Nemogucnost uklanjanja virusa i crash mozile!

2

Nemogucnost uklanjanja virusa i crash mozile!

offline
  • Pridružio: 12 Mar 2009
  • Poruke: 42

Napisano: 06 Avg 2009 13:26

ComboFix 09-08-04.04 - partizan 06.08.2009 13:05.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1411 [GMT 2:00]
Running from: c:\documents and settings\partizan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\partizan\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 14:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-02-06 10:32 2023936 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-07 17:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-07 17:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 15:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-02-06 11:06 2145280 D41D8CD98F00B204E9800998ECF8427E c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-08-05_23.32.38 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2009-04-27 1742848]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-02 251264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-04-18 173408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe"
"BlazeServoTool"="c:\program files\BlazeVideo\BlazeDVD\MediaDetector.exe"
"Google Update"="c:\documents and settings\partizan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\CryptLoad\\RouterClient.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\wLite\\wLite.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\JLC's Software\\Internet TV\\Internet TV.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
R3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
R3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
R3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
R3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
R3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
R3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
R3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\partizan\Desktop\SysProt\SysProt\SysProtDrv.sys [2009-08-05 44288]
R3 ute4ndm1;AVZ Kernel Driver; [x]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2007-10-16 17824]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-05-18 2368]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-07-19 604416]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2009-02-25 288368]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-01-18 114024]
S3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
FF - ProfilePath - c:\docume~1\partizan\APPLIC~1\Mozilla\Firefox\Profiles\akgxln8y.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-06 13:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1672)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1728-)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2996)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Common Files\CyberLink\PowerDVD9\deskband32.dll
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LckFldService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-08-06 13:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 11:23
ComboFix2.txt 2009-08-06 00:23

Pre-Run: 10.363.727.872 bytes free
Post-Run: 10.352.128.000 bytes free

177 --- E O F --- 2009-08-01 01:00

Dopuna: 06 Avg 2009 14:19

I jedno pitanje:
evo sad sam vidio da ne mogu da rezem cd!!!!Juče je radio.nije do nera,probao sam i ashampoo burning studio?ne mislim da je do optike,cita mi sve cd/dvd-ove,moze da reze image,ali ne i cd/dvd-eve!!ovo se samo meni moze desavati!!!

Dopuna: 06 Avg 2009 20:33

Ljudi jel moze pomoc!!!!Pa izludico od ovih govana!!!
Treba da rezem neke dvd-eve,a sad je to nemoguce!!!
Ne bih da budem dosadan,ali ovo traje vec par dana,a od danas je i gore,jer ne mogu da rezem nista,probao sam sa par razlicitih programa...nista!!!Cas mi ne prepoznaje drive,cas jednostavno nece da prepozna cd/dvd ubacen u njega (prazan).Da mi nije ComboFix izbrisao neke sistemske fajlove,ili???

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pronađi na tvom kompjuteru C:\Qoobox\cfscript_used_06.08.2009@13:05.txt

Taj fajl priloži u poruci opcijom Prikači fajl

offline
  • Pridružio: 12 Mar 2009
  • Poruke: 42

bila su dva,ovaj "prikaceni" i drugi 04.18

mycity.rs/must-login.png

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Obriši ComboFix koji imaš trenutno i preuzmi novi sa linka koji sam ti dao za download.

Napomena: Nemoj koristiti opciju za deinstaliranje ComboFix_a ako si je video ovde na forumu.

Samo obriši ComboFix.

offline
  • Pridružio: 12 Mar 2009
  • Poruke: 42

Napisano: 07 Avg 2009 0:29

E ovako,skinuo sam ComboFix ponovo,pokrenuo ga,i u toku skeniranja restartovao racunar i vidio sam da je obrisao neke fajlove.Ali sad je problem u tome sto ne moze da mi se otvori log da bih ga postavio,izbaci mi (i posle restarta racunara isto) ovo na slici.Pa da li da ga ponovo pokrenem (ComboFix) ili da mi kazes sta bi moglo jos koristiti taj log,da ga ukinem u task menadzeru???




Dopuna: 07 Avg 2009 0:31

ps:vidim da sam izostavio,u toku skeniranja je on sam restartovao racunar,ne ja. i jos jedna stvar,izgleda da je trojanac izbrisan,ali bih volio da ovo provjerimo jos jednom,da vidis log??ako bi jos sta trebalo...
i izvini na dosadjivanju...

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Ma ne dosađuješ.

Pokreni ponovo ComboFix.

offline
  • Pridružio: 12 Mar 2009
  • Poruke: 42

Nista prijatelju,ne moze...Opet mi je izbacilo prazan log,prazan notepad...?Kanije kada probam da ga otvorim (naC:/ComboFix.txt),izbaci mi ono kao sa slike iz predhodne poruke?

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Probaćemo na drugi način.

Hajde ponovi skeniranje sa SysProt AntiRootkit i postavi opcijom Prikači fajl kao i prošli put.

Ukoliko si obrisao SysProt preuzmi ga sa linka koji sam ti postavio gore u poruci.

offline
  • Pridružio: 12 Mar 2009
  • Poruke: 42

Evo SysProt AntiRootkit log:


mycity.rs/must-login.png

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pokreni HijackThis, klikni None of the above, just start the program.

Klikni Config... > Misc Tools > Delete a file on reboot... - odaberi C:\ComboFix.txt i klikni Open.

Kada se pojavi upit, klikni Yes.

Nakon restarta računara, ponovo pokreni ComboFix i postavi log koji dobiješ.

Ko je trenutno na forumu
 

Ukupno su 721 korisnika na forumu :: 6 registrovanih, 4 sakrivenih i 711 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Bobrock1, dane007, Djole, Milos82, zlaya011