Virusi uzdrmali racunar

Virusi uzdrmali racunar

offline
  • Pridružio: 02 Jun 2009
  • Poruke: 8

Zakacio sam neki virus koji mi je napravio haos na poslu. Avast mi je odjednom poceo izbacivat iupozorenja ... desetine upozorenja.
I sada ne mogu da pristupim mrezi, i kada upalim racunar, START dugme i taskbar reaguju tek poslije duzeg vremena, dok se racunar dozove.
Ali ikonice sa desktopa sam mogu koristiti odmah. Nekako sam pokrenuo MBAM i on mi je obrisao neke viruse ali situacija je ista.

Ali ne znam sta sada da radim sa ovim drajverima koji su pretrpili stetu u medjuvremenu. Ne mogu da idem na uninstall jer kaze da su bitni (may be reqired to boot PC).
Posljednje sto sam radio (dok je racunar bio ispravan) je instalacija i koristenje ISOBuster-a (kopirao neki dvd, koji Nero nije mogao da iskopira).
Na domain mrezi sam na poslu, ADSL (3Mbps).
Postavljam i Avastov log file.
(evo dok sam odradjivao postupak postavljanja teme, racunar mi je poceo da koci u odredjenom momentu, pa sam ga morao restartovati. Iz 3-4 pokusaja sam iskupio sve logove ... Sad

mycity.rs/must-login.png





DDS (Ver_09-12-01.01) - NTFSx86
Run by ZvjezdanS at 9:58:58.50 on 2010-02-02
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1427 [GMT 1:00]

AV: avast! antivirus 4.8.1038 [VPS 100131-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\aswServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Alwil Software\Avast4\AvAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Firefox Optimizer\Firefox Ultimate Optimizer.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
C:\Documents and Settings\ZvjezdanS\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
uInternet Connection Wizard,ShellNext = hxxp://85.12.43.101/go/?cmp=nm_ma_kw1&uid=5df4d1fcbc5c11dd93ac166454cfffff&guid=5b0a29078d804fe3af2c3d60068f5115&affid=166454&lid=soft&url=Microsoft%20Windows%20Network&rid=zdez&v=1156&m=an2g
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\aswDisp.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [FirefoxUltimateOptimizer] "c:\program files\firefox optimizer\Firefox Ultimate Optimizer.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with &Babylon
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5454/mcfscan.cab
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zvjezd~1\applic~1\mozilla\firefox\profiles\l7503hzy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\zvjezdans\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\zvjezdans\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\aswServ.exe [2008-11-27 138680]
R2 avast! NetAgent;avast! NetAgent;c:\program files\alwil software\avast4\AvAgent.exe [2008-11-27 52160]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-14 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-5-13 3968]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\aswMaiSv.exe [2008-11-27 254040]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-8 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-8 20560]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\aswWebSv.exe [2008-11-27 352920]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]

=============== Created Last 30 ================

2010-02-02 07:57:58 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-02-02 07:56:59 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-02-02 07:55:59 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-02-02 07:54:58 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-02-02 07:53:59 31744 ----a-w- c:\windows\system32\dllcache\smb6w.dll
2010-02-02 07:52:58 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-02-02 07:51:58 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2010-02-02 07:50:58 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2010-02-02 07:49:58 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2010-02-02 07:48:58 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-02-02 07:47:59 802683 ----a-w- c:\windows\system32\dllcache\ltsm.sys
2010-02-02 07:46:59 45109 ----a-w- c:\windows\system32\dllcache\imjpuex.exe
2010-02-02 07:45:58 150239 ----a-w- c:\windows\system32\dllcache\hsf_amos.sys
2010-02-02 07:44:59 444416 ----a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-02-02 07:43:59 69194 ----a-w- c:\windows\system32\dllcache\el656cd5.sys
2010-02-02 07:42:59 4096 ----a-w- c:\windows\system32\dllcache\ctwdm32.dll
2010-02-02 07:41:59 96128 ----a-w- c:\windows\system32\dllcache\ati.dll
2010-02-02 07:32:50 0 d-----w- C:\ComboFix
2010-02-02 07:28:12 0 d-----w- c:\program files\New Folder
2010-02-01 14:13:20 0 d-----w- c:\documents and settings\zvjezdans\DoctorWeb
2010-02-01 13:51:22 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-01 13:30:17 77312 ----a-w- c:\windows\MBR.exe
2010-02-01 13:01:22 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-01 13:01:22 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-01 13:01:14 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-02-01 13:01:14 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-01-05 13:34:53 0 d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5

==================== Find3M ====================

2010-02-01 07:10:52 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-01-20 08:51:30 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-07 15:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 13:10:07 106092 ----a-w- c:\windows\fonts\Catull.ttf
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-09 21:54:07 261632 ----a-w- c:\windows\PEV.exe
2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2008-05-17 04:39:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-12-01 08:32:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081117\index.dat
2008-12-01 08:32:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120120081202\index.dat

============= FINISH: 9:59:47.81 ===============


mycity.rs/must-login.png


mycity.rs/must-login.png


mycity.rs/must-login.png


mycity.rs/must-login.png



mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

jesi li nesto petljao sa ComboFixom?

offline
  • Pridružio: 02 Jun 2009
  • Poruke: 8

Napisano: 02 Feb 2010 11:44

Aha. Sad 2 puta.
Mislio sam da cu podizati sistem ponovo, pa sam Combo pokrenuo cisto da vidim hoce li sta uraditi. U zadnjem trenutku sam se predomislio da postavim temu ovdje ... znam kriv sam. Sad

Dopuna: 02 Feb 2010 11:46

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Daj mi sve logove koje si dobio prilikom tih pokretanja.

offline
  • Pridružio: 02 Jun 2009
  • Poruke: 8

Mrka kapa prijatelju ... sad ne mogu ni da podignem sistem ... niti safe mode. Ipak cu ponovo podizati sistem...hvala na pomoci.

Ko je trenutno na forumu
 

Ukupno su 1365 korisnika na forumu :: 49 registrovanih, 8 sakrivenih i 1308 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ajo baba, Alibaba1981, antonije64, Areal84, bagor10, Battlehammer, Bubili, bufanje, cikadeda, darionis, darkangel, Dimitrise93, Dorcolac, DPera, draganl, FileFinder, hooraay, hyla, ikan, Istman, jackreacher011011, janbo, Karla, kikisp, krkalon, kybonacci, ljuba, Mcdado, mercedesamg, MilosKop, milutin134, Mixelotti, mocnijogurt, naki011, nemkea71, panzerwaffe, Parker, pein, Romibrat, royst33, skvara, Srle993, Stoilkovic, Toper, Vlada78, wolf431, YugoSlav, zbazin, Zoca