opet ti trojani

opet ti trojani

offline
  • Pridružio: 26 Apr 2009
  • Poruke: 13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:41, on 6.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\xtc20.tmp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\load\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = yahoo.com/
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
R3 - URLSearchHook: (no name) - *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\patar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [xtc20.tmp.exe] C:\WINDOWS\system32\xtc20.tmp.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8798 bytes

win security centar me obavestava da imam problem sa spywarima, pokusao sam da ga skeniram sa avg om ali nista, malver je kao nesto pronasao, mada kad ga obrisem i dalje mi iskace obavstenje da su tu, molim za proveru, unapred hvala....

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8434
  • Gde živiš: Novi Beograd

Zdravo,

Uradi kako se ovde kaze:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 26 Apr 2009
  • Poruke: 13

GUZ - Glavom U Zid E ovako, pokusacu da objasnim sta mi se desava na kompjuteru u sto kracim crtama...
Danas kad sam dosao kuci video sam windows securiti center obavestenje da sam zarazen spywerom pa sam pokusao da skeniram kompjuter sa svojim anti virus programom...
Koristim AVG i malvarebytes, ali nisu bili uspesni, naravno malver je pronasao neki zarazen file, njega sam uklonio, medjutim i dalje dobiijam obavestenje da sam zarazen....
Naravno win sec centar mi nudi soluciju da skunem neki program sa interneta i da kao ocistim komp...
Zapravo taj program mi izbacuje prozor na kome pise da sam napadnut od strane nekog virusa sa interneta i pokazije mi njegovi i.p. adresu, jedan od tih virusa se zove money banker....
to otprilike izgleda ovako> njegova i.p. adresa pa niz brojeva...
onda kao njegov naziv money banker...
i pita me da li zelim da mi pomogne oko toga i ukloni mi pretnju sa kompjutera...
da i pokazuje mi attacket port....
To bi u kratkim crtama bilo to sto se tice ovog problema koji imam...

DDS (Ver_09-10-26.01) - NTFSx86
Run by patar at 23:12:46,65 on pet 06.11.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1302 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\xtc20.tmp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\patar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\patar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\patar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\patar\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\patar\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [xtc20.tmp.exe] c:\windows\system32\xtc20.tmp.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Winamp Search - c:\documents and settings\all users.windows\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\patar\applic~1\mozilla\firefox\profiles\audf8c1j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users.windows\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\patar\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-2 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-2 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-2 297752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-22 170640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-22 15504]

=============== Created Last 30 ================

2009-12-28 21:34:47 14705 ----a-w- c:\windows\29367hackzool9c5.exe
2009-12-23 14:14:10 6018 ----a-w- c:\windows\system32\2fdsparse95z.exe
2009-12-22 17:00:32 11369 ----a-w- c:\windows\45db9ir6z.bin
2009-12-22 01:54:18 4255 ----a-w- c:\windows\system32\764659azbot550.exe
2009-12-21 20:42:29 3107 ----a-w- c:\windows\system32\708fszar9e3058.cpl
2009-12-20 15:33:04 13067 ----a-w- c:\windows\system32\29995wor5zb.cpl
2009-12-20 07:36:01 14394 ----a-w- c:\windows\system32\3138259rm79z.ocx
2009-12-17 17:57:48 14598 ----a-w- c:\windows\system32\9d75iz1469.cpl
2009-12-17 03:32:10 8070 ----a-w- c:\windows\zdccaddware90185.exe
2009-12-15 06:07:58 8447 ----a-w- c:\windows\system32\11965pzware10219.bin
2009-12-14 08:18:26 11658 ----a-w- c:\windows\system32\69c5st95lz907.ocx
2009-12-14 06:27:39 3922 ----a-w- c:\windows\98z00not-a-virus257.ocx
2009-12-13 09:23:44 7256 ----a-w- c:\windows\15219hacktzol3089.ocx
2009-12-13 05:22:27 13316 ----a-w- c:\windows\system32\z456sparse2879.dll
2009-12-12 09:31:57 5625 ----a-w- c:\windows\65e0spazse957.cpl
2009-12-10 15:49:03 4279 ----a-w- c:\windows\system32\29595z9yd55.ocx
2009-12-10 06:16:37 17150 ----a-w- c:\windows\50z32worm39b.ocx
2009-12-09 00:45:47 6285 ----a-w- c:\windows\2963thief56z5.ocx
2009-12-08 08:06:34 3091 ----a-w- c:\windows\2bdbth5eat3099z.ocx
2009-12-08 03:03:02 2597 ----a-w- c:\windows\1z97thie5259.cpl
2009-12-07 18:55:15 11570 ----a-w- c:\windows\system32\1eczb59kdoor1533.exe
2009-12-07 17:55:25 14661 ----a-w- c:\windows\z5186v9rus5e0.bin
2009-12-07 01:59:24 4126 ----a-w- c:\windows\system32\zce6vi94345.cpl
2009-12-05 05:26:55 5035 ----a-w- c:\windows\system32\3951zworm33c.dll
2009-12-04 13:24:55 2956 ----a-w- c:\windows\585c9hrzat5675.dll
2009-12-02 08:59:41 15232 ----a-w- c:\windows\1551spyware90z3.dll
2009-12-01 20:52:24 3369 ----a-w- c:\windows\124915acktool6d3z.ocx
2009-11-27 14:08:38 8257 ----a-w- c:\windows\2a15a9dwaze1828.exe
2009-11-26 16:29:21 5374 ----a-w- c:\windows\system32\15723vzru963d.ocx
2009-11-26 16:26:11 12541 ----a-w- c:\windows\745zr5j199.cpl
2009-11-21 23:11:28 13990 ----a-w- c:\windows\system32\3755stealz069.ocx
2009-11-20 13:00:03 9765 ----a-w- c:\windows\559bdownload5r2z499.dll
2009-11-19 09:43:50 14933 ----a-w- c:\windows\99zft5ief1668.dll
2009-11-18 14:53:34 8064 ----a-w- c:\windows\system32\6685worm54z9.ocx
2009-11-17 00:08:19 16255 ----a-w- c:\windows\system32\25398spamz9t52f.ocx
2009-11-16 18:42:17 11050 ----a-w- c:\windows\54d0do5nload9z267.bin
2009-11-16 12:35:31 8992 ----a-w- c:\windows\system32\3017spa5bot599z.dll
2009-11-15 08:30:30 10440 ----a-w- c:\windows\768zv9r915.bin
2009-11-14 20:52:45 15471 ----a-w- c:\windows\system32\845dow9loader1210z.ocx
2009-11-14 13:17:35 16647 ----a-w- c:\windows\9995spy5z5.ocx
2009-11-12 23:38:08 6763 ----a-w- c:\windows\38b5down9ozder1189.cpl
2009-11-12 23:07:40 12619 ----a-w- c:\windows\9z01stea52595.exe
2009-11-12 18:14:46 6561 ----a-w- c:\windows\176459or51dz.bin
2009-11-11 16:28:01 12273 ----a-w- c:\windows\1855not-az9irus458.cpl
2009-11-11 12:29:24 6736 ----a-w- c:\windows\2090steal1356z.ocx
2009-11-11 04:57:43 8769 ----a-w- c:\windows\b71spar9z654.exe
2009-11-08 11:37:20 7412 ----a-w- c:\windows\system32\f5zspy9are1689.bin
2009-11-06 05:40:03 2903 ----a-w- c:\windows\system32\565z1s9ambot244.dll
2009-11-02 07:21:02 14979 ----a-w- c:\windows\1591addware3171z.ocx
2009-11-02 02:47:54 14256 ----a-w- c:\windows\65b2t9ief55z.bin
2009-10-27 14:49:58 10868 ----a-w- c:\windows\2z35th9eat25458.cpl
2009-10-26 15:38:39 17637 ----a-w- c:\windows\30985z9oj7b5.dll
2009-10-25 17:45:51 14052 ----a-w- c:\windows\3578downloader91z6.ocx
2009-10-24 03:03:15 12370 ----a-w- c:\windows\4actz9ef945.ocx
2009-10-21 18:42:59 2566 ----a-w- c:\windows\4693zroj452.dll
2009-10-21 16:16:00 13020 ----a-w- c:\windows\system32\60f9spa5se83z.dll
2009-10-20 03:36:19 18214 ----a-w- c:\windows\system32\9500szy699.dll
2009-10-19 22:39:45 7551 ----a-w- c:\windows\system32\55e9virz73.cpl
2009-10-19 19:24:06 14434 ----a-w- c:\windows\system32\23z795reat28830.cpl
2009-10-17 16:37:58 11216 ----a-w- c:\windows\system32\6509thief9309z.bin
2009-10-17 11:20:29 5108 ----a-w- c:\windows\1239hack9ool45fz.exe
2009-10-16 14:29:05 5190 ----a-w- c:\windows\3571tzoj92f.bin
2009-10-14 14:32:03 9892 ----a-w- c:\windows\66z1spywar51089.exe
2009-10-14 11:55:16 3509 ----a-w- c:\windows\system32\1815hack9oolz71.ocx
2009-10-14 03:39:26 13644 ----a-w- c:\windows\system32\6780vir2965z.ocx
2009-10-13 01:02:08 4551 ----a-w- c:\windows\system32\10559iruz246.cpl
2009-10-10 07:46:01 11479 ----a-w- c:\windows\system32\181z7vi59s689.cpl
2009-10-09 19:28:33 5846 ----a-w- c:\windows\95595irus15z.dll
2009-10-09 07:43:02 12296 ----a-w- c:\windows\system32\20528not-a9viru55dz.ocx
2009-10-08 01:08:10 11268 ----a-w- c:\windows\3fcf5teal2659z.cpl

==================== Find3M ====================

2009-10-07 01:00:53 14582 ----a-w- c:\windows\5f9bspywar51z53.dll
2009-10-06 14:17:23 12263 ----a-w- c:\windows\system32\2a7zstea92052.exe
2009-10-06 00:37:45 17435 ----a-w- c:\windows\2017spywz5e9256.exe
2009-10-04 15:56:27 14870 ----a-w- c:\windows\92125teal98z.dll
2009-10-03 11:24:52 6996 ----a-w- c:\windows\system32\41zs5y992.bin
2009-10-02 21:33:29 13890 ----a-w- c:\windows\4579ba9kdo5r977z.bin
2009-10-01 19:05:41 12540 ----a-w- c:\windows\system32\5575n9t-a-vir5z15a.exe
2009-09-26 12:42:27 15244 ----a-w- c:\windows\29066hacz95ol6b.exe
2009-09-22 17:07:12 17397 ----a-w- c:\windows\56b59parze45.exe
2009-09-22 08:57:36 17144 ----a-w- c:\windows\system32\9918hacktozl59.exe
2009-09-16 11:52:36 16037 ----a-w- c:\windows\15f895zware1516.exe
2009-09-13 11:46:07 16046 ----a-w- c:\windows\system32\90824spz5655.bin
2009-09-09 21:13:57 8395 ----a-w- c:\windows\3894vzrus953.exe
2009-09-04 22:55:27 8046 ----a-w- c:\windows\system32\42b2backdoo5199z.exe
2009-09-03 09:29:09 2925 ----a-w- c:\windows\333asp5rse1895z.dll
2009-09-02 14:26:28 6371 ----a-w- c:\windows\system32\25506zpambot96f.dll
2009-09-02 10:19:58 10540 ----a-w- c:\windows\system32\30980ha9ktozl757.exe
2009-08-28 13:12:53 11422 ----a-w- c:\windows\system32\7edb9hr5at24z07.dll
2009-08-24 08:49:06 14924 ----a-w- c:\windows\16517sp5mbot7z99.bin
2009-08-22 13:24:40 13097 ----a-w- c:\windows\system32\z9553virus4.exe
2009-08-20 22:20:47 16300 ----a-w- c:\windows\47859zy78e.exe
2009-08-15 09:10:34 4670 ----a-w- c:\windows\356zac9t5ol1b3.bin
2009-08-15 08:24:19 9063 ----a-w- c:\windows\system32\29f5thiefz73.dll
2009-08-12 22:05:18 18186 ----a-w- c:\windows\4793sp5m9zt793.dll
2009-08-11 00:13:06 16887 ----a-w- c:\windows\system32\39d3thi5f4z8.bin

============= FINISH: 23:13:08,42 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png
nadam se da sam uspeo da uradim sve ono sto ste zahtevali, hvala unapred...:Very Happy GUZ - Glavom U Zid

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8434
  • Gde živiš: Novi Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 26 Apr 2009
  • Poruke: 13

ComboFix 09-11-07.02 - patar 07.11.2009 23:25.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1281 [GMT 1:00]
Running from: d:\load\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10149zor56d0.cpl
c:\windows\103369ac5tool6z1.ocx
c:\windows\10568zorm9e.ocx
c:\windows\10589spy1za9.exe
c:\windows\10615z9ef2127.cpl
c:\windows\11369not5azvirus195.cpl
c:\windows\1139zworm579.exe
c:\windows\1152zir593a2.ocx
c:\windows\11904vi9u551cz.bin
c:\windows\11f9azdw59e549.dll
c:\windows\12299v95usz96.ocx
c:\windows\1239hack9ool45fz.exe
c:\windows\12409spambo573az.exe
c:\windows\124915acktool6d3z.ocx
c:\windows\12bfsp9waze1553.dll
c:\windows\13685tzoj99e.exe
c:\windows\14555ha9ktooz67e.exe
c:\windows\1503sp5mzot297.dll
c:\windows\15219hacktzol3089.ocx
c:\windows\15479za9k5ool4b3.ocx
c:\windows\1551spyware90z3.dll
c:\windows\155dzh9e5t11619.bin
c:\windows\1571zddwa9e129.dll
c:\windows\1572tzreat53192.cpl
c:\windows\15790hazk9ool3b0.cpl
c:\windows\1591addware3171z.ocx
c:\windows\159z259rm5f9.exe
c:\windows\15f895zware1516.exe
c:\windows\15fav9z309.cpl
c:\windows\15z5thr9at29763.ocx
c:\windows\16052s9z3c.exe
c:\windows\16517sp5mbot7z99.bin
c:\windows\16605trojzf9.exe
c:\windows\16850haz5tool1f9.bin
c:\windows\168955rzj7dc.ocx
c:\windows\16e1thrz9t4575.dll
c:\windows\16z33spamb5t429.exe
c:\windows\17200not9azvirus505.dll
c:\windows\176459or51dz.bin
c:\windows\17795woz94995.dll
c:\windows\18211s9amzot645.exe
c:\windows\18321v59us18fz.exe
c:\windows\1851tro95z5.dll
c:\windows\18541w9rm4cz.ocx
c:\windows\1855not-az9irus458.cpl
c:\windows\18580spambzt9d.bin
c:\windows\189945rzj4a9.bin
c:\windows\19155vzru55879.ocx
c:\windows\19235vi5uz5489.cpl
c:\windows\19535viruszbb.dll
c:\windows\19740spz135.cpl
c:\windows\19841hacztool5be.exe
c:\windows\19857spamzot5.bin
c:\windows\199avi5z919.dll
c:\windows\19cb5pzware385.bin
c:\windows\19dezir2653.dll
c:\windows\19e89t5az97.dll
c:\windows\1b05sp9ware281z.cpl
c:\windows\1c74d5wnloader3z599.cpl
c:\windows\1z64addw5re28249.exe
c:\windows\1z7dv9r3555.bin
c:\windows\1z7vir9325.ocx
c:\windows\1z9209p5593.exe
c:\windows\1z941not-a-viru5429.dll
c:\windows\1z97thie5259.cpl
c:\windows\2017spywz5e9256.exe
c:\windows\2090steal1356z.ocx
c:\windows\209905acztool26d.ocx
c:\windows\20downlzade95763.dll
c:\windows\21027vir9sz54.cpl
c:\windows\212dzpywa9e3085.ocx
c:\windows\21460spamb9t4z5.cpl
c:\windows\21767s95544z.bin
c:\windows\22054vir9z2655.exe
c:\windows\224419zambo5661.ocx
c:\windows\224915pambzt25b.dll
c:\windows\22585virzs49e.dll
c:\windows\2305hazkt9ol4a2.ocx
c:\windows\2353dzwnloader5916.dll
c:\windows\236959zrm589.dll
c:\windows\2429spy5are1684z.cpl
c:\windows\24376not-5-viru9z0e.dll
c:\windows\245589ackzool22f.dll
c:\windows\24825hief949z.bin
c:\windows\2493threat157z8.ocx
c:\windows\24f5downloaz9r3535.ocx
c:\windows\24z94spy56c.ocx
c:\windows\25063szy193.cpl
c:\windows\251799zt-a-virus6f5.dll
c:\windows\2527znot-a-virus593.ocx
c:\windows\25598vizus179.bin
c:\windows\2579downloaderz550.dll
c:\windows\25859hreat238z1.dll
c:\windows\2587not-9-5iruz1a2.bin
c:\windows\26093s5amzot363.exe
c:\windows\269z9virus75.bin
c:\windows\26z5559y142.bin
c:\windows\27175s5a9boz59d.cpl
c:\windows\27461woz5299.cpl
c:\windows\27876viru94z75.ocx
c:\windows\27eathie92959z.bin
c:\windows\28361s9amzot2a25.cpl
c:\windows\2856thief16z9.dll
c:\windows\2900z59ambot1b2.ocx
c:\windows\29066hacz95ol6b.exe
c:\windows\29367hackzool9c5.exe
c:\windows\29375spazbot5fa9.ocx
c:\windows\29385spamzot455.bin
c:\windows\293zv5r719.bin
c:\windows\29559spyze1.ocx
c:\windows\2955ztroj720.exe
c:\windows\29560wozm15c.dll
c:\windows\29606wzr5569.bin
c:\windows\2963thief56z5.ocx
c:\windows\298025pambot3z.ocx
c:\windows\298025zrm3a49.dll
c:\windows\2995zworm689.dll
c:\windows\29cbv5r289z.bin
c:\windows\2a15a9dwaze1828.exe
c:\windows\2b72sparze995.cpl
c:\windows\2bdbth5eat3099z.ocx
c:\windows\2bfcstea93z255.dll
c:\windows\2ed7sp9rsez025.ocx
c:\windows\2z303not-a-v9rus505.dll
c:\windows\2z35th9eat25458.cpl
c:\windows\2z396spa5bot681.dll
c:\windows\2z6bd9w5loader1294.exe
c:\windows\2z907sp596c.bin
c:\windows\30125vi5usz9.bin
c:\windows\30589h5ckto9l1ez.bin
c:\windows\30985z9oj7b5.dll
c:\windows\310689rojz55.bin
c:\windows\31379ackdooz8935.bin
c:\windows\314765p9mbot5bz.ocx
c:\windows\3158woz597a.bin
c:\windows\315bthiefz259.ocx
c:\windows\31912notza-viru938a5.ocx
c:\windows\31920trzj549.dll
c:\windows\31f39irz555.ocx
c:\windows\32129spam9otz51.ocx
c:\windows\32307z5cktoo97f0.bin
c:\windows\32395not-a-ziru5301.exe
c:\windows\32azbackdoor589.exe
c:\windows\32z54spamb9tc9.dll
c:\windows\3309h5cz9ool553.exe
c:\windows\333asp5rse1895z.dll
c:\windows\356zac9t5ol1b3.bin
c:\windows\3571tzoj92f.bin
c:\windows\3578downloader91z6.ocx
c:\windows\35929tezl1324.dll
c:\windows\3595spyware2z55.ocx
c:\windows\35a0zhief2679.dll
c:\windows\367ct5reat598z.exe
c:\windows\37d5v9r1065z.ocx
c:\windows\3894sp955z.cpl
c:\windows\3894vzrus953.exe
c:\windows\38b5down9ozder1189.cpl
c:\windows\38ha5ktzol297.cpl
c:\windows\39e5ad9ware653z.ocx
c:\windows\3aa4ba9k5oor18z0.bin
c:\windows\3af0spz5se1904.dll
c:\windows\3b9d5teal17z0.bin
c:\windows\3e60t9izf5725.cpl
c:\windows\3fcf5teal2659z.cpl
c:\windows\3z237spa5bo9303.dll
c:\windows\3zc7thi9f5949.dll
c:\windows\40cbdownzo9de5352.exe
c:\windows\40f5doz5l9ader238.exe
c:\windows\4267thz9f2857.dll
c:\windows\42z35ir1992.exe
c:\windows\439cstzal295.dll
c:\windows\4427sparze16539.cpl
c:\windows\4502zte951530.ocx
c:\windows\4579ba9kdo5r977z.bin
c:\windows\45bzthie9768.ocx
c:\windows\45db9ir6z.bin
c:\windows\4693zroj452.dll
c:\windows\475d9ackdzor2628.ocx
c:\windows\47859zy78e.exe
c:\windows\4793sp5m9zt793.dll
c:\windows\48e3s9zware597.dll
c:\windows\49159ownloaderz00.exe
c:\windows\494259reaz4777.bin
c:\windows\49425ir5z1.exe
c:\windows\495zthief265.dll
c:\windows\4ab3th5ef11z99.bin
c:\windows\4actz9ef945.ocx
c:\windows\4d1ev9rz255.cpl
c:\windows\4e0zaddwa95215.dll
c:\windows\4za9addware1575.exe
c:\windows\5048st5zl2894.ocx
c:\windows\505bzteal5990.exe
c:\windows\50f6stza51793.ocx
c:\windows\50z25ddware1199.exe
c:\windows\50z32worm39b.ocx
c:\windows\51029haz9tool130.bin
c:\windows\51293spa9bot40z.cpl
c:\windows\515d9ownlo5derz164.cpl
c:\windows\5225h5ck9oolz37.cpl
c:\windows\526s5ezl27549.dll
c:\windows\5272add9aze2268.bin
c:\windows\52789o5nloaderz973.dll
c:\windows\5279thzef2948.exe
c:\windows\52993zacktool549.dll
c:\windows\52a49hief3080z.dll
c:\windows\539eadd9aze1973.bin
c:\windows\5463sparse5z49.bin
c:\windows\547259oz7b2.cpl
c:\windows\5496n9t-5-vzrus66f.exe
c:\windows\549e5ddware1z96.ocx
c:\windows\54d0do5nload9z267.bin
c:\windows\55697spa9bot2ze.cpl
c:\windows\559bdownload5r2z499.dll
c:\windows\55dzbackdo9r5638.cpl
c:\windows\55f5a9dwarz2050.ocx
c:\windows\55fdthre9t101z7.bin
c:\windows\5695ad5wzre678.dll
c:\windows\5698virus98z.exe
c:\windows\56b59parze45.exe
c:\windows\56e89pazse1036.ocx
c:\windows\56fz9teal505.exe
c:\windows\58592v9rus18z.dll
c:\windows\585c9hrzat5675.dll
c:\windows\5871baczdoor919.dll
c:\windows\58d1back5oor1299z.bin
c:\windows\5906ha9ktool353z.bin
c:\windows\59105teaz3945.cpl
c:\windows\5938troj1z9.cpl
c:\windows\59585not-a-viruz666.exe
c:\windows\59842notza-9irus74f.bin
c:\windows\599thi5f1154z.bin
c:\windows\5a69threat5z298.cpl
c:\windows\5b04baczd59r2397.cpl
c:\windows\5b17steal9z01.bin
c:\windows\5b58sz9ware185.bin
c:\windows\5baddwzr91923.ocx
c:\windows\5da5downloazer1599.ocx
c:\windows\5dz5thief24969.dll
c:\windows\5eb75ownloa9er3z52.ocx
c:\windows\5ezbstea91528.bin
c:\windows\5f359ir195z.exe
c:\windows\5f9bspywar51z53.dll
c:\windows\5z20steal5549.exe
c:\windows\5z64sparse2890.bin
c:\windows\5z99addware415.dll
c:\windows\605d9hiefz558.cpl
c:\windows\608no9-5-virus4za.bin
c:\windows\60c5sp5ware989z.cpl
c:\windows\625fzteal339.cpl
c:\windows\627baddzar92595.bin
c:\windows\62959ot5azvirus776.ocx
c:\windows\62b9hiez1524.dll
c:\windows\63cbs9eaz1579.cpl
c:\windows\6507viz895.exe
c:\windows\655bbaczdoor1594.ocx
c:\windows\65b2t9ief55z.bin
c:\windows\65e0spazse957.cpl
c:\windows\65feaddware57z69.bin
c:\windows\6659sp5warz539.bin
c:\windows\6669zhief1559.exe
c:\windows\6695st95l39z.dll
c:\windows\66z1spywar51089.exe
c:\windows\67f3add59rez145.exe
c:\windows\68935ir14z7.dll
c:\windows\694bdow9lzader29155.exe
c:\windows\699dth9zat56241.ocx
c:\windows\699zthreat35490.bin
c:\windows\69a05dzware2146.ocx
c:\windows\6a2ctzreat51239.dll
c:\windows\6c61dow5loa9er2z30.exe
c:\windows\6dcedoznloader9855.dll
c:\windows\6f0fthi5fz09.cpl
c:\windows\6f3bszyware92545.bin
c:\windows\6fa5sparse9z6.ocx
c:\windows\70d6s5e9l955z.cpl
c:\windows\7154s5y(zabranjeno)4379.ocx
c:\windows\72a0za9kdoor12015.ocx
c:\windows\733ztroj5915.cpl
c:\windows\745zr5j199.cpl
c:\windows\74f7a5d(zabranjeno)902.exe
c:\windows\750cs9ar5e1z4.ocx
c:\windows\7539zackdoor3271.exe
c:\windows\753dst5al3z39.ocx
c:\windows\7591spambotzf5.dll
c:\windows\7592hacktool99az.cpl
c:\windows\75e5threat20899z.cpl
c:\windows\7612spzwa951834.ocx
c:\windows\764eb9czdoor26645.exe
c:\windows\7676t9rea562z6.bin
c:\windows\768zv9r915.bin
c:\windows\7762worz35d9.ocx
c:\windows\77z4do5nloader9896.dll
c:\windows\7845thze9t9556.exe
c:\windows\78b95ir50z.dll
c:\windows\79b5st9al5z8.exe
c:\windows\7d54down5zader3291.ocx
c:\windows\7dbzthie95695.exe
c:\windows\7ee9thz5f492.ocx
c:\windows\7z05spyware2595.bin
c:\windows\7z4aaddware9815.bin
c:\windows\8394n5t-azvirus4b3.ocx
c:\windows\8419wz9m5f5.exe
c:\windows\8559aczdoor389.ocx
c:\windows\895viz750.exe
c:\windows\89z9virus250.ocx
c:\windows\90z27not-a5virus44f.ocx
c:\windows\92125teal98z.dll
c:\windows\92165hzcktoo53a5.cpl
c:\windows\9246s5eal30z.bin
c:\windows\9337sp570z.dll
c:\windows\9349ha5ktoolzc.ocx
c:\windows\93705zr709.dll
c:\windows\9399a5dware3046z.cpl
c:\windows\9473v9r5sz.ocx
c:\windows\95345viruszf5.exe
c:\windows\95505pambzt2cd.ocx
c:\windows\95595irus15z.dll
c:\windows\955dsparse2189z.cpl
c:\windows\955spy1bz.ocx
c:\windows\959no9-a-virzs5f8.cpl
c:\windows\95a0thre5z22506.cpl
c:\windows\95a8zparse1532.bin
c:\windows\9639troz39e5.exe
c:\windows\9651zpy4525.bin
c:\windows\9873not-a-vir5s411z.cpl
c:\windows\98z00not-a-virus257.ocx
c:\windows\98z68virus5d.ocx
c:\windows\990asp5rse197z.exe
c:\windows\99307zorm538.ocx
c:\windows\997athreat159z.bin
c:\windows\998z7worm35d.dll
c:\windows\9995spy5z5.ocx
c:\windows\99z11viru52ce.ocx
c:\windows\99zft5ief1668.dll
c:\windows\9a9f5parze2663.ocx
c:\windows\9c1bspyware112z5.cpl
c:\windows\9z01stea52595.exe
c:\windows\9z3v9r28915.cpl
c:\windows\9z442sp54e7.exe
c:\windows\b71spar9z654.exe
c:\windows\b935d9ware1306z.ocx
c:\windows\c015dd9are212z.exe
c:\windows\d119hzea519755.exe
c:\windows\d7ath5ef8z9.ocx
c:\windows\dbcaddw9re155z.exe
c:\windows\de6spzware1955.cpl
c:\windows\f55spywar9z06.ocx
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\101z9w5rm595.dll
c:\windows\system32\10261w5zm23a9.cpl
c:\windows\system32\10425spamb5z189.exe
c:\windows\system32\105569irzs7d0.dll
c:\windows\system32\10559iruz246.cpl
c:\windows\system32\111z6tro519e9.exe
c:\windows\system32\11569not-a-9iruszc9.cpl
c:\windows\system32\11965pzware10219.bin
c:\windows\system32\119675ormz3c.ocx
c:\windows\system32\1254viz9s156.cpl
c:\windows\system32\12593wozm2759.exe
c:\windows\system32\12645za9ktool21.bin
c:\windows\system32\12919zpy25e.exe
c:\windows\system32\13042zpy92c5.ocx
c:\windows\system32\131559a5ztoola4.ocx
c:\windows\system32\13325troj10z9.cpl
c:\windows\system32\13425zormd9.cpl
c:\windows\system32\138z9spam9o55c6.cpl
c:\windows\system32\141da95ware265z.exe
c:\windows\system32\14577v5rus97z.ocx
c:\windows\system32\15310worz4c9.exe
c:\windows\system32\1550thizf1959.dll
c:\windows\system32\1553thie52962z.ocx
c:\windows\system32\155zs9ambota.dll
c:\windows\system32\1565znot-a-virus99d.ocx
c:\windows\system32\15723vzru963d.ocx
c:\windows\system32\15992szamb5t30d.exe
c:\windows\system32\15aebackdo9rz13.ocx
c:\windows\system32\15z49worm983.ocx
c:\windows\system32\160z6s59ec.bin
c:\windows\system32\16544wo9m17dz.ocx
c:\windows\system32\167z9spy451.ocx
c:\windows\system32\16800notza-9i5us5af.cpl
c:\windows\system32\1732z9i5us563.cpl
c:\windows\system32\17801nz5-a-virus95.ocx
c:\windows\system32\1815hack9oolz71.ocx
c:\windows\system32\181z7vi59s689.cpl
c:\windows\system32\18658sp9mzot5c4.ocx
c:\windows\system32\19255hacktoo55ze.cpl
c:\windows\system32\1956spyza5e1922.dll
c:\windows\system32\197z3s5y74.ocx
c:\windows\system32\19f1adzware17725.exe
c:\windows\system32\1ba05ddwzre2909.ocx
c:\windows\system32\1cdfbaczdo9r501.dll
c:\windows\system32\1e20th5e9t25787z.dll
c:\windows\system32\1eczb59kdoor1533.exe
c:\windows\system32\1fdctzr5at91842.dll
c:\windows\system32\1z5tr5j5ce9.dll
c:\windows\system32\1z6299a5ktoolf2.cpl
c:\windows\system32\1z712s9y58a5.bin
c:\windows\system32\1ze1sp5ware1193.dll
c:\windows\system32\200735zy1329.bin
c:\windows\system32\203589izus53.ocx
c:\windows\system32\204za9d5are137.bin
c:\windows\system32\20528not-a9viru55dz.ocx
c:\windows\system32\2074zparse1954.cpl
c:\windows\system32\20889not-z-virus6f5.ocx
c:\windows\system32\208c95dwaze1452.exe
c:\windows\system32\209f5h9ef16z.cpl
c:\windows\system32\22397hac9t5oz68a.ocx
c:\windows\system32\22419vzr5s25d.dll
c:\windows\system32\22c7adz5a9e467.cpl
c:\windows\system32\23239w95m5a9z.bin
c:\windows\system32\234945orm316z.bin
c:\windows\system32\23571nzt-a-v9rus30c5.ocx
c:\windows\system32\239219izus75c.dll
c:\windows\system32\23955ownl9ader1z10.cpl
c:\windows\system32\23z795reat28830.cpl
c:\windows\system32\24993zacktool590.dll
c:\windows\system32\24z97h5ckt9ol6bf.cpl
c:\windows\system32\25167not5a-v9rzs9.ocx
c:\windows\system32\25252viru559z.bin
c:\windows\system32\2535zir9950.exe
c:\windows\system32\25398spamz9t52f.ocx
c:\windows\system32\25506zpambot96f.dll
c:\windows\system32\25555troz9f9.exe
c:\windows\system32\255steal9880z.exe
c:\windows\system32\2583trzj6925.bin
c:\windows\system32\25927wormz49.ocx
c:\windows\system32\25938vzru55dc.exe
c:\windows\system32\2598no59a-zirus501.ocx
c:\windows\system32\2599wor5z82.dll
c:\windows\system32\25destz9l941.exe
c:\windows\system32\25ecdow9loazer32105.dll
c:\windows\system32\2616zsp9mbot7695.dll
c:\windows\system32\26466h95ktzol7a6.dll
c:\windows\system32\26693s5amb9z771.dll
c:\windows\system32\26fbdownl9a5er16z7.cpl
c:\windows\system32\26zcvir1659.cpl
c:\windows\system32\27305h5cktoo93zf.dll
c:\windows\system32\28412ha9kt5oz293.dll
c:\windows\system32\2897s59rsz2340.bin
c:\windows\system32\29039hac5tool4za.bin
c:\windows\system32\29096zp5mbot434.bin
c:\windows\system32\29525virzs589.exe
c:\windows\system32\29595z9yd55.ocx
c:\windows\system32\29765szybd.dll
c:\windows\system32\29922s5z6ea.ocx
c:\windows\system32\29950worm5z59.cpl
c:\windows\system32\29963n5t-a-virus609z.cpl
c:\windows\system32\29995wor5zb.cpl
c:\windows\system32\299dazd5are2954.dll
c:\windows\system32\29f5thiefz73.dll
c:\windows\system32\2a52b9czdo5r1976.dll
c:\windows\system32\2a7zstea92052.exe
c:\windows\system32\2da95parze63.exe
c:\windows\system32\2f49sz5al2988.ocx
c:\windows\system32\2z58not-a59irus548.bin
c:\windows\system32\3017spa5bot599z.dll
c:\windows\system32\30562za9ktool2e7.dll
c:\windows\system32\30953zrojf4.exe
c:\windows\system32\30980ha9ktozl757.exe
c:\windows\system32\31199z5rm35e9.dll
c:\windows\system32\3138259rm79z.ocx
c:\windows\system32\315369py5z8.ocx
c:\windows\system32\31595spam5o93z3.ocx
c:\windows\system32\315zsteal19905.dll
c:\windows\system32\3169szarse22959.cpl
c:\windows\system32\31827za9ktool5a7.ocx
c:\windows\system32\320759r253z.exe
c:\windows\system32\32b2spywz9e2557.exe
c:\windows\system32\32z99wor558e.dll
c:\windows\system32\339dbackz9or3259.cpl
c:\windows\system32\3486vir5sz899.exe
c:\windows\system32\352bspz9se987.exe
c:\windows\system32\355309zcktool66c.cpl
c:\windows\system32\3559thizf5150.dll
c:\windows\system32\3572thief94z5.ocx
c:\windows\system32\3576d9wnlozder640.dll
c:\windows\system32\357athzeat43539.exe
c:\windows\system32\35915ddwaze549.bin
c:\windows\system32\35917zpy65d.ocx
c:\windows\system32\3595worm1e2z.cpl
c:\windows\system32\3654spa9bot5ebz.ocx
c:\windows\system32\36f5thi9f1z66.bin
c:\windows\system32\3755stealz069.ocx
c:\windows\system32\3856viz6395.exe
c:\windows\system32\39443h5cktzol9f.cpl
c:\windows\system32\39475rojzd7.exe
c:\windows\system32\3951zworm33c.dll
c:\windows\system32\39d3d9wnloadez555.cpl
c:\windows\system32\39d3thi5f4z8.bin
c:\windows\system32\3a7fspywzre11945.cpl
c:\windows\system32\3b9zsteal31735.dll
c:\windows\system32\3c9fsteaz21665.exe
c:\windows\system32\3e545ir9566z.cpl
c:\windows\system32\3zf3addw9re22785.ocx
c:\windows\system32\408zd9w5loader1397.exe
c:\windows\system32\41z4steal2975.exe
c:\windows\system32\41zs5y992.bin
c:\windows\system32\42b2backdoo5199z.exe
c:\windows\system32\448aback9o5r2z36.dll
c:\windows\system32\45095o9mz37.ocx
c:\windows\system32\4595virz995.ocx
c:\windows\system32\459addwarz2556.cpl
c:\windows\system32\45badownlzader1829.dll
c:\windows\system32\4892n9t-azvirus145.dll
c:\windows\system32\49845h9zat19792.ocx
c:\windows\system32\49d3th5efz899.cpl
c:\windows\system32\49d95zreat6382.dll
c:\windows\system32\4a5ct9reat29861z.exe
c:\windows\system32\4ac5threzt19124.exe
c:\windows\system32\4b68ba9kdoor15z55.cpl
c:\windows\system32\4d59thief85z.dll
c:\windows\system32\4e8fthiez5899.exe
c:\windows\system32\4ec5ir29z4.bin
c:\windows\system32\50345worm913z.dll
c:\windows\system32\503zviru57079.ocx
c:\windows\system32\5119tzief568.bin
c:\windows\system32\5130w9rz598.ocx
c:\windows\system32\51449troj5az9.dll
c:\windows\system32\51691spyz2c9.cpl
c:\windows\system32\519daddzare1439.dll
c:\windows\system32\51a5baz9door1314.ocx
c:\windows\system32\51e9vir12z.ocx
c:\windows\system32\51f6backdo5z329.cpl
c:\windows\system32\527es9yware3z745.cpl
c:\windows\system32\52983notza-virus49b.dll
c:\windows\system32\52caddwar51897z.bin
c:\windows\system32\5307threat990z.cpl
c:\windows\system32\5318addw9rz2561.cpl
c:\windows\system32\5344s5zal3957.exe
c:\windows\system32\53579hizf2879.exe
c:\windows\system32\5396s9y1z7.exe
c:\windows\system32\53c9v5r424z.dll
c:\windows\system32\53eazt5al919.ocx
c:\windows\system32\5400no5-a-virus4z9.exe
c:\windows\system32\5416spazbot49b.ocx
c:\windows\system32\54955ir49z.ocx
c:\windows\system32\54f9szyware13595.dll
c:\windows\system32\55300hackt9ol4f5z.bin
c:\windows\system32\5575n9t-a-vir5z15a.exe
c:\windows\system32\5584stez59785.bin
c:\windows\system32\55e9virz73.cpl
c:\windows\system32\55fcvi99z.bin
c:\windows\system32\5609add9arz2973.cpl
c:\windows\system32\565z1s9ambot244.dll
c:\windows\system32\57f2backzoo99895.ocx
c:\windows\system32\5815zackdoor3095.exe
c:\windows\system32\58569notza-vi9us581.bin
c:\windows\system32\5908thi5fz981.exe
c:\windows\system32\59096zpy213.dll
c:\windows\system32\592bbac9door588z.cpl
c:\windows\system32\5936spywaze129.exe
c:\windows\system32\5942t5rea9z937.ocx
c:\windows\system32\594ebac5zoor1464.dll
c:\windows\system32\5954b9ckdzor1159.cpl
c:\windows\system32\5955wormz9.exe
c:\windows\system32\5974szeal861.exe
c:\windows\system32\5993spars51730z.cpl
c:\windows\system32\599esp9ware58z0.cpl
c:\windows\system32\59b5stzal23559.bin
c:\windows\system32\59e5st9az1935.bin
c:\windows\system32\59ezbackdoor1319.bin
c:\windows\system32\59z7v9r23275.cpl
c:\windows\system32\59z95ir1506.bin
c:\windows\system32\5ab9spywarz3270.dll
c:\windows\system32\5c76thr9az28065.dll
c:\windows\system32\5e4cdownloadzr24559.exe
c:\windows\system32\5f59sze59864.cpl
c:\windows\system32\5f9viz3272.ocx
c:\windows\system32\5fc8thiefz8129.dll
c:\windows\system32\5z105hief9031.exe
c:\windows\system32\5z17spars92919.ocx
c:\windows\system32\5z942worm1c2.cpl
c:\windows\system32\5zc9sparse2197.ocx
c:\windows\system32\5ze0t5re9t21395.bin
c:\windows\system32\5zf4spa9se923.exe
c:\windows\system32\600bsz5al990.bin
c:\windows\system32\60f9spa5se83z.dll
c:\windows\system32\60z5spa9se1266.cpl
c:\windows\system32\6113no9-a-virus654z.ocx
c:\windows\system32\61175ackzoor9015.cpl
c:\windows\system32\62zddo9n5oader1690.dll
c:\windows\system32\646not-5-virusz29.cpl
c:\windows\system32\6509thief9309z.bin
c:\windows\system32\653bthief3993z.ocx
c:\windows\system32\6554spamzot129.bin
c:\windows\system32\6595s5eal69z.ocx
c:\windows\system32\6685steaz93575.cpl
c:\windows\system32\6685worm54z9.ocx
c:\windows\system32\67759roz378.cpl
c:\windows\system32\6780vir2965z.ocx
c:\windows\system32\693z5ddware542.ocx
c:\windows\system32\697bvirz35.exe
c:\windows\system32\6985trzj4299.exe
c:\windows\system32\69c5st95lz907.ocx
c:\windows\system32\6a329d5(zabranjeno)198.dll
c:\windows\system32\6b3fthief59z5.exe
c:\windows\system32\6b84d5wnlozde9983.bin
c:\windows\system32\6e9fstzal685.cpl
c:\windows\system32\6eb2spzrs5391.exe
c:\windows\system32\6z72spa59ot7a.bin
c:\windows\system32\708759ambozad.exe
c:\windows\system32\708fszar9e3058.cpl
c:\windows\system32\71b9downl5adzr1632.ocx
c:\windows\system32\7338addwaz53930.exe
c:\windows\system32\7538thr9az5494.ocx
c:\windows\system32\759zt59eat18404.cpl
c:\windows\system32\75dczhie9939.exe
c:\windows\system32\764659azbot550.exe
c:\windows\system32\7695zhreat90811.cpl
c:\windows\system32\785eaz9ware225.dll
c:\windows\system32\7920virz175.ocx
c:\windows\system32\799czteal1757.cpl
c:\windows\system32\7a2thie91z95.bin
c:\windows\system32\7cb9sparsz2550.dll
c:\windows\system32\7d59stzal8489.cpl
c:\windows\system32\7edb9hr5at24z07.dll
c:\windows\system32\7f51v9r664z.cpl
c:\windows\system32\7f69vir2z045.dll
c:\windows\system32\7fcf9parsz8475.exe
c:\windows\system32\7z48d5wnloade9125.bin
c:\windows\system32\81z2s5y982.cpl
c:\windows\system32\831sp5mbot47z9.dll
c:\windows\system32\845dow9loader1210z.ocx
c:\windows\system32\88119orm357z.ocx
c:\windows\system32\8833spzmb5t96f.cpl
c:\windows\system32\89975acktozl594.cpl
c:\windows\system32\8zworm25a9.bin
c:\windows\system32\90824spz5655.bin
c:\windows\system32\9185spzrse2365.bin
c:\windows\system32\9198t5oj5ez.exe
c:\windows\system32\92e1downloader9z35.bin
c:\windows\system32\93456not-a-virusz78.exe
c:\windows\system32\938bzir655.dll
c:\windows\system32\94477tro55fz.dll
c:\windows\system32\94cest5az557.dll
c:\windows\system32\9500szy699.dll
c:\windows\system32\951backd5oz3176.cpl
c:\windows\system32\9547not-a-vir9z9a.dll
c:\windows\system32\9550h5cktzol557.cpl
c:\windows\system32\9578vzr5921.cpl
c:\windows\system32\9602backdoor1558z.bin
c:\windows\system32\9729vzr5s1b9.ocx
c:\windows\system32\97510s5y56z.ocx
c:\windows\system32\9790hackzool355.ocx
c:\windows\system32\9796szarse5056.dll
c:\windows\system32\97zthreat5735.bin
c:\windows\system32\981spy2zf5.exe
c:\windows\system32\987threat25z3.exe
c:\windows\system32\9918hacktozl59.exe
c:\windows\system32\991fszyware853.exe
c:\windows\system32\993zwo5m5dc.ocx
c:\windows\system32\994hac5zoo9e0.cpl
c:\windows\system32\9953hac5toolzc.bin
c:\windows\system32\9a2dd5wnloader32z.bin
c:\windows\system32\9b7zt5ief2451.cpl
c:\windows\system32\9bdbzckdoo53139.exe
c:\windows\system32\9c17azd5are113.dll
c:\windows\system32\9d75iz1469.cpl
c:\windows\system32\9e81dowzloader1555.dll
c:\windows\system32\9z37hackto9l42a5.exe
c:\windows\system32\b5bstez92035.ocx
c:\windows\system32\d9aspaz9e2675.cpl
c:\windows\system32\e2bst9al175z.bin
c:\windows\system32\ea8s9eal2z75.ocx
c:\windows\system32\ec9zhre5t20680.cpl
c:\windows\system32\f5zspy9are1689.bin
c:\windows\system32\ff6thiefz59.exe
c:\windows\system32\fzabackdoo5940.cpl
c:\windows\system32\xtc20.tmp.exe
c:\windows\system32\z065not9a-5irus9a.bin
c:\windows\system32\z1507not-5-viru98.dll
c:\windows\system32\z2515spambot6d9.exe
c:\windows\system32\z254thief993.dll
c:\windows\system32\z25cstea9555.ocx
c:\windows\system32\z3695spy6f8.ocx
c:\windows\system32\z392vir5900.exe
c:\windows\system32\z4312wo5m919.cpl
c:\windows\system32\z456sparse2879.dll
c:\windows\system32\z4829spy3b15.ocx
c:\windows\system32\z5024ha5ktool379.dll
c:\windows\system32\z586ba9kdoor475.cpl
c:\windows\system32\z5895not-a-viru9553.ocx
c:\windows\system32\z5920troj980.bin
c:\windows\system32\z6044s9a5bot66b.exe
c:\windows\system32\z6c5ba9kdoor257.dll
c:\windows\system32\z742backdo95822.cpl
c:\windows\system32\z76cspywar515539.dll
c:\windows\system32\z7845spy907.cpl
c:\windows\system32\z7995parse1109.dll
c:\windows\system32\z925spywa9e2552.bin
c:\windows\system32\z953not-a-virus41b.dll
c:\windows\system32\z9553virus4.exe
c:\windows\system32\z9754worm6f9.exe
c:\windows\system32\z98bdown5oader1113.cpl
c:\windows\system32\z98cback9oor352.dll
c:\windows\system32\z9faddwar586.exe
c:\windows\system32\zb9vir585.cpl
c:\windows\system32\zc55stea95030.exe
c:\windows\system32\zce6vi94345.cpl
c:\windows\z0308v59us481.dll
c:\windows\z09395roj664.bin
c:\windows\z257spy9e9.cpl
c:\windows\z2785orm9d9.exe
c:\windows\z30275pambot25c9.ocx
c:\windows\z4539wor5429.exe
c:\windows\z514vi91772.dll
c:\windows\z5186v9rus5e0.bin
c:\windows\z5daste9l430.exe
c:\windows\z63ed9wnloade5274.bin
c:\windows\z69vir1528.cpl
c:\windows\z855vi9550.ocx
c:\windows\z929sparse2501.cpl
c:\windows\z9605ot-a-9irus7f.dll
c:\windows\z98caddware2156.dll
c:\windows\z995vir639.ocx
c:\windows\z9c0vir1415.dll
c:\windows\za019d5ware985.exe
c:\windows\zcbspar591837.exe
c:\windows\zdccaddware90185.exe
c:\windows\zec9sparse1541.bin
c:\windows\zf39spyware19795.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-12-23 14:14 . 2009-12-23 14:14 6018 ----a-w- c:\windows\system32\2fdsparse95z.exe
2009-11-06 07:42 . 2009-10-21 07:06 2064152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgcorex.dll
2009-11-03 07:43 . 2009-10-17 07:06 2025752 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgtray.exe
2009-10-14 22:24 . 2009-10-14 22:24 152576 ----a-w- c:\documents and settings\patar\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 22:27 . 2008-12-20 21:16 -------- d-----w- c:\documents and settings\patar\Application Data\Skype
2009-11-07 15:02 . 2008-12-20 21:18 -------- d-----w- c:\documents and settings\patar\Application Data\skypePM
2009-11-07 11:00 . 2009-08-02 12:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-11-07 00:06 . 2008-09-16 15:52 -------- d-----w- c:\documents and settings\patar\Application Data\uTorrent
2009-10-14 22:25 . 2008-03-15 13:10 -------- d-----w- c:\program files\Java
2009-09-06 12:35 . 2009-09-06 12:35 152576 ----a-w- c:\documents and settings\patar\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

------- Sigcheck -------

[-] 2008-09-16 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 13:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-07 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-16 24095528]
"Google Update"="c:\documents and settings\patar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-16 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-12 15360]

c:\documents and settings\petar pilipovic\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-02 12:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2.8.2009 13:54 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2.8.2009 13:54 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2.8.2009 13:53 297752]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.1.2009 16:52 170640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.1.2009 16:52 15504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KGROAFOB
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - kgroafob
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1482476501-725345543-1003Core.job
- c:\documents and settings\patar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-16 13:37]

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1482476501-725345543-1003UA.job
- c:\documents and settings\patar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-16 13:37]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\patar\Application Data\Mozilla\Firefox\Profiles\audf8c1j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\patar\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
URLSearchHooks-*CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
HKCU-Run-xtc20.tmp.exe - c:\windows\system32\xtc20.tmp.exe
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\patar\Application Data\Mozilla\Firefox\Profiles\audf8c1j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-11-07 23:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89E531F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x89e531f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
Completion time: 2009-11-07 23:37
ComboFix-quarantined-files.txt 2009-11-07 22:37
ComboFix2.txt 2009-05-20 22:19

Pre-Run: 4.660.031.488 bytes free
Post-Run: 4.758.081.536 bytes free

- - End Of File - - 51A15C67F545CA5C4BE28C64F17AE9C1
uradjeno....Very Happy

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8434
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\2fdsparse95z.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 792 korisnika na forumu :: 17 registrovanih, 3 sakrivenih i 772 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., darkangel, djboj, doom83, gagidjuric, ILGromovnik, Marko Marković, milos.cbr, pacika, sevenino, StefanNBG90, t.mile, vasa.93, x9, zexoni, zlaya011, Šraf