MyCity » Ambulanta -> Arhiva Ambulante » system security se pojavio odjednom i blokirao mi racunar

system security se pojavio odjednom i blokirao mi racunar

Napisano na dan: 27.3.2009

system security se pojavio odjednom i blokirao mi racunar

Sledeća strana

Pagination

Odgovori

jecko84 Poslao: 27 Mar 2009 19:52 Idi na vrh
offline jecko84 Novi MyCity građanin Pridružio: 30 Dec 2005 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:38:09 PM, on 3/27/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Petakovic Jelena\Desktop\pomoc\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = windiwsfsearch.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\system32\ALiUSB20.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" O4 - HKLM\..\Run: [11879343] C:\Documents and Settings\All Users\Application Data\11879343\11879343.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [11894859] C:\Documents and Settings\All Users\Application Data\11894859\11894859.exe O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe O4 - HKLM\..\Run: [services] IV="Refresh" CONTENT="0.1"> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1"> <TITLE></TITLE> </HEAD> <BODY><P></BODY> </HTML> &tick=305031&ver=401&smtp=ok O4 - HKLM\..\Run: [el] "C:\WINDOWS\system32\regsvr32.exe" /u /s "C:\WINDOWS\system32\el32.dll" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM\..\Policies\Explorer\Run: [services] IV="Refresh" CONTENT="0.1"> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1"> <TITLE></TITLE> </HEAD> <BODY><P></BODY> </HTML> &tick=305031&ver=401&smtp=ok O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [services] IV="Refresh" CONTENT="0.1"> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1"> <TITLE></TITLE> </HEAD> <BODY><P></BODY> </HTML> &tick=305031&ver=401&smtp=ok (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] IV="Refresh" CONTENT="0.1"> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1"> <TITLE></TITLE> </HEAD> <BODY><P></BODY> </HTML> &tick=305031&ver=401&smtp=ok (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] IV="Refresh" CONTENT="0.1"> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1"> <TITLE></TITLE> </HEAD> <BODY><P></BODY> </HTML> &tick=305031&ver=401&smtp=ok (User 'Default user') O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Update Service (gupdate1c993637f5f703a) (gupdate1c993637f5f703a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8144 bytes inace sam tek u safe mode uspela da odradim skeniranje do kraja, a problem se pojavio danas kada se ni sama ne znam odakle pojavio neki system security koji mi je pokazivao da imam gomilu trojanaca, i non stop se sam aktivirao na par sekundi, i nisam uopste mogla da ga obrisem iz sistema, samo je zahtevao da se registruje. kada sam uradila sken pomocu trojan removera racunar se posle restarta potpuno blokirao i uopste ne mogu da ga pokrenem normalno. sada sam u safe modu i uspela sam da obrisem u control pamelu taj system security 2009, ali ne znam da li ce se opet pojaviti. Inace imam Avast antivirus. AJOOOJ al sam zakomplikovala, ali stvarno ne znam sta da radim. HELP

Profil

dr_Bora Poslao: 27 Mar 2009 20:10 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

jecko84 Poslao: 27 Mar 2009 20:44 Idi na vrh
offline jecko84 Novi MyCity građanin Pridružio: 30 Dec 2005 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-26.03 - Petakovic Jelena 2009-03-27 20:12:56.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.228 [GMT 1:00] Running from: c:\documents and settings\Petakovic Jelena\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090323-0] On-access scanning enabled (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\reader_s.exe c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Petakovic Jelena\My Documents\My Documents.url c:\documents and settings\Petakovic Jelena\My Documents\My Music\My Music.url c:\documents and settings\Petakovic Jelena\My Documents\My Pictures\My Pictures.url c:\documents and settings\Petakovic Jelena\My Documents\My Videos\My Video.url c:\documents and settings\Petakovic Jelena\reader_s.exe c:\program files\Applications\myd.ico c:\program files\Applications\mym.ico c:\program files\Applications\myp.ico c:\program files\Applications\myv.ico c:\program files\Applications\ot.ico c:\program files\Applications\ts.ico c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Images\0005582A.urr c:\program files\Internet Explorer\2.exe c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir c:\program files\MyWebSearch\bar\1.bin\mwsoemon.exe.vir c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\00055451 c:\program files\MyWebSearch\bar\Cache\000A8C51 c:\program files\MyWebSearch\bar\Cache\01A28C31.bin c:\program files\MyWebSearch\bar\Cache\01A29FE8.bin c:\program files\MyWebSearch\bar\Cache\01A2AC8A.bin c:\program files\MyWebSearch\bar\Cache\01A2B69C.bin c:\program files\MyWebSearch\bar\Cache\01B37A3D.bin c:\program files\MyWebSearch\bar\Cache\035F488C c:\program files\MyWebSearch\bar\Cache\035F5780 c:\program files\MyWebSearch\bar\Cache\050E2FB4.bin c:\program files\MyWebSearch\bar\Cache\050E3477.bin c:\program files\MyWebSearch\bar\Cache\050E3A53.bin c:\program files\MyWebSearch\bar\Cache\050E407D.bin c:\program files\MyWebSearch\bar\Cache\063A2CE3 c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search2 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm c:\program files\MyWebSearch\bar\Message\COMMON\center.htm c:\program files\MyWebSearch\bar\Message\COMMON\index.htm c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\VideoAccessCodec c:\program files\VideoAccessCodec\install.ico c:\program files\VideoAccessCodec\Thumbs.db c:\windows\IE4 Error Log.txt c:\windows\services.exe c:\windows\system32\f3PSSavr.scr c:\windows\system32\igbaqyn.dll c:\windows\system32\reader_s.exe c:\windows\system32\setup.ini ----- BITS: Possible infected sites ----- hxxp://thenetworkcom.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kjyoqcvp ((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 ))))))))))))))))))))))))))))))) . 2009-03-27 20:18 . 2009-03-27 20:18 40,093 --a------ c:\windows\system32\4.tmp 2009-03-27 20:18 . 2009-03-27 20:18 128 --a------ c:\windows\system32\3.tmp 2009-03-27 19:37 . 2009-03-27 19:37 128 --a------ c:\windows\system32\A.tmp 2009-03-27 18:42 . 2009-03-27 18:42 0 --a------ C:\D.tmp 2009-03-27 18:40 . 2009-03-27 18:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Simply Super Software 2009-03-27 18:39 . 2009-03-27 18:39 0 --a------ C:\A.tmp 2009-03-27 18:38 . 2009-03-27 18:38 0 --a------ c:\windows\lk00000000.tmp 2009-03-27 18:37 . 2009-03-27 18:37 0 --a------ C:\9.tmp 2009-03-27 18:35 . 2009-03-27 18:35 0 --a------ C:\8.tmp 2009-03-27 18:33 . 2009-03-27 18:33 51,678 --a------ c:\windows\services.exe.vir 2009-03-27 18:33 . 2009-03-27 19:40 130 --a------ c:\windows\adobe.bat 2009-03-27 18:33 . 2009-03-27 18:33 124 --a------ c:\windows\system32\2.tmp 2009-03-27 18:33 . 2009-03-27 19:40 6 --a------ c:\windows\_id.dat 2009-03-27 18:33 . 2009-03-27 18:33 0 --a------ c:\windows\system32\6.tmp 2009-03-27 16:32 . 2009-03-27 16:32 280,064 --a------ c:\windows\system32\ccdbabbeffcffea.dll.vir 2009-03-27 16:30 . 2009-03-27 16:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\11894859 2009-03-27 16:26 . 2009-03-27 17:28 <DIR> d-------- c:\documents and settings\Petakovic Jelena\Application Data\Simply Super Software 2009-03-27 16:26 . 2009-03-27 16:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-03-27 16:26 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2009-03-27 16:26 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll 2009-03-27 16:26 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll 2009-03-27 16:26 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll 2009-03-27 16:00 . 2009-03-27 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\11879343 2009-03-23 19:00 . 2009-03-25 22:04 54,156 --ah----- c:\windows\QTFont.qfn 2009-03-23 19:00 . 2009-03-23 19:00 1,409 --a------ c:\windows\QTFont.for 2009-03-22 21:17 . 2009-03-22 21:17 <DIR> d-------- c:\program files\TryMedia 2009-03-22 21:05 . 2009-03-23 00:26 68 ---h----- c:\windows\popcreg.dat 2009-03-22 21:05 . 2009-03-23 00:26 20 --a------ c:\windows\popcinfot.dat 2009-03-22 21:04 . 2009-03-22 21:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap Games 2009-03-16 15:04 . 2009-03-16 15:25 5,101 --a------ c:\windows\MDVDP.Ini 2009-02-27 02:40 . 2004-03-22 23:17 24,816 --a------ c:\windows\system32\mdimon.dll 2009-02-27 02:37 . 2009-02-27 02:37 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-02-27 02:34 . 2009-02-27 02:34 <DIR> d-------- c:\program files\Microsoft.NET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-27 19:13 --------- d-----w c:\program files\Applications 2009-03-27 18:36 --------- d-----w c:\program files\PopCap Games 2009-03-27 18:36 --------- d-----w c:\program files\Google 2009-03-27 17:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-27 17:34 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-03-27 17:27 --------- d-----w c:\documents and settings\Petakovic Jelena\Application Data\Skype 2009-03-27 16:28 --------- d-----w c:\program files\Trojan Remover 2009-03-27 15:03 --------- d-----w c:\documents and settings\Petakovic Jelena\Application Data\skypePM 2009-03-26 23:47 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-03-21 02:26 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon 2009-03-21 02:05 --------- d-----w c:\program files\ATI Technologies 2009-03-06 15:13 --------- d-----w c:\program files\Opera 2009-02-21 23:25 --------- d-----w c:\program files\myBabylon_English 2009-02-19 17:32 --------- d-----w c:\program files\SMS Free Sender 2009-02-09 23:29 --------- d-----w c:\documents and settings\Petakovic Jelena\Application Data\Babylon 2009-02-03 15:32 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-03 15:32 --------- d-----w c:\program files\InterVideo 2009-02-03 15:32 --------- d-----w c:\program files\Common Files\InterVideo 2009-02-03 14:49 90,112 ----a-w c:\windows\DUMP45f2.tmp 2009-02-01 23:34 90,112 ----a-w c:\windows\DUMP41ac.tmp 2009-02-01 23:32 90,112 ----a-w c:\windows\DUMP5a64.tmp 2009-02-01 23:30 90,112 ----a-w c:\windows\DUMP4006.tmp 2009-02-01 23:28 90,112 ----a-w c:\windows\DUMP412f.tmp 2009-02-01 23:05 90,112 ----a-w c:\windows\DUMP418d.tmp 2009-02-01 23:03 90,112 ----a-w c:\windows\DUMP4518.tmp 2009-02-01 22:32 --------- d-----w c:\documents and settings\Administrator\Application Data\Babylon 2009-02-01 21:29 90,112 ----a-w c:\windows\DUMP45c3.tmp 2009-01-31 01:30 --------- d-----w c:\program files\Conduit 2009-01-31 01:29 --------- d-----w c:\program files\Babylon 2009-01-29 16:34 90,112 ----a-w c:\windows\DUMP420a.tmp 2009-01-20 20:42 31,648 -c--a-w c:\documents and settings\Petakovic Jelena\Application Data\GDIPFONTCACHEV1.DAT 2009-01-16 05:26 90,112 ----a-w c:\windows\DUMP4517.tmp 2009-01-15 18:40 90,112 ----a-w c:\windows\DUMP4258.tmp 2009-01-15 18:35 90,112 ----a-w c:\windows\DUMP44d9.tmp 2009-01-15 11:32 90,112 ----a-w c:\windows\DUMP413f.tmp 2009-01-15 11:28 90,112 ----a-w c:\windows\DUMP45b3.tmp 2009-01-15 06:34 90,112 ----a-w c:\windows\DUMP4630.tmp 2009-01-15 06:20 90,112 ----a-w c:\windows\DUMP4313.tmp 2009-01-14 23:05 90,112 ----a-w c:\windows\DUMP4016.tmp 2009-01-14 22:53 90,112 ----a-w c:\windows\DUMP41cb.tmp 2009-01-14 22:43 90,112 ----a-w c:\windows\DUMP40e1.tmp 2009-01-14 22:14 90,112 ----a-w c:\windows\DUMP411f.tmp 2009-01-04 18:21 90,112 ----a-w c:\windows\DUMP466f.tmp 2009-01-04 17:26 90,112 ----a-w c:\windows\DUMP4362.tmp 2009-01-04 17:08 90,112 ----a-w c:\windows\DUMP45a4.tmp 2009-01-04 17:04 90,112 ----a-w c:\windows\DUMP444c.tmp 2009-01-04 16:29 90,112 ----a-w c:\windows\DUMP46ec.tmp 2009-01-04 16:13 90,112 ----a-w c:\windows\DUMP43bf.tmp 2009-01-04 16:12 90,112 ----a-w c:\windows\DUMP465f.tmp 2009-01-04 15:35 90,112 ----a-w c:\windows\DUMP440d.tmp 2009-01-02 04:26 90,112 ----a-w c:\windows\DUMP43b0.tmp 2009-01-02 04:22 90,112 ----a-w c:\windows\DUMP443c.tmp 2008-02-18 16:03 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2008-05-25 15:47 88 --sh--r c:\windows\system32\8D6AAC0088.sys . ------- Sigcheck ------- 2004-08-03 23:56 32768 07bea902856c0835b0e60c346e00283d c:\windows\system32\svchost.exe 2004-08-03 23:56 33280 1fb0ebd8679503babd2212858f152283 c:\windows\system32\dllcache\svchost.exe 2009-03-27 18:34 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys 2009-03-27 18:34 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys 2004-08-03 23:56 1051136 aec52c408a3e6d9f5722b0886c68472d c:\windows\explorer.exe 2004-08-03 23:56 1051136 ae662f227bde948b6993b7e738b4851f c:\windows\system32\dllcache\explorer.exe 2004-08-03 23:56 34304 6e67623482623146317b93be23d2e4b5 c:\windows\system32\ctfmon.exe 2004-08-03 23:56 33792 cc40ee192f6c25d65a0d8c192234b5bb c:\windows\system32\dllcache\ctfmon.exe 2004-08-03 23:56 76800 f26a463a6a1af7dd4640e94584141635 c:\windows\system32\spoolsv.exe 2004-08-03 23:56 76288 f8e5801478f4663ca4fafc3ff0a0afdd c:\windows\system32\dllcache\spoolsv.exe 2004-08-03 23:56 43008 0f3b0ba276018139f6b989d40dfffed5 c:\windows\system32\userinit.exe 2004-08-03 23:56 43520 788a1e38f8740d673a1bb6e445b70cec c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-22 1882136] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-22 1882136] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 34304] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\windows\atiptaxx.exe" [2003-06-05 356352] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "ALiUSBfix"="c:\windows\system32\ALiUSB20.exe" [2002-08-30 103424] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 34304] "Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-04-16 176128] "WINCINEMAMGR"="c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2004-04-16 192512] "11879343"="c:\documents and settings\All Users\Application Data\11879343\11879343.exe" [2009-03-27 506944] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-01-01 1231752] "reader_s"="c:\windows\System32\reader_s.exe" [2009-03-27 37376] "el"="c:\windows\system32\el32.dll" [2008-03-03 78336] "services"="c:\windows\services.exe" [2009-03-27 11451859] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "services"="c:\windows\services.exe" [2009-03-27 11451859] "reader_s"="c:\documents and settings\Petakovic Jelena\reader_s.exe" [2009-03-27 37376] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "services"="c:\windows\services.exe" [2009-03-27 11451859] [HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run] "services"="c:\windows\services.exe" [2009-03-27 11451859] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16020:TCP"= 16020:TCP::Disabled:NortonAV R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2007-07-29 75904] S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 114768] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-02 20560] S2 gupdate1c993637f5f703a;Google Update Service (gupdate1c993637f5f703a);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 133104] S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\PETAKO~1\LOCALS~1\Temp\ATICDSDr.sys --> c:\docume~1\PETAKO~1\LOCALS~1\Temp\ATICDSDr.sys [?] S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2007-08-01 328320] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0358c80-abc9-11dc-9985-f8c63d250499}] \Shell\AutoRun\command - ie.exe \Shell\explore\Command - ie.exe \Shell\open\Command - ie.exe . Contents of the 'Scheduled Tasks' folder 2009-03-27 c:\windows\Tasks\el.job - c:\windows\system32\regsvr32.exe [2004-08-03 23:56] 2009-03-27 c:\windows\Tasks\elu.job - c:\windows\system32\cmd.exe [2004-08-03 23:56] 2009-03-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 20:56] 2009-03-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 14:59] . - - - - ORPHANS REMOVED - - - - BHO-{71D2E356-FD90-4EC0-A493-B13F6821E6CF} - c:\windows\system32\igbaqyn.dll HKLM-Run-11894859 - c:\documents and settings\All Users\Application Data\11894859\11894859.exe . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultUrl = hxxp://windiwsfsearch.com/search?q={searchTerms} uDefault_Search_URL = hxxp://windiwsfsearch.com uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = hxxp://windiwsfsearch.com IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - Trusted Zone: aol.com\free . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-27 20:19:13 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(628-) c:\windows\system32\l3codeca.acm c:\windows\system32\jsproxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Internet Explorer\iexplore.exe . ************************************************************************ . Completion time: 2009-03-27 20:23:18 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-27 19:23:15 Pre-Run: 7,687,475,200 bytes free Post-Run: 8,860,475,392 bytes free 358 i da napomenem da sam jos uvek u safe modu, ne mogu da pokrenem normal

Profil

dr_Bora Poslao: 27 Mar 2009 21:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo ne izgleda obećavajuće. Hajde da proverimo nešto... Upload-uj sledeće file-ove: c:\windows\system32\svchost.exe c:\windows\system32\ctfmon.exe c:\windows\system32\userinit.exe preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

Profil

jecko84 Poslao: 27 Mar 2009 21:30 Idi na vrh
offline jecko84 Novi MyCity građanin Pridružio: 30 Dec 2005 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! upload-ovala sam

Profil

dr_Bora Poslao: 27 Mar 2009 21:37 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako... Na tvom kompjuteru, između ostaloga, postoji i Virut file infektor. Ukratko; ovde doista ništa ne možemo uraditi i jedino rešenje za ovo je formatiranje diska i ponovna instalacija Windows-a.

Profil

jecko84 Poslao: 30 Mar 2009 09:32 Idi na vrh
offline jecko84 Novi MyCity građanin Pridružio: 30 Dec 2005 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala puno na pomoci i odgovorima, u medjuvremenu se virsu rasirio i nisam vise uopte mogla da pokrenem sistem, tako da sam formatirala disk i sve ponovo instalirala

Profil

MyCity » Ambulanta -> Arhiva Ambulante » system security se pojavio odjednom i blokirao mi racunar

Ko je trenutno na forumu

Ukupno su 980 korisnika na forumu :: 37 registrovanih, 4 sakrivenih i 939 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Apok, babaroga, Bane san, bbogdan, bokisha253, branko7, cikadeda, Denaya, Grond, HogarStrashni, HrcAk47, Kruger, ljuba, lord sir giga, marsovac 2, Metanoja, Milometer, Milos ZA, milos.cbr, milos97, MiroslavD, nebidrag, nenad81, operniki, Overkill, Panter, Povratak1912, royst33, S-lash, sabac015555m, samsung, Snorks, solic, suponik, suton, Viktor Petrenko, Vlada1389

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by