explorer zeza :)

2

explorer zeza :)

offline
  • nea 
  • Novi MyCity građanin
  • Pridružio: 25 Okt 2007
  • Poruke: 14

DeM14n ::Puna si kao brod Smile

Mr. Green
je, sve su u sytemu32...
uploadala sam ih sve... Smile

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Ok. Da proverimo to pa, dobijes uputstvo.. Budi strpljiva Smile

offline
  • nea 
  • Novi MyCity građanin
  • Pridružio: 25 Okt 2007
  • Poruke: 14

ma dobro, sam se ti zabavljaj s tim, idem ja pse dotle izvest... Razz

inače, komp puno bolje radi nakon onog čišćenja ujutro... i explorer već pol sata miruje... Mr. Green

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Odlično. Idem i ja da setam sebe, kao što sam i planirao, pa nastavljamo kasnije.. Smile

Evo ti uputstvo za sledeci korak. I ne raduj se prerano, racunar ti je i dalje zaražen. Wink

Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

offline
  • nea 
  • Novi MyCity građanin
  • Pridružio: 25 Okt 2007
  • Poruke: 14

da, izgleda da sam se prerano veselila, opet je nesto kad sam skidala ComboFix... Crying or Very sad

evo ovaj log, kolko vidim bilo je puno fileova sličnih onima gore... Very Happy

ComboFix 07-10-23.2 - PC 2007-10-26 23:34:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.451 [GMT 2:00]
Running from: C:\Documents and Settings\PC\Desktop\ComboFix.exe
* Created a new restore point
.
ADS - svchost.exe: deleted 51712 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\PC\Application Data\macromedia\Flash Player\#SharedObjects\JLQNEAD6\www.broadcaster.com
C:\Documents and Settings\PC\Application Data\macromedia\Flash Player\#SharedObjects\JLQNEAD6\www.broadcaster.com\played_list.sol
C:\Documents and Settings\PC\Application Data\macromedia\Flash Player\#SharedObjects\JLQNEAD6\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\PC\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\PC\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aansuxeo.ini
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\abeeg.ini
C:\WINDOWS\system32\acbeg.ini
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.bak2
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\amuqufym.dll
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak2
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\aycdd.bak1
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bquvusbj.dll
C:\WINDOWS\system32\ckgjaguh.ini
C:\WINDOWS\system32\codtdooq.dll
C:\WINDOWS\system32\cscdqqgl.ini
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dgjlm.bak1
C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\system32\dqwulbvx.ini
C:\WINDOWS\system32\dusihhdf.ini
C:\WINDOWS\system32\ecbrysxy.dll
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\ehhkj.bak1
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\erxpmcgd.dll
C:\WINDOWS\system32\fdhhisud.dll
C:\WINDOWS\system32\ffhkj.bak1
C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fhhkj.bak1
C:\WINDOWS\system32\fhhkj.bak2
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.bak2
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.bak2
C:\WINDOWS\system32\gjllm.ini
C:\WINDOWS\system32\hfghukmr.dll
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hktrxbar.dll
C:\WINDOWS\system32\hqenwmiq.dll
C:\WINDOWS\system32\hugajgkc.dll
C:\WINDOWS\system32\ijjlm.bak2
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\jbsuvuqb.ini
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jqxbwvgx.dll
C:\WINDOWS\system32\kdckhhkl.ini
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\lgqqdcsc.dll
C:\WINDOWS\system32\lkhhkcdk.dll
C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\LMIinit.dll
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\mdvovpdi.dll
C:\WINDOWS\system32\mgjadfhw.ini
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\mlkkj.bak2
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\myfuquma.ini
C:\WINDOWS\system32\nnnmp.bak1
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\nqstv.bak1
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\oexusnaa.dll
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.bak2
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\puksnpsx.ini
C:\WINDOWS\system32\qimwneqh.ini
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\sslynhiu.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\ststv.bak1
C:\WINDOWS\system32\ststv.ini
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\toyqayal.dll
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\tstwa.bak2
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\vmnisfcw.dll
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vybeg.bak2
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\vybeg.tmp
C:\WINDOWS\system32\whfdajgm.dll
C:\WINDOWS\system32\winepi32.dll
C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wyadd.bak1
C:\WINDOWS\system32\wyadd.bak2
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\xbeeg.bak1
C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xspnskup.dll
C:\WINDOWS\system32\xvbluwqd.dll
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\yyadd.bak2
C:\WINDOWS\system32\yyadd.ini
C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak2
C:\WINDOWS\system32\yybeg.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.

2007-10-26 23:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-26 11:52 1,508 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-26 11:46 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-26 11:46 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-26 11:46 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-26 11:46 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-26 11:46 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-26 10:35 <DIR> d-------- C:\VundoFix Backups
2007-10-26 00:42 <DIR> d-------- C:\Program Files\IObit
2007-10-26 00:17 <DIR> d-------- C:\Program Files\Trojan Remover
2007-10-24 03:05 <DIR> d-------- C:\Program Files\The Privacy Guard
2007-10-22 17:09 <DIR> d-------- C:\Documents and Settings\Bole\Application Data\Uniblue
2007-10-22 00:34 <DIR> d-------- C:\Program Files\Advanced Port Scanner
2007-10-19 21:56 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-10-19 21:54 <DIR> d-------- C:\Program Files\Xfire
2007-10-19 21:54 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Xfire
2007-10-17 19:08 <DIR> d-------- C:\Program Files\Uniblue
2007-10-17 19:08 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Uniblue
2007-10-13 11:27 248,064 --a------ C:\WINDOWS\UNINST16.EXE
2007-10-13 11:27 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-10-05 15:56 <DIR> d-------- C:\Program Files\ACW
2007-10-04 20:45 <DIR> d-------- C:\Program Files\atom bird more
2007-10-04 20:39 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-04 12:56 <DIR> d-------- C:\Documents and Settings\PC\Application Data\Spyware Terminator
2007-10-04 11:40 74,752 --a------ C:\WINDOWS\system32\AMTCLib.dll
2007-10-03 22:08 <DIR> d-------- C:\WINDOWS\pss
2007-10-03 20:46 <DIR> d-------- C:\Program Files\Crawler
2007-10-03 19:07 <DIR> d-------- C:\WINDOWS\Advanced WindowsCare
2007-10-03 19:06 <DIR> d-------- C:\Program Files\PowerPoint to Flash
2007-09-30 23:40 28 --a------ C:\WINDOWS\mscpt.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 12:25 --------- d-----w C:\Documents and Settings\Bole\Application Data\LimeWire
2007-10-07 18:41 --------- d-----w C:\Documents and Settings\PC\Application Data\BearShare
2007-10-05 20:18 --------- d-----w C:\Program Files\LimeWire
2007-10-04 18:45 --------- d-----w C:\Documents and Settings\PC\Application Data\atom bird more
2007-10-04 13:24 --------- d-----w C:\Program Files\Ofb1
2007-10-04 09:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 09:56 --------- d-----w C:\Program Files\Kazaa
2007-10-04 09:54 --------- d-----w C:\Program Files\ICQToolbar
2007-10-04 09:40 --------- d-----w C:\Program Files\Exit Killer Pro
2007-09-29 22:00 --------- d-----w C:\Documents and Settings\Bole\Application Data\MEGAUPLOADTOOLBAR
2007-09-15 03:13 --------- d-----w C:\Program Files\MSN Messenger
2007-09-15 03:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-09-14 18:44 --------- d-----w C:\Program Files\Java
2007-09-09 22:04 --------- d-----w C:\Program Files\YoutubeEXE
2007-09-07 17:11 --------- d-----w C:\Program Files\MessengerDiscovery
2007-09-07 14:11 --------- d-----w C:\Program Files\Windows Live
2007-09-07 14:11 --------- d-----w C:\Program Files\Adverts
2007-09-04 00:01 --------- d-----w C:\Program Files\Replay Converter
2007-09-03 13:29 --------- d-----w C:\Documents and Settings\PC\Application Data\Talkback
2007-09-02 19:42 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-09-02 19:42 --------- d-----w C:\Documents and Settings\PC\Application Data\GetRightToGo
2007-09-02 19:39 --------- d-----w C:\Program Files\Replay Media Catcher
2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F60EBF4-9FAD-4A07-AB48-DA2A9E5B23C7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E1500AC-87A5-416b-A211-82E848649DA9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-27 17:33]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2002-03-15 23:10]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07]

C:\Documents and Settings\Bole\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 16:19:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^PC^Start Menu^Programs^Startup^T-Com MAXadsl Start.lnk]
backup=C:\WINDOWS\pss\T-Com MAXadsl Start.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\audio debug boob locks]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay]
C:\Program Files\ProxyWay\proxyway.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\xvbluwqd.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\style meal]
C:\DOCUME~1\PC\APPLIC~1\ATOMBI~1\body regs.exe

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS
R3 USB_RNDIS_51;T-Com MAXadsl modem (USB, NDIS);C:\WINDOWS\system32\DRIVERS\usb8023.sys
S2 Apache2.2;Apache2.2;"C:\Documents and Settings\PC\Desktop\xampplite\xampplite\apache\bin\apache.exe" -k runservice
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe"
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys

*Newly Created Service* - FFI
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-10-26 23:40:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
.
Completion time: 2007-10-26 23:41:20 - machine was rebooted
.
--- E O F ---

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Skeniraj komp sa GMER-om i postavi log da proverimo da nema nekih rootkitova, pošto ovaj zadnji log ukazuje na tu mogućnost..

Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
U polju za pisanje poruke na forumu klikni desno dugme misa i odaberi opciju Paste.

offline
  • nea 
  • Novi MyCity građanin
  • Pridružio: 25 Okt 2007
  • Poruke: 14

jesi se prošeto? Mr. Green

evo log:

GMER 1.0.13.12551 - gmer.net
Rootkit scan 2007-10-27 01:01:22
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.13 ----

? C:\DOCUME~1\PC\LOCALS~1\Temp\catchme.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001B60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001AD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001A50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001C10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001830 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] ADVAPI32.dll!CryptDecrypt 77DEA7B1 2 Bytes JMP 28001050 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] ADVAPI32.dll!CryptDecrypt + 3 77DEA7B4 4 Bytes [ 21, B0, CC, CC ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 28003A60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 28003370 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] USER32.dll!SetWindowRgn 7E41FFB2 7 Bytes JMP 28004DB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] USER32.dll!CreateDialogParamW 7E427D4F 5 Bytes JMP 28004E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] USER32.dll!SetWindowPlacement 7E42D84C 5 Bytes JMP 28004CD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 28004FB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] USER32.dll!TrackPopupMenuEx 7E46CD28 5 Bytes JMP 28004230 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] WS2_32.dll!send 71AB428A 5 Bytes JMP 28009120 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 28008F10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] WS2_32.dll!recv 71AB615A 5 Bytes JMP 28008D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 280092A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 280094B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] SHELL32.dll!Shell_NotifyIconW 7CA21B6A 5 Bytes JMP 28002B50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] ole32.dll!CoInitializeEx 774FEF6B 5 Bytes JMP 28001D20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] ole32.dll!CoRegisterClassObject 77518720 5 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] WININET.dll!HttpOpenRequestA 771C36AD 5 Bytes JMP 28007D10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] WININET.dll!InternetCloseHandle 771C4D6C 5 Bytes JMP 28007FF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] WININET.dll!HttpSendRequestA 771C6249 5 Bytes JMP 28007F40 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1756] WININET.dll!InternetReadFile 771C80F4 5 Bytes JMP 28007E70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\BearShare Applications\BearShare\BearShare.exe[4064] USER32.dll!SetScrollInfo 7E419056 5 Bytes JMP 006EE18D C:\Program Files\BearShare Applications\BearShare\BearShare.exe
.text C:\Program Files\BearShare Applications\BearShare\BearShare.exe[4064] USER32.dll!GetScrollBarInfo 7E420D74 5 Bytes JMP 006EE2EE C:\Program Files\BearShare Applications\BearShare\BearShare.exe
.text C:\Program Files\BearShare Applications\BearShare\BearShare.exe[4064] USER32.dll!GetScrollInfo 7E420DA2 5 Bytes JMP 006EE262 C:\Program Files\BearShare Applications\BearShare\BearShare.exe
.text C:\Program Files\BearShare Applications\BearShare\BearShare.exe[4064] USER32.dll!ShowScrollBar 7E42F2B3 5 Bytes JMP 006EE0B2 C:\Program Files\BearShare Applications\BearShare\BearShare.exe
.text C:\Program Files\BearShare Applications\BearShare\BearShare.exe[4064] USER32.dll!GetScrollPos 7E42F6C4 5 Bytes JMP 006EE21F C:\Program Files\BearShare Applications\BearShare\BearShare.exe
.text C:\Program Files\BearShare Applications\BearShare\BearShare.exe[4064] USER32.dll!SetScrollPos 7E42F710 5 Bytes JMP 006EE144 C:\Program Files\BearShare Applications\BearShare\BearShare.exe
.text C:\Program Files\BearShare Applications\BearShare\BearShare.exe[4064] USER32.dll!GetScrollRange 7E42F747 5 Bytes JMP 006EE1D6 C:\Program Files\BearShare Applications\BearShare\BearShare.exe
.text C:\Program Files\BearShare Applications\BearShare\BearShare.exe[4064] USER32.dll!SetScrollRange 7E42F95B 5 Bytes JMP 006EE0F8 C:\Program Files\BearShare Applications\BearShare\BearShare.exe
.text C:\Program Files\BearShare Applications\BearShare\BearShare.exe[4064] USER32.dll!EnableScrollBar 7E467DDD 5 Bytes JMP 006EE2A8 C:\Program Files\BearShare Applications\BearShare\BearShare.exe

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA573BCC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA5737D6] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BA573F94] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BA5741CC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BA5741CC] amon.sys

---- Registry - GMER 1.0.13 ----

Reg \Registry\USER\S-1-5-21-1417001333-1767777339-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x4A 0x9E 0xD2 0xCB ...
Reg \Registry\USER\S-1-5-21-1417001333-1767777339-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x96 0xE6 0x8A 0x57 ...

---- Files - GMER 1.0.13 ----

ADS C:\System Volume Information\_restore{34D39F7D-3F99-4905-B0CB-147FFF70C3C9}\RP30\A0019125.exe:exm.exe

---- EOF - GMER 1.0.13 ----


kolko vidim, tu se uglavnom radi o msn-u i bear share-u... da ja jednostavno pobrišem bearshare? (msn neću... Mr. Green )

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

nea ::jesi se prošeto? Mr. Green
Onako.. i ne puno. Wink

Msn neće niko da ti dira, a bearshare bi mogla da deinstaliraš jer ga ovde vidim kao potencijalnu vezu sa tvojom infekcijom.

Kad završiš sa time postavi novi HJT log, taman dok ja pregledam ovo što si zadnje postavila.

btw. Vidim da si radoznala, i da nagađaš šta se to logovima traži. Evo ti članak o tome šta sam tačno hteo da proverim kod tebe da kad već pratiš proces - ne pratiš u prazno.
http://www.mycity.rs/AV-Objavljeni-radovi/Alternate-Data-Streams.html

offline
  • nea 
  • Novi MyCity građanin
  • Pridružio: 25 Okt 2007
  • Poruke: 14

makla sam ove neke programe, sad ću za sekundu postavit log...

a što se tiče ovog linka... hvala, al logove sam prolistam, ne kužim ja to ništ...
al piše o kojim se programima radi, tolko znam... Very Happy
volim prčkat po softverima i programskim jezicima, al kad se radi o ovim stvarima, za to sam tupava, totalno... Smile
logove ostavljam tebi... Razz

EDIT: evo, morala sam rebootat komp zbog RB-a...

Logfile of HijackThis v1.99.1
Scan saved at 2:06:39, on 27.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\PC\Desktop\HT\TR3.exe

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {2F60EBF4-9FAD-4A07-AB48-DA2A9E5B23C7} - (no file)
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D5021DB-4C10-4CAE-A4F7-494200A57A0F}: NameServer = 195.29.149.197 195.29.149.196
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache2.2 - Unknown owner - C:\Documents and Settings\PC\Desktop\xampplite\xampplite\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Skeniraj opet HJT-om računar, idi na opciju "Do a system scan only" , označi ovu liniju (u onom kvadratiću pored nje) i klikni na "Fix Checked".
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)


Skini [url=https://www.mycity.rs/must-login.png arhivu[/url] i raspakuj je. Pokreni Lista_servisa.bat fajl, sačekaj da se završi postupak i sačuvaj taj txt fajl. Uploaduj ga uz sledeću poruku, koristi za to opciju foruma "Prikači fajl".

Ko je trenutno na forumu
 

Ukupno su 1235 korisnika na forumu :: 38 registrovanih, 6 sakrivenih i 1191 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., Asparagus, Bobrock1, Cassius Clay, CikaKURE, crnogorac, dika69, Dorcolac, FOX, GandorCC, Georgius, HrcAk47, ikan, ILGromovnik, Karla, Kruger, Kubovac, lord sir giga, Luka Blažević, marsovac 2, Metanoja, MIg, milenko crazy north, Milos82, minmatar34957, novator, pein, Pikac-47, Rakenica, raptorsi, RJ, ruma, saputnik plavetnila, shone34, Singidunumac, theNedjeljko, vukovi