MyCity » Ambulanta -> Arhiva Ambulante » Racunar mi se sam gasio, detektovano 15 pretnji

Racunar mi se sam gasio, detektovano 15 pretnji

Napisano na dan: 17.12.2009

Racunar mi se sam gasio, detektovano 15 pretnji
Sledeća strana Pagination

Idi na vrh

Poslao: 17 Dec 2009 19:56
Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Napisano: 17 Dec 2009 15:46

E ovako stoje stvari. Nesto mi se zeznulo u Windowsu. Dok sam bio na netu (koristim Telekom ADSL) odjednom mi se pojavilo upozorenje da ce mi se racunar iskljuciti za 1 minut i da sacuvam sve sto sam radio. Pokusao sam da uradim SS ali nije moglo nista da mi se otvori. Sacekao sam da mi se iskljuci (restartovao mi se ustvari) a onda sam pokusao da ga ponovo upalin normalno i ponovo mi se to pojavilo. Uspeo sam da prepisem ovo (tako nekako izgleda):
C:\WINDOWS\system32\service.exe initiated by NT AUTHORITYSYSTEM
C:\WINDOWS\system32\service.exe terminated unexpectedly mwith status code 1073741891
Pokusao sam da udjem u safe mod i radilo je. Zatim sam pokusao da udjem u safe mod sa internetom da vam se obratim za pomoc. Tu nije radilo (jos mi je internet ukljucen). Zatim sam pokrenuo normalni mod ali sam pre toga iskljucio internet i to je radilo. Kada sam se logovao ukljucio sam internet i veza nije mogla da mi se uspostavi i pisalo je da je "limited" (ogranicena) a onda sam ga ponovo iskljucio. Pokrenuo sam NOD32 da skenira da bi eleminisao viruse kao razlog gasenja I on nista nije nasao. Restartovao sam racunar i ukljuco net, logovao se i bio spreman da mi se ponovo pojavi upozorenje i da probam da ukucam u Run “shutdown.exe-a” i da vidim sta ce se desiti ali od upozorenja nista. Ponovo sam restartovao racunar i ponovo nista. Onda sam pokrenuo Malwarebytres. On je detektovao 15 pretnji sto mi je bila osnova da dodjem prvo ovde Mr. Green. Ispod su svi potrebni logovi (GMER log ocekujte posle 19:30, ovo sam sada postavio da ne bi izgubio a da odradim sa GMER sad nemam vreme):

NOD32:
https://www.mycity.rs/must-login.png

Malwarebytes:
https://www.mycity.rs/must-login.png

DDS:
DDS (Ver_09-12-01.01) - NTFSx86
Run by kole017 at 12:31:46.45 on Thu 17/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1918.1364 [GMT 1:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Users\kole017\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://start.icq.com/icqskins/
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ICQ] "c:\program files\icq6.5\ICQ.exe" silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
mPolicies-explorer: StartMenuFavorites = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=icqskins&q=
FF - component: c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\kole017\application data\mozilla\firefox\profiles\8a028nhw.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-12-9 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-12-9 552064]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-12-8 279680]
S0 bphkk;bphkk; [x]
S3 FXDrv32;FXDrv32;\??\f:\fxdrv32.sys --> f:\FXDrv32.sys [?]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-12-17 10:50:41 0 d-----w- c:\users\kole017\application data\Malwarebytes
2009-12-17 10:50:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 10:50:36 0 d-----w- c:\users\alluse~1\applic~1\Malwarebytes
2009-12-17 10:50:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 10:50:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-16 08:09:52 0 d-----w- c:\users\alluse~1\applic~1\Deskshare
2009-12-16 08:09:45 0 d-----w- c:\windows\XSxS
2009-12-16 08:09:45 0 d-----w- c:\program files\Xenocode
2009-12-16 08:09:35 815104 ----a-w- c:\windows\system32\xvidcore.dll
2009-12-16 08:09:33 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-12-16 08:08:07 0 d-----w- c:\program files\1AVCapture
2009-12-15 21:42:58 0 d-----w- c:\program files\FreeTime
2009-12-15 18:37:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-15 18:35:15 0 d-----r- c:\program files\Skype
2009-12-15 17:59:35 0 d-----w- c:\users\kole017\application data\Miranda
2009-12-15 17:59:05 0 d-----w- c:\program files\Miranda IM
2009-12-14 19:38:33 69632 ----a-w- c:\windows\system32\DivXG400.ax
2009-12-14 19:38:33 0 d-----w- C:\DivXG400
2009-12-14 19:38:25 34816 ----a-w- c:\windows\system\mpgaudio.ax
2009-12-14 19:38:25 294912 ----a-w- c:\windows\system\iviaudio.ax
2009-12-14 19:38:14 0 d-----w- c:\program files\ffdshow
2009-12-12 05:19:09 1258 ----a-w- C:\Document.rtf
2009-12-12 04:56:04 0 d-----w- c:\program files\ICQ6.5
2009-12-12 04:37:31 0 d-----w- c:\program files\ICQ6Toolbar
2009-12-12 04:37:27 0 d-----w- c:\users\alluse~1\applic~1\ICQ
2009-12-12 04:00:01 0 d-----w- c:\program files\YouTube Downloader
2009-12-11 09:34:03 0 d-----w- c:\users\kole017\dwhelper
2009-12-11 01:52:28 82 ----a-w- c:\users\kole017\default.pls
2009-12-10 01:23:11 0 d-----w- c:\windows\system32\Adobe
2009-12-10 00:04:57 0 d-----w- c:\users\kole017\application data\BSplayer
2009-12-10 00:04:48 0 d-----w- c:\program files\Webteh
2009-12-10 00:01:36 0 d-----w- c:\users\kole017\application data\BSplayer Pro
2009-12-09 10:44:22 0 d-----w- c:\program files\URUSoft
2009-12-09 06:26:51 0 d-----w- c:\users\kole017\Tracing
2009-12-09 06:23:36 0 d-----w- c:\program files\Microsoft
2009-12-09 06:23:19 0 d-----w- c:\program files\Windows Live SkyDrive
2009-12-09 06:19:49 0 d-----w- c:\program files\common files\Windows Live
2009-12-09 06:11:45 0 d-----w- c:\users\kole017\Contacts
2009-12-09 06:01:10 268 ---ha-w- C:\sqmdata02.sqm
2009-12-09 06:01:10 244 ---ha-w- C:\sqmnoopt02.sqm
2009-12-09 05:59:56 268 ---ha-w- C:\sqmdata01.sqm
2009-12-09 05:59:56 244 ---ha-w- C:\sqmnoopt01.sqm
2009-12-09 03:06:48 268 ---ha-w- C:\sqmdata00.sqm
2009-12-09 03:06:48 244 ---ha-w- C:\sqmnoopt00.sqm
2009-12-09 02:57:30 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-12-09 02:57:30 298104 ----a-w- c:\windows\system32\imon.dll
2009-12-09 02:57:30 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-12-09 02:57:30 0 d-----w- c:\program files\Eset
2009-12-08 15:59:11 331184 ------w- c:\windows\system32\difxapi.dll
2009-12-08 15:59:11 0 d-----w- c:\program files\VIA
2009-12-08 13:53:09 0 d-----w- c:\program files\common files\ODBC
2009-12-08 13:53:07 0 d-----w- c:\program files\common files\SpeechEngines
2009-12-08 13:52:46 0 d-----r- c:\users\all users\Documents
2009-12-08 04:56:55 0 d-----w- c:\program files\CamStudio
2009-12-08 04:02:47 0 d-----w- c:\users\alluse~1\applic~1\Nero
2009-12-08 04:02:46 0 d-----w- c:\program files\Nero
2009-12-08 04:01:35 0 d-----w- c:\program files\JockerSoft
2009-12-08 04:01:33 0 d-----w- c:\program files\AVIcodec
2009-12-08 04:00:47 0 d-----w- c:\program files\Windows Media Connect 2
2009-12-08 03:58:59 0 d-----w- c:\program files\MSN Messenger
2009-12-08 03:58:07 0 d-----w- c:\program files\PDFCreator
2009-12-08 03:50:17 0 d-----w- c:\program files\Microsoft ActiveSync
2009-12-08 03:50:02 0 d-----w- c:\program files\Microsoft Office 2003
2009-12-08 03:48:51 0 d-----w- c:\program files\MicrosoftOfficeSetupFiles
2009-12-08 03:48:48 0 d-----w- c:\program files\HJSplit
2009-12-08 03:48:41 0 d-----w- c:\program files\Unlocker
2009-12-08 03:48:37 0 d-----w- c:\program files\HeavyLoad
2009-12-08 03:30:06 0 d-----w- c:\program files\Yahoo!
2009-12-08 03:30:01 0 d-----w- c:\program files\CCleaner
2009-12-08 03:09:26 0 d-----w- c:\program files\MSXML 6.0
2009-12-08 03:09:23 0 d-----w- c:\program files\MSXML 4.0
2009-12-08 03:04:54 0 d-----w- c:\program files\Xvid
2009-12-08 03:00:33 0 d-sh--w- c:\users\all users\DRM
2009-12-08 03:00:17 0 d--h--w- c:\program files\WindowsUpdate
2009-12-08 03:00:14 0 d-----w- c:\program files\Online Services
2009-12-08 02:59:39 0 d-----w- c:\program files\common files\MSSoap
2009-12-08 02:58:09 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-12-08 02:58:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 04:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll

============= FINISH: 12:31:57.43 ===============

https://www.mycity.rs/must-login.png

GMER:
Posle 19:30 h.

Dopuna: 17 Dec 2009 15:47

Inace sada nema nikakvih problema, cisto da proverite...

Dopuna: 17 Dec 2009 19:56

Ljudi evo RootRepeal loga. GMER mi nesto stalno koci kompjuter.

https://www.mycity.rs/must-login.png

Poslao: 17 Dec 2009 20:30
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Log deluje cist..Jel si restartovao komp posle koriscenja mbam-a?

Poslao: 17 Dec 2009 21:49
Idi na vrh
offline
  • Pridružio: 15 Maj 2009
  • Poruke: 963

Jesam. Malwarebytes je sam ponudio restart. Znaci sada je sve cisto i sredjeno?

Poslao: 18 Dec 2009 15:55
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

aham

MyCity » Ambulanta -> Arhiva Ambulante » Racunar mi se sam gasio, detektovano 15 pretnji

Ko je trenutno na forumu
 

Ukupno su 1126 korisnika na forumu :: 41 registrovanih, 6 sakrivenih i 1079 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., aleksmajstor, babaroga, bokisha253, Boris Bosiljčić, cavatina, djboj, DPera, draganl, dulleo, flash12, FOX, goxin, Hamannche, hologram, Karla, laurusri, Lieutenant, Oscar, ozzy, Pohovani_00, procesor, raptorsi, rasok, Ripanjac, RJ, royst33, ruma, saputnik plavetnila, sasa87, Shinobi, Simon simonović, slonic_tonic, Srle993, ss10, theNedjeljko, tubular, Valter071, vaso1, YU-UKI, šumar bk2