Jump to content

Reikan_Heiwa

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Reikan_Heiwa
    I doing that everyday , will post logs after scans done
  2. Reikan_Heiwa
    https://www.virustotal.com/en/file/f29de4c5cccddc83947c21474ecdd31cf1b682ebe907d2e98c651cb861fcb468/analysis/1396934962/
  3. Reikan_Heiwa
    http://pastebin.com/gVpNyKTK - Rkill log http://pastebin.com/MzcVdy2U - RogueKiller log http://pastebin.com/U1wi67Ha - TDSS Killer log http://pastebin.com/pFrBNVPi - MBAM log http://pastebin.com/6vZXsg15 - HitmanPro log http://pastebin.com/6TGFq6xz - Farbar Service Scanner log http://pastebin.com/Ps35VakX - ESET logs ( I need to install VS11 on PC ) http://pastebin.com/ci8kLxKQ - Security Check log ________________________________________________________________ I already used Comodo Dragon Browser but its same as google chrome I will instal Comodo Internet security 5
  4. Reikan_Heiwa
    All processes killed ========== OTL ========== Service catchme stopped successfully! Service catchme deleted successfully! File C:\ComboFix\catchme.sys not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\ime\moje.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\netsh.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Analog Devices\SoundMAX\SMTray.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Explorer.EXE deleted successfully. ========== FILES ========== C:\RECYCLER\S-1-5-21-861567501-412668190-1606980848-1003 folder moved successfully. C:\RECYCLER folder moved successfully. D:\RECYCLER\S-1-5-21-861567501-412668190-1606980848-1003 folder moved successfully. D:\RECYCLER\S-1-5-21-57989841-725345543-682003330-1003 folder moved successfully. D:\RECYCLER\S-1-5-21-1004336348-1409082233-725345543-1003 folder moved successfully. D:\RECYCLER folder moved successfully. < type C:\ComboFix.txt >> test.txt /c > ComboFix 14-04-05.01 - CVETKOVIC 05.04.2014 21:45:42.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.239 [GMT 2:00] Running from: c:\documents and settings\CVETKOVIC\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\CVETKOVIC\WINDOWS c:\recycler\S-1-5-21-6952559991-8787381825-168636218-9117\nissan.exe c:\windows\system32\msssc.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ABP470N5 -------\Service_abp470n5 . . ((((((((((((((((((((((((( Files Created from 2014-03-05 to 2014-04-05 ))))))))))))))))))))))))))))))) . . 2014-04-04 17:53 . 2014-04-04 18:19 -------- d-----w- C:\OETemp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 167936] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "IE8"="advpack.dll" [2009-11-05 128512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoAutoUpdate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2014-03-04 09:19 3696912 ----a-w- d:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 03:42 1768960 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-10-22 11:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2006-10-22 11:22 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-10-22 11:22 1699840 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 08:16 323968 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "f:\\ime\\moje.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"= . R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [24.3.2014 22:16 243128] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [5.4.2014 9:50 35144] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5.4.2014 21:18 40776] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ABP470N5 *NewlyCreated* - WS2IFSL . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-03-28 14:10 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-03-28 14:09] . 2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-03-28 14:09] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-04-05 21:54 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2640) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bonjour\mDNSResponder.exe d:\program files\Java\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2014-04-05 21:59:20 - machine was rebooted ComboFix-quarantined-files.txt 2014-04-05 19:59 . Pre-Run: 24.330.272.768 bytes free Post-Run: 24.264.171.520 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - FB526502626525A981B3908AD7374D61 8F558EB6672622401DA993E1E865C861 C:\Documents and Settings\CVETKOVIC\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\CVETKOVIC\Desktop\cmd.txt deleted successfully. < netsh firewall reset /c > Ok. C:\Documents and Settings\CVETKOVIC\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\CVETKOVIC\Desktop\cmd.txt deleted successfully. < netsh firewall set opmode enable /c > Ok. C:\Documents and Settings\CVETKOVIC\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\CVETKOVIC\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Unable to stop System Restore Service. Error code 1717. Restore points not cleared. Restore point Set: OTL Restore Point [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: CVETKOVIC ->Temp folder emptied: 1812840 bytes ->Temporary Internet Files folder emptied: 2080974 bytes ->Google Chrome cache emptied: 289382908 bytes ->Flash cache emptied: 7611 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2402044 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16639 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 282,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04062014_202237 Files\Folders moved on Reboot... C:\WINDOWS\temp\Perflib_Perfdata_a50.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... I uninstalled uTorrent, DTL says thatis missing some files, Java 8 SE have this error when start it "The procedure entry point RegDeleteKeyExA could not be located in the dynamic link library ADVAPI32.dll" Now task manager active, firewall on and regedit works. Is pc cleared from trojan ? Can you suggest me anti virus software ? but that will run on PC with 512mb ram
  5. Reikan_Heiwa
    I will upload files and send them with PM. Text too long and browser crashs
  6. Reikan_Heiwa
    STEP 4 - Done Status: Quarantined (events: 1) 6.4.2014 11:33:23 Quarantined virus HEUR:Worm.Win32.Generic C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-6952559991-8787381825-168636218-9117\nissan.exe.vir High Status: Detected (events: 1) 6.4.2014 11:32:17 Detected Trojan program Trojan.WinREG.Agent.v C:\Qoobox\Quarantine\Registry_backups\Service_abp470n5.reg.dat High
  7. Reikan_Heiwa
    redownloaded and works 10:29:47:718 0364 scanning threads ...10:29:48:796 0364 Infected thread was killed in process explorer.exe with PID 128410:29:48:796 0364 Infected thread was killed in process explorer.exe with PID 128410:29:48:921 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:48:921 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:000 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:000 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:046 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:093 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:156 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:203 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:203 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:250 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:312 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:359 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:406 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:468 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:49:515 0364 Infected thread was killed in process SMTray.exe with PID 158010:29:52:890 0364 Infected thread was killed in process chrome.exe with PID 238410:29:52:890 0364 Infected thread was killed in process chrome.exe with PID 238410:29:53:531 0364 Infected thread was killed in process chrome.exe with PID 262810:29:53:531 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:671 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:671 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:671 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:671 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:671 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:671 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:671 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:671 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:671 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:671 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:687 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:703 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:718 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:734 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:750 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:765 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:781 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:796 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:812 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:812 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:812 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:812 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:812 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:812 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:812 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:812 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:812 0364 Infected thread was killed in process chrome.exe with PID 262810:29:54:812 0364 Infected thread was killed in process chrome.exe with PID 262810:29:56:000 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:015 0364 Infected thread was killed in process chrome.exe with PID 223210:29:56:031 0364 Infected thread was killed in process chrome.exe with PID 223210:30:03:203 0364 10:30:03:203 0364 scanning processes ...10:30:03:281 0364 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe infected Virus.Win32.Sality.aa ...10:30:03:578 0364 terminated10:30:03:609 0364 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe infected Virus.Win32.Sality.aa ...10:30:03:609 0364 cured10:30:03:703 0364 10:30:03:703 0364 removing autorun.inf files ...10:30:03:718 0364 10:30:03:718 0364 Restoring show hidden and system files10:30:03:718 0364 10:30:03:718 2436 Monitoring thread started10:30:03:781 0364 Disabling autorun on all drive types10:30:03:781 0364 10:30:03:781 0364 restoring SafeBoot registry node10:30:03:781 0364 Restoring safe/network boot registry branches for windows XP10:30:04:250 0364 10:30:04:250 0364 fixing registry ...10:30:04:250 0364 SalityRegCure: Restoring general registry keys10:30:04:343 0364 SalityRegCure: Fixing system.ini10:30:04:343 0364 10:30:04:343 0364 scanning drives ...10:30:04:468 0364 scanning C:\ ...10:30:12:281 0364 C:\Documents and Settings\All Users\Start Menu\Programs\IDEUtil\SISIDE.exe infected Virus.Win32.Sality.aa ...10:30:12:281 0364 cured10:30:28:000 0364 C:\Documents and Settings\CVETKOVIC\Application Data\Sun\Java\jre1.7.0_51\lzma.exe infected Virus.Win32.Sality.aa ...10:30:28:000 0364 cured10:30:32:656 0364 C:\Documents and Settings\CVETKOVIC\Desktop\dds.scr infected Virus.Win32.Sality.aa ...10:30:32:656 0364 cured10:31:53:718 0364 C:\Documents and Settings\CVETKOVIC\My Documents\Downloads\dds.scr infected Virus.Win32.Sality.aa ...10:31:53:718 0364 cured10:32:09:687 0364 C:\Program Files\Adobe\Adobe Help Viewer\1.1\ahv.exe infected Virus.Win32.Sality.aa ...10:32:09:687 0364 cured10:32:10:937 0364 C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe infected Virus.Win32.Sality.aa ...10:32:10:937 0364 cured10:32:12:359 0364 C:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe infected Virus.Win32.Sality.aa ...10:32:12:359 0364 cured10:32:12:953 0364 C:\Program Files\Adobe\Reader 9.0\Reader\Eula.exe infected Virus.Win32.Sality.aa ...10:32:12:953 0364 cured10:32:13:156 0364 C:\Program Files\Adobe\Reader 9.0\Reader\LogTransport2.exe infected Virus.Win32.Sality.aa ...10:32:13:156 0364 cured10:32:13:531 0364 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe infected Virus.Win32.Sality.aa ...10:32:13:531 0364 cured10:32:14:734 0364 C:\Program Files\Analog Devices\SoundMAX\AEEnable.exe infected Virus.Win32.Sality.aa ...10:32:14:734 0364 cured10:32:14:906 0364 C:\Program Files\Analog Devices\SoundMAX\DLSLoader.exe infected Virus.Win32.Sality.aa ...10:32:14:906 0364 cured10:32:14:953 0364 C:\Program Files\Analog Devices\SoundMAX\install.exe infected Virus.Win32.Sality.aa ...10:32:14:953 0364 cured10:32:15:046 0364 C:\Program Files\Analog Devices\SoundMAX\RemADI.exe infected Virus.Win32.Sality.aa ...10:32:15:046 0364 cured10:32:15:156 0364 C:\Program Files\Analog Devices\SoundMAX\Remove.exe infected Virus.Win32.Sality.aa ...10:32:15:156 0364 cured10:32:15:187 0364 C:\Program Files\Analog Devices\SoundMAX\SMAgentI.exe infected Virus.Win32.Sality.aa ...10:32:15:187 0364 cured10:32:15:328 0364 C:\Program Files\Analog Devices\SoundMAX\SMAgentX.exe infected Virus.Win32.Sality.aa ...10:32:15:328 0364 cured10:32:15:640 0364 C:\Program Files\Analog Devices\SoundMAX\_iscppr.exe infected Virus.Win32.Sality.aa ...10:32:15:640 0364 cured10:32:15:828 0364 C:\Program Files\Audacity\Audacity.exe infected Virus.Win32.Sality.aa ...10:32:15:828 0364 cured10:32:16:125 0364 C:\Program Files\Chess Informant\Sahovska skola\crafty\wcrafty-17.9-smp.exe infected Virus.Win32.Sality.aa ...10:32:16:125 0364 cured10:34:49:375 0364 C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe infected Virus.Win32.Sality.aa ...10:34:49:375 0364 cured10:35:01:703 0364 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe infected Virus.Win32.Sality.aa ...10:35:01:703 0364 cured10:35:02:015 0364 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdaterInstallMgr.exe infected Virus.Win32.Sality.aa ...10:35:02:015 0364 cured10:35:02:812 0364 C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe infected Virus.Win32.Sality.aa ...10:35:02:812 0364 cured10:35:03:265 0364 C:\Program Files\Common Files\Java\Java Update\jucheck.exe infected Virus.Win32.Sality.aa ...10:35:03:265 0364 cured10:35:03:312 0364 C:\Program Files\Common Files\Java\Java Update\jusched.exe infected Virus.Win32.Sality.aa ...10:35:03:312 0364 cured10:35:03:484 0364 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe infected Virus.Win32.Sality.aa ...10:35:03:484 0364 cured10:35:03:609 0364 C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE infected Virus.Win32.Sality.aa ...10:35:03:609 0364 cured10:35:03:750 0364 C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE infected Virus.Win32.Sality.aa ...10:35:03:750 0364 cured10:35:04:328 0364 C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\MSPVIEW.EXE infected Virus.Win32.Sality.aa ...10:35:04:328 0364 cured10:35:04:468 0364 C:\Program Files\Common Files\Microsoft Shared\MSInfo\OINFOP11.EXE infected Virus.Win32.Sality.aa ...10:35:04:468 0364 cured10:35:04:796 0364 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE infected Virus.Win32.Sality.aa ...10:35:04:796 0364 cured10:35:05:562 0364 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE infected Virus.Win32.Sality.aa ...10:35:05:562 0364 cured10:35:07:640 0364 C:\Program Files\Common Files\Microsoft Shared\Web Components\11\DFUICOM.EXE infected Virus.Win32.Sality.aa ...10:35:07:640 0364 cured10:35:10:125 0364 C:\Program Files\English Malayalam Dictionary\Dictionary.exe infected Virus.Win32.Sality.aa ...10:35:10:125 0364 cured10:35:15:140 0364 C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\33.0.1750.154\chrome_installer.exe infected Virus.Win32.Sality.aa ...10:35:15:140 0364 cured10:35:15:265 0364 C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe infected Virus.Win32.Sality.aa ...10:35:15:265 0364 cured10:35:16:078 0364 C:\Program Files\Madhuri Malayalam Typing\Madhuri.exe infected Virus.Win32.Sality.aa ...10:35:16:078 0364 cured10:35:17:062 0364 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe infected Virus.Win32.Sality.aa ...10:35:17:062 0364 cured10:35:17:515 0364 C:\Program Files\Messenger\msmsgs.exe infected Virus.Win32.Sality.aa ...10:35:17:515 0364 cured10:35:17:937 0364 C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe infected Virus.Win32.Sality.aa ...10:35:17:937 0364 cured10:35:18:109 0364 C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe infected Virus.Win32.Sality.aa ...10:35:18:109 0364 cured10:35:18:171 0364 C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe infected Virus.Win32.Sality.aa ...10:35:18:171 0364 cured10:35:20:734 0364 C:\Program Files\RocketDock\RocketDock.exe infected Virus.Win32.Sality.aa ...10:35:20:734 0364 cured10:35:20:968 0364 C:\Program Files\RocketDock\Tools\Debug.exe infected Virus.Win32.Sality.aa ...10:35:20:984 0364 cured10:35:21:343 0364 C:\Program Files\SiSLan\uninst.exe infected Virus.Win32.Sality.aa ...10:35:21:343 0364 cured10:35:34:453 0364 C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-6952559991-8787381825-168636218-9117\nissan.exe.vir infected Virus.Win32.Sality.aa ...10:35:34:453 0364 cured10:36:28:468 0364 C:\WINDOWS\Network Diagnostic\xpnetdiag.exe infected Virus.Win32.Sality.aa ...10:36:28:484 0364 cured10:38:17:843 0364 C:\WINDOWS\system32\nvcplui.exe infected Virus.Win32.Sality.aa ...10:38:17:843 0364 cured10:38:19:546 0364 C:\WINDOWS\system32\nwiz.exe infected Virus.Win32.Sality.aa ...10:38:19:546 0364 cured10:38:47:984 0364 scanning D:\ ...10:39:08:140 0364 D:\Confict\Confict Art\Programs and their works\Stronghold Map PNGer.exe infected Virus.Win32.Sality.aa ...10:39:08:140 0364 cured10:39:11:671 0364 D:\directx9.0c\DXSETUP.exe infected Virus.Win32.Sality.aa ...10:39:11:671 0364 cured10:39:12:000 0364 D:\Drajveri od ploce\ASUS P4S8X-X\AGP_1170\AGP\AGP\AGPUtil\AGPutil.exe infected Virus.Win32.Sality.aa ...10:39:12:000 0364 cured10:39:12:187 0364 D:\Drajveri od ploce\ASUS P4S8X-X\AGP_1170\AGP\AGP\htpatch\HTinst.exe infected Virus.Win32.Sality.aa ...10:39:12:187 0364 cured10:39:12:218 0364 D:\Drajveri od ploce\ASUS P4S8X-X\AGP_1170\AGP\AGP\htpatch\HTpatch.exe infected Virus.Win32.Sality.aa ...10:39:12:218 0364 cured10:39:12:265 0364 D:\Drajveri od ploce\ASUS P4S8X-X\AGP_1170\AGP\AGP\htpatch\HTuninst.exe infected Virus.Win32.Sality.aa ...10:39:12:265 0364 cured10:39:12:937 0364 D:\Drajveri od ploce\ASUS P4S8X-X\AGP_1170\AGP\SISfiles\ata133ap.exe infected Virus.Win32.Sality.aa ...10:39:12:953 0364 cured10:39:13:062 0364 D:\Drajveri od ploce\ASUS P4S8X-X\AGP_1170\AGP\SISfiles\instdrv.exe infected Virus.Win32.Sality.aa ...10:39:13:062 0364 cured10:39:13:093 0364 D:\Drajveri od ploce\ASUS P4S8X-X\AGP_1170\AGP\SISfiles\regmod.exe infected Virus.Win32.Sality.aa ...10:39:13:109 0364 cured10:39:13:156 0364 D:\Drajveri od ploce\ASUS P4S8X-X\AGP_1170\AGP\SISfiles\waitwnd.exe infected Virus.Win32.Sality.aa ...10:39:13:156 0364 cured10:39:13:281 0364 D:\Drajveri od ploce\ASUS P4S8X-X\AGP_1170\AGP\USB\Win2K_XP\WinXPUSB\SiSUSBrg.exe infected Virus.Win32.Sality.aa ...10:39:13:281 0364 cured10:39:13:343 0364 D:\Drajveri od ploce\ASUS P4S8X-X\AGP_1170\AGP\USB\Win9x\SiSFiles\Mp_s3.exe infected Virus.Win32.Sality.aa ...10:39:13:343 0364 cured10:39:13:640 0364 D:\Drajveri od ploce\ASUS P4S8X-X\lan_sp116\inf2cat.exe infected Virus.Win32.Sality.aa ...10:39:13:640 0364 cured10:39:14:421 0364 D:\Drajveri od ploce\ASUS P4S8X-X\lan_sp116\refresh.exe infected Virus.Win32.Sality.aa ...10:39:14:421 0364 cured10:39:14:859 0364 D:\Drajveri od ploce\ASUS P4S8X-X\lan_sp116\Win2000\uninst.exe infected Virus.Win32.Sality.aa ...10:39:14:859 0364 cured10:39:15:343 0364 D:\Drajveri od ploce\ASUS P4S8X-X\lan_sp116\WinXP\uninst.exe infected Virus.Win32.Sality.aa ...10:39:15:343 0364 cured10:39:15:843 0364 D:\Drajveri od ploce\ASUS P4S8X-X\siside203_2kxp\siside203_2kxp\IDE\IdeUtil\PropInstall.exe infected Virus.Win32.Sality.aa ...10:39:15:843 0364 cured10:39:15:906 0364 D:\Drajveri od ploce\ASUS P4S8X-X\siside203_2kxp\siside203_2kxp\IDE\IdeUtil\SISIDE.exe infected Virus.Win32.Sality.aa ...10:39:15:906 0364 cured10:39:16:218 0364 D:\Drajveri od ploce\ASUS P4S8X-X\siside203_2kxp\siside203_2kxp\IDE\SisFilter.exe infected Virus.Win32.Sality.aa ...10:39:16:234 0364 cured10:39:16:484 0364 D:\Drajveri od ploce\ASUS P4S8X-X\siside203_2kxp\siside203_2kxp\IDE\waitwnd.exe infected Virus.Win32.Sality.aa ...10:39:16:484 0364 cured10:39:17:343 0364 D:\Drajveri od ploce\ASUS P4S8X-X\siside203_2kxp\siside203_2kxp\SISfiles\ata133ap.exe infected Virus.Win32.Sality.aa ...10:39:17:343 0364 cured10:39:17:468 0364 D:\Drajveri od ploce\ASUS P4S8X-X\siside203_2kxp\siside203_2kxp\SISfiles\DMA98.exe infected Virus.Win32.Sality.aa ...10:39:17:468 0364 cured10:39:17:640 0364 D:\Drajveri od ploce\ASUS P4S8X-X\siside203_2kxp\siside203_2kxp\SISfiles\HDinfo.exe infected Virus.Win32.Sality.aa ...10:39:17:640 0364 cured10:39:17:843 0364 D:\Drajveri od ploce\ASUS P4S8X-X\siside203_2kxp\siside203_2kxp\SISfiles\infinstall.exe infected Virus.Win32.Sality.aa ...10:39:17:937 0364 cured10:39:18:140 0364 D:\Drajveri od ploce\ASUS P4S8X-X\siside203_2kxp\siside203_2kxp\SISfiles\SisFilter.exe infected Virus.Win32.Sality.aa ...10:39:18:140 0364 cured10:39:18:187 0364 D:\Drajveri od ploce\ASUS P4S8X-X\siside203_2kxp\siside203_2kxp\SISfiles\waitwnd.exe infected Virus.Win32.Sality.aa ...10:39:18:187 0364 cured10:39:18:609 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\AEEnable.exe infected Virus.Win32.Sality.aa ...10:39:18:609 0364 cured10:39:19:046 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\RemADI.exe infected Virus.Win32.Sality.aa ...10:39:19:046 0364 cured10:39:19:093 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\Setup.exe infected Virus.Win32.Sality.aa ...10:39:19:093 0364 cured10:39:19:234 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\SMAXWDM\SE\inst16.exe infected Virus.Win32.Sality.aa ...10:39:19:234 0364 cured10:39:19:531 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\SMAXWDM\W2K_XP\install.exe infected Virus.Win32.Sality.aa ...10:39:19:546 0364 cured10:39:19:687 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\SMAXWDM\W2K_XP\Remove.exe infected Virus.Win32.Sality.aa ...10:39:19:687 0364 cured10:39:20:171 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\SM_Panel\Sys\SMAgent.exe infected Virus.Win32.Sality.aa ...10:39:20:171 0364 cured10:39:20:218 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\SM_Panel\Sys\SMAgentI.exe infected Virus.Win32.Sality.aa ...10:39:20:218 0364 cured10:39:20:250 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\SM_Panel\Sys\SMAgentX.exe infected Virus.Win32.Sality.aa ...10:39:20:250 0364 cured10:39:20:515 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\SM_Panel\Sys\SMTray.exe infected Virus.Win32.Sality.aa ...10:39:20:515 0364 cured10:39:21:234 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\SoundMAX Synthesizer\DLSLoader.exe infected Virus.Win32.Sality.aa ...10:39:21:234 0364 cured10:39:21:312 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\SoundMAX Synthesizer\SynCor.exe infected Virus.Win32.Sality.aa ...10:39:21:312 0364 cured10:39:21:562 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\SoundMAX Synthesizer\_iscppr.exe infected Virus.Win32.Sality.aa ...10:39:21:562 0364 cured10:39:21:625 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\Sys\CleanUp.exe infected Virus.Win32.Sality.aa ...10:39:21:625 0364 cured10:39:21:765 0364 D:\Drajveri od ploce\ASUS P4S8X-X\wdm_3620\AD1980\Sys\DSndUp.exe infected Virus.Win32.Sality.aa ...10:39:21:765 0364 cured10:39:21:875 0364 D:\Drivers\Win\Audio\AEEnable.exe infected Virus.Win32.Sality.aa ...10:39:21:875 0364 cured10:39:21:968 0364 D:\Drivers\Win\Audio\DevSetup.exe infected Virus.Win32.Sality.aa ...10:39:21:968 0364 cured10:39:22:140 0364 D:\Drivers\Win\Audio\setup.exe infected Virus.Win32.Sality.aa ...10:39:22:140 0364 cured10:39:22:406 0364 D:\Drivers\Win\Audio\SMAXWDM\W2K_XP\SMax4PNP.exe infected Virus.Win32.Sality.aa ...10:39:22:406 0364 cured10:39:24:093 0364 D:\Drivers\Win\Audio\SM_Comn\Help\SMHelp.exe infected Virus.Win32.Sality.aa ...10:39:24:093 0364 cured10:39:24:593 0364 D:\Drivers\Win\Audio\SM_Micro\Wizards\SMWizard.exe infected Virus.Win32.Sality.aa ...10:39:24:593 0364 cured10:39:24:765 0364 D:\Drivers\Win\Audio\SM_Panel\Sys\SMax4.exe infected Virus.Win32.Sality.aa ...10:39:24:765 0364 cured10:39:24:953 0364 D:\Drivers\Win\Audio\Sys\CleanUp.exe infected Virus.Win32.Sality.aa ...10:39:24:953 0364 cured10:39:24:984 0364 D:\Drivers\Win\Audio\Sys\DSndUp.exe infected Virus.Win32.Sality.aa ...10:39:24:984 0364 cured10:39:28:828 0364 D:\NVIDIA\Win2KXP\93.71\nvudisp.exe infected Virus.Win32.Sality.aa ...10:39:28:828 0364 cured10:39:29:812 0364 D:\NVIDIA\Win2KXP\93.71\setup.exe infected Virus.Win32.Sality.aa ...10:39:29:828 0364 cured10:39:30:000 0364 D:\Program Files\Adobe\Adobe Bridge CS3\Adobe DNG Converter.exe infected Virus.Win32.Sality.aa ...10:39:30:000 0364 cured10:39:34:390 0364 D:\Program Files\Adobe\Adobe Bridge CS3\Bridge.exe infected Virus.Win32.Sality.aa ...10:39:34:390 0364 cured10:39:34:546 0364 D:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe infected Virus.Win32.Sality.aa ...10:39:34:546 0364 cured10:40:22:781 0364 D:\Program Files\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe infected Virus.Win32.Sality.aa ...10:40:22:781 0364 cured10:40:32:671 0364 D:\Program Files\Adobe\Redist\InstMsiA.exe infected Virus.Win32.Sality.aa ...10:40:32:671 0364 cured10:40:32:812 0364 D:\Program Files\Adobe\Redist\InstMsiW.exe infected Virus.Win32.Sality.aa ...10:40:32:812 0364 cured10:40:32:937 0364 D:\Program Files\Adobe\Redist\setup.exe infected Virus.Win32.Sality.aa ...10:40:32:937 0364 cured10:40:38:234 0364 D:\Program Files\Adobe\Tuner 6.0 For Acrobat\Redist\InstMsiA.exe infected Virus.Win32.Sality.aa ...10:40:38:234 0364 cured10:40:38:468 0364 D:\Program Files\Adobe\Tuner 6.0 For Acrobat\Redist\InstMsiW.exe infected Virus.Win32.Sality.aa ...10:40:38:468 0364 cured10:40:38:593 0364 D:\Program Files\Adobe\Tuner 6.0 For Acrobat\Redist\setup.exe infected Virus.Win32.Sality.aa ...10:40:38:718 0364 cured10:41:06:437 0364 D:\Program Files\Borland\Delphi7\Help\Tools\HCRTF.EXE infected Virus.Win32.Sality.aa ...10:41:06:437 0364 cured10:41:48:093 0364 D:\Program Files\DAEMON Tools Lite\DTHelper.exe infected Virus.Win32.Sality.aa ...10:41:48:093 0364 cured10:41:48:187 0364 D:\Program Files\DAEMON Tools Lite\DTShellHlp.exe infected Virus.Win32.Sality.aa ...10:41:48:187 0364 cured10:41:49:640 0364 D:\Program Files\DAEMON Tools Lite\uninst.exe infected Virus.Win32.Sality.aa ...10:41:49:640 0364 cured10:43:00:421 0364 D:\Program Files\Firefly Studios\Stronghold Crusader\pcchk.exe infected Virus.Win32.Sality.aa ...10:43:00:421 0364 cured10:43:01:140 0364 D:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe infected Virus.Win32.Sality.aa ...10:43:01:140 0364 cured10:43:06:546 0364 D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe infected Virus.Win32.Sality.aa ...10:43:06:546 0364 cured10:43:12:781 0364 D:\Program Files\Microsoft Office\OFFICE11\1033\MSOHELP.EXE infected Virus.Win32.Sality.aa ...10:43:12:781 0364 cured10:43:14:281 0364 D:\Program Files\Microsoft Office\OFFICE11\DSSM.EXE infected Virus.Win32.Sality.aa ...10:43:14:281 0364 cured10:43:14:328 0364 D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE infected Virus.Win32.Sality.aa ...10:43:14:328 0364 cured10:43:14:562 0364 D:\Program Files\Microsoft Office\OFFICE11\GRAPH.EXE infected Virus.Win32.Sality.aa ...10:43:14:562 0364 cured10:43:14:750 0364 D:\Program Files\Microsoft Office\OFFICE11\MSOHTMED.EXE infected Virus.Win32.Sality.aa ...10:43:14:750 0364 cured10:43:14:859 0364 D:\Program Files\Microsoft Office\OFFICE11\MSTORDB.EXE infected Virus.Win32.Sality.aa ...10:43:14:859 0364 cured10:43:14:921 0364 D:\Program Files\Microsoft Office\OFFICE11\MSTORE.EXE infected Virus.Win32.Sality.aa ...10:43:14:921 0364 cured10:43:15:296 0364 D:\Program Files\Microsoft Office\OFFICE11\PROFLWIZ.EXE infected Virus.Win32.Sality.aa ...10:43:15:296 0364 cured10:43:16:718 0364 D:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe infected Virus.Win32.Sality.aa ...10:43:16:718 0364 cured10:43:16:812 0364 D:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe infected Virus.Win32.Sality.aa ...10:43:16:812 0364 cured10:43:16:984 0364 D:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe infected Virus.Win32.Sality.aa ...10:43:16:984 0364 cured10:43:17:468 0364 D:\Program Files\MV2Player\uninst.exe infected Virus.Win32.Sality.aa ...10:43:17:468 0364 cured10:43:19:046 0364 D:\Program Files\uTorrent\Copy of uTorrent.exe infected Virus.Win32.Sality.aa ...10:43:19:046 0364 cured10:43:19:187 0364 D:\Program Files\uTorrent\uTorrent.exe infected Virus.Win32.Sality.aa ...10:43:19:187 0364 cured10:43:20:359 0364 D:\Slike\New Folder\New Folder (3)\New Folder (2)\nemam pojma sta je\Sahovska_skola (D)\Chess is Chess\ChessisChessT.exe infected Virus.Win32.Sality.aa ...10:43:20:359 0364 cured10:43:22:796 0364 D:\Slike\New Folder\New Folder (3)\New Folder (2)\nemam pojma sta je\Sahovska_skola (D)\CIRinstall\CIRsetup.exe infected Virus.Win32.Sality.aa ...10:43:22:796 0364 cured10:43:23:109 0364 D:\Slike\New Folder\New Folder (3)\New Folder (2)\nemam pojma sta je\Sahovska_skola (D)\CRAFTY\wcrafty-17.9-smp.exe infected Virus.Win32.Sality.aa ...10:43:23:109 0364 cured10:43:23:375 0364 D:\Slike\New Folder\New Folder (3)\New Folder (2)\nemam pojma sta je\Sahovska_skola (D)\DIVX\DivX412Bundle.exe infected Virus.Win32.Sality.aa ...10:43:23:375 0364 cured10:44:01:156 0364 D:\Win XP Prof EN\I386\DRW\DWWIN.EXE infected Virus.Win32.Sality.aa ...10:44:01:156 0364 cured10:44:03:296 0364 D:\Win XP Prof EN\I386\EXPAND.EXE infected Virus.Win32.Sality.aa ...10:44:03:296 0364 cured10:44:03:609 0364 D:\Win XP Prof EN\I386\FAXPATCH.EXE infected Virus.Win32.Sality.aa ...10:44:03:609 0364 cured10:44:24:953 0364 D:\Win XP Prof EN\I386\NETSETUP.EXE infected Virus.Win32.Sality.aa ...10:44:24:968 0364 cured10:44:26:953 0364 D:\Win XP Prof EN\I386\NTSD.EXE infected Virus.Win32.Sality.aa ...10:44:26:953 0364 cured10:44:34:031 0364 D:\Win XP Prof EN\I386\REGEDIT.EXE infected Virus.Win32.Sality.aa ...10:44:34:031 0364 cured10:44:39:375 0364 D:\Win XP Prof EN\I386\SPNPINST.EXE infected Virus.Win32.Sality.aa ...10:44:39:375 0364 cured10:44:40:546 0364 D:\Win XP Prof EN\I386\SPUNINST.EXE infected Virus.Win32.Sality.aa ...10:44:40:546 0364 cured10:44:40:609 0364 D:\Win XP Prof EN\I386\SPUPDSVC.EXE infected Virus.Win32.Sality.aa ...10:44:40:609 0364 cured10:44:42:046 0364 D:\Win XP Prof EN\I386\SVCPACK\IE8.EXE infected Virus.Win32.Sality.aa ...10:44:42:046 0364 cured10:44:42:171 0364 D:\Win XP Prof EN\I386\SVCPACK\KB898461.EXE infected Virus.Win32.Sality.aa ...10:44:42:171 0364 cured10:44:42:312 0364 D:\Win XP Prof EN\I386\SVCPACK\KB915865.EXE infected Virus.Win32.Sality.aa ...10:44:42:312 0364 cured10:44:42:437 0364 D:\Win XP Prof EN\I386\SVCPACK\KB923789.EXE infected Virus.Win32.Sality.aa ...10:44:42:437 0364 cured10:44:42:546 0364 D:\Win XP Prof EN\I386\SVCPACK\KB938127-V2-IE7.EXE infected Virus.Win32.Sality.aa ...10:44:42:546 0364 cured10:44:42:625 0364 D:\Win XP Prof EN\I386\SVCPACK\KB941569.EXE infected Virus.Win32.Sality.aa ...10:44:42:625 0364 cured10:44:42:718 0364 D:\Win XP Prof EN\I386\SVCPACK\KB946648.EXE infected Virus.Win32.Sality.aa ...10:44:42:718 0364 cured10:44:42:859 0364 D:\Win XP Prof EN\I386\SVCPACK\KB947864-IE7.EXE infected Virus.Win32.Sality.aa ...10:44:42:859 0364 cured10:44:42:953 0364 D:\Win XP Prof EN\I386\SVCPACK\KB950760.EXE infected Virus.Win32.Sality.aa ...10:44:42:953 0364 cured10:44:43:218 0364 D:\Win XP Prof EN\I386\SVCPACK\KB953838-IE7.EXE infected Virus.Win32.Sality.aa ...10:44:43:218 0364 cured10:44:43:312 0364 D:\Win XP Prof EN\I386\SVCPACK\KB953839.EXE infected Virus.Win32.Sality.aa ...10:44:43:312 0364 cured10:44:43:484 0364 D:\Win XP Prof EN\I386\SVCPACK\KB954154_WM11.EXE infected Virus.Win32.Sality.aa ...10:44:43:484 0364 cured10:44:43:671 0364 D:\Win XP Prof EN\I386\SVCPACK\KB960715.EXE infected Virus.Win32.Sality.aa ...10:44:43:671 0364 cured10:44:43:828 0364 D:\Win XP Prof EN\I386\SVCPACK\KB961260-IE7.EXE infected Virus.Win32.Sality.aa ...10:44:43:828 0364 cured10:44:43:953 0364 D:\Win XP Prof EN\I386\SVCPACK\qchain.exe infected Virus.Win32.Sality.aa ...10:44:43:953 0364 cured10:44:44:031 0364 D:\Win XP Prof EN\I386\SVCPACK\WGANOTIFY.EXE infected Virus.Win32.Sality.aa ...10:44:44:031 0364 cured10:44:44:515 0364 D:\Win XP Prof EN\I386\SYSPARSE.EXE infected Virus.Win32.Sality.aa ...10:44:44:515 0364 cured10:44:45:531 0364 D:\Win XP Prof EN\I386\TELNET.EXE infected Virus.Win32.Sality.aa ...10:44:45:531 0364 cured10:44:47:734 0364 D:\Win XP Prof EN\I386\update\UPDATE.EXE infected Virus.Win32.Sality.aa ...10:44:47:734 0364 cured10:44:51:890 0364 D:\Win XP Prof EN\I386\WGATRAY.EXE infected Virus.Win32.Sality.aa ...10:44:51:906 0364 cured10:44:52:984 0364 D:\Win XP Prof EN\I386\WINNT32.EXE infected Virus.Win32.Sality.aa ...10:44:52:984 0364 cured10:44:59:484 0364 D:\Win XP Prof EN\Packages\Adobe Acrobat Reader 9.0 Lite\ar9lite_eng.exe infected Virus.Win32.Sality.aa ...10:44:59:484 0364 cured10:45:00:562 0364 D:\Win XP Prof EN\Packages\Essential Fonts Pack\Essential Fonts Pack.Silent.exe infected Virus.Win32.Sality.aa ...10:45:00:562 0364 cured10:45:01:531 0364 D:\Win XP Prof EN\Packages\Reg Tweaks\Folder_Themes.exe infected Virus.Win32.Sality.aa ...10:45:01:531 0364 cured10:45:01:593 0364 D:\Win XP Prof EN\Packages\Reg Tweaks\Reg Tweaks.exe infected Virus.Win32.Sality.aa ...10:45:01:593 0364 cured10:45:02:093 0364 D:\Win XP Prof EN\Packages\Themes\Theme.exe infected Virus.Win32.Sality.aa ...10:45:02:093 0364 cured10:45:02:265 0364 D:\Win XP Prof EN\Packages\WebLinks\WebLinks1.exe infected Virus.Win32.Sality.aa ...10:45:02:281 0364 cured10:45:02:328 0364 D:\Win XP Prof EN\Packages\WebLinks\WebLinks2.exe infected Virus.Win32.Sality.aa ...10:45:02:328 0364 cured10:45:02:468 0364 D:\Win XP Prof EN\Setup.exe infected Virus.Win32.Sality.aa ...10:45:02:484 0364 cured10:45:02:812 0364 10:45:08:203 2436 Monitoring thread stopped10:45:08:203 0364 completed10:45:08:203 0364 Infected files: 17610:45:08:203 0364 Infected processes: 110:45:08:203 0364 Infected threads: 16510:45:08:203 0364 Cured files: 17610:45:08:203 0364 Will be cured on reboot: 010:45:08:203 0364 Executed registry scripts: 1
  8. Reikan_Heiwa
    STEP 3 - problem Microsoft Windows XP [Version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\CVETKOVIC>"%userprofile%\desktop\salitykiller.exe" -n -r -x -a -j -k -l c:\report.txt Access is denied. C:\Documents and Settings\CVETKOVIC>
  9. Reikan_Heiwa
    Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.05.02 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 CVETKOVIC :: CVETKOVI-3FF64A [administrator] 6.4.2014 8:20:33 mbam-log-2014-04-06 (08-20-33).txt Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 297979 Time elapsed: 1 hour(s), 1 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 5 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  10. Reikan_Heiwa
    Updated MBAM log Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.04.05.02 Windows XP Service Pack 2 x86 NTFSInternet Explorer 8.0.6001.18702CVETKOVIC :: CVETKOVI-3FF64A [administrator] 6.4.2014 8:20:33MBAM-log-2014-04-06 (09-22-18).txt Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 297979Time elapsed: 1 hour(s), 1 minute(s), 32 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 5HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  11. Reikan_Heiwa
    I reinstalled OS - Windows XP SP2 and I got trojan somehow I can't open regedit or msconfig , firewall turn off by it self, I have tuneup utilites and I can acces to task manager and registry with it, but this trojan wont let me install any antivirus software. I scanded with mbam and then removed all from quarantine. I will scan once more, will edit this posts This is mbam log Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.04.05.02 Windows XP Service Pack 2 x86 NTFSInternet Explorer 8.0.6001.18702 :: CVETKOVI-3FF64A [administrator] 5.4.2014 10:14:09MBAM-log-2014-04-05 (19-59-33).txt Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 297089Time elapsed: 1 hour(s), 14 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Trojan.Agent) -> Data: C:\RECYCLER\S-1-5-21-6858374895-8517247146-070345398-4936\nissan.exe -> No action taken. Registry Data Items Detected: 5HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0(No malicious items detected) Files Detected: 10C:\Documents and Settings\CVETKOVIC\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\003\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP20\A0014381.exe (Trojan.ExploitDrop.BV) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP20\A0016058.exe (Trojan.ExploitDrop.BV) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP20\A0017673.exe (Trojan.ExploitDrop.BV) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP21\A0018149.exe (Trojan.ExploitDrop.BV) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP21\A0018582.exe (Trojan.ExploitDrop.BV) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP22\A0019613.exe (Trojan.Agent.CK) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP23\A0019927.exe (Trojan.Agent.CK) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP23\A0019827.exe (Trojan.Agent.CK) -> No action taken.F:\ndwfq.pif (Trojan.Agent) -> No action taken. (end) I have logs of dds, should I c/p text from it here or just attach them ?
  12. Reikan_Heiwa
    I forgot to say, I deleted them after scan but still same situation
  13. Reikan_Heiwa
    I reinstalled OS - Windows XP SP2 and I got trojan somehow I can't open regedit or msconfig , firewall turn off by it self, I have tuneup utilites and I can acces to task manager and registry with it, but this trojan wont let me install any antivirus software. This is mbam log Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.04.05.02 Windows XP Service Pack 2 x86 NTFSInternet Explorer 8.0.6001.18702 :: CVETKOVI-3FF64A [administrator] 5.4.2014 10:14:09MBAM-log-2014-04-05 (19-59-33).txt Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 297089Time elapsed: 1 hour(s), 14 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Trojan.Agent) -> Data: C:\RECYCLER\S-1-5-21-6858374895-8517247146-070345398-4936\nissan.exe -> No action taken. Registry Data Items Detected: 5HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0(No malicious items detected) Files Detected: 10C:\Documents and Settings\CVETKOVIC\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\003\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP20\A0014381.exe (Trojan.ExploitDrop.BV) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP20\A0016058.exe (Trojan.ExploitDrop.BV) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP20\A0017673.exe (Trojan.ExploitDrop.BV) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP21\A0018149.exe (Trojan.ExploitDrop.BV) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP21\A0018582.exe (Trojan.ExploitDrop.BV) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP22\A0019613.exe (Trojan.Agent.CK) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP23\A0019927.exe (Trojan.Agent.CK) -> No action taken.D:\System Volume Information\_restore{433F27FB-5326-4BCC-87F3-41E9A8B1FFAD}\RP23\A0019827.exe (Trojan.Agent.CK) -> No action taken.F:\ndwfq.pif (Trojan.Agent) -> No action taken. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.