Nepravilnosti u radu lap topa

1

Nepravilnosti u radu lap topa

offline
  • grbe 
  • Moderator foruma
  • Pridružio: 20 Maj 2007
  • Poruke: 3404

Pozdrav.

Ima lap top HP 550 na kojem je instaliran antivirus Avira.
Do juce je sve funkcionisalo besprekorno, da bi odjedanput lap top "poludio". Desava se sledece. Ne mogu da se konektujem na neke sajtove, npr. ne mogu pristupiti MC (ulogovati se), gdje mi umjesto banera i drugih slika pokazuju se prazni pravougaonici sa crvenim krsticem na kraju(kao kada se slika ne ucita ili se ima zabrana na gledanje slika). Takodje su mi i drugi sajtovi otezani za pristup. Desava mi se da ne mogu da se diskonektujem sa mreze, a nekada mi i sam izgled slova na ekranu ima drugaciji izgled-slova su nekako sira i veca i boja ekrana je drugacija nego sto sam je podesio.
Skenirao sam racunar i nasao mi je 6 Trojanaca. Kasnije sam jos jedan put skenirao i naknadno mi nasao jos dva. Potom sam instalirao jos jedan program za trojance i crve, i kada sam sa njim skenirao, nasao i jos jednog trojanca. Nisam izlazio na xxx sajtove. Smile. Sto mi je cinjeti?

PS. Kako nisam expert za hardver a ni softver, nadam se da sam ovim prostim rjecnikom mogao docarati otprilike koji mi je problem sa racunarom.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Grbe.. Aj ispostuj pravilo otvaranja teme u ambulanti Wink

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • grbe 
  • Moderator foruma
  • Pridružio: 20 Maj 2007
  • Poruke: 3404

Ali ne mogu sa svog lap topa da se ulogujem, vec vam pomoc trazim sa racunara na poslu.Ima li to kakve veze? Kazem vam da su ovo sve spanska sela za mene.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pa znam.. al sam mislio da ga prebacis na laptop i skeniras njime....

No nebitno... posto je hitno uradi sledece :

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Preimenuj ga u grbe. (na primer).

Prebaci ga preko usb-a na laptop.

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Taj log prebaci na Usb i okaci ga sa posla... Wink

offline
  • grbe 
  • Moderator foruma
  • Pridružio: 20 Maj 2007
  • Poruke: 3404

OK. Nadam se da cu moci izboriti se sa ovim i sjutra postovati.
Hvala ti i nemoj mi za zlo uzeti sto nisam iz prve ispostovao proceduru, jer ponavljam, dosta sam slab po pitanju programa i neke stvari mi treba objasniti koji put vise nego vama znalcima. Smile

Dopuna: 25 Feb 2009 11:50

Jos jedno glupo pitanje: Kada hocu da promijenim ime programa kako si mi rekaa, da li treba da ostane ono exe. Primjer "grbe.exe". Kada ga nazovem samo "grbe", onda mi javlja da program izmjenom imena moze biti beskoristan? A kada ostaviom ono exe, ostane ona ikonica kao kod originalnog naziva programa.Pretpostavljam da znas o cemu pricam.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Aha... verovatno ti je ukljucen prikaz extenzija... Da obavezno ostavi exe... Moramo promeniti naziv programa jer je malware "malo" uznapredovao pa kada detektuje da hoces da skines ili pokrenes Combofix.exe on napravi haos....

offline
  • grbe 
  • Moderator foruma
  • Pridružio: 20 Maj 2007
  • Poruke: 3404

ComboFix 09-02-25.01 - HP 530 2009-02-25 22:38:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3063.2640 [GMT 1:00]
Running from: c:\documents and settings\HP 530\Desktop\grbe.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\a9k.bin
c:\windows\system32\drivers\UACncdmchei.sys
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twex.exe
c:\windows\system32\UACalldcubf.log
c:\windows\system32\UACbilugocs.log
c:\windows\system32\UACcgudmhib.dll
c:\windows\system32\UACcivdekcd.dll
c:\windows\system32\UAClxiglxvu.dll
c:\windows\system32\UACntbohwvw.dat
c:\windows\system32\UACpwrgtcvi.dll
c:\windows\system32\UACuysltgas.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-02-25 22:35 . 2009-02-25 22:35 23,635 --a------ c:\windows\system32\AAWService_2009_02_25_22_35_36.dmp
2009-02-25 22:06 . 2009-02-25 22:06 <DIR> d-------- c:\windows\Internet Logs
2009-02-25 21:58 . 2009-02-25 21:58 <DIR> d-------- c:\program files\Avira
2009-02-25 21:58 . 2009-02-25 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-25 21:33 . 2009-02-25 21:32 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-25 21:30 . 2009-02-25 21:30 <DIR> d-------- c:\program files\Lavasoft
2009-02-25 21:30 . 2009-02-25 21:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-25 21:30 . 2009-02-25 21:30 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-24 22:25 . 2009-02-24 22:49 <DIR> d-------- c:\windows\SxsCaPendDel
2009-02-24 10:58 . 2009-02-24 11:12 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-24 08:43 . 2008-06-13 14:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-02-24 08:43 . 2008-06-13 14:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-24 08:41 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-23 15:32 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-23 15:32 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-23 15:32 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-23 15:32 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-23 15:31 . 2008-12-21 00:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-23 15:31 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-23 15:31 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-23 15:31 . 2008-12-21 00:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-23 15:31 . 2008-12-21 00:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-23 15:31 . 2008-12-21 00:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-23 15:31 . 2008-12-21 00:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-23 15:31 . 2008-12-21 00:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-23 15:31 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-23 10:16 . 2009-02-25 17:56 5,504 --a------ c:\windows\system32\uacinit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 21:26 --------- d-----w c:\program files\Common Files\Adobe
2009-01-10 20:17 --------- d-----w c:\program files\DevalVR
2009-01-04 12:14 20,921,040 ----a-w c:\program files\AdbeRdr705_enu_full.exe
2009-01-03 22:37 --------- d-----w c:\documents and settings\HP 530\Application Data\Media Player Classic
2009-01-03 19:49 --------- d-----w c:\documents and settings\HP 530\Application Data\CyberLink
2007-03-12 09:01 66,672 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-03-12 09:01 54,376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-03-12 09:01 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-03-12 09:01 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-03-12 09:01 172,144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-25 509784]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

c:\documents and settings\HP 530\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-25 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
.
Contents of the 'Scheduled Tasks' folder

2009-02-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-25 21:32]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
Notify-eeekp - (no file)
SafeBoot-UIUSYS.SYS


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {5D2CF9D0-113A-476B-986F-288B54571614} - hxxp://www.devalvr.com/instalacion/plugin/devalvrplugin.php
FF - ProfilePath - c:\documents and settings\HP 530\Application Data\Mozilla\Firefox\Profiles\re9tkq3y.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 22:42:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-25 22:45:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-25 21:45:24

Pre-Run: 140,180,709,376 bytes free
Post-Run: 140,456,210,432 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

154 --- E O F --- 2009-02-25 08:54:28

Dopuna: 25 Feb 2009 22:57

Jel ovo to?
Poslije ove operacije, bez problema sam se ulogovao na MC. Jel to nesto sredjeno?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Samo nesto da proverimo;

Idi na ovaj sajt : http://www.virustotal.com/

I tamo klikni browse i nadji ovaj fajl :

c:\windows\system32\uacinit.dll (Znaci kad ga nadjes na ovoj lokaciji oznacis ga i kliknes open)

Onda klikni na Send File opciju na sajtu....

Kada se zavrsi slanje i analiza fajla klikni show last report i kopiraj mi link iz browsera ovde;

offline
  • grbe 
  • Moderator foruma
  • Pridružio: 20 Maj 2007
  • Poruke: 3404

Ne mogu naci nigdje show last report. Evo link, ako je to taj.
http://www.virustotal.com/analisis/b16b1d4655464b654ce52a50415a2d7e

A ovo mi je izbacio:

File uacinit.dll received on 02.26.2009 20:59:51 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/38 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 54 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.02.26 -
AntiVir 7.9.0.93 2009.02.26 -
Authentium 5.1.0.4 2009.02.26 -
Avast 4.8.1335.0 2009.02.25 -
AVG 8.0.0.237 2009.02.26 -
BitDefender 7.2 2009.02.26 -
CAT-QuickHeal 10.00 2009.02.26 -
ClamAV 0.94.1 2009.02.26 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.26 -
eSafe 7.0.17.0 2009.02.26 -
eTrust-Vet 31.6.6375 2009.02.26 -
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.26 -
Fortinet 3.117.0.0 2009.02.26 -
GData 19 2009.02.26 -
Ikarus T3.1.1.45.0 2009.02.26 -
K7AntiVirus 7.10.648 2009.02.26 -
Kaspersky 7.0.0.125 2009.02.26 -
McAfee 5537 2009.02.26 -
McAfee+Artemis 5537 2009.02.26 -
Microsoft 1.4306 2009.02.26 -
NOD32 3893 2009.02.26 -
Norman 6.00.06 2009.02.26 -
nProtect 2009.1.8.0 2009.02.26 -
Panda 10.0.0.10 2009.02.26 -
PCTools 4.4.2.0 2009.02.26 -
Prevx1 V2 2009.02.26 -
Rising 21.18.32.00 2009.02.26 -
SecureWeb-Gateway 6.0.0 2009.02.26 -
Sophos 4.39.0 2009.02.26 -
Sunbelt 3.2.1858.2 2009.02.25 -
Symantec 10 2009.02.26 -
TheHacker 6.3.2.5.265 2009.02.25 -
TrendMicro 8.700.0.1004 2009.02.26 -
VBA32 3.12.10.0 2009.02.26 -
ViRobot 2009.2.26.1625 2009.02.26 -
VirusBuster 4.5.11.0 2009.02.26 -
Additional information
File size: 5504 bytes
MD5...: 3c30b66213b6d7fa6759a372b4b75b59
SHA1..: add8b097050b0078f4adeccb31ce1bf0e23e88d0
SHA256: 7a0cf6b0e84938e6dd59b7ad81c4c064d2a7fae83d194871f60053cdced727e7
SHA512: 98da77219154fd56170ae311f8a3463cf6173543ca16c43a92c8e32bd2c4c178
73e61a5ca10333d7a3552218b1e956d7cb493ea557ea8770986add2467d03a20
ssdeep: 96:F6xf0Vt9Sl08vzN+EjO86cQkaQJBP3Sdxyae2rXGLtAVzInI77T8Q0un:M8Vt
9wMqt5QkaQ3PFaeSyuzCG7Tz0un

PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -


PS. Danas mi normalno radi, ali mi je Avira nasla 6 virusa. Nesto je i Ad aware takodje nasao.

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Vrlo mi je bitno da mi kazes imena tih fajlova koje je Avira nasla... Udji u Aviru i klikni na Events...




Znaci dvoklik na svaki event koji ima type : detection;

Ko je trenutno na forumu
 

Ukupno su 685 korisnika na forumu :: 13 registrovanih, 5 sakrivenih i 667 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Atenjanin89, BORUTUS, darkstar101, DonRumataEstorski, gonzagbs, Koridor, Kristian_KG, MilosKop, pericanet, robytz, Romibrat, slonic_tonic, zlaya011