Jump to content

arthurt

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • AIM
  • MSN
    @ .com
  • ICQ
    13371337
  • Yahoo

Profile Information

  • Location
     
  1. Recently, my computer was infected, malwarebytes loads with windows but is unclickable, and it wlil not open, i can't open my firefox or explorer, only way i can go onto the internet is through My Computer then typing in the web address, I need some help with this, i tried downloading hijackthis etc. and i actually downloaded it, but nothing else is downloadable and my hijackthis wont even install, after i tried to switch names as well. Please help
  2. Hi and welcome to the Malwarebytes Forum Please read and follow the instructions provided here: I'm infected - What do I do now? Someone will be happy to assist you further with cleaning your system if required During this scan and cleanup process you should not install any other software unless requested to do so.
  3. Yeah, I switched it all on a different computer, i only use this one to login on those forums.
  4. http://www.malwarebytes.org/forums/index.php?showtopic=10362
  5. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [*svchostBoot] "C:\Documents and Settings\Adam\Dane aplikacji\svchost.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - S-1-5-21-602162358-1844823847-839522115-1003 Startup: lsass.exe (User '?') O4 - Startup: lsass.exe O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\AIM Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing) O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing) O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{42804984-0DBC-4262-B6B9-EACE1B94A5BB}: NameServer = 68.87.72.130,68.87.77.130,68.87.66.196 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 68.87.72.130 68.87.77.130,68.87.66.196 O17 - HKLM\System\CS1\Services\Tcpip\..\{42804984-0DBC-4262-B6B9-EACE1B94A5BB}: NameServer = 68.87.72.130,68.87.77.130,68.87.66.196 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 68.87.72.130 68.87.77.130,68.87.66.196 O17 - HKLM\System\CS2\Services\Tcpip\..\{42804984-0DBC-4262-B6B9-EACE1B94A5BB}: NameServer = 68.87.72.130,68.87.77.130,68.87.66.196 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 68.87.72.130 68.87.77.130,68.87.66.196 O17 - HKLM\System\CS3\Services\Tcpip\..\{42804984-0DBC-4262-B6B9-EACE1B94A5BB}: NameServer = 68.87.72.130,68.87.77.130,68.87.66.196 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 68.87.72.130 68.87.77.130,68.87.66.196 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing) O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  6. Yes, My steam account was linked to a completely different email that wasn't stolen as it was on a different account. I don't remember getting phished at all since most of my password are different. Whoever did it, knew 2 of my passwords that nobody else knows. I'm not sure if he had a RAT or a keylogger that was sent to me but I don't recall downloading anything suspicious. I was able to recover my password through my other gmail account, which I did on a different comptuer jsut in case. I'm not sure about all this. Thanks. HijackLog will be posted soon.
  7. Hello, What emails? Oh.. My whole gmail account was stolen along with my Steam Account. I'm not sure what's happening.
  8. By stolen I mean, I was in the middle of doing something when suddenly I couldn't access my email, I logged back into it and tried changing several things which did not help. I also ran malwarebytes scans yesterday, which came up with nothing. The email that was hijacked was a @gmail.com email. Thanks,
  9. Hello, Recently a bunch of my emails and several other things was stolen, I tried doing the scan a lot of times but it came out with 0 results. My password itself is 11 characters and I would have to say that I didn't lose anything that was a lot important but there was some stuff. I don't remember downloading anything that was suspicious at all recently. Is there any way I can possibly fix this? (Btw, Marcin if you are reading this, this is Arthur, Darek's son)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.