MyCity » Ambulanta -> Arhiva Ambulante » BHO koji ne mogu obrisati

BHO koji ne mogu obrisati

Napisano na dan: 16.2.2008

Strana:
1
2

BHO koji ne mogu obrisati

Sledeća strana

Pagination

Odgovori

Strana:
1
2

dragan54 Poslao: 16 Feb 2008 11:56 Idi na vrh
offline dragan54 Novi MyCity građanin Pridružio: 16 Feb 2008 Poruke: 19	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na racunar mi se zakacio BHO.NCA trojanac i to u sistem32 na cd.dll. Jedino ga je NOD 32 prepoznao i stalno me upozorava ali ja nemogu nista uciniti jer je fajl zakljucan. Nadjem ga, ali neznam kako dalje da ga obrisem. Molim pomo.

Profil

dr_Bora Poslao: 16 Feb 2008 13:20 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Pročitaj sledeću temu: [Link mogu videti samo ulogovani korisnici] i isprati uputstvo za postavljanje HijackThis loga.

Profil

dragan54 Poslao: 16 Feb 2008 13:50 Idi na vrh
offline dragan54 Novi MyCity građanin Pridružio: 16 Feb 2008 Poruke: 19	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 13:43:15, on 16.2.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Ares\Ares.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\dragan\Desktop\Draganov folder\T3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [Link mogu videti samo ulogovani korisnici] R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: win 32/bho.nca trojan - {86013DFD-7466-4109-AD8D-C14A2228133B} - C:\WINDOWS\system32\cd.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=022908 serial=... lang=EN O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{BB12BC52-C64F-409B-AFE9-16072969CEA0}: NameServer = 194.247.192.1 194.247.192.33 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Speed Disk service - Analog Devices, Inc. - (no file) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Profil

dr_Bora Poslao: 16 Feb 2008 14:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Koristiš tri AntiVirus programa - to nikako ne ide. Odluči se za jednog, ostale deinstaliraj. ------------------------------------------------------------------------------------- 2. Kada si odradio deinstalaciju suvišnih AV-ova, uploaduj mi file: C:\WINDOWS\system32\cd.dll preko sledeće upload forme: [Link mogu videti samo ulogovani korisnici] ------------------------------------------------------------------------------------- 3. Zatim skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

dragan54 Poslao: 16 Feb 2008 15:46 Idi na vrh
offline dragan54 Novi MyCity građanin Pridružio: 16 Feb 2008 Poruke: 19	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! C:\WINDOWS\system32\cd.dll ne mogu poslati na nacin na koji ste mi predlozili jer je veci od 10Mb, da li imate drugi predlog? Saljem C:\WINDOWS\system32\cd.dll ComboFix 08-02-16.2 - dragan 2008-02-16 15:21:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.111 [GMT 1:00] Running from: C:\Documents and Settings\dragan\Desktop\Draganov folder\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\msssc.dll . ((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))) . 2008-02-16 15:05 . 2008-02-16 15:05 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\Spyware Terminator 2008-02-16 15:05 . 2008-02-16 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-02-14 12:18 . 2008-02-14 18:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-14 11:01 . 2008-02-14 11:01 <DIR> d-------- C:\Program Files\Soft4Ever 2008-02-14 11:01 . 2008-02-14 11:01 77,184 --a------ C:\WINDOWS\system32\drivers\lnsfw1.sys 2008-02-14 11:01 . 2008-02-14 11:01 45,824 --a------ C:\WINDOWS\system32\drivers\lnsfw.sys 2008-02-14 11:01 . 2008-02-14 11:01 36,924 --a------ C:\WINDOWS\system32\fwapi.dll 2008-02-14 01:38 . 2008-02-16 13:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-14 01:37 . 2008-02-14 18:08 <DIR> d-------- C:\Program Files\Trojan Remover 2008-02-14 01:37 . 2008-02-14 01:37 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\Simply Super Software 2008-02-14 01:37 . 2008-02-14 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-02-14 01:37 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-02-14 01:37 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-02-14 01:37 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-02-14 01:37 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-02-14 01:37 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-02-13 17:27 . 2008-02-13 17:32 374 ---h----- C:\PANDA.RPT 2008-02-13 00:45 . 2008-02-13 00:45 <DIR> d-------- C:\Program Files\URUSoft 2008-02-12 23:09 . 2008-02-12 23:09 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\Sony 2008-02-12 23:07 . 2008-02-12 23:07 <DIR> d-------- C:\Program Files\Sony 2008-02-12 23:07 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll 2008-02-12 23:07 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll 2008-02-12 23:07 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll 2008-02-12 23:07 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2008-02-12 23:07 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx 2008-02-12 23:07 . 2008-02-12 23:07 156,910 --a------ C:\WINDOWS\WMSysPr8.prx 2008-02-12 23:03 . 2008-02-12 23:03 <DIR> d-------- C:\Program Files\Sony Setup 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankProtocol 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankPacManager 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankMedium 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankHandler 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankFormat 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankDevice 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankContents 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\Frank 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp 2008-02-11 16:53 . 2008-02-11 16:53 268 --ah----- C:\sqmdata02.sqm 2008-02-11 16:53 . 2008-02-11 16:53 244 --ah----- C:\sqmnoopt02.sqm 2008-02-11 10:23 . 2008-02-11 10:23 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Spyware Terminator 2008-02-11 10:21 . 2008-02-13 01:36 <DIR> d-------- C:\Program Files\Crawler 2008-02-10 16:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-10 16:08 . 2008-02-10 16:09 <DIR> d-------- C:\Program Files\Java 2008-02-10 16:02 . 2008-02-10 16:02 <DIR> d-------- C:\Program Files\Common Files\Java 2008-02-10 15:59 . 2008-02-10 15:59 0 --a------ C:\WINDOWS\mozver.dat 2008-01-31 22:36 . 2008-01-31 22:36 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-01-31 22:36 . 2008-01-31 22:36 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-01-31 22:36 . 2008-01-31 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-01-31 22:34 . 2008-01-31 22:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-01-31 02:28 . 2007-03-28 19:42 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-01-31 02:26 . 2008-02-14 09:12 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2008-01-31 02:26 . 2008-01-31 02:26 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\TuneUp Software 2008-01-31 02:25 . 2008-02-14 10:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-31 02:25 . 2008-01-31 02:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-01-31 02:00 . 2008-01-31 02:00 <DIR> d--h----- C:\WINDOWS\PIF 2008-01-31 01:06 . 2008-02-04 23:37 <DIR> d-------- C:\originali za studio 2008-01-30 20:05 . 2008-01-30 20:05 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\Corel 2008-01-30 20:01 . 2008-01-30 20:01 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-01-30 19:59 . 2008-01-30 19:59 <DIR> d-------- C:\Program Files\Corel 2008-01-30 19:56 . 2008-01-30 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel 2008-01-30 14:09 . 2008-01-30 14:14 <DIR> d-------- C:\Program Files\Counter-Strike 2008-01-29 14:34 . 2008-01-29 14:34 <DIR> d-------- C:\Program Files\avi.NET 2008-01-28 10:42 . 2008-02-14 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-28 10:30 . 2003-03-19 08:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2008-01-28 10:30 . 2003-03-19 06:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-01-28 10:30 . 2003-02-21 14:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-01-28 10:30 . 2003-03-19 05:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-01-27 21:29 . 2008-02-14 01:33 <DIR> d-------- C:\Program Files\XoftSpySE 2008-01-27 00:33 . 2008-02-16 13:10 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\skypePM 2008-01-27 00:33 . 2008-01-27 00:33 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-27 00:28 . 2008-01-27 00:28 <DIR> d-------- C:\Program Files\Skype 2008-01-27 00:28 . 2008-01-27 00:28 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-01-27 00:28 . 2008-02-16 15:10 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\Skype 2008-01-27 00:28 . 2008-01-27 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-01-26 20:01 . 2008-02-04 18:49 <DIR> d-------- C:\Program Files\BitTorrent 2008-01-26 20:01 . 2008-02-13 21:09 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\BitTorrent 2008-01-26 19:31 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-26 16:48 . 2008-01-26 16:48 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\CyberLink 2008-01-26 11:47 . 2008-02-07 23:30 <DIR> d-------- C:\Program Files\ESET 2008-01-25 18:40 . 2004-08-03 23:56 84,480 --a------ C:\WINDOWS\system32\cd.dll 2008-01-25 17:43 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2008-01-25 17:43 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2008-01-25 17:43 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2008-01-25 17:43 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2008-01-25 17:26 . 2008-01-25 17:26 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-01-25 12:38 . 2008-01-25 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-25 11:49 . 2008-01-25 11:49 <DIR> d---s---- C:\Documents and Settings\dragan\UserData 2008-01-25 10:22 . 2008-01-25 10:22 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS 2008-01-25 10:20 . 2008-01-25 10:20 <DIR> d-------- C:\Program Files\HP 2008-01-25 10:20 . 2008-01-25 10:22 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-01-25 10:20 . 2008-01-25 10:23 163,854 --a------ C:\WINDOWS\hpdj3600.his 2008-01-25 10:20 . 2008-01-25 10:23 7,582 --a------ C:\WINDOWS\hpdj3600.ini 2008-01-25 10:19 . 2008-01-25 10:19 3,857 --a------ C:\WINDOWS\hpbvspst.his 2008-01-25 10:19 . 2008-01-25 10:19 478 --a------ C:\WINDOWS\hpbvspst.ini 2008-01-24 23:08 . 2008-02-07 17:53 49 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-24 21:00 . 2008-02-15 10:10 <DIR> d-------- C:\Univerzalni zivot 2008-01-24 20:23 . 2008-01-24 20:27 <DIR> d-------- C:\programi Sn 2008-01-24 14:43 . 2008-01-24 14:43 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-24 12:40 . 2008-01-24 12:40 <DIR> d-------- C:\Program Files\DivX 2008-01-24 12:40 . 2008-01-24 12:40 2,098 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-24 12:40 . 2008-01-24 12:40 56 -r-hs---- C:\WINDOWS\system32\BE441471EE.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-28 10:18 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-02-16 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-30 19:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-23 18:03 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-01-23 10:33 --------- d-----w C:\Program Files\Analog Devices 2008-01-23 10:24 --------- d-----w C:\Program Files\microsoft frontpage . `<pre> ----a-w 8,394,942 2005-08-09 07:12:28 C:\Programs\NOD32 Antivirus v2.5\NOD 32_Xp .exe </pre>` ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86013DFD-7466-4109-AD8D-C14A2228133B}] 2004-08-03 23:56 84480 --a------ C:\WINDOWS\system32\cd.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872] "ares"="C:\Program Files\Ares\Ares.exe" [2007-11-23 17:18 962560] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-24 12:42 171448] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 09:50 4112384] "nwiz"="nwiz.exe" [2004-07-12 09:50 843776 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-12 09:50 81920] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22 50880] "ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23 34504] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-23 12:59 185896] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 12:42 176128] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2010-01-28 11:18 917504] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-02-09 14:05 744528] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-23 18:54:05 839680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2008-02-14 11:01] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56] R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50] R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2002-08-14 06:03] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25] S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-02-15 16:17:01 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-02-09 07:41:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-25 09:23:59 C:\WINDOWS\Tasks\WebReg 20080125102358.job" - C:\Program Files\Hewlett-Packard\webreg\bin\hpqwrg.exeC/TaskName 20080125102358 /N . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-02-16 15:30:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-16 15:31:27 ComboFix-quarantined-files.txt 2008-02-16 14:31:22

Profil

dr_Bora Poslao: 16 Feb 2008 17:30 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\cd.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86013DFD-7466-4109-AD8D-C14A2228133B}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

dragan54 Poslao: 17 Feb 2008 01:30 Idi na vrh
offline dragan54 Novi MyCity građanin Pridružio: 16 Feb 2008 Poruke: 19	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-02-16.2 - dragan 2008-02-17 1:17:06.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.92 [GMT 1:00] Running from: C:\Documents and Settings\dragan\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\dragan\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\cd.dll . ((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))) . 2008-02-16 15:05 . 2008-02-16 15:05 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\Spyware Terminator 2008-02-16 15:05 . 2008-02-16 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-02-14 12:18 . 2008-02-14 18:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-14 11:01 . 2008-02-14 11:01 <DIR> d-------- C:\Program Files\Soft4Ever 2008-02-14 11:01 . 2008-02-14 11:01 77,184 --a------ C:\WINDOWS\system32\drivers\lnsfw1.sys 2008-02-14 11:01 . 2008-02-14 11:01 45,824 --a------ C:\WINDOWS\system32\drivers\lnsfw.sys 2008-02-14 11:01 . 2008-02-14 11:01 36,924 --a------ C:\WINDOWS\system32\fwapi.dll 2008-02-14 01:38 . 2008-02-16 15:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-14 01:37 . 2008-02-14 01:37 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\Simply Super Software 2008-02-13 17:27 . 2008-02-13 17:32 374 ---h----- C:\PANDA.RPT 2008-02-13 00:45 . 2008-02-13 00:45 <DIR> d-------- C:\Program Files\URUSoft 2008-02-12 23:09 . 2008-02-12 23:09 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\Sony 2008-02-12 23:07 . 2008-02-12 23:07 <DIR> d-------- C:\Program Files\Sony 2008-02-12 23:07 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll 2008-02-12 23:07 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll 2008-02-12 23:07 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll 2008-02-12 23:07 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2008-02-12 23:07 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx 2008-02-12 23:07 . 2008-02-12 23:07 156,910 --a------ C:\WINDOWS\WMSysPr8.prx 2008-02-12 23:03 . 2008-02-12 23:03 <DIR> d-------- C:\Program Files\Sony Setup 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankProtocol 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankPacManager 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankMedium 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankHandler 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankFormat 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankDevice 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\FrankContents 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp\Frank 2008-02-12 13:47 . 2008-02-12 13:47 <DIR> d-------- C:\temp 2008-02-11 16:53 . 2008-02-11 16:53 268 --ah----- C:\sqmdata02.sqm 2008-02-11 16:53 . 2008-02-11 16:53 244 --ah----- C:\sqmnoopt02.sqm 2008-02-11 10:23 . 2008-02-11 10:23 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Spyware Terminator 2008-02-11 10:21 . 2008-02-13 01:36 <DIR> d-------- C:\Program Files\Crawler 2008-02-10 16:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-10 16:08 . 2008-02-10 16:09 <DIR> d-------- C:\Program Files\Java 2008-02-10 16:02 . 2008-02-10 16:02 <DIR> d-------- C:\Program Files\Common Files\Java 2008-02-10 15:59 . 2008-02-10 15:59 0 --a------ C:\WINDOWS\mozver.dat 2008-01-31 22:36 . 2008-01-31 22:36 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-01-31 22:36 . 2008-01-31 22:36 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-01-31 22:36 . 2008-01-31 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-01-31 22:34 . 2008-01-31 22:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-01-31 02:28 . 2007-03-28 19:42 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-01-31 02:26 . 2008-02-14 09:12 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007 2008-01-31 02:26 . 2008-01-31 02:26 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\TuneUp Software 2008-01-31 02:25 . 2008-02-14 10:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-31 02:25 . 2008-01-31 02:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-01-31 02:00 . 2008-01-31 02:00 <DIR> d--h----- C:\WINDOWS\PIF 2008-01-31 01:06 . 2008-02-04 23:37 <DIR> d-------- C:\originali za studio 2008-01-30 20:05 . 2008-01-30 20:05 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\Corel 2008-01-30 20:01 . 2008-01-30 20:01 <DIR> d-------- C:\Program Files\Common Files\Corel 2008-01-30 19:59 . 2008-01-30 19:59 <DIR> d-------- C:\Program Files\Corel 2008-01-30 19:56 . 2008-01-30 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel 2008-01-30 14:09 . 2008-01-30 14:14 <DIR> d-------- C:\Program Files\Counter-Strike 2008-01-29 14:34 . 2008-01-29 14:34 <DIR> d-------- C:\Program Files\avi.NET 2008-01-28 10:42 . 2008-02-14 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-28 10:30 . 2003-03-19 08:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2008-01-28 10:30 . 2003-03-19 06:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-01-28 10:30 . 2003-02-21 14:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-01-28 10:30 . 2003-03-19 05:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-01-27 21:29 . 2008-02-14 01:33 <DIR> d-------- C:\Program Files\XoftSpySE 2008-01-27 00:33 . 2008-02-17 00:03 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\skypePM 2008-01-27 00:33 . 2008-01-27 00:33 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-27 00:28 . 2008-01-27 00:28 <DIR> d-------- C:\Program Files\Skype 2008-01-27 00:28 . 2008-01-27 00:28 <DIR> d-------- C:\Program Files\Common Files\Skype 2008-01-27 00:28 . 2008-02-17 01:18 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\Skype 2008-01-27 00:28 . 2008-01-27 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-01-26 20:01 . 2008-02-04 18:49 <DIR> d-------- C:\Program Files\BitTorrent 2008-01-26 20:01 . 2008-02-13 21:09 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\BitTorrent 2008-01-26 19:31 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-01-26 16:48 . 2008-01-26 16:48 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\CyberLink 2008-01-26 11:47 . 2008-02-07 23:30 <DIR> d-------- C:\Program Files\ESET 2008-01-25 17:43 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2008-01-25 17:43 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2008-01-25 17:43 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2008-01-25 17:43 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2008-01-25 17:26 . 2008-01-25 17:26 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-01-25 12:38 . 2008-01-25 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-25 11:49 . 2008-01-25 11:49 <DIR> d---s---- C:\Documents and Settings\dragan\UserData 2008-01-25 10:22 . 2008-01-25 10:22 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS 2008-01-25 10:20 . 2008-01-25 10:20 <DIR> d-------- C:\Program Files\HP 2008-01-25 10:20 . 2008-01-25 10:22 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-01-25 10:20 . 2008-01-25 10:23 163,854 --a------ C:\WINDOWS\hpdj3600.his 2008-01-25 10:20 . 2008-01-25 10:23 7,582 --a------ C:\WINDOWS\hpdj3600.ini 2008-01-25 10:19 . 2008-01-25 10:19 3,857 --a------ C:\WINDOWS\hpbvspst.his 2008-01-25 10:19 . 2008-01-25 10:19 478 --a------ C:\WINDOWS\hpbvspst.ini 2008-01-24 23:08 . 2008-02-07 17:53 49 --a------ C:\WINDOWS\NeroDigital.ini 2008-01-24 21:00 . 2008-02-15 10:10 <DIR> d-------- C:\Univerzalni zivot 2008-01-24 20:23 . 2008-01-24 20:27 <DIR> d-------- C:\programi Sn 2008-01-24 14:43 . 2008-01-24 14:43 0 --a------ C:\WINDOWS\nsreg.dat 2008-01-24 12:40 . 2008-01-24 12:40 <DIR> d-------- C:\Program Files\DivX 2008-01-24 12:40 . 2008-01-24 12:40 2,098 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-24 12:40 . 2008-01-24 12:40 56 -r-hs---- C:\WINDOWS\system32\BE441471EE.sys 2008-01-24 12:34 . 2008-01-24 12:34 <DIR> d-------- C:\Program Files\XviD 2008-01-24 12:34 . 2005-12-30 20:10 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-01-24 12:34 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-01-24 12:34 . 2005-12-30 20:16 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2008-01-24 12:32 . 2008-01-24 12:32 <DIR> d-------- C:\Documents and Settings\dragan\Application Data\Media Player Classic 2008-01-24 12:31 . 2008-01-24 12:31 <DIR> d-------- C:\Program Files\QuickTime Alternative 2008-01-24 12:31 . 2008-01-24 12:31 <DIR> d-------- C:\Program Files\Media Player Classic 2008-01-24 12:31 . 2004-09-23 18:57 747,008 --a------ C:\WINDOWS\system32\Indeo4.qtx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-28 10:18 502,208 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-02-16 14:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-30 19:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-23 18:03 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-01-23 10:33 --------- d-----w C:\Program Files\Analog Devices 2008-01-23 10:24 --------- d-----w C:\Program Files\microsoft frontpage . `<pre> ----a-w 8,394,942 2005-08-09 07:12:28 C:\Programs\NOD32 Antivirus v2.5\NOD 32_Xp .exe </pre>` ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872] "ares"="C:\Program Files\Ares\Ares.exe" [2007-11-23 17:18 962560] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-24 12:42 171448] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 09:50 4112384] "nwiz"="nwiz.exe" [2004-07-12 09:50 843776 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-12 09:50 81920] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22 50880] "ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23 34504] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-23 12:59 185896] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 12:42 176128] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472] "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2010-01-28 11:18 917504] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39 729088] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-01-23 18:54:05 839680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2008-02-14 11:01] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56] R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50] R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2002-08-14 06:03] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25] S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-02-15 16:17:01 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-02-09 07:41:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-25 09:23:59 C:\WINDOWS\Tasks\WebReg 20080125102358.job" - C:\Program Files\Hewlett-Packard\webreg\bin\hpqwrg.exeC/TaskName 20080125102358 /N . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-02-17 01:19:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-02-17 1:21:19 ComboFix-quarantined-files.txt 2008-02-17 00:21:13 ComboFix2.txt 2008-02-16 23:07:35 ComboFix3.txt 2008-02-16 14:31:28

Profil

dr_Bora Poslao: 17 Feb 2008 02:45 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

dragan54 Poslao: 17 Feb 2008 09:04 Idi na vrh
offline dragan54 Novi MyCity građanin Pridružio: 16 Feb 2008 Poruke: 19	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dr Boro, Ne vidim ga, izgleda da se vise ne pojavljuj. Mnogo ste mi pomogli. Ja sam nikada nebih mogao da ovo izvedem. majstor ste ya racunare, svaka cast! Mnogo hvala i puno pozdrava Dragan Dopuna: 17 Feb 2008 9:04 Koju zastitu je najbolje da koristim od trajanaca. Sta mislite? Sada imam Ad Aware SE Personasl, Spybot-Searc i NOD 32. Dragan

Profil

dr_Bora Poslao: 17 Feb 2008 09:22 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Savršena zaštita ne postoji. A najbolja zaštita je... Hmm, jako diskutabilno - svako će ti reći drugačije, stoga ja ne bih o tome o ovom forumu. U svakom slučaju, softver koji sada koristiš je sasvim ok. Poštovanje...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » BHO koji ne mogu obrisati

Ko je trenutno na forumu

Ukupno su 2281 korisnika na forumu :: 90 registrovanih, 10 sakrivenih i 2181 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 5253 - dana 09 Dec 2025 16:26

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: AK - 230, Apok, aramis s, Ba4e, bbrasnjo3, blue, BrcakRS, Bubimir, Cicumile, Clouseau, coaaco, Crazzer, darcaud, DeerHunter, Deki Duga Devetka, del boy, Demi87, Dexlex, dexteroza, Dimitrije Paunovic, Djokkinen, Djole3621, Dogma21, Dovla 1980, dskrlec33, FileFinder, g_g, geo.dule, GeoM, Georgius, Haris, Jeremiah, Jerry Drake, JK, Joksss, Kamov, Kubovac, Lester Freamon, Litostroton, luka35, Makeitdrip, Matija, mačković, medaTT, Miki281, mile.ilic75, milenko crazy north, Murko, mxzzz, Naj-Turs, nebidrag, nelezele, nnovakis, novator, ObelixSRB, Pale2025, pavle_pzs, pein, Pilence, proka89, Putnik22, raketaš, raptorsi, raster12, RD84, repac, RJ, Sevetar, Snorks, Tihi86, Troja, trutcina, Tvrtko I, umpah-pah, uruk, vathra, Veless, veljko82, vensla, Voice1, VOŽD, VX1, Xland, Yekaterinburg, yip314, Zec, zivojin32, zmajbre, Zrcalo, ZZZ

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by