Provera loga

1

Provera loga

offline
  • Pridružio: 26 Nov 2008
  • Poruke: 24

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:28, on 26.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\windows\system32\aaomkcq.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Tamara\Desktop\BoxterBG\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [aaomkcq] "c:\windows\system32\aaomkcq.exe" aaomkcq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C3E1F33-F06F-448E-AFCF-869676F5558C}: NameServer = 212.200.82.4 212.200.82.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6332 bytes



Zdravo!

Kompjuter mi je usporen,pa vas molim da mi proverite log.Hvala!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.





Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 26 Nov 2008
  • Poruke: 24

ComboFix 08-11-26.03 - Tamara 2008-11-27 0:30:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.73 [GMT 1:00]
Running from: c:\documents and settings\Tamara\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tamara\ravmonlog
c:\program files\AntiSpywareGuard
c:\windows\dialerexe.ini
c:\windows\svchost.exe
c:\windows\system32\aaomkcq.dat
c:\windows\system32\aaomkcq.exe
c:\windows\system32\aaomkcq_nav.dat
c:\windows\system32\aaomkcq_navps.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\nsinet.exe
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER
-------\Service_NPF
-------\Service_PowerManager


((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))
.

2008-11-26 03:24 . 2008-11-27 00:03 69 --a------ c:\windows\NeroDigital.ini
2008-11-26 03:12 . 2008-11-27 00:03 7,695 --a------ c:\windows\system32\systemdata
2008-11-26 02:34 . 2005-09-01 12:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2008-11-26 02:32 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-11-26 02:32 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2008-11-26 02:32 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2008-11-26 02:32 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2008-11-26 02:32 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2008-11-26 02:32 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-11-26 02:26 . 2008-11-26 02:26 54,784 --a------ c:\windows\system32\systemdata.exe
2008-11-26 00:50 . 2008-11-26 00:50 <DIR> d-------- c:\documents and settings\Tamara\Application Data\AntiSpywareGuard
2008-11-21 10:08 . 2008-11-21 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-15 05:02 . 2008-11-26 02:36 <DIR> d-------- c:\documents and settings\Tamara\Application Data\Ahead
2008-11-15 04:42 . 2008-11-15 04:42 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-15 04:42 . 2008-11-15 04:42 <DIR> d-------- c:\program files\Ahead
2008-11-15 04:42 . 2001-07-06 13:41 569,344 --a------ c:\windows\system32\imagr5.dll
2008-11-15 04:42 . 2001-07-06 11:44 544,768 --a------ c:\windows\system32\imagx5.dll
2008-11-15 04:42 . 2001-07-06 17:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2008-11-15 04:42 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-11-15 04:42 . 2003-09-15 13:56 57,344 --a------ c:\windows\system32\ImageDrive.cpl
2008-11-15 04:42 . 2001-06-26 07:15 38,912 --a------ c:\windows\system32\picn20.dll
2008-11-15 04:42 . 2005-09-01 12:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2008-11-09 22:32 . 2008-11-09 22:32 <DIR> d-------- c:\documents and settings\Tamara\Application Data\Uniblue
2008-11-09 21:43 . 2008-11-09 21:56 <DIR> d-------- c:\documents and settings\Tamara\Application Data\MSNInstaller
2008-10-30 01:39 . 2008-11-27 00:08 <DIR> d-------- c:\documents and settings\Tamara\Application Data\skypePM
2008-10-30 01:39 . 2008-10-30 01:39 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-30 01:33 . 2008-10-30 01:33 <DIR> d-------- c:\program files\Skype
2008-10-30 01:33 . 2008-10-30 01:33 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-30 01:33 . 2008-11-27 00:26 <DIR> d-------- c:\documents and settings\Tamara\Application Data\Skype
2008-10-30 01:32 . 2008-10-30 01:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 23:34 9,424 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-26 23:34 401,440 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-26 23:34 2,452 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-26 23:34 1,068,064 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-26 23:12 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-25 23:52 --------- d-----w c:\program files\FlashGet
2008-11-25 00:58 --------- d-----w c:\documents and settings\Tamara\Application Data\mIRC
2008-11-25 00:49 --------- d-----w c:\program files\mIRC
2008-11-08 03:23 --------- d-----w c:\program files\Common Files\Stardock
2008-11-07 15:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-05 11:26 --------- d-----w c:\program files\Java
2008-11-05 11:23 --------- d-----w c:\program files\BitComet
2008-10-30 01:47 --------- d-----w c:\documents and settings\Tamara\Application Data\Thinstall
2008-10-13 23:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 23:59 --------- d-----w c:\program files\Singles
2008-10-13 23:36 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-13 23:31 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-10-13 23:28 --------- d-----w c:\program files\AC3Filter
2008-10-08 00:49 --------- d-----w c:\program files\FastStone Image Viewer
2008-10-08 00:49 --------- d-----w c:\documents and settings\Tamara\Application Data\FastStone
2008-10-08 00:45 --------- d-----w c:\program files\Nuclear Coffee
2008-10-08 00:41 --------- d-----w c:\program files\Stardock
2008-10-08 00:28 --------- d-----w c:\program files\totalcmd
2008-10-08 00:17 --------- d-----w c:\program files\Godlike Developers
2008-10-02 00:24 --------- d-----w c:\program files\Micro DVD Player
2008-10-02 00:22 --------- d-----w c:\program files\DivX
2008-10-02 00:05 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-30 10:32 --------- d-----w c:\program files\Opera
2008-09-27 10:09 --------- d-----w c:\documents and settings\Tamara\Application Data\CometNetwork
2008-09-23 19:27 79,792 ----a-w c:\program files\wmp-lyrc.exe
2008-09-23 19:20 870,595 -c--a-w c:\program files\evillyrics_setup.exe
2005-12-13 22:03 24,192 ----a-w c:\documents and settings\Tamara\usbsermptxp.sys
2005-12-13 22:03 22,768 ----a-w c:\documents and settings\Tamara\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-09-16 1667584]
"ares"="c:\program files\Ares\Ares.exe" [2008-08-21 888832]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Tamara\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-08 2664184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-18 1205840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15149:TCP"= 15149:TCP:NortonAV
"17967:TCP"= 17967:TCP:NortonAV
"12371:TCP"= 12371:TCP:NortonAV
"13257:TCP"= 13257:TCP:NortonAV
"18828:TCP"= 18828:TCP:NortonAV
"14344:TCP"= 14344:TCP:NortonAV
"17155:TCP"= 17155:TCP:NortonAV
"22516:TCP"= 22516:TCP:BitComet 22516 TCP
"22516:UDP"= 22516:UDP:BitComet 22516 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\Drivers\adildr.sys [2008-09-18 56088]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B11F7269-8FEB-29CD-A814-7506EBBF8E50}]
c:\windows\system32\systemdata.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-aaomkcq - c:\windows\system32\aaomkcq.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Tamara\Application Data\Mozilla\Firefox\Profiles\bpodzxh8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.atcomet.com/b/
FF -: plugin - c:\documents and settings\Tamara\Desktop\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - c:\documents and settings\Tamara\Desktop\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - c:\program files\Opera\program\plugins\nppl3260.dll
FF -: plugin - c:\program files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-27 00:35:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\klogon.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Opera\opera.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-11-27 0:39:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-26 23:39:23

Pre-Run: 301.457.408 bytes free
Post-Run: 279,724,032 bytes free

208 --- E O F --- 2008-09-17 00:45:04











Evo iskopirao sam sve,uradio po datim uputstvima i cekam novi odgovor.
Unapred vrlo zahvalan!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ne treba da pokrećeš ComboFix direktno iz browsera, već ga je potrebno sačuvati na Desktop (desni klik na neki od datih linkova, pa Save as, Save target as, Save linked content as... ili slična opcija.)

Znači, skini ComboFix na Desktop kako bi mogao da ispratiš sledeće uputstvo.


-------------------------------------------------------------------------------------


Arrow Skini sledeći program: http://amf.mycity.rs/personal/dr_Bora/Win32.Rjump_Port_Exception_Cleaner.exe

Pokreni ga dvoklikom i isprati postupak do kraja.


-------------------------------------------------------------------------------------


Arrow Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\systemdata
c:\windows\system32\systemdata.exe

Folder::
c:\documents and settings\Tamara\Application Data\AntiSpywareGuard

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B11F7269-8FEB-29CD-A814-7506EBBF8E50}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 26 Nov 2008
  • Poruke: 24

ComboFix 08-11-28.03 - Tamara 2008-11-29 17:27:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.45 [GMT 1:00]
Running from: c:\documents and settings\Tamara\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tamara\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\systemdata
c:\windows\system32\systemdata.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tamara\Application Data\AntiSpywareGuard
c:\documents and settings\Tamara\Application Data\AntiSpywareGuard\Logs\scns.log
c:\windows\system32\systemdata
c:\windows\system32\systemdata.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-29 01:55 . 2008-11-29 01:53 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-26 03:24 . 2008-11-29 04:34 69 --a------ c:\windows\NeroDigital.ini
2008-11-26 02:34 . 2005-09-01 12:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2008-11-26 02:32 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-11-26 02:32 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2008-11-26 02:32 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2008-11-26 02:32 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2008-11-26 02:32 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2008-11-26 02:32 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-11-21 10:08 . 2008-11-27 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-15 05:02 . 2008-11-26 02:36 <DIR> d-------- c:\documents and settings\Tamara\Application Data\Ahead
2008-11-15 04:42 . 2008-11-15 04:42 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-15 04:42 . 2008-11-15 04:42 <DIR> d-------- c:\program files\Ahead
2008-11-15 04:42 . 2001-07-06 13:41 569,344 --a------ c:\windows\system32\imagr5.dll
2008-11-15 04:42 . 2001-07-06 11:44 544,768 --a------ c:\windows\system32\imagx5.dll
2008-11-15 04:42 . 2001-07-06 17:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2008-11-15 04:42 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-11-15 04:42 . 2003-09-15 13:56 57,344 --a------ c:\windows\system32\ImageDrive.cpl
2008-11-15 04:42 . 2001-06-26 07:15 38,912 --a------ c:\windows\system32\picn20.dll
2008-11-15 04:42 . 2005-09-01 12:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2008-11-09 22:32 . 2008-11-09 22:32 <DIR> d-------- c:\documents and settings\Tamara\Application Data\Uniblue
2008-11-09 21:43 . 2008-11-09 21:56 <DIR> d-------- c:\documents and settings\Tamara\Application Data\MSNInstaller
2008-10-30 01:39 . 2008-11-29 16:03 <DIR> d-------- c:\documents and settings\Tamara\Application Data\skypePM
2008-10-30 01:39 . 2008-10-30 01:39 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-30 01:33 . 2008-10-30 01:33 <DIR> d-------- c:\program files\Skype
2008-10-30 01:33 . 2008-10-30 01:33 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-30 01:33 . 2008-11-29 17:29 <DIR> d-------- c:\documents and settings\Tamara\Application Data\Skype
2008-10-30 01:32 . 2008-10-30 01:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 00:53 --------- d-----w c:\program files\Java
2008-11-29 00:21 --------- d-----w c:\program files\FlashGet
2008-11-28 12:08 9,424 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-28 12:08 401,440 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-28 12:08 2,452 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-28 12:08 1,068,064 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-28 12:08 --------- d-----w c:\documents and settings\Tamara\Application Data\mIRC
2008-11-28 06:16 --------- d-----w c:\program files\mIRC
2008-11-26 23:12 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-08 03:23 --------- d-----w c:\program files\Common Files\Stardock
2008-11-07 15:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-05 11:23 --------- d-----w c:\program files\BitComet
2008-10-30 01:47 --------- d-----w c:\documents and settings\Tamara\Application Data\Thinstall
2008-10-13 23:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-13 23:59 --------- d-----w c:\program files\Singles
2008-10-13 23:36 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-13 23:31 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-10-13 23:28 --------- d-----w c:\program files\AC3Filter
2008-10-08 00:49 --------- d-----w c:\program files\FastStone Image Viewer
2008-10-08 00:49 --------- d-----w c:\documents and settings\Tamara\Application Data\FastStone
2008-10-08 00:45 --------- d-----w c:\program files\Nuclear Coffee
2008-10-08 00:41 --------- d-----w c:\program files\Stardock
2008-10-08 00:28 --------- d-----w c:\program files\totalcmd
2008-10-08 00:17 --------- d-----w c:\program files\Godlike Developers
2008-10-02 00:24 --------- d-----w c:\program files\Micro DVD Player
2008-10-02 00:22 --------- d-----w c:\program files\DivX
2008-10-02 00:05 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-09-30 10:32 --------- d-----w c:\program files\Opera
2008-09-23 19:27 79,792 ----a-w c:\program files\wmp-lyrc.exe
2008-09-23 19:20 870,595 -c--a-w c:\program files\evillyrics_setup.exe
2005-12-13 22:03 24,192 ----a-w c:\documents and settings\Tamara\usbsermptxp.sys
2005-12-13 22:03 22,768 ----a-w c:\documents and settings\Tamara\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-27_ 0.38.49.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-11-29 00:53:45 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-29 00:53:45 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-29 00:53:45 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-29 00:55:10 16,384 ----atw c:\windows\temp\Perflib_Perfdata_910.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-09-16 1667584]
"ares"="c:\program files\Ares\Ares.exe" [2008-08-21 888832]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Tamara\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-08 2664184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-18 1205840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22516:TCP"= 22516:TCP:BitComet 22516 TCP
"22516:UDP"= 22516:UDP:BitComet 22516 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\Drivers\adildr.sys [2008-09-18 56088]

*Newly Created Service* - JAVAQUICKSTARTERSERVICE
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-29 17:29:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\klogon.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
.
Completion time: 2008-11-29 17:31:30
ComboFix-quarantined-files.txt 2008-11-29 16:31:18
ComboFix2.txt 2008-11-26 23:39:29

Pre-Run: 109.256.704 bytes free
Post-Run: 102,297,600 bytes free

175 --- E O F --- 2008-09-17 00:45:04






Evo sa nesto zakasnjenja saljem rezultate uz izvinjenje...
Cekam dalja uputstva.
Pozdrav!
Wink

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo izgleda ok.

Kakvo je sada stanje?

offline
  • Pridružio: 26 Nov 2008
  • Poruke: 24

Kaspersky mi nalazi jos 97 pretnji odnosno virusa koje ne moze da dezinfikuje.Kompjuter i dalje nema nominalnu brzinu.Cekam dalja uputstva...
Pozdrav uz nadu da cu konacno uz vasu pomoc uspeti da resim vise ovaj veliki problem.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

1) Šta Kaspersky detektuje? Napiši nazive nekih od detektovanih file-ova (ili iskopiraj ovde log skeniranja).

2) Postavi svež ComboFix log (pošto ovaj koji je star gotovo nedelju dana nije od bilo kakve koristi).

offline
  • Pridružio: 26 Nov 2008
  • Poruke: 24

ok,uradicu to veceras kasno i saljem log jer nema sanse da sve to ovde ispisem ovako iz glave...
skeniracu ponovo i saljem ceo log.koji combo fix da skinem?jel onaj koji sam dobio u tvom prvom odgovoru?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

ComboFix će ti sam ponuditi da se ažurira kada ga pokreneš (a možeš i ti odmah da skineš novu verziju sa linkova koje si ranije dobio).

Ko je trenutno na forumu
 

Ukupno su 1132 korisnika na forumu :: 44 registrovanih, 8 sakrivenih i 1080 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: airsuba, ajo baba, Andrija357, ArchaBasha, Asparagus, babaroga, BraneS, BSD, bufanje, cifra, Darko8, dmdr, doktor1964, draganca, draggan, GenZee, gorican, HogarStrashni, HrcAk47, Ivica1102, Krusarac, Krvava Devetka, Kubovac, kybonacci, LUDI, mikrimaus, mile23, milenko crazy north, milimoj, milos.cbr, moldway, nemkea71, oldtimer, opt1, Panter, panzerwaffe, Parker, pein, stalja, vathra, Velizar, Webb, YugoSlav, Zi0mek