Poslao: 13 Nov 2011 20:34
|
offline
- 0shera0
- Novi MyCity građanin
- Pridružio: 13 Nov 2011
- Poruke: 20
|
Ovako, imam virus koji mi zabranjuje da pokrenem bilo koji reg file, da pokrenem task manager i ne mogu da pokrenem po neki exe file. Probao sam formatiranjem celog harda, ali sam preneo neke podatke koji su mi bitni na eksterni hard i vratio kad sam ponovo instalirao windows, tako da je virus ostao tu gde jeste. Cekam uputstva. Hvala!
|
|
|
|
|
Poslao: 13 Nov 2011 20:53
|
offline
- 0shera0
- Novi MyCity građanin
- Pridružio: 13 Nov 2011
- Poruke: 20
|
Nadam se da radim sve po propisima.
Inace imam window xp professional, a sto se interneta tice nisam ni sam siguran zato sto zivim u studentskom domu i svi smo umrezeni preko beogradskog univerziteta. poslacu i sliku sa speedtesta
mycity.rs/must-login.png
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Shera at 20:43:45 on 2011-11-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2351 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.rcub.bg.ac.rs:8080
uURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll
TB: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 147.91.1.5
TCP: Interfaces\{A2B9B62B-336E-481D-878C-00B7468F0E6C} : DhcpNameServer = 147.91.1.5
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\shera\application data\mozilla\firefox\profiles\xpb5q7ji.default\
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2011-10-19 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2011-10-19 5248]
R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mull.sys [2011-11-4 67712]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-19 366152]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\isrum.sys --> c:\windows\system32\drivers\isrum.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-19 22216]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2011-10-19 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2011-10-19 43608]
S2 rovllx;Security Monitor;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-11-13 19:39:50 -------- d-s---w- C:\ComboFix
2011-11-12 15:02:53 103140 ----a-w- C:\vsqv.pif
2011-11-04 18:25:09 -------- d-----w- C:\ArmCAD 2005 Server
2011-11-04 18:22:49 67712 ----a-w- c:\windows\system32\drivers\hl_mull.sys
2011-11-04 18:22:49 57344 ----a-w- c:\windows\system32\drivers\wdreg.exe
2011-11-04 18:09:25 191488 ----a-w- c:\windows\system32\hlvdd.dll
2011-11-04 18:09:24 234496 ----a-w- c:\windows\system32\UNWISE.EXE
2011-11-03 18:19:55 -------- d-----w- c:\windows\SHELLNEW
2011-11-03 18:19:41 -------- d-----w- c:\documents and settings\shera\local settings\application data\Microsoft Help
2011-10-30 11:17:49 -------- d-----w- c:\documents and settings\shera\application data\Radimpex
2011-10-25 17:26:51 -------- d-----w- C:\games
2011-10-24 17:37:22 -------- d-----w- c:\program files\Radimpex
2011-10-24 17:35:50 -------- d-----w- c:\program files\ArmCAD 2005 DEMO (build 1207)
2011-10-24 15:55:11 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-10-24 00:53:11 -------- d-----w- c:\documents and settings\shera\application data\Cool Record Edit Pro
2011-10-24 00:51:12 -------- d-----w- c:\program files\Conduit
2011-10-24 00:51:12 -------- d-----w- c:\documents and settings\shera\local settings\application data\FreeSoundRecorder
2011-10-24 00:51:10 -------- d-----w- c:\program files\ConduitEngine
2011-10-24 00:51:10 -------- d-----w- c:\documents and settings\shera\local settings\application data\ConduitEngine
2011-10-24 00:51:08 -------- d-----w- c:\program files\FreeSoundRecorder
2011-10-24 00:51:08 -------- d-----w- c:\documents and settings\shera\local settings\application data\Temp
2011-10-24 00:51:08 -------- d-----w- c:\documents and settings\shera\local settings\application data\Conduit
2011-10-23 17:19:58 -------- d-----w- c:\program files\MSECache
2011-10-20 22:01:02 -------- d-----w- c:\program files\GRETECH
2011-10-19 17:12:37 -------- d-----w- c:\documents and settings\shera\local settings\application data\Adobe
2011-10-19 13:56:31 -------- d-----w- c:\program files\CCleaner
2011-10-19 13:33:23 -------- d-----w- c:\documents and settings\shera\application data\Malwarebytes
2011-10-19 13:33:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-19 13:33:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-19 13:33:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-19 12:52:54 -------- d-----w- c:\documents and settings\shera\local settings\application data\Google
2011-10-19 12:52:02 -------- d-----w- c:\documents and settings\shera\local settings\application data\Mozilla
2011-10-19 10:29:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-10-19 10:29:36 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-10-19 04:05:06 -------- d-----w- c:\program files\common files\Autodesk Shared
2011-10-19 04:05:06 -------- d-----w- c:\program files\AutoCAD 2009
2011-10-19 04:05:06 -------- d-----w- c:\documents and settings\shera\local settings\application data\Autodesk
2011-10-19 04:05:06 -------- d-----w- c:\documents and settings\shera\application data\Autodesk
.
==================== Find3M ====================
.
2011-10-19 02:12:39 0 ----a-w- c:\windows\ativpsrm.bin
2011-10-19 01:53:23 315392 ----a-w- c:\windows\HideWin.exe
.
============= FINISH: 20:44:04.96 ===============
|
|
|
|
Poslao: 13 Nov 2011 21:29
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Dok ne zavrsimo, ne ubacuj usb uredjaje, diskove i sl.
Kazi mi, pokretao si Combofix? Jel zavrsio do kraja. Jel imas izvestaje ?
|
|
|
|
|
|
Poslao: 14 Nov 2011 23:58
|
offline
- 0shera0
- Novi MyCity građanin
- Pridružio: 13 Nov 2011
- Poruke: 20
|
umrezen sam sa jos 200 ljudi u domu. :/
evo combofix log
ComboFix 11-11-14.01 - Shera 11/14/2011 15:04:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2481 [GMT 1:00]
Running from: c:\documents and settings\Shera\My Documents\Downloads\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\vsqv.pif
c:\windows\Alcmtr.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system\BisonCam.dll
c:\windows\system32\drivers\wdreg.exe
c:\windows\system32\msconfig.exe
D:\autorun.inf
.
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-04 18:25 . 2011-11-04 18:27 -------- d-----w- C:\ArmCAD 2005 Server
2011-11-03 18:19 . 2011-11-03 18:19 -------- d-----r- C:\MSOCache
2011-10-25 17:26 . 2011-10-25 17:26 -------- d-----w- C:\games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 06:59 . 2011-10-19 01:35 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 . 2011-10-19 01:35 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 . 2011-10-19 01:35 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 . 2011-10-19 01:35 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 . 2011-10-19 01:35 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2008-04-28 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-04-14 . 86D30211831DD918C9B71C4FF4B049E8 . 228352 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
.
.
.
.
c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files\FreeSoundRecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\FreeSoundRecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files\FreeSoundRecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3813376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 105392 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
2007-03-15 14:37 32768 ----a-w- c:\windows\BisonCam\BisonHK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2007-03-15 14:34 172032 ----a-w- c:\windows\BisonCam\BsMnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-19 12:52 205808 ----atw- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-12-19 15:12 152968 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-05-16 12:39 16862720 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 144384 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\rrhp.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\BisonCam\\BisonCap.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\TOSHIBA\\Bluetooth Toshiba Stack\\ItSecMng.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\Service\\AdskScSrv.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\AcShellEx\\AcLauncher.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\Documents and Settings\\Shera\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\Shera\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3844:TCP"= 3844:TCP:rvkivild
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10/19/2011 4:30 AM 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10/19/2011 4:30 AM 5248]
R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mull.sys [11/4/2011 7:22 PM 67712]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/19/2011 2:33 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/19/2011 2:33 PM 22216]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/19/2011 2:57 AM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [10/19/2011 2:57 AM 43608]
S2 rovllx;Security Monitor;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 4:42 AM 14336]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AMSINT32
*NewlyCreated* - HELPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rovllx
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-412668190-842925246-1001Core.job
- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 12:52]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-412668190-842925246-1001UA.job
- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 12:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.rcub.bg.ac.rs:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 147.91.1.5
FF - ProfilePath - c:\documents and settings\Shera\Application Data\Mozilla\Firefox\Profiles\xpb5q7ji.default\
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-11-14 15:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rovllx]
"ServiceDll"="c:\windows\system32\zknvebw.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
.
**************************************************************************
.
Completion time: 2011-11-14 15:10:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 14:10
.
Pre-Run: 33,899,937,792 bytes free
Post-Run: 34,382,483,456 bytes free
.
- - End Of File - - 15AE46B981539C8CD80594B76068B5F4
|
|
|
|
|
Poslao: 15 Nov 2011 02:07
|
offline
- 0shera0
- Novi MyCity građanin
- Pridružio: 13 Nov 2011
- Poruke: 20
|
Probao sam da instaliram avast, ali imam problema. Nakon sto pokrenem instalaciju, posle slike koje sam okacio na dnu ove poruke, samo se zatvori prozor za instalaciju. Mogu bilo koji drugi?
ComboFix 11-11-14.03 - Shera 11/15/2011 1:54.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2486 [GMT 1:00]
Running from: c:\documents and settings\Shera\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Shera\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\system32\zknvebw.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\jnpqa.pif
c:\windows\system32\zknvebw.dll
D:\autorun.inf
D:\ukqp.pif
.
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Legacy_ROVLLX
-------\Service_amsint32
-------\Service_rovllx
.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-04 18:25 . 2011-11-04 18:27 -------- d-----w- C:\ArmCAD 2005 Server
2011-11-03 18:19 . 2011-11-03 18:19 -------- d-----r- C:\MSOCache
2011-10-25 17:26 . 2011-10-25 17:26 -------- d-----w- C:\games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 06:59 . 2011-10-19 01:35 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 . 2011-10-19 01:35 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 . 2011-10-19 01:35 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 . 2011-10-19 01:35 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 . 2011-10-19 01:35 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-28 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-04-14 . 86D30211831DD918C9B71C4FF4B049E8 . 228352 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-14_14.08.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2011-11-14 13:38 65508 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-11-15 00:46 65508 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-11-15 00:46 425650 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2011-11-14 13:38 425650 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files\FreeSoundRecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\FreeSoundRecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files\FreeSoundRecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3813376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 105392 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
2007-03-15 14:37 32768 ----a-w- c:\windows\BisonCam\BisonHK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2007-03-15 14:34 172032 ----a-w- c:\windows\BisonCam\BsMnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-19 12:52 205808 ----atw- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-12-19 15:12 152968 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-05-16 12:39 16862720 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 144384 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\rrhp.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\BisonCam\\BisonCap.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\TOSHIBA\\Bluetooth Toshiba Stack\\ItSecMng.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\Service\\AdskScSrv.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\AcShellEx\\AcLauncher.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\Documents and Settings\\Shera\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\Shera\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10/19/2011 4:30 AM 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10/19/2011 4:30 AM 5248]
R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mull.sys [11/4/2011 7:22 PM 67712]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/19/2011 2:33 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/19/2011 2:33 PM 22216]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/19/2011 2:57 AM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [10/19/2011 2:57 AM 43608]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AMSINT32
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-412668190-842925246-1001Core.job
- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 12:52]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-412668190-842925246-1001UA.job
- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 12:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.rcub.bg.ac.rs:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 147.91.1.5
FF - ProfilePath - c:\documents and settings\Shera\Application Data\Mozilla\Firefox\Profiles\xpb5q7ji.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-11-15 01:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808-)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
.
**************************************************************************
.
Completion time: 2011-11-15 02:00:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-15 01:00
ComboFix2.txt 2011-11-14 14:10
.
Pre-Run: 33,688,776,704 bytes free
Post-Run: 33,657,401,344 bytes free
.
- - End Of File - - DF7F5DFAD0885CA6786044A5F9FA43BA
|
|
|
|
|