Poslao: 21 Okt 2011 12:46
|
offline
- Pridružio: 13 Jun 2011
- Poruke: 49
|
Do skoro sam imao problem sa infekcijom Sality. Nekako sam uspeo da se otarasim toga i sada kompjuter radi. Ranije nisam mogao da udjem u windows na duze od 5 sekundi odma se restartovao. Sada mogu da koristim kompjuter normalno, ali se kompjuter i dalje cudno ponasa. Ponekad mi se zacrni slika na 5 sekundi i posle toga je sve normalno, ponekad mi se nesto ucitava iako nista nisam krenuo da ucitavam, to traje nekih 2 minuta i onda je opet normalno. Tako da mislim da i dalje imam neki virus i da nisam uspeo sve da ocistim.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Petar at 2:42:44 on 2011-10-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2294 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Garena\Garena.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [RTHDCPL] RTHDCPL.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: Interfaces\{B8A81A1F-C3ED-487E-9FD1-6AD6F3C997E9} : NameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\petar\application data\mozilla\firefox\profiles\33zcpd1q.default\
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-19 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-19 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-19 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-19 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-19 366152]
R3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-19 22216]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-10-19 1691480]
S3 MSICDSetup;MSICDSetup;\??\f:\cdriver.sys --> f:\CDriver.sys [?]
.
=============== Created Last 30 ================
.
2011-10-20 00:52:50 208896 ------w- c:\windows\system32\nvuide.exe
2011-10-19 21:38:53 -------- d-----w- c:\windows\system32\Lang
2011-10-19 21:36:58 64104 ----a-w- c:\windows\ALCMTR.EXE
2011-10-19 21:36:58 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2011-10-19 21:36:58 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2011-10-19 21:36:58 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-10-19 21:36:58 -------- d-----w- c:\program files\Realtek
2011-10-19 21:36:55 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-10-19 21:11:37 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2011-10-19 21:11:37 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-10-19 21:11:37 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2011-10-19 21:11:37 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-10-19 21:11:37 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-10-19 21:01:11 -------- d-----w- c:\windows\ServicePackFiles
2011-10-19 21:00:58 294912 ------w- c:\program files\windows media player\dlimport.exe
2011-10-19 21:00:53 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-10-19 20:58:17 19569 ----a-w- c:\windows\002860_.tmp
2011-10-19 20:38:47 -------- d-----w- c:\windows\system32\X
2011-10-19 20:08:51 -------- d-----w- c:\documents and settings\petar\application data\Malwarebytes
2011-10-19 20:08:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-19 20:08:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-19 20:08:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-10-19 17:09:21 0 ----a-w- c:\windows\ativpsrm.bin
2011-10-19 11:00:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
============= FINISH: 2:44:33.95 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
Poslao: 21 Okt 2011 23:52
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Preuzmi program SystemLook sa ovog ili ovog linka na Desktop;
Dvoklikom pokreni SystemLook;
- U beli okvir prozora iskopirati sledeći tekst:
:dir
C:\windows\system32\X /S /md5
Klikni taster Look;
Po završetku rada programa priloži uz poruku file SystemLook.txt koji će se nalaziti na Desktop-u korišćenjem opcije Prikači Fajl.
|
|
|
|
|
Poslao: 23 Okt 2011 11:55
|
offline
- Sass Drake
- Anti Malware Fighter
Rank 2
- Pridružio: 26 Avg 2010
- Poruke: 10622
- Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building
|
Nisi dobro ispratio upustvo. Kopiraj čitav tekst unutar Kod polja i postavi izvještaj koji ćeš dobiti.
:dir
C:\windows\system32\X /S /md5
[*]Klikni taster Look;
|
|
|
|
|
|
|
|