|
Zakacio sam neki virus koji mi je napravio haos na poslu. Avast mi je odjednom poceo izbacivat iupozorenja ... desetine upozorenja.
I sada ne mogu da pristupim mrezi, i kada upalim racunar, START dugme i taskbar reaguju tek poslije duzeg vremena, dok se racunar dozove.
Ali ikonice sa desktopa sam mogu koristiti odmah. Nekako sam pokrenuo MBAM i on mi je obrisao neke viruse ali situacija je ista.
Ali ne znam sta sada da radim sa ovim drajverima koji su pretrpili stetu u medjuvremenu. Ne mogu da idem na uninstall jer kaze da su bitni (may be reqired to boot PC).
Posljednje sto sam radio (dok je racunar bio ispravan) je instalacija i koristenje ISOBuster-a (kopirao neki dvd, koji Nero nije mogao da iskopira).
Na domain mrezi sam na poslu, ADSL (3Mbps).
Postavljam i Avastov log file.
(evo dok sam odradjivao postupak postavljanja teme, racunar mi je poceo da koci u odredjenom momentu, pa sam ga morao restartovati. Iz 3-4 pokusaja sam iskupio sve logove ... 
mycity.rs/must-login.png
DDS (Ver_09-12-01.01) - NTFSx86
Run by ZvjezdanS at 9:58:58.50 on 2010-02-02
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1427 [GMT 1:00]
AV: avast! antivirus 4.8.1038 [VPS 100131-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\aswServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Alwil Software\Avast4\AvAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Firefox Optimizer\Firefox Ultimate Optimizer.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
C:\Documents and Settings\ZvjezdanS\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://lenovo.live.com
uInternet Connection Wizard,ShellNext = hxxp://85.12.43.101/go/?cmp=nm_ma_kw1&uid=5df4d1fcbc5c11dd93ac166454cfffff&guid=5b0a29078d804fe3af2c3d60068f5115&affid=166454&lid=soft&url=Microsoft%20Windows%20Network&rid=zdez&v=1156&m=an2g
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\aswDisp.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [FirefoxUltimateOptimizer] "c:\program files\firefox optimizer\Firefox Ultimate Optimizer.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with &Babylon
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5454/mcfscan.cab
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\zvjezd~1\applic~1\mozilla\firefox\profiles\l7503hzy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\zvjezdans\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\zvjezdans\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.6 beta 5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.6 beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\aswServ.exe [2008-11-27 138680]
R2 avast! NetAgent;avast! NetAgent;c:\program files\alwil software\avast4\AvAgent.exe [2008-11-27 52160]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-14 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-5-13 3968]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\aswMaiSv.exe [2008-11-27 254040]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-8 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-8 20560]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\aswWebSv.exe [2008-11-27 352920]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
=============== Created Last 30 ================
2010-02-02 07:57:58 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-02-02 07:56:59 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-02-02 07:55:59 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-02-02 07:54:58 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-02-02 07:53:59 31744 ----a-w- c:\windows\system32\dllcache\smb6w.dll
2010-02-02 07:52:58 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-02-02 07:51:58 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2010-02-02 07:50:58 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2010-02-02 07:49:58 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2010-02-02 07:48:58 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-02-02 07:47:59 802683 ----a-w- c:\windows\system32\dllcache\ltsm.sys
2010-02-02 07:46:59 45109 ----a-w- c:\windows\system32\dllcache\imjpuex.exe
2010-02-02 07:45:58 150239 ----a-w- c:\windows\system32\dllcache\hsf_amos.sys
2010-02-02 07:44:59 444416 ----a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-02-02 07:43:59 69194 ----a-w- c:\windows\system32\dllcache\el656cd5.sys
2010-02-02 07:42:59 4096 ----a-w- c:\windows\system32\dllcache\ctwdm32.dll
2010-02-02 07:41:59 96128 ----a-w- c:\windows\system32\dllcache\ati.dll
2010-02-02 07:32:50 0 d-----w- C:\ComboFix
2010-02-02 07:28:12 0 d-----w- c:\program files\New Folder
2010-02-01 14:13:20 0 d-----w- c:\documents and settings\zvjezdans\DoctorWeb
2010-02-01 13:51:22 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-01 13:30:17 77312 ----a-w- c:\windows\MBR.exe
2010-02-01 13:01:22 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-01 13:01:22 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-01 13:01:14 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-02-01 13:01:14 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-01-05 13:34:53 0 d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5
==================== Find3M ====================
2010-02-01 07:10:52 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-01-20 08:51:30 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-07 15:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-23 13:10:07 106092 ----a-w- c:\windows\fonts\Catull.ttf
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-09 21:54:07 261632 ----a-w- c:\windows\PEV.exe
2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2008-05-17 04:39:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-12-01 08:32:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081117\index.dat
2008-12-01 08:32:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120120081202\index.dat
============= FINISH: 9:59:47.81 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
