 2009 i spyware terminator.
Taj nagli skok ram-a mi se desio posle instalisanja eseta v4, kojeg sam uklonio.A bio mi se u tom trenutku nakacio i WGA, ali sam se i njega resio.
Problem mi je sto na taskmanageru ne vidim sta mi uzima toliki ram.
Jel moguce da nesto toliko uzima a da se ne vidi na TM-u?I kad iskljucim AV-e meni je zauzeto oko 250MB.

Poslao: 30 Jul 2009 18:08
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Logovi su čisti, nema tragova malware_a.

Što se tiče sistema nije da neću da pomognem, ali Ambulanta služi isključivo za probleme izazvane infekcijom kompjutera od strane malware_a.

Ukoliko imaš neka pitanja vezana za rad sistema otvori temu u Windows forumu i neko od članova će da ti objasni.

MyCity » Ambulanta -> Arhiva Ambulante » da li imam virus

Ko je trenutno na forumu
 

Ukupno su 1104 korisnika na forumu :: 46 registrovanih, 3 sakrivenih i 1055 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Alibaba1981, amaterSRB, amstel, babaroga, bigfoot, bojank, Boris Bosiljčić, BORUTUS, Centauro, cifra, doom83, draganl, flash12, gorican, havoc995, ILGromovnik, Istman, Ivica1102, Joja, kinez88, KOV, kybonacci, macak44, mačković, MB120mm, Mercury, milenko crazy north, Misirac, Nemanja.M, ObelixSRB, radionica1, robert1979, Romibrat, rovac, slonic_tonic, Srle993, Stoilkovic, vathra, virked, Vlad000, wizzardone, wolverined4, ZetaMan, zixmix, zlaya011, 1107