Poslao: 04 Mar 2009 10:37
|
offline
- Pridružio: 11 Maj 2004
- Poruke: 145
- Gde živiš: Novi Sad
|
Logfile of HijackThis v1.99.1
Scan saved at 10:33:01, on 4.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FreeCommander\FreeCommander.exe
C:\Download\VladimirThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcBQjKa.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A5BFB05E-4EDC-4B72-A1C3-ADEB1BB70508} - C:\WINDOWS\system32\jkkkKCVP.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [48938685] rundll32.exe "C:\WINDOWS\system32\egpjiqbs.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D738B14-285B-4DB3-B52C-9F2BC4A5F38F}: NameServer = 192.168.10.1
O20 - Winlogon Notify: ddcBQjKa - C:\WINDOWS\SYSTEM32\ddcBQjKa.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" -r (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
|
|
|
|
|
Poslao: 04 Mar 2009 14:24
|
offline
- Pridružio: 11 Maj 2004
- Poruke: 145
- Gde živiš: Novi Sad
|
ComboFix 09-03-03.01 - User 2009-03-04 14:11:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.502.157 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: Kaspersky Anti-Virus *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Q.EXE
c:\windows\system32\aquwwj.dll
c:\windows\system32\arbidkhh.dll
c:\windows\system32\ddcBQjKa.dll
c:\windows\system32\eaqmcc.dll
c:\windows\system32\egpjiqbs.dll
c:\windows\system32\fccAQJAs.dll
c:\windows\system32\jkkkKCVP.dll
c:\windows\system32\ojxkbgqt.dll
c:\windows\system32\ormsqwrf.dll
c:\windows\system32\Plugins
c:\windows\system32\Plugins\Hoster\aCallbackMethods.dll
c:\windows\system32\Plugins\Hoster\archivto.dll
c:\windows\system32\Plugins\Hoster\bluehostto.dll
c:\windows\system32\Plugins\Hoster\dataupde.dll
c:\windows\system32\Plugins\Hoster\fastloadnet.dll
c:\windows\system32\Plugins\Hoster\fastshareorg.dll
c:\windows\system32\Plugins\Hoster\fileuploadnet.dll
c:\windows\system32\Plugins\Hoster\megauploadcom.dll
c:\windows\system32\Plugins\Hoster\meinuploadcom.dll
c:\windows\system32\Plugins\Hoster\moosharede.dll
c:\windows\system32\Plugins\Hoster\myvideode.dll
c:\windows\system32\Plugins\Hoster\netloadin.dll
c:\windows\system32\Plugins\Hoster\PluginSettings.ini
c:\windows\system32\Plugins\Hoster\qsharecom.dll
c:\windows\system32\Plugins\Hoster\rapidsharecom.dll
c:\windows\system32\Plugins\Hoster\shareonlinebiz.dll
c:\windows\system32\Plugins\Hoster\shareplacecom.dll
c:\windows\system32\Plugins\Hoster\silofilescom.dll
c:\windows\system32\Plugins\Hoster\speedysharecom.dll
c:\windows\system32\Plugins\Hoster\uploadedto.dll
c:\windows\system32\Plugins\Hoster\yourfilesbiz.dll
c:\windows\system32\Plugins\Hoster\youtubecom.dll
c:\windows\system32\Plugins\YouCrypt\callbackmethods.dll
c:\windows\system32\Plugins\YouCrypt\captcha.dll
c:\windows\system32\Plugins\YouCrypt\cineto.dll
c:\windows\system32\Plugins\YouCrypt\datenbankorg.dll
c:\windows\system32\Plugins\YouCrypt\datenschleuder.dll
c:\windows\system32\Plugins\YouCrypt\ddlscene.dll
c:\windows\system32\Plugins\YouCrypt\ddl(zabranjeno).dll
c:\windows\system32\Plugins\YouCrypt\dreidl.dll
c:\windows\system32\Plugins\YouCrypt\dxpdivxvidorg.dll
c:\windows\system32\Plugins\YouCrypt\gameblog.dll
c:\windows\system32\Plugins\YouCrypt\gamezam.dll
c:\windows\system32\Plugins\YouCrypt\gapping.dll
c:\windows\system32\Plugins\YouCrypt\g(zabranjeno).dll
c:\windows\system32\Plugins\YouCrypt\linkbank.dll
c:\windows\system32\Plugins\YouCrypt\linksafe.dll
c:\windows\system32\Plugins\YouCrypt\LinkSave.dll
c:\windows\system32\Plugins\YouCrypt\lix.dll
c:\windows\system32\Plugins\YouCrypt\mirrorit.dll
c:\windows\system32\Plugins\YouCrypt\netfolderin.dll
c:\windows\system32\Plugins\YouCrypt\onekh.dll
c:\windows\system32\Plugins\YouCrypt\rapidfolder.dll
c:\windows\system32\Plugins\YouCrypt\rapidlayer.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafede.dll
c:\windows\system32\Plugins\YouCrypt\rapidsafenet.dll
c:\windows\system32\Plugins\YouCrypt\relinkus.dll
c:\windows\system32\Plugins\YouCrypt\RScomLinkList.dll
c:\windows\system32\Plugins\YouCrypt\rslayer.dll
c:\windows\system32\Plugins\YouCrypt\saveraidrush.dll
c:\windows\system32\Plugins\YouCrypt\secured.dll
c:\windows\system32\Plugins\YouCrypt\securnet.dll
c:\windows\system32\Plugins\YouCrypt\serienjunkies.dll
c:\windows\system32\Plugins\YouCrypt\shareonall.dll
c:\windows\system32\Plugins\YouCrypt\shareprotect.dll
c:\windows\system32\Plugins\YouCrypt\stealth.dll
c:\windows\system32\Plugins\YouCrypt\tinyurl.dll
c:\windows\system32\Plugins\YouCrypt\UndergroundCMS.dll
c:\windows\system32\Plugins\YouCrypt\uppicoasis.dll
c:\windows\system32\Plugins\YouCrypt\urlcash.dll
c:\windows\system32\Plugins\YouCrypt\usercashcom.dll
c:\windows\system32\Plugins\YouCrypt\xlinkin.dll
c:\windows\system32\PVCKkkkj.ini
c:\windows\system32\PVCKkkkj.ini2
c:\windows\system32\sbqijpge.ini
c:\windows\system32\ssqOeFYp.dll
c:\windows\system32\tqgbkxjo.ini
c:\windows\system32\weoaiuhn.dll
c:\windows\system32\wrfmpy.dll
c:\windows\system32\xdoihqbm.ini
.
((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.
2009-03-04 09:43 . 2009-03-04 09:43 <DIR> d-------- c:\windows\system32\ocr
2009-03-04 09:43 . 2009-03-04 09:43 <DIR> d-------- c:\windows\system32\Data
2009-03-04 09:43 . 2009-03-04 09:53 <DIR> d-------- c:\program files\temp
2009-03-03 09:32 . 2009-03-03 09:32 <DIR> d-------- c:\program files\TryMedia
2009-02-27 12:58 . 2009-02-27 12:58 <DIR> d-------- c:\program files\Infogrames Interactive
2009-02-27 12:58 . 2009-02-27 12:58 <DIR> d-------- c:\program files\directx
2009-02-27 12:57 . 1998-10-02 19:00 327,168 --a------ c:\windows\IsUninst.exe
2009-02-27 12:57 . 2009-02-27 13:02 132 --a------ c:\windows\_delis32.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 13:17 3,071,520 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-04 13:17 108,832 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-04 13:16 42,188 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-04 13:16 11,228 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-04 11:44 --------- d-----w c:\program files\Mozilla Sunbird
2009-03-04 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-09 06:29 --------- d-----w c:\program files\Defraggler
2009-02-04 05:58 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-04 05:58 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-29 06:13 --------- d-----w c:\documents and settings\User\Application Data\Design Science
2009-01-29 06:08 --------- d-----w c:\program files\MathType
2009-01-28 13:30 --------- d-----w c:\program files\DAMN NFO Viewer
2009-01-28 10:12 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-28 10:12 --------- d-----w c:\program files\JRE
2009-01-15 12:40 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-01-15 11:25 --------- d-----w c:\program files\Kaspersky Lab
2009-01-06 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-05 11:56 --------- d-----w c:\program files\7-Zip
2009-01-05 07:36 --------- d-----w c:\program files\Wise Registry Cleaner 3
2008-12-22 11:25 118,784 ----a-w c:\windows\GREUninstall.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eaqmcc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 2006-03-23 05:13 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 2006-03-23 05:17 118784 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 2006-03-23 05:17 94208 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a------ 2004-08-04 13:00 158208 c:\windows\pchealth\helpctr\binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 110592 c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-13 13:05 16239616 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2007-05-15 469935]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-05-30 24344]
.
- - - - ORPHANS REMOVED - - - -
BHO-{5d959b1e-01c2-431b-99ec-f8f39b41548b} - c:\windows\system32\eaqmcc.dll
BHO-{A5BFB05E-4EDC-4B72-A1C3-ADEB1BB70508} - c:\windows\system32\jkkkKCVP.dll
MSConfigStartUp-48938685 - c:\windows\system32\mbqhiodx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {8D738B14-285B-4DB3-B52C-9F2BC4A5F38F} = 192.168.10.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\m3sgnjyl.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-04 14:18:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="08B06054C2F
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2009-03-04 14:19:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-04 13:19:32
Pre-Run: 75.863.478.272 bytes free
Post-Run: 75,795,136,512 bytes free
209 --- E O F --- 2009-01-19 06:19:07
|
|
|
|
Poslao: 04 Mar 2009 15:51
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Iskljuci ponovo Antivirus.
Otvoriti Notepad i iskopirati sledeci tekst:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
DirLook::
c:\windows\system32\ocr
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
--------------------------------
Uploaduj mi sledeci fajl na proveru:
c:\windows\_delis32.ini
preko sledeceg linka:
http://www.mycity.rs/ambulanta-upload.php
|
|
|
|
Poslao: 05 Mar 2009 07:28
|
offline
- Pridružio: 11 Maj 2004
- Poruke: 145
- Gde živiš: Novi Sad
|
Hvala na ekspiditivnosti ali cu ovo moci da uradim sutra ujutro,do 9 najkasnije. Izvini!
Dopuna: 04 Mar 2009 16:35
Hvala na ekspeditivnosti ali cu ovo moci da uradim sutra ujutro,do 9 najkasnije. Izvini!
Dopuna: 05 Mar 2009 7:12
ComboFix 09-03-03.01 - User 2009-03-05 7:04:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.502.287 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: Kaspersky Anti-Virus *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.
2009-03-04 09:43 . 2009-03-04 09:43 <DIR> d-------- c:\windows\system32\ocr
2009-03-04 09:43 . 2009-03-04 09:43 <DIR> d-------- c:\windows\system32\Data
2009-03-04 09:43 . 2009-03-04 09:53 <DIR> d-------- c:\program files\temp
2009-03-03 09:32 . 2009-03-03 09:32 <DIR> d-------- c:\program files\TryMedia
2009-02-27 12:58 . 2009-02-27 12:58 <DIR> d-------- c:\program files\Infogrames Interactive
2009-02-27 12:58 . 2009-02-27 12:58 <DIR> d-------- c:\program files\directx
2009-02-27 12:57 . 1998-10-02 19:00 327,168 --a------ c:\windows\IsUninst.exe
2009-02-27 12:57 . 2009-02-27 13:02 132 --a------ c:\windows\_delis32.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 06:06 3,146,784 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-05 06:06 113,440 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-05 05:57 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-04 13:52 42,500 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-04 13:52 11,420 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-04 11:44 --------- d-----w c:\program files\Mozilla Sunbird
2009-02-09 06:29 --------- d-----w c:\program files\Defraggler
2009-02-04 05:58 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-04 05:58 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-29 06:13 --------- d-----w c:\documents and settings\User\Application Data\Design Science
2009-01-29 06:08 --------- d-----w c:\program files\MathType
2009-01-28 13:30 --------- d-----w c:\program files\DAMN NFO Viewer
2009-01-28 10:12 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-28 10:12 --------- d-----w c:\program files\JRE
2009-01-15 12:40 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-01-15 11:25 --------- d-----w c:\program files\Kaspersky Lab
2009-01-06 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-05 11:56 --------- d-----w c:\program files\7-Zip
2009-01-05 07:36 --------- d-----w c:\program files\Wise Registry Cleaner 3
2008-12-22 11:25 118,784 ----a-w c:\windows\GREUninstall.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\ocr ----
2008-10-16 08:16 219 --a------ c:\windows\system32\ocr\netload.in\netload.bat
((((((((((((((((((((((((((((( SnapShot@2009-03-04_14.18.51.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-04 13:17:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_794.dat
+ 2009-03-05 05:57:21 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_794.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 2006-03-23 05:13 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 2006-03-23 05:17 118784 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 2006-03-23 05:17 94208 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a------ 2004-08-04 13:00 158208 c:\windows\pchealth\helpctr\binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 110592 c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-13 13:05 16239616 c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2007-05-15 469935]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-05-30 24344]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {8D738B14-285B-4DB3-B52C-9F2BC4A5F38F} = 192.168.10.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\m3sgnjyl.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-05 07:06:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="08B06054
.
Completion time: 2009-03-05 7:07:36
ComboFix-quarantined-files.txt 2009-03-05 06:07:33
ComboFix2.txt 2009-03-04 13:19:37
Pre-Run: 75.827.871.744 bytes free
Post-Run: 75,814,363,136 bytes free
123 --- E O F --- 2009-01-19 06:19:07
Dopuna: 05 Mar 2009 7:28
Fajl sam poslao c:\windows\_delis32.ini
|
|
|
|
Poslao: 05 Mar 2009 10:08
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Kakvo je sad stanje racunara?
|
|
|
|
Poslao: 05 Mar 2009 11:46
|
offline
- Pridružio: 11 Maj 2004
- Poruke: 145
- Gde živiš: Novi Sad
|
Ne primecujem nikave probleme! Radi lepo.
|
|
|
|
Poslao: 05 Mar 2009 12:47
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Drago mi je.
Uradi jos ovo:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK
Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore
|
|
|
|