problem!!

problem!!

offline
  • Pridružio: 03 Nov 2007
  • Poruke: 42

Logfile of HijackThis v1.99.1
Scan saved at 1:26:59 AM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\_svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jo\Desktop\nesto\tr3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = krstarica.com/
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: C:\WINDOWS\system32\Lfj95jg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Lfj95jg.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\Frjkfl4g.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Frjkfl4g.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Outlook Express] C:\WINDOWS\gmer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SoundMan] " SOUNDMAN.EXE"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{C544F9A2-EEFD-4CCF-ADCC-976E22189885}: NameServer = 77.105.0.19 77.105.0.18
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WXThZDRtxkPw - {C886F7AB-622C-5D01-6DD8-8046ADD97EA7} - C:\WINDOWS\system32\ua.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Microsoft Inet Services - Unknown owner - C:\WINDOWS\system32\_svchost.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

problem je u tome sto mi se stranice na internet exploreru jako sporo ucitavaju i ako imam adsl na 512 mb .sve ostalo radi korektno.imam symantec anti virus.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Pokreni HijackThis, skeniraj i čekiraj sledeće linije:

O2 - BHO: C:\WINDOWS\system32\Lfj95jg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\Lfj95jg.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\Frjkfl4g.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\Frjkfl4g.dll (file missing)
O4 - HKLM\..\Run: [Outlook Express] C:\WINDOWS\gmer.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O21 - SSODL: WXThZDRtxkPw - {C886F7AB-622C-5D01-6DD8-8046ADD97EA7} - C:\WINDOWS\system32\ua.dll (file missing)

Klikni Fix Checked.


-------------------------------------------------------------------------------------


Potraži i ako postoji uploaduj mi sledeći file: C:\WINDOWS\gmer.exe
Upload link: http://www.mycity.rs/ambulanta-upload.php

-------------------------------------------------------------------------------------



Skinuti SDFix na Desktop.

Dupli klik na SDFix.exe ce raspakovati program u folder C:\SDFix, osim ukoliko putanja nije drugacije odredjena pri raspakivanju.


Restartovati kompjuter u Safe Mode
Uci u folder u kojem je raspakovan SDFix i startovati RunThis.bat
Stisnuti Y da bi se zapocelo skeniranje
Nakon skeniranja ce se pojaviti poruka da ce kompjuter biti restartovan
Pritisnuti bilo koji taster da bi se kompjuter restartovao
Nakon restarta ce se automatski pokrenuti jos jedno skeniranje, i po njegovom zavrsetku ce se pojaviti poruka Finished
Nakon ucitavanja desktop ikonica, na ekranu ce se pojaviti izvestaj. Izvestaj ce ujedno biti snimljen i kao Report.txt u folderu u kojem je SDFix raspakovan
Iskopirati izvestaj u poruku na forumu, i postaviti i nov log programa HijackThis



-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

offline
  • Pridružio: 03 Nov 2007
  • Poruke: 42

SDFix: Version 1.119

Run by Jo on Wed 12/26/2007 at 09:36 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
FCI
ICF
runtime

Path:
C:\WINDOWS\system32\svchost.exe:ext.exe
C:\WINDOWS\system32\svchost.exe:exe.exe
\??\C:\WINDOWS\System32\drivers\runtime.sys

FCI - Deleted
ICF - Deleted
runtime - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...

Service NdisWon - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\shift.exe.exe - Deleted
C:\DOCUME~1\Jo\LOCALS~1\Temp\0wl.tmp - Deleted
C:\WINDOWS\system32\7_exception.nls - Deleted
C:\WINDOWS\system32\kr_done1 - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted
C:\WINDOWS\system32\drivers\NdisWon.sys - Deleted



Folder C:\Documents and Settings\All Users\Documents\Settings - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
: ADS Found!

svchost.exe: deleted 76800 bytes in 3 streams.

Checking for remaining Streams

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-12-26 21:43:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kprof]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\kprof"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kprof\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"system32\poof"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kprof]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\kprof"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kprof\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\poof]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"system32\poof"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\poof\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\kprof 7040 bytes executable
C:\WINDOWS\system32\poof 37632 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 2
hidden files: 2


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\bot.exe"="C:\\bot.exe:*:Enabled:Windows Update"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:


Finished!


Logfile of HijackThis v1.99.1
Scan saved at 9:55:32 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jo\Desktop\nesto\tr3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = krstarica.com/
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SoundMan] " SOUNDMAN.EXE"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C544F9A2-EEFD-4CCF-ADCC-976E22189885}: NameServer = 77.105.0.19 77.105.0.18
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Microsoft Inet Services - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

ComboFix 07-12-21.4 - Jo 2007-12-26 21:48:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.89 [GMT 1:00]
Running from: C:\Documents and Settings\Jo\Desktop\ComboFix.exe
.
ADS - explorer.exe: deleted 8 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Microsoft Security Adviser
C:\Program Files\Microsoft Security Adviser\mssadv.exe
C:\WINDOWS\mssadv.dll
C:\WINDOWS\system32\_svchost.exe
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\updates295.exe
C:\WINDOWS\system32\updates298.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KPROF
-------\LEGACY_POOF
-------\LEGACY_RUNTIME


((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.

2007-12-26 21:35 . 2007-12-26 21:35 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-25 21:53 . 2007-12-25 21:53 16,384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-25 14:39 . 2007-12-26 21:17 69,632 --a------ C:\WINDOWS\system32\csrssw.dll
2007-12-25 14:39 . 2007-12-25 14:39 23,806 --a------ C:\WINDOWS\disnisa.config
2007-12-25 14:38 . 2007-12-25 14:38 135,168 --a------ C:\WINDOWS\disnisa.exe
2007-12-25 14:38 . 2007-12-25 14:38 72,192 --a------ C:\bot.exe
2007-12-25 14:38 . 2007-12-25 21:53 36 --a------ C:\WINDOWS\system32\svchost.t__
2007-12-25 14:37 . 2007-12-25 14:37 28,672 --a------ C:\Documents and Settings\Jo\xXx.exe
2007-12-25 14:37 . 2007-12-25 14:37 6,144 --a------ C:\Documents and Settings\Jo\ie_updates3r.exe
2007-12-25 14:37 . 2007-12-26 14:03 418 --a------ C:\WINDOWS\system32\svchost.tmp
2007-12-18 14:56 . 2007-12-18 14:56 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player
2007-12-14 14:50 . 2007-12-14 14:51 0 --a------ C:\dump_dvd.vob
2007-12-11 23:16 . 2007-12-11 23:24 <DIR> d-------- C:\Program Files\Nostalgija.com
2007-12-10 22:00 . 2007-12-26 01:00 <DIR> d-------- C:\Program Files\eMule
2007-12-08 18:59 . 2007-12-08 18:59 <DIR> d-------- C:\WINDOWS\Sun
2007-11-30 12:27 . 2007-11-30 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2007-11-30 12:15 . 2007-11-30 12:15 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-11-30 12:15 . 2007-11-30 12:15 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-11-30 12:15 . 2006-11-06 06:00 198,656 --a------ C:\WINDOWS\system32\CNMLM8O.DLL
2007-11-30 12:14 . 2007-11-30 12:14 <DIR> d--h----- C:\Program Files\CanonBJ
2007-11-30 12:14 . 2007-11-30 12:27 <DIR> d-------- C:\Program Files\Canon
2007-11-30 12:11 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-30 12:11 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 20:51 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-25 19:18 16,896 ----a-w C:\WINDOWS\system32\svchost.exe
2007-12-25 13:43 58,368 ----a-w C:\WINDOWS\system32\spoolsv.exe
2007-12-25 13:43 505,856 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-12-25 13:43 14,336 ----a-w C:\WINDOWS\system32\lsass.exe
2007-12-25 13:43 110,080 ----a-w C:\WINDOWS\system32\services.exe
2007-12-25 13:43 1,034,240 ----a-w C:\WINDOWS\explorer.exe
2007-12-09 20:55 --------- d-----w C:\Program Files\Electronic Arts
2007-11-29 10:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-08 10:55 --------- d-----w C:\Program Files\P2P_Energy
2007-11-04 16:58 9,216 ----a-w C:\WINDOWS\system32\drivers\uji3otqy.sys
2007-11-04 16:58 7,168 ----a-w C:\WINDOWS\system32\drivers\uti3otqy.sys
2007-11-03 01:18 --------- d-----w C:\Program Files\Soulseek-Test
2007-11-02 12:20 --------- d-----w C:\Program Files\Secured_eMule
2007-10-28 19:57 --------- d-----w C:\Program Files\MV2Player
2007-10-28 19:54 893,537 ----a-w C:\Program Files\MV2Player_06[1].010.exe
2007-10-28 17:27 --------- d-----w C:\Documents and Settings\Jo\Application Data\BitTorrent Pro
2007-10-28 16:53 --------- d-----w C:\Program Files\Java
2007-10-28 16:49 --------- d-----w C:\Program Files\Common Files\Java
2007-10-28 14:27 --------- d-----w C:\Program Files\Bullfrog
2007-10-20 19:27 30,720 ----a-w C:\WINDOWS\internt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-05-27 12:17 1326104 --a------ C:\Program Files\Secured_eMule\tbSecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= C:\Program Files\Secured_eMule\tbSecu.dll [2007-05-27 12:17 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 23:05]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
"SoundMan"=" SOUNDMAN.EXE" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 08:08 C:\WINDOWS\soundman.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-09-11 14:29]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-25 21:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-25 21:53]
"DSLSTATEXE"="C:\Program Files\Conexant\Adsl\dslstat.exe" []
"DSLAGENTEXE"="C:\Program Files\Conexant\Adsl\dslagent.exe" []
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2007-12-25 21:53]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
"disnisa"="C:\WINDOWS\disnisa.exe" [2007-12-25 14:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 20:26:24]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 18:04 139264 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
S3trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-02-08 00:40]
R3 wanusb;Conexant USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys [2005-09-22 09:31]
S3 AVZ;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uti3otqy.sys [2007-11-04 17:58]
S3 AVZSG;AVZ-SG Kernel Driver;C:\WINDOWS\system32\Drivers\uji3otqy.sys [2007-11-04 17:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2007-12-24 23:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-23 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-23 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-23 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-24 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-25 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-26 13:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-23 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-23 15:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-24 16:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-23 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-26 00:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-23 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-25 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-25 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-25 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-24 22:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-23 01:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-02 02:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-02 03:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-02 04:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-02 05:00:00 C:\WINDOWS\Tasks\At7.job"
"2007-12-02 06:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\D544LLws.exe
"2007-12-13 07:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\D544LLws.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-12-26 21:51:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
.
Completion time: 2007-12-26 21:52:53 - machine was rebooted

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pokreni HT skeniraj i čekiraj sledeće linije:

O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Microsoft Inet Services - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)

Klikni Fix Checked.


-------------------------------------------------------------------------------------




Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\csrssw.dll
C:\WINDOWS\disnisa.config
C:\WINDOWS\disnisa.exe
C:\bot.exe
C:\WINDOWS\gmer.exe
C:\WINDOWS\system32\svchost.t__
C:\Documents and Settings\Jo\xXx.exe
C:\Documents and Settings\Jo\ie_updates3r.exe
C:\WINDOWS\system32\svchost.tmp
C:\WINDOWS\internt.exe
C:\WINDOWS\system32\D544LLws.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"disnisa"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\bot.exe"=-



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 03 Nov 2007
  • Poruke: 42

ComboFix 07-12-21.4 - Jo 2007-12-27 12:20:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.97 [GMT 1:00]
Running from: C:\Documents and Settings\Jo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jo\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\bot.exe
C:\Documents and Settings\Jo\ie_updates3r.exe
C:\Documents and Settings\Jo\xXx.exe
C:\WINDOWS\disnisa.config
C:\WINDOWS\disnisa.exe
C:\WINDOWS\gmer.exe
C:\WINDOWS\internt.exe
C:\WINDOWS\system32\csrssw.dll
C:\WINDOWS\system32\D544LLws.exe
C:\WINDOWS\system32\svchost.t__
C:\WINDOWS\system32\svchost.tmp
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bot.exe
C:\Documents and Settings\Jo\ie_updates3r.exe
C:\Documents and Settings\Jo\xXx.exe
C:\WINDOWS\disnisa.config
C:\WINDOWS\disnisa.exe
C:\WINDOWS\gmer.exe
C:\WINDOWS\internt.exe
C:\WINDOWS\system32\csrssw.dll
C:\WINDOWS\system32\svchost.t__
C:\WINDOWS\system32\svchost.tmp
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.

2007-12-26 21:35 . 2007-12-26 21:35 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-18 14:56 . 2007-12-18 14:56 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player
2007-12-14 14:50 . 2007-12-14 14:51 0 --a------ C:\dump_dvd.vob
2007-12-11 23:16 . 2007-12-11 23:24 <DIR> d-------- C:\Program Files\Nostalgija.com
2007-12-10 22:00 . 2007-12-27 10:34 <DIR> d-------- C:\Program Files\eMule
2007-12-08 18:59 . 2007-12-08 18:59 <DIR> d-------- C:\WINDOWS\Sun
2007-11-30 12:27 . 2007-11-30 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2007-11-30 12:15 . 2007-11-30 12:15 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-11-30 12:15 . 2007-11-30 12:15 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-11-30 12:15 . 2006-11-06 06:00 198,656 --a------ C:\WINDOWS\system32\CNMLM8O.DLL
2007-11-30 12:14 . 2007-11-30 12:14 <DIR> d--h----- C:\Program Files\CanonBJ
2007-11-30 12:14 . 2007-11-30 12:27 <DIR> d-------- C:\Program Files\Canon
2007-11-30 12:11 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-30 12:11 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 11:15 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-25 19:18 16,896 ----a-w C:\WINDOWS\system32\svchost.exe
2007-12-25 13:43 58,368 ----a-w C:\WINDOWS\system32\spoolsv.exe
2007-12-25 13:43 505,856 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-12-25 13:43 14,336 ----a-w C:\WINDOWS\system32\lsass.exe
2007-12-25 13:43 110,080 ----a-w C:\WINDOWS\system32\services.exe
2007-12-25 13:43 1,034,240 ----a-w C:\WINDOWS\explorer.exe
2007-12-09 20:55 --------- d-----w C:\Program Files\Electronic Arts
2007-11-29 10:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-08 10:55 --------- d-----w C:\Program Files\P2P_Energy
2007-11-04 16:58 9,216 ----a-w C:\WINDOWS\system32\drivers\uji3otqy.sys
2007-11-04 16:58 7,168 ----a-w C:\WINDOWS\system32\drivers\uti3otqy.sys
2007-11-03 01:18 --------- d-----w C:\Program Files\Soulseek-Test
2007-11-02 12:20 --------- d-----w C:\Program Files\Secured_eMule
2007-10-28 19:57 --------- d-----w C:\Program Files\MV2Player
2007-10-28 19:54 893,537 ----a-w C:\Program Files\MV2Player_06[1].010.exe
2007-10-28 17:27 --------- d-----w C:\Documents and Settings\Jo\Application Data\BitTorrent Pro
2007-10-28 16:53 --------- d-----w C:\Program Files\Java
2007-10-28 16:49 --------- d-----w C:\Program Files\Common Files\Java
2007-10-28 14:27 --------- d-----w C:\Program Files\Bullfrog
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-05-27 12:17 1326104 --a------ C:\Program Files\Secured_eMule\tbSecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= C:\Program Files\Secured_eMule\tbSecu.dll [2007-05-27 12:17 1326104]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 23:05]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06]
"SoundMan"=" SOUNDMAN.EXE" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 08:08 C:\WINDOWS\soundman.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-09-11 14:29]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-25 21:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-25 21:53]
"DSLSTATEXE"="C:\Program Files\Conexant\Adsl\dslstat.exe" []
"DSLAGENTEXE"="C:\Program Files\Conexant\Adsl\dslagent.exe" []
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2007-12-25 21:53]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 20:26:24]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 18:04 139264 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
S3trayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 16:12]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-02-08 00:40]
R3 wanusb;Conexant USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys [2005-09-22 09:31]
S3 AVZ;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uti3otqy.sys [2007-11-04 17:58]
S3 AVZSG;AVZ-SG Kernel Driver;C:\WINDOWS\system32\Drivers\uji3otqy.sys [2007-11-04 17:58]
S4 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S4 Microsoft Inet Services;Microsoft Inet Services;C:\WINDOWS\system32\_svchost.exe -A []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-12-27 12:22:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
.
Completion time: 2007-12-27 12:22:53
C:\ComboFix2.txt ... 2007-12-26 21:52

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

offline
  • Pridružio: 03 Nov 2007
  • Poruke: 42

ovo poslednje ne mogu da uradim kada preko desnog klika odem na properties nema system restore
dole pise find target,change icon...negde ne mogu to da nadjem

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

To je zato što si gledao Properties na nekoj kreiranoj prečici do My Computer opcije.

Imaš "original" My Copmuter u Start meniju ako ga nisi uklonio i odatle.

Ako se i tako ne snađeš onda
Start > All Programs > Accessories > System Tools > System Restore
pa odradi postupak koji ti je Bora napisao.

offline
  • Pridružio: 03 Nov 2007
  • Poruke: 42

uspela..hvala mnogo,spasili ste me.

Ko je trenutno na forumu
 

Ukupno su 865 korisnika na forumu :: 45 registrovanih, 6 sakrivenih i 814 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, branko7, caesar, Cigi, cikadeda, Cirkon, djboj, Djokislav, Drug pukovnik, goxin, GreenMan, Hoegaarden, HrcAk47, ikan, ivica976, Kruger, kybonacci, lukac, mane123, Marko Marković, Markogrozni, Mercury, MilosKop, Neo BetOnBit, novator, pavle_pzs, prle122, ruma, ruseskij, sakota79, Skywhaler, Snorks, Srki98, Steeeefan, Tas011, Toni, vasa.93, vathra, VJ, VladaKG1980, vlvl, voja64, Yellow Pinky, Čivi