Poslao: 05 Avg 2011 00:23
|
offline
- Pridružio: 02 Feb 2009
- Poruke: 32
|
Napisano: 05 Avg 2011 0:17
Pozdrav, veceras kada sam dosao kuci imao sam sta vidjeti.
Mama sjela za kompjuter da provjeri mail, dosao neki levi od fedeksa kliknula na otvaranje atachmenta
i otad se stalno otvara Personal shield pro koji govori kako je kompjuter zarazen i da se mora uzeti taj program da se ocisti.
Ne mogu nista pokrenuti osim neta i browsera.
uspio sam odraditi skeniranje iz safe moda nadam se da ce pomoci. Posto ne mogu da otvorim ni note pad iskoristicu i opciju da sve fajlove prikacim, cak i dds log.
Hvala
.
DDS (Ver_2011-06-23.01) - NTFSx86 MINIMAL
Internet Explorer: 6.0.2900.5512
Run by Djordje at 23:55:42 on 2011-08-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3307 [GMT 2:00]
.
FW: ActiveArmor Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
uRunOnce: [WebPlatformInstaller] "c:\program files\microsoft\web platform installer\WebPlatformInstaller.exe" "/id" "wpi://ASPNET&NETFramework4&MVC2&NETEXTENSIBILITY&ISAPIExtensions&ISAPIFilters&StaticContentCompression&DefaultDocument&DirectoryBrowse&HTTPErrors&HTTPLogging&LoggingTools&RequestMonitor&IISManagementConsole&RequestFiltering&SQLExpress&VWD&StaticContent/?"
uRunOnce: [pN02320OgKlH02320] c:\documents and settings\all users\application data\pn02320ogklh02320\pN02320OgKlH02320.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [TWCU] "c:\program files\tp-link\twcu\TWCU.exe" -nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: E&xport to Microsoft Excel - d:\programi\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\programi\micros~1\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{311B75C7-2DAD-4E59-B7E8-2F56878D4955} : NameServer = 77.74.231.141 8.8.8.8
TCP: Interfaces\{7A1D52DE-02FF-4915-9111-B354CC5BCF75} : DhcpNameServer = 77.74.231.141 8.8.8.8
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\djordje\application data\mozilla\firefox\profiles\w7nu42xq.default\
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-12-11 20328]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-13 39984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-08-04 18:49:53 -------- d-----w- c:\documents and settings\all users\application data\pN02320OgKlH02320
2011-08-03 08:54:02 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-02 19:10:59 -------- d-----w- c:\documents and settings\all users\application data\Nero
2011-07-30 23:23:31 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-07-30 23:23:31 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-07-30 23:23:30 59888 ------w- c:\windows\system32\pxwma.dll
.
==================== Find3M ====================
.
2011-05-29 07:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 23:56:02.60 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
Dopuna: 05 Avg 2011 0:23
Posto nisam mogao izmjeniti
Sad sam pricao sa svojima, posle skidanja tog atachmenta koji se nije mogao otvoriti otisli su na facebook
i onda su krenuli svi problemi.
|
|
|
|
|
Poslao: 05 Avg 2011 11:16
|
offline
- Pridružio: 02 Feb 2009
- Poruke: 32
|
Pozdrav
skinuo sam cf ali nisam ga mogao pokrenuti iz normalnog rezima, pa sam pokrenuo iz safe moda pa nisam instalirao recovery console
kad je zavrsio sad se vise ono ne pojavljuje
sad do kad
i sad mogu programe normalno da pokrecem
evo loga
ComboFix 11-08-05.01 - Djordje 08/05/2011 11:10:07.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3314 [GMT 2:00]
Running from: c:\documents and settings\Djordje\Desktop\ComboFix.exe
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\pN02320OgKlH02320
c:\documents and settings\All Users\Application Data\pN02320OgKlH02320\pN02320OgKlH02320
c:\documents and settings\All Users\Application Data\pN02320OgKlH02320\pN02320OgKlH02320.exe
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-04 21:31 . 2011-08-04 21:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-08-03 08:54 . 2011-08-03 08:57 -------- d-----w- c:\windows\SxsCaPendDel
2011-08-02 19:11 . 2011-08-02 19:11 -------- d-----w- c:\documents and settings\Djordje\Application Data\Nero
2011-08-02 19:10 . 2011-08-03 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2011-07-30 23:27 . 2011-07-30 23:32 -------- d-----w- c:\documents and settings\Djordje\Application Data\Winamp
2011-07-30 23:23 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-07-30 23:23 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-07-30 23:23 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2010-11-12 23:47 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-11-12 23:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2011-03-26 262144]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 868352]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-29 364544]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
2006-11-14 06:25 363008 ----a-r- c:\program files\ASUS\AASP\1.00.16\AsRunHelp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
2006-11-28 16:20 3714048 ----a-w- c:\program files\ASUS\AI Booster\OverClk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nSvcIp"=2 (0x2)
"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\Igre\\Warcraft III\\Warcraft III.exe"=
"d:\\Igre\\CounterStrike\\Counter-Strike 1.6 v42\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Igre\\Warcraft III\\war3.exe"=
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [12/11/2010 3:06 PM 20328]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/13/2010 1:47 AM 39984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 5:08 AM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 4:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 4:23 AM 366936]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - d:\programi\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Djordje\Application Data\Mozilla\Firefox\Profiles\w7nu42xq.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-08-05 11:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(220)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-08-05 11:12:53
ComboFix-quarantined-files.txt 2011-08-05 09:12
.
Pre-Run: 33,697,234,944 bytes free
Post-Run: 35,127,681,024 bytes free
.
- - End Of File - - 41FABB7FEBA84EBEF3A832F4EA70234F
|
|
|
|
|
Poslao: 05 Avg 2011 14:10
|
offline
- Pridružio: 02 Feb 2009
- Poruke: 32
|
Hvala vam na posvecenom vremenu
Skidam avast home nadam se da ce biti dovoljan
Pozdrav
|
|
|
|