Nesto definitivno nije u redu...

1

Nesto definitivno nije u redu...

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

Prosli put (http://www.mycity.rs/Ambulanta/Preventiva-bad-feeling-ili-virus.html) je ispalo da sam podigao laznu uzbunu. Medjutim, i dalje mi se desavaju cudne stvari na kompu. Od pre par dana ponekad nece da se startuje Firefox iz prve, stranicu google-a maltene nikad ne otvara iz prve, malopre nije hteo da posalje fajl kroz MSN messenger dok nisam isti ugasio, resetovao modem (off-on) i nanovo startovao messenger. Uz sve to, pojavio se neko proces kojeg ranije nisam imao:

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE

Sad se vise ne pojavljuje onaj prozor iz gorenavedene teme (obavestenje da ne moze da ugasi neki program) prilikom resetovanja/gasenja racunara, ali definitivno surfovanje netom nije glatko i bez trzavica, kao sto je ranije bilo.

Evo celog HijackThis loga:

Logfile of HijackThis v1.99.1
Scan saved at 19:52:01, on 04.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\RAM Def XT\ramdef.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\ABBYY Lingvo 11 Multilingual Dictionary\Lvagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\user\Desktop\OO\00.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apeha.ru
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def XT\ramdef.exe -tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 11 Multilingual Dictionary\Lvagent.exe" /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Добавить в Анти-Баннер - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Веб-Антивирус - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE je proces od Epson-a

log deluje cist pa bi te zamolio da proskeniras ewido micro-m i odradis BitDefender online scan.

Skini Ewido micro (8Mb) :
http://downloads.ewido.net/ewido_micro.exe

Kako se radi sa Ewido micro:
- na prvom ekranu odaberi sve particije (štikliraj polja ispred njih)
- klikni na dugme Start Scan
- nakon završenog skeniranja klikni na Save Report i snimi log fajl na sigurno mesto
- klikni na Remove Infections
- iskopiraj nam ovde sadržaj log fajla koji je malopre snimljen

Nakon skeniranja sa Ewidom i postavljanja log fajla, postavi nam i svez log programa HijackThis.

Otvorite BitDefender preko ovog linka: http://www.bitdefender.com/scan8/ie.html (ukoliko koristite internet eksplorer samo kliknite na link ako ne onda startujte internet explorer i kopirajte link. Ovo je bitno jer je skeniranje moguce samo uz internet explorer)

- Kada vam se otvori stranica BitDefender-a procitajte License agreement i ako se slazete sa uslovima kliknite na I Agree
- Pokrenuce se ucitavanje (moze potrajati nekoliko minuta, zavisi od konekcije)
- Ukoliko vam zatrazi instalaciju ActiveX-a dozvolite je
- Otvorice se novi prozor kliknite na Install
- Po zavrsetku instalacije kliknite na Click here to scan
- Pocece prvo updating, pa ce onda skenirati podatke
- Po zavrsetku skeniranja otvorice vam se prozor priblizan ovome [url=https://www.mycity.rs/must-login.png slika[/url] kliknite na Click here to view the report
- U izvestaju cete videti da li je vas racunar zarazen i sta se desilo sa virusima ukoliko ih je skener pronasao. [url=https://www.mycity.rs/must-login.png izgled izvestaja[/url]
- Ukoliko zelite da se vas izvestaj koristi za sastavljanje statistickih podataka o kretanju virusa u svetu kliknite na Send Report

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Spylog
Path: :mozilla.49:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yadro
Path: :mozilla.50:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.64:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.65:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.66:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.67:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.68:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.69:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.70:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.71:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.72:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.73:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.74:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.75:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.76:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.77:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.78:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.79:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.80:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.81:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.82:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.83:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.84:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.85:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.86:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.87:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.88:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.89:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.90:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.91:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.92:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.93:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.94:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.95:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.96:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.97:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.98:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.99:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.100:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.101:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.102:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.103:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.104:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.105:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Statcounter
Path: :mozilla.106:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.109:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.110:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.111:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.124:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Fastclick
Path: :mozilla.125:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hotlog
Path: :mozilla.127:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: :mozilla.162:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.203:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.204:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tacoda
Path: :mozilla.205:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: :mozilla.289:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.291:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.292:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.293:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.294:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.295:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.297:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.298:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.299:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.300:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.301:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Advertising
Path: :mozilla.302:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.406:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.407:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.408:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.409:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.410:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.418:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: :mozilla.419:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.445:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Overture
Path: :mozilla.446:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Realtracker
Path: :mozilla.452:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.462:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.463:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.464:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.465:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.466:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.467:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.468:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.469:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.470:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.471:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.472:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.473:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.474:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.475:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.476:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.477:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.478:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.479:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.480:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.481:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.482:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.483:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.484:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.485:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.519:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.520:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.521:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.536:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Questionmarket
Path: :mozilla.537:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.565:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.566:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bfast
Path: :mozilla.567:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.592:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: :mozilla.593:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.638:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.639:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.640:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Sexcounter
Path: :mozilla.641:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Cqcounter
Path: :mozilla.666:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: :mozilla.667:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Clickzs
Path: :mozilla.668:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.679:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.680:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.681:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.682:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revsci
Path: :mozilla.683:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.691:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.692:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.693:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Pointroll
Path: :mozilla.694:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Casalemedia
Path: :mozilla.707:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.734:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Masterstats
Path: :mozilla.740:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.741:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.742:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Etracker
Path: :mozilla.743:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: :mozilla.770:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Estat
Path: :mozilla.782:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Tribalfusion
Path: :mozilla.787:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bluestreak
Path: :mozilla.798:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: :mozilla.811:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: :mozilla.812:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adjuggler
Path: :mozilla.813:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.824:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Revenue
Path: :mozilla.825:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Information
Path: :mozilla.826:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Coremetrics
Path: :mozilla.844:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.897:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Bridgetrack
Path: :mozilla.899:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.910:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Trafic
Path: :mozilla.922:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.925:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Hitbox
Path: :mozilla.934:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.949:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.951:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adtech
Path: :mozilla.952:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: TrackingCookie.2o7
Path: :mozilla.953:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\8vm0854o.default\cookies.txt
Risk: Medium

Name: Adware.Minibug
Path: C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
Risk: Medium

Name: Backdoor.Bifrose.aas
Path: D:\System Volume Information\_restore{CF875BFC-9B7D-4BEC-9DD8-8CC9FF6E55BA}\RP348\A0096221.exe
Risk: High

Name: Backdoor.Bifrose.aas
Path: G:\Programi - downloaded\Internet Anonym\keygen.exe
Risk: High

Name: Backdoor.Bifrose.aas
Path: G:\Programi - downloaded\Internet Anonym\SIAP2006_8.0.1.rar/keygen.exe
Risk: High

**************************************

Logfile of HijackThis v1.99.1
Scan saved at 23:57:08, on 05.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\RAM Def XT\ramdef.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\ABBYY Lingvo 11 Multilingual Dictionary\Lvagent.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\user\Desktop\OO\00.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.apeha.ru
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def XT\ramdef.exe -tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 11 Multilingual Dictionary\Lvagent.exe" /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Добавить в Анти-Баннер - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Веб-Антивирус - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

********************************************

Odradio sam online sken nocas (treba mu oko 2.5h), ali je Explorer prso pre kraja. Sad Nasao je nekog trojanca, ali nisam mogao da vidim kojeg, jer se pojavio onaj prozor "This program has performed illegal operation..." pa nisam mogao da vidim tacno koji trojanac. Pustio sam sken opet jutros, ali necu moci da vidim kraj skeniranja pre odlaska na posao...

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

sad cu da procackam log. Ako ne uspe da odradi online na bit videcemo za neki drugi

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

Evo BitDefenderovog reporta:

G:\Programi - downloaded\IP_Anonymous_super_pack.rar=>IP_Anonymous_super_pack\IP Anonymous super pack\IP Anonymous tools GERZ.ru.exe=>(ZIP Sfx o)=>AutoPlay/Docs/GA.exe=>(RAR Sfx o)=>GAPro.exe
Infected with: Trojan.Swizzor.BJ

G:\Programi - downloaded\IP_Anonymous_super_pack.rar=>IP_Anonymous_super_pack\IP Anonymous super pack\IP Anonymous tools GERZ.ru.exe=>(ZIP Sfx o)=>AutoPlay/Docs/GA.exe=>(RAR Sfx o)=>GAPro.exe
Disinfection failed

G:\Programi - downloaded\IP_Anonymous_super_pack.rar=>IP_Anonymous_super_pack\IP Anonymous super pack\IP Anonymous tools GERZ.ru.exe=>(ZIP Sfx o)=>AutoPlay/Docs/GA.exe=>(RAR Sfx o)=>GAPro.exe
Deleted

G:\Programi - downloaded\IP_Anonymous_super_pack.rar=>IP_Anonymous_super_pack\IP Anonymous super pack\IP Anonymous tools GERZ.ru.exe=>(ZIP Sfx o)=>AutoPlay/Docs/GA.exe=>(RAR Sfx o)
Update failed

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

nazalost nista pametno nije naso, naso je par komada malwera al nista od toga nije instalirano na sistem.

bilo bi dobro da obrises sledeca dva fajla jer sadrze Backdoor

G:\Programi - downloaded\Internet Anonym\keygen.exe

G:\Programi - downloaded\Internet Anonym\SIAP2006_8.0.1.rar/keygen.exe



- odradi search sistemskog diska i vidi da li postoji folder sa imenom bak

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

Pogledacu veceras kad se vratim kuci, al sutra idem iz grada do ponedeljka, cisto da znas zasto nece biti odgovora...

Inace i dalje se joguni Firefox pri startovanju, mada sada krene, ali sa znatnim cekanjem.

A onaj homepage iz Explorera? Nisam ga ja postavio na apeha.ru. Da nije nesto sa tim?

Dopuna: 07 Mar 2007 18:16

Nema foldera BAK nigde. Ni medju sakrivenim folderima.

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

moskovac izvini sto se ovo ovako oduzilo ali i ja nisam bio tu.

nismo nasli nista sto bi ukazalo da imas instaliran neki malware instaliran na racunaru.

probaj jos da preskeniras sa GMER-om da mozda nema neki rootkit.

Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
U polju za pisanje poruke na forumu klikni desno dugme misa i odaberi opciju Paste.


pa postavi log da vidimo dal ima necega.

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

Evo loga. Nisam stigao ranije, sestra mi je u gostima, sinoc nisam ni palio komp...


GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-15 08:10:48
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys A826C16D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys A826BFC2

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!KiDispatchInterrupt + 100 804DC962 7 Bytes JMP AA5E5CD0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous 804EB9CE 5 Bytes JMP AA5E2C50 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804EDAE4 5 Bytes JMP AA5E2760 \??\C:\WINDOWS\system32\drivers\klif.sys

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\explorer.exe[496] SHELL32.dll!StrStrW + FFE2DA3E 7C9C8920 4 Bytes [ D2, 04, E1, 00 ]
.text C:\WINDOWS\explorer.exe[496] SHELL32.dll!StrStrW + FFE2DAB6 7C9C8998 4 Bytes [ FC, 04, E1, 00 ]
.text C:\WINDOWS\explorer.exe[496] SHELL32.dll!StrStrW + FFE33B16 7C9CE9F8 4 Bytes [ 04, 03, E1, 00 ]
.text C:\WINDOWS\explorer.exe[496] SHELL32.dll!StrStrW + FFE33B26 7C9CEA08 4 Bytes [ 00, 04, E1, 00 ]
.text C:\WINDOWS\explorer.exe[496] SHELL32.dll!StrStrW + FFE34A66 7C9CF948 4 Bytes [ 54, 04, E1, 00 ]
.text ...
.text C:\WINDOWS\explorer.exe[496] SHELL32.dll!ILLoadFromStream + 54F 7CA06334 4 Bytes [ 50, 05, E1, 00 ]
.text C:\WINDOWS\explorer.exe[496] SHELL32.dll!ILLoadFromStream + 65F 7CA06444 4 Bytes [ 26, 05, E1, 00 ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2112] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe

---- Threads - GMER 1.0.12 ----

Thread 4:116 86DAC8E0
Thread 4:120 86DAC8E0
Thread 4:124 86D1A8D0
Thread 4:128 86D1A8D0
Thread 4:132 86D1A8D0
Thread 4:364 86DAC8E0
Thread 4:432 86DAC8E0
Thread 4:608 86DAC8E0
Thread 4:632 860074A0

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\System32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\lapsusi@yahoo.com\SharingMetadata\limited@neobee.net\DFSR\Staging\CS{EB370961-2ACB-F52E-8B25-B97B61FD3CD6}\01\10-{EB370961-2ACB-F52E-8B25-B97B61FD3CD6}-v1-{CD1865C8-2CA4-45BD-A95E-4EE028A398D5}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.12 ----

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

jel imas mozda instaliran neki program uz koji ide hardverski kljuc (dongle)?

29 Mar 2007 14:58 Everybodys_fool Zaključavanje topica Razlog: arhiva  
Ko je trenutno na forumu
 

Ukupno su 1009 korisnika na forumu :: 41 registrovanih, 11 sakrivenih i 957 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Andrija357, babaroga, bojank, bokisha253, danilopu, darkangel, Dimitrise93, DonRumataEstorski, dule10savic, elenemste, Excalibur13, FOX, Georgius, ivan979, Ivica1102, Kubovac, Lutvo_Redzepagic, mackenzie, Magistar78, mercedesamg, milenko crazy north, milutin134, nemkea71, nextyamb, nick79, nuke92, opt1, pacika, royst33, shadower78, slonic_tonic, sombrero, srbijaiznadsvega, Srki94, Steeeefan, vlada035, Yugol33, YugoSlav, zdrebac, Čivi