da li imam virus

da li imam virus

offline
  • raco66 
  • Novi MyCity građanin
  • Pridružio: 28 Jul 2009
  • Poruke: 4

pozzzz svima
kada pokrenem racunar i nista ne radim ram-a mi je uzeto oko 300mb(cini mi se malo previse).neka neko ovo pogleda i vidi da li je virus ili je do sistema. hvala

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:06, on 28.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60341
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6950 bytes

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav...

Preuzmi program DDS sa ovog, ovog ili ovog linka na Desktop.


Dvoklikom pokreni DDS;

nakon par minuta će se pojaviti poruka o završetku procesa i otvoriće se dva izveštaja;

snimi oba izveštaja na Desktop (izborom File > Save As);

dvoklikom otvori DDS.txt i iskopiraj sadržaj u temu;

file Attach.txt priloži uz poruku korišćenjem opcije Prikači fajl.


Napomena: u slučaju da zaštitni softver omete DDS u radu, privremeno deaktiviraj isti (uputstvo) i ponovo pokreni DDS.

offline
  • raco66 
  • Novi MyCity građanin
  • Pridružio: 28 Jul 2009
  • Poruke: 4

DDS (Ver_09-06-26.01) - NTFSx86
Run by Raco at 0:50:24,54 on гбЁ 29.07.2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.448.92 [GMT 2:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Raco\Desktop\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60341
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpywareTerminatorUpdate] "c:\progra~1\spywar~1\SpywareTerminatorUpdate.exe"
mRun: [HTpatch] c:\windows\htpatch.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SpywareTerminator] "c:\progra~1\spywar~1\SpywareTerminatorShield.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: Crawler Search - tbr:iemenu
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\raco\applic~1\mozilla\firefox\profiles\y015guvb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba
FF - component: c:\documents and settings\raco\application data\idm\idmmzcc3\components\idmmzcc.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-7-13 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-7-13 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-7-13 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090722.001\IDSXpx86.sys [2009-7-28 276344]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-7-12 142592]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-7-13 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-12 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090727.073\NAVENG.SYS [2009-7-28 87888]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090727.073\NAVEX15.SYS [2009-7-28 875728]

=============== Created Last 30 ================

2009-07-29 00:49 <DIR> --d-h--- c:\windows\PIF
2009-07-28 17:35 <DIR> --d----- c:\program files\WIBUKEY
2009-07-27 14:39 223,128 a------- c:\windows\system32\drivers\dtscsi.sys
2009-07-27 14:39 <DIR> --d----- c:\program files\DAEMON Tools
2009-07-27 14:01 1,205 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-07-25 16:14 <DIR> --d----- c:\program files\HDD Regenerator
2009-07-23 00:19 <DIR> --d----- c:\docume~1\raco\applic~1\VitySoft
2009-07-14 09:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-07-14 00:14 <DIR> --d----- c:\program files\Trend Micro
2009-07-13 23:52 <DIR> --dsh--- c:\documents and settings\raco\IECompatCache
2009-07-13 16:39 <DIR> --d----- c:\docume~1\raco\applic~1\Malwarebytes
2009-07-13 16:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 16:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-13 16:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 15:51 <DIR> --d----- c:\windows\Downloaded Installations
2009-07-13 15:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-07-13 15:45 <DIR> --d----- c:\program files\Symantec
2009-07-13 11:21 <DIR> --d----- c:\program files\Microsoft AntiSpyware
2009-07-12 23:38 <DIR> --dsh--- c:\documents and settings\raco\PrivacIE
2009-07-12 23:31 <DIR> --dsh--- c:\documents and settings\raco\IETldCache
2009-07-12 23:11 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-12 23:10 <DIR> --d----- c:\windows\ie8updates
2009-07-12 23:09 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-12 23:09 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-12 23:09 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-12 23:09 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-12 23:07 <DIR> -cd-h--- c:\windows\ie8
2009-07-12 23:07 <DIR> --d----- c:\windows\system32\sr-Cyrl-CS
2009-07-12 20:58 <DIR> --d----- c:\program files\Crawler
2009-07-12 20:58 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-07-12 20:58 <DIR> --d----- c:\docume~1\raco\applic~1\Spyware Terminator
2009-07-12 20:58 <DIR> --d----- c:\program files\Spyware Terminator
2009-07-12 20:19 <DIR> --d----- c:\windows\pss
2009-07-12 18:07 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-07-12 18:07 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-12 18:07 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-12 18:07 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-12 18:07 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-12 18:07 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-07-12 18:05 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-07-12 18:05 <DIR> --d----- c:\program files\Norton Internet Security
2009-07-12 18:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-07-12 18:05 <DIR> --d----- c:\program files\NortonInstaller
2009-07-12 18:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-07-12 16:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-12 16:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-12 09:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-07-11 00:38 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-11 00:29 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-11 00:29 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-11 00:29 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-07-11 00:27 <DIR> --d-h--- c:\windows\$hf_mig$
2009-07-10 23:24 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-07-10 22:56 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-07-10 22:50 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-10 22:50 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-07-10 22:48 2,142,720 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-10 22:48 2,186,112 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-10 22:48 2,020,864 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-10 22:48 2,062,976 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-10 22:34 455,936 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-10 22:00 <DIR> --d----- c:\program files\ESET
2009-07-10 21:26 5,702 a---h--- c:\windows\nod32restoretemdono.reg
2009-07-10 20:27 <DIR> --d----- c:\windows\system32\URTTemp
2009-07-09 12:36 <DIR> --d----- c:\docume~1\raco\applic~1\IDM
2009-07-09 12:36 <DIR> --d----- c:\docume~1\raco\applic~1\DMCache
2009-07-09 12:36 <DIR> --d----- c:\program files\Internet Download Manager
2009-07-06 16:10 <DIR> --d----- c:\program files\Sony Ericsson
2009-07-06 16:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2009-07-02 16:31 69 a------- c:\windows\NeroDigital.ini
2009-07-02 16:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-07-02 15:34 <DIR> --d----- c:\documents and settings\raco\Graphisoft
2009-07-02 15:34 <DIR> --d----- c:\docume~1\raco\applic~1\Graphisoft
2009-07-02 15:27 1,253,376 a------- c:\windows\system32\WibuKe32.cpl
2009-07-02 15:26 <DIR> --d----- c:\program files\WIBU-SYSTEMS
2009-07-02 15:25 7,310 a------- c:\windows\vpd.properties
2009-07-02 15:20 <DIR> --d----- c:\program files\Graphisoft
2009-07-02 15:18 69,632 a------- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-06-19 15:36 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-05-30 13:40 685,816 a------- c:\windows\system32\drivers\sptd.sys
2009-05-13 07:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 17:44 344,064 a------- c:\windows\system32\localspl.dll
2009-03-14 22:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031420090315\index.dat

============= FINISH: 0:52:40,35 ===============



mycity.rs/must-login.png

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Što se tiče malware_a kompjuter je čist.

Što se tiče sistema u logovima se vide aktivnosti par različitih AV programa.

Koji AntiVirus koristiš sada na kompjuteru?

offline
  • raco66 
  • Novi MyCity građanin
  • Pridružio: 28 Jul 2009
  • Poruke: 4

Sada trenutno koristim nortona 2009 i spyware terminator.
Taj nagli skok ram-a mi se desio posle instalisanja eseta v4, kojeg sam uklonio.A bio mi se u tom trenutku nakacio i WGA, ali sam se i njega resio.
Problem mi je sto na taskmanageru ne vidim sta mi uzima toliki ram.
Jel moguce da nesto toliko uzima a da se ne vidi na TM-u?I kad iskljucim AV-e meni je zauzeto oko 250MB.

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Logovi su čisti, nema tragova malware_a.

Što se tiče sistema nije da neću da pomognem, ali Ambulanta služi isključivo za probleme izazvane infekcijom kompjutera od strane malware_a.

Ukoliko imaš neka pitanja vezana za rad sistema otvori temu u Windows forumu i neko od članova će da ti objasni.

Ko je trenutno na forumu
 

Ukupno su 774 korisnika na forumu :: 27 registrovanih, 6 sakrivenih i 741 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Atomski čoban, Battlehammer, BSD, darkstar101, dragon986, h8propaganda, havoc995, komkom, manda87, Milan A. Nikolic, Mirage 2000N, mushroom, novator, pavle_pzs, pein, Regrut Boskica, sakota79, shone34, Singidunumac, Skywhaler, sombrero, tmanda323, USSVoyager, Vlada1389, vlvl