system security se pojavio odjednom i blokirao mi racunar

system security se pojavio odjednom i blokirao mi racunar

offline
  • Pridružio: 30 Dec 2005
  • Poruke: 9

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:09 PM, on 3/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Petakovic Jelena\Desktop\pomoc\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = windiwsfsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [ATIPTA] C:\WINDOWS\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\system32\ALiUSB20.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [11879343] C:\Documents and Settings\All Users\Application Data\11879343\11879343.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [11894859] C:\Documents and Settings\All Users\Application Data\11894859\11894859.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [services] IV="Refresh" CONTENT="0.1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<TITLE></TITLE>
</HEAD>
<BODY><P></BODY>
</HTML>
&tick=305031&ver=401&smtp=ok
O4 - HKLM\..\Run: [el] "C:\WINDOWS\system32\regsvr32.exe" /u /s "C:\WINDOWS\system32\el32.dll"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] IV="Refresh" CONTENT="0.1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<TITLE></TITLE>
</HEAD>
<BODY><P></BODY>
</HTML>
&tick=305031&ver=401&smtp=ok
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services] IV="Refresh" CONTENT="0.1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<TITLE></TITLE>
</HEAD>
<BODY><P></BODY>
</HTML>
&tick=305031&ver=401&smtp=ok (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] IV="Refresh" CONTENT="0.1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<TITLE></TITLE>
</HEAD>
<BODY><P></BODY>
</HTML>
&tick=305031&ver=401&smtp=ok (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Administrator\reader_s.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] IV="Refresh" CONTENT="0.1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<TITLE></TITLE>
</HEAD>
<BODY><P></BODY>
</HTML>
&tick=305031&ver=401&smtp=ok (User 'Default user')
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro.....0.15-3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Update Service (gupdate1c993637f5f703a) (gupdate1c993637f5f703a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8144 bytes



inace sam tek u safe mode uspela da odradim skeniranje do kraja, a problem se pojavio danas kada se ni sama ne znam odakle pojavio neki system security koji mi je pokazivao da imam gomilu trojanaca, i non stop se sam aktivirao na par sekundi, i nisam uopste mogla da ga obrisem iz sistema, samo je zahtevao da se registruje. kada sam uradila sken pomocu trojan removera racunar se posle restarta potpuno blokirao i uopste ne mogu da ga pokrenem normalno. sada sam u safe modu i uspela sam da obrisem u control pamelu taj system security 2009, ali ne znam da li ce se opet pojaviti. Inace imam Avast antivirus. AJOOOJ al sam zakomplikovala, ali stvarno ne znam sta da radim. HELP

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 30 Dec 2005
  • Poruke: 9

ComboFix 09-03-26.03 - Petakovic Jelena 2009-03-27 20:12:56.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.228 [GMT 1:00]
Running from: c:\documents and settings\Petakovic Jelena\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090323-0] *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\reader_s.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Petakovic Jelena\My Documents\My Documents.url
c:\documents and settings\Petakovic Jelena\My Documents\My Music\My Music.url
c:\documents and settings\Petakovic Jelena\My Documents\My Pictures\My Pictures.url
c:\documents and settings\Petakovic Jelena\My Documents\My Videos\My Video.url
c:\documents and settings\Petakovic Jelena\reader_s.exe
c:\program files\Applications\myd.ico
c:\program files\Applications\mym.ico
c:\program files\Applications\myp.ico
c:\program files\Applications\myv.ico
c:\program files\Applications\ot.ico
c:\program files\Applications\ts.ico
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\0005582A.urr
c:\program files\Internet Explorer\2.exe
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir
c:\program files\MyWebSearch\bar\1.bin\mwsoemon.exe.vir
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00055451
c:\program files\MyWebSearch\bar\Cache\000A8C51
c:\program files\MyWebSearch\bar\Cache\01A28C31.bin
c:\program files\MyWebSearch\bar\Cache\01A29FE8.bin
c:\program files\MyWebSearch\bar\Cache\01A2AC8A.bin
c:\program files\MyWebSearch\bar\Cache\01A2B69C.bin
c:\program files\MyWebSearch\bar\Cache\01B37A3D.bin
c:\program files\MyWebSearch\bar\Cache\035F488C
c:\program files\MyWebSearch\bar\Cache\035F5780
c:\program files\MyWebSearch\bar\Cache\050E2FB4.bin
c:\program files\MyWebSearch\bar\Cache\050E3477.bin
c:\program files\MyWebSearch\bar\Cache\050E3A53.bin
c:\program files\MyWebSearch\bar\Cache\050E407D.bin
c:\program files\MyWebSearch\bar\Cache\063A2CE3
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\VideoAccessCodec
c:\program files\VideoAccessCodec\install.ico
c:\program files\VideoAccessCodec\Thumbs.db
c:\windows\IE4 Error Log.txt
c:\windows\services.exe
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\igbaqyn.dll
c:\windows\system32\reader_s.exe
c:\windows\system32\setup.ini

----- BITS: Possible infected sites -----

hxxp://thenetworkcom.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kjyoqcvp


((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-27 20:18 . 2009-03-27 20:18 40,093 --a------ c:\windows\system32\4.tmp
2009-03-27 20:18 . 2009-03-27 20:18 128 --a------ c:\windows\system32\3.tmp
2009-03-27 19:37 . 2009-03-27 19:37 128 --a------ c:\windows\system32\A.tmp
2009-03-27 18:42 . 2009-03-27 18:42 0 --a------ C:\D.tmp
2009-03-27 18:40 . 2009-03-27 18:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Simply Super Software
2009-03-27 18:39 . 2009-03-27 18:39 0 --a------ C:\A.tmp
2009-03-27 18:38 . 2009-03-27 18:38 0 --a------ c:\windows\lk00000000.tmp
2009-03-27 18:37 . 2009-03-27 18:37 0 --a------ C:\9.tmp
2009-03-27 18:35 . 2009-03-27 18:35 0 --a------ C:\8.tmp
2009-03-27 18:33 . 2009-03-27 18:33 51,678 --a------ c:\windows\services.exe.vir
2009-03-27 18:33 . 2009-03-27 19:40 130 --a------ c:\windows\adobe.bat
2009-03-27 18:33 . 2009-03-27 18:33 124 --a------ c:\windows\system32\2.tmp
2009-03-27 18:33 . 2009-03-27 19:40 6 --a------ c:\windows\_id.dat
2009-03-27 18:33 . 2009-03-27 18:33 0 --a------ c:\windows\system32\6.tmp
2009-03-27 16:32 . 2009-03-27 16:32 280,064 --a------ c:\windows\system32\ccdbabbeffcffea.dll.vir
2009-03-27 16:30 . 2009-03-27 16:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\11894859
2009-03-27 16:26 . 2009-03-27 17:28 <DIR> d-------- c:\documents and settings\Petakovic Jelena\Application Data\Simply Super Software
2009-03-27 16:26 . 2009-03-27 16:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-03-27 16:26 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-03-27 16:26 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-03-27 16:26 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-03-27 16:26 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-03-27 16:00 . 2009-03-27 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\11879343
2009-03-23 19:00 . 2009-03-25 22:04 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-23 19:00 . 2009-03-23 19:00 1,409 --a------ c:\windows\QTFont.for
2009-03-22 21:17 . 2009-03-22 21:17 <DIR> d-------- c:\program files\TryMedia
2009-03-22 21:05 . 2009-03-23 00:26 68 ---h----- c:\windows\popcreg.dat
2009-03-22 21:05 . 2009-03-23 00:26 20 --a------ c:\windows\popcinfot.dat
2009-03-22 21:04 . 2009-03-22 21:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap Games
2009-03-16 15:04 . 2009-03-16 15:25 5,101 --a------ c:\windows\MDVDP.Ini
2009-02-27 02:40 . 2004-03-22 23:17 24,816 --a------ c:\windows\system32\mdimon.dll
2009-02-27 02:37 . 2009-02-27 02:37 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-02-27 02:34 . 2009-02-27 02:34 <DIR> d-------- c:\program files\Microsoft.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 19:13 --------- d-----w c:\program files\Applications
2009-03-27 18:36 --------- d-----w c:\program files\PopCap Games
2009-03-27 18:36 --------- d-----w c:\program files\Google
2009-03-27 17:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-27 17:34 182,912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-27 17:27 --------- d-----w c:\documents and settings\Petakovic Jelena\Application Data\Skype
2009-03-27 16:28 --------- d-----w c:\program files\Trojan Remover
2009-03-27 15:03 --------- d-----w c:\documents and settings\Petakovic Jelena\Application Data\skypePM
2009-03-26 23:47 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-21 02:26 --------- d-----w c:\documents and settings\All Users\Application Data\Babylon
2009-03-21 02:05 --------- d-----w c:\program files\ATI Technologies
2009-03-06 15:13 --------- d-----w c:\program files\Opera
2009-02-21 23:25 --------- d-----w c:\program files\myBabylon_English
2009-02-19 17:32 --------- d-----w c:\program files\SMS Free Sender
2009-02-09 23:29 --------- d-----w c:\documents and settings\Petakovic Jelena\Application Data\Babylon
2009-02-03 15:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-03 15:32 --------- d-----w c:\program files\InterVideo
2009-02-03 15:32 --------- d-----w c:\program files\Common Files\InterVideo
2009-02-03 14:49 90,112 ----a-w c:\windows\DUMP45f2.tmp
2009-02-01 23:34 90,112 ----a-w c:\windows\DUMP41ac.tmp
2009-02-01 23:32 90,112 ----a-w c:\windows\DUMP5a64.tmp
2009-02-01 23:30 90,112 ----a-w c:\windows\DUMP4006.tmp
2009-02-01 23:28 90,112 ----a-w c:\windows\DUMP412f.tmp
2009-02-01 23:05 90,112 ----a-w c:\windows\DUMP418d.tmp
2009-02-01 23:03 90,112 ----a-w c:\windows\DUMP4518.tmp
2009-02-01 22:32 --------- d-----w c:\documents and settings\Administrator\Application Data\Babylon
2009-02-01 21:29 90,112 ----a-w c:\windows\DUMP45c3.tmp
2009-01-31 01:30 --------- d-----w c:\program files\Conduit
2009-01-31 01:29 --------- d-----w c:\program files\Babylon
2009-01-29 16:34 90,112 ----a-w c:\windows\DUMP420a.tmp
2009-01-20 20:42 31,648 -c--a-w c:\documents and settings\Petakovic Jelena\Application Data\GDIPFONTCACHEV1.DAT
2009-01-16 05:26 90,112 ----a-w c:\windows\DUMP4517.tmp
2009-01-15 18:40 90,112 ----a-w c:\windows\DUMP4258.tmp
2009-01-15 18:35 90,112 ----a-w c:\windows\DUMP44d9.tmp
2009-01-15 11:32 90,112 ----a-w c:\windows\DUMP413f.tmp
2009-01-15 11:28 90,112 ----a-w c:\windows\DUMP45b3.tmp
2009-01-15 06:34 90,112 ----a-w c:\windows\DUMP4630.tmp
2009-01-15 06:20 90,112 ----a-w c:\windows\DUMP4313.tmp
2009-01-14 23:05 90,112 ----a-w c:\windows\DUMP4016.tmp
2009-01-14 22:53 90,112 ----a-w c:\windows\DUMP41cb.tmp
2009-01-14 22:43 90,112 ----a-w c:\windows\DUMP40e1.tmp
2009-01-14 22:14 90,112 ----a-w c:\windows\DUMP411f.tmp
2009-01-04 18:21 90,112 ----a-w c:\windows\DUMP466f.tmp
2009-01-04 17:26 90,112 ----a-w c:\windows\DUMP4362.tmp
2009-01-04 17:08 90,112 ----a-w c:\windows\DUMP45a4.tmp
2009-01-04 17:04 90,112 ----a-w c:\windows\DUMP444c.tmp
2009-01-04 16:29 90,112 ----a-w c:\windows\DUMP46ec.tmp
2009-01-04 16:13 90,112 ----a-w c:\windows\DUMP43bf.tmp
2009-01-04 16:12 90,112 ----a-w c:\windows\DUMP465f.tmp
2009-01-04 15:35 90,112 ----a-w c:\windows\DUMP440d.tmp
2009-01-02 04:26 90,112 ----a-w c:\windows\DUMP43b0.tmp
2009-01-02 04:22 90,112 ----a-w c:\windows\DUMP443c.tmp
2008-02-18 16:03 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-25 15:47 88 --sh--r c:\windows\system32\8D6AAC0088.sys
.

------- Sigcheck -------

2004-08-03 23:56 32768 07bea902856c0835b0e60c346e00283d c:\windows\system32\svchost.exe
2004-08-03 23:56 33280 1fb0ebd8679503babd2212858f152283 c:\windows\system32\dllcache\svchost.exe

2009-03-27 18:34 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2009-03-27 18:34 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2004-08-03 23:56 1051136 aec52c408a3e6d9f5722b0886c68472d c:\windows\explorer.exe
2004-08-03 23:56 1051136 ae662f227bde948b6993b7e738b4851f c:\windows\system32\dllcache\explorer.exe

2004-08-03 23:56 34304 6e67623482623146317b93be23d2e4b5 c:\windows\system32\ctfmon.exe
2004-08-03 23:56 33792 cc40ee192f6c25d65a0d8c192234b5bb c:\windows\system32\dllcache\ctfmon.exe

2004-08-03 23:56 76800 f26a463a6a1af7dd4640e94584141635 c:\windows\system32\spoolsv.exe
2004-08-03 23:56 76288 f8e5801478f4663ca4fafc3ff0a0afdd c:\windows\system32\dllcache\spoolsv.exe

2004-08-03 23:56 43008 0f3b0ba276018139f6b989d40dfffed5 c:\windows\system32\userinit.exe
2004-08-03 23:56 43520 788a1e38f8740d673a1bb6e445b70cec c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-22 1882136]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-22 1882136]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 34304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\windows\atiptaxx.exe" [2003-06-05 356352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ALiUSBfix"="c:\windows\system32\ALiUSB20.exe" [2002-08-30 103424]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 34304]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-04-16 176128]
"WINCINEMAMGR"="c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2004-04-16 192512]
"11879343"="c:\documents and settings\All Users\Application Data\11879343\11879343.exe" [2009-03-27 506944]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-01-01 1231752]
"reader_s"="c:\windows\System32\reader_s.exe" [2009-03-27 37376]
"el"="c:\windows\system32\el32.dll" [2008-03-03 78336]
"services"="c:\windows\services.exe" [2009-03-27 11451859]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"services"="c:\windows\services.exe" [2009-03-27 11451859]
"reader_s"="c:\documents and settings\Petakovic Jelena\reader_s.exe" [2009-03-27 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"services"="c:\windows\services.exe" [2009-03-27 11451859]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"services"="c:\windows\services.exe" [2009-03-27 11451859]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16020:TCP"= 16020:TCP:*:Disabled:NortonAV

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2007-07-29 75904]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-02 20560]
S2 gupdate1c993637f5f703a;Google Update Service (gupdate1c993637f5f703a);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 133104]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\PETAKO~1\LOCALS~1\Temp\ATICDSDr.sys --> c:\docume~1\PETAKO~1\LOCALS~1\Temp\ATICDSDr.sys [?]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2007-08-01 328320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0358c80-abc9-11dc-9985-f8c63d250499}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\el.job
- c:\windows\system32\regsvr32.exe [2004-08-03 23:56]

2009-03-27 c:\windows\Tasks\elu.job
- c:\windows\system32\cmd.exe [2004-08-03 23:56]

2009-03-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 20:56]

2009-03-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 14:59]
.
- - - - ORPHANS REMOVED - - - -

BHO-{71D2E356-FD90-4EC0-A493-B13F6821E6CF} - c:\windows\system32\igbaqyn.dll
HKLM-Run-11894859 - c:\documents and settings\All Users\Application Data\11894859\11894859.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultUrl = hxxp://windiwsfsearch.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://windiwsfsearch.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = hxxp://windiwsfsearch.com
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-27 20:19:13
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628-)
c:\windows\system32\l3codeca.acm
c:\windows\system32\jsproxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-03-27 20:23:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-27 19:23:15

Pre-Run: 7,687,475,200 bytes free
Post-Run: 8,860,475,392 bytes free

358




i da napomenem da sam jos uvek u safe modu, ne mogu da pokrenem normal

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo ne izgleda obećavajuće. Hajde da proverimo nešto...

Upload-uj sledeće file-ove:

c:\windows\system32\svchost.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\userinit.exe

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 30 Dec 2005
  • Poruke: 9

upload-ovala sam

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovako... Na tvom kompjuteru, između ostaloga, postoji i Virut file infektor.

Ukratko; ovde doista ništa ne možemo uraditi i jedino rešenje za ovo je formatiranje diska i ponovna instalacija Windows-a.

offline
  • Pridružio: 30 Dec 2005
  • Poruke: 9

Hvala puno na pomoci i odgovorima, u medjuvremenu se virsu rasirio i nisam vise uopte mogla da pokrenem sistem, tako da sam formatirala disk i sve ponovo instalirala Ziveli

Ko je trenutno na forumu
 

Ukupno su 769 korisnika na forumu :: 12 registrovanih, 1 sakriven i 756 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, drimer, ekser222, esx66, Istman, Kruger, Lazarus, mean_machine, nick79, panzerwaffe, vasa.93, VP6919