MyCity » Ambulanta -> Arhiva Ambulante » Imam problem

Imam problem

Napisano na dan: 24.4.2008

Strana:
1
2

Imam problem

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Spasite me Poslao: 24 Apr 2008 22:13 Idi na vrh
offline Spasite me Novi MyCity građanin Pridružio: 24 Apr 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! kada skeniram računar NOD32 mi pokazuje sledece: application Win32/Adware.Virtumonde.FP found in operating memory. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file C:\WINDOWS\system32\nnnlLFuT.dll. Takođe pokazuje i ovo: File: C:\WINDOWS\system32\nnnlLFuT.dll Threat: Win32/Adware.Virtumonde.FP application Comment: The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed. Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\lsass.exe. NOD32 nece da ga sredi ni posle restarta, probao sam sa jos nekim alatima, ali ništa. Evo i log fajla: Logfile of HijackThis v1.99.1 Scan saved at 9:24:00 PM, on 4/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MOZILL~2\FIREFOX.EXE C:\Documents and Settings\Biscom\Desktop\xxxxx\nada.exe F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {77D3A5B4-CFD1-4046-8909-7CD99A68311F} - C:\WINDOWS\system32\efcYPfEU.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {E7EA176E-0A97-4133-B782-9C37B31C143B} - C:\WINDOWS\system32\nnnlLFuT.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [BM87ca1c56] Rundll32.exe "C:\WINDOWS\system32\krabaseq.dll",s O4 - HKLM\..\Run: [84f92fca] rundll32.exe "C:\WINDOWS\system32\iouoleoj.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: efcYPfEU - C:\WINDOWS\SYSTEM32\efcYPfEU.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe POZDRAV SVIMA I UNAPRED HVALA ZA POMOĆ !!!

Profil

dr_Bora Poslao: 24 Apr 2008 22:30 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Za početak, promeni naziv foldera u kome se nalazi HijackThis (mislim, stvarno...). Zatim... Privremeno isključi AMON modul u NOD32 i Spyware Terminator. Preuzmi OTScanIt na Desktop. Dvoklikom pokreni program a zatim klikni Extract u prozoru koji se otvori. Folder OTScanIt će biti kreiran na Desktopu. Potrebno je uraditi sledeće: Otvoriti folder OTScanIt i dvoklikom na OTScanIt.exe startovati program. Podesiti sledeće opcije: U Rootkit Search sekciji selektovati Yes U Files Modified Within sekciji selektovati 60 Days U Additional Scans sekciji selektovati: Bot Check Desktop Components Disabled MS Config Items File Associations Safeboot Options Shell Spawning WOW Settings Additional Folder Scans Lop Check Purity Scan Kliknuti na Run Scan dugme na toolbaru Kada skeniranje bude gotovo, logfile OTScanIt.Txt će biti kreiran u OTScanIt folderu i otvoren u Notepad-u Priložiti logfile OTScanIt.Txt uz iduću poruku (koristiti opciju Prikači fajl).

Profil

Spasite me Poslao: 29 Apr 2008 16:18 Idi na vrh
offline Spasite me Novi MyCity građanin Pridružio: 24 Apr 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nisam se mogao prije javiti zbog praznika.Izvinjavam sa zbog naziva foldera u prethodnoj poruci. U prilogu je OTScanIt.Txt Pozdrav. mycity.rs/must-login.png

Profil

dr_Bora Poslao: 29 Apr 2008 17:26 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1) Preuzmi The Avenger na Desktop. Raspakuj arhivu u neki folder Dvoklikom pokreni avenger.exe Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa: Files to delete: %systemroot%\bm87ca1c56.xml %systemroot%\system32\bkqqkvfq.ini %systemroot%\system32\brmjdcbx.ini %systemroot%\system32\cbwhbibe.ini %systemroot%\system32\dqeqyxfl.ini %systemroot%\system32\efcypfeu.dll %systemroot%\system32\efcypfeu.dll %systemroot%\system32\gehrtkmb.ini %systemroot%\system32\joelouoi.ini %systemroot%\system32\jspsstfg.ini %systemroot%\system32\linokiyf.ini %systemroot%\system32\nmawjhwu.ini %systemroot%\system32\nnnllfut.dll %systemroot%\system32\pmnlljct.dll %systemroot%\system32\pv1bqp25.exe %systemroot%\system32\qcgusylu.ini %systemroot%\system32\skfqgrow.ini %systemroot%\system32\swmaahlk.ini %systemroot%\system32\ttnkgmsn.ini %systemroot%\system32\tufllnnn.ini %systemroot%\system32\tufllnnn.ini2 %systemroot%\system32\urqqkihh.dll %systemroot%\system32\uyisfdmc.ini %systemroot%\system32\vaeugjhe.ini %systemroot%\system32\vbfmhupp.ini %systemroot%\system32\vbudxnmj.ini %systemroot%\system32\wbppmxhr.ini %systemroot%\system32\wuejuibb.ini %systemroot%\system32\wwfipxbc.ini %systemroot%\system32\wwfipxbc.ini2 %systemroot%\system32\yplkpucx.ini %systemroot%\system32\ypndggal.ini %systemroot%\system32\yyvvuvpv.ini c:\documents and settings\biscom\local settings\temp\huclhfhj.dll c:\documents and settings\biscom\local settings\temp\jfcyngex.dll c:\documents and settings\biscom\local settings\temp\qwbvyjrnb88adcf.dll Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti Kompjuter će se restartovati i započeti će proces čišćenja/skeniranja Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u Iskopiraj sadržaj dobijenog loga u temu na forumu. ------------------------------------------------------------------------------------- 2) Ponovo ćemo koristiti program OTScanIt. Dvoklikom pokrenuti OTScanIt.exe (nalazi se u OTScanIt folderu). U (beli) prozor programa (ispod "Paste Fix Here") kopirati tekst koji se nalazi unutar Kod polja: [Kill Explorer][Unregister Dlls] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YN -> 84f92fca -> %SystemRoot%\system32\iouoleoj.DLL [rundll32.exe "C:\WINDOWS\system32\iouoleoj.dll",b] YN -> BM87ca1c56 -> %SystemRoot%\system32\krabaseq.DLL [Rundll32.exe "C:\WINDOWS\system32\krabaseq.dll",s] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks YY -> {77D3A5B4-CFD1-4046-8909-7CD99A68311F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\efcYPfEU.dll [] < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon UserInit -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit YN -> autorun.bat -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ YY -> efcYPfEU -> %SystemRoot%\system32\efcYPfEU.dll < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ YY -> {77D3A5B4-CFD1-4046-8909-7CD99A68311F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\efcYPfEU.dll [Reg Error: Value does not exist or could not be read.] [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> Authentication Packages -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages YY -> C:\WINDOWS\system32\nnnlLFuT -> %SystemRoot%\system32\nnnlLFuT.dll < BotCheck > -> [Files/Folders - Created Within 30 days] YY -> bkqqkvfq.ini -> %SystemRoot%\System32\bkqqkvfq.ini YY -> brmjdcbx.ini -> %SystemRoot%\System32\brmjdcbx.ini YY -> cbwhbibe.ini -> %SystemRoot%\System32\cbwhbibe.ini YY -> dqeqyxfl.ini -> %SystemRoot%\System32\dqeqyxfl.ini YY -> efcYPfEU.dll -> %SystemRoot%\System32\efcYPfEU.dll YY -> gehrtkmb.ini -> %SystemRoot%\System32\gehrtkmb.ini YY -> joelouoi.ini -> %SystemRoot%\System32\joelouoi.ini YY -> jspsstfg.ini -> %SystemRoot%\System32\jspsstfg.ini YY -> linokiyf.ini -> %SystemRoot%\System32\linokiyf.ini YY -> nmawjhwu.ini -> %SystemRoot%\System32\nmawjhwu.ini YY -> nnnlLFuT.dll -> %SystemRoot%\System32\nnnlLFuT.dll YY -> pmnllJCT.dll -> %SystemRoot%\System32\pmnllJCT.dll YY -> pv1bqp25.exe -> %SystemRoot%\System32\pv1bqp25.exe YY -> qcgusylu.ini -> %SystemRoot%\System32\qcgusylu.ini YY -> skfqgrow.ini -> %SystemRoot%\System32\skfqgrow.ini YY -> swmaahlk.ini -> %SystemRoot%\System32\swmaahlk.ini YY -> ttnkgmsn.ini -> %SystemRoot%\System32\ttnkgmsn.ini YY -> TuFLlnnn.ini -> %SystemRoot%\System32\TuFLlnnn.ini YY -> TuFLlnnn.ini2 -> %SystemRoot%\System32\TuFLlnnn.ini2 YY -> urqQkihh.dll -> %SystemRoot%\System32\urqQkihh.dll YY -> uyisfdmc.ini -> %SystemRoot%\System32\uyisfdmc.ini YY -> vaeugjhe.ini -> %SystemRoot%\System32\vaeugjhe.ini YY -> vbfmhupp.ini -> %SystemRoot%\System32\vbfmhupp.ini YY -> vbudxnmj.ini -> %SystemRoot%\System32\vbudxnmj.ini [Files/Folders - Modified Within 60 days] YY -> bkqqkvfq.ini -> %SystemRoot%\System32\bkqqkvfq.ini NY -> brmjdcbx.ini -> %SystemRoot%\System32\brmjdcbx.ini NY -> cbwhbibe.ini -> %SystemRoot%\System32\cbwhbibe.ini YY -> dqeqyxfl.ini -> %SystemRoot%\System32\dqeqyxfl.ini YY -> efcYPfEU.dll -> %SystemRoot%\System32\efcYPfEU.dll YY -> gehrtkmb.ini -> %SystemRoot%\System32\gehrtkmb.ini YY -> joelouoi.ini -> %SystemRoot%\System32\joelouoi.ini YY -> jspsstfg.ini -> %SystemRoot%\System32\jspsstfg.ini YY -> linokiyf.ini -> %SystemRoot%\System32\linokiyf.ini YY -> nmawjhwu.ini -> %SystemRoot%\System32\nmawjhwu.ini YY -> nnnlLFuT.dll -> %SystemRoot%\System32\nnnlLFuT.dll YY -> pmnllJCT.dll -> %SystemRoot%\System32\pmnllJCT.dll YY -> pv1bqp25.exe -> %SystemRoot%\System32\pv1bqp25.exe YY -> qcgusylu.ini -> %SystemRoot%\System32\qcgusylu.ini YY -> skfqgrow.ini -> %SystemRoot%\System32\skfqgrow.ini YY -> swmaahlk.ini -> %SystemRoot%\System32\swmaahlk.ini YY -> ttnkgmsn.ini -> %SystemRoot%\System32\ttnkgmsn.ini YY -> TuFLlnnn.ini -> %SystemRoot%\System32\TuFLlnnn.ini YY -> TuFLlnnn.ini2 -> %SystemRoot%\System32\TuFLlnnn.ini2 YY -> urqQkihh.dll -> %SystemRoot%\System32\urqQkihh.dll YY -> uyisfdmc.ini -> %SystemRoot%\System32\uyisfdmc.ini YY -> vaeugjhe.ini -> %SystemRoot%\System32\vaeugjhe.ini YY -> vbfmhupp.ini -> %SystemRoot%\System32\vbfmhupp.ini YY -> vbudxnmj.ini -> %SystemRoot%\System32\vbudxnmj.ini YY -> wbppmxhr.ini -> %SystemRoot%\System32\wbppmxhr.ini YY -> wuejuibb.ini -> %SystemRoot%\System32\wuejuibb.ini YY -> wwFiPXbc.ini -> %SystemRoot%\System32\wwFiPXbc.ini YY -> wwFiPXbc.ini2 -> %SystemRoot%\System32\wwFiPXbc.ini2 YY -> yplkpucx.ini -> %SystemRoot%\System32\yplkpucx.ini YY -> ypndggal.ini -> %SystemRoot%\System32\ypndggal.ini YY -> yyvvuvpv.ini -> %SystemRoot%\System32\yyvvuvpv.ini YY -> BM87ca1c56.xml -> %SystemRoot%\BM87ca1c56.xml YY -> huclhfhj.dll -> C:\Documents and Settings\Biscom\Local Settings\Temp\huclhfhj.dll YY -> jfcyngex.dll -> C:\Documents and Settings\Biscom\Local Settings\Temp\jfcyngex.dll YY -> qwbvyjrnB88ADCF.dll -> C:\Documents and Settings\Biscom\Local Settings\Temp\qwbvyjrnB88ADCF.dll [Empty Temp Folders] [Start Explorer] Kliknuti Run Fix. Ubrzo nakon toga će se pojaviti poruka da je proces završen - kliknuti OK. Ukoliko se pojavi obaveštenje o restartovanju kompjutera, kliknuti Yes. Iskopirati sadržaj najnovijeg loga koji se nalazi u OTScanIt folderu pod nazivom datum_vreme.log u temu na forumu (ukoliko nije došlo do restarta, ovaj logfile će se automatski otvoriti u Notepad-u). 3) Takođe, potrebno je ponoviti skeniranje programom OTScanIt.exe po ranije datom uputstvu i priložiti OTScanIt.Txt uz poruku.

Profil

Spasite me Poslao: 30 Apr 2008 15:55 Idi na vrh
offline Spasite me Novi MyCity građanin Pridružio: 24 Apr 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of The Avenger Version 2.0, (c) by Swandog46 swandog46.geekstogo.com Platform: Windows XP ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\bm87ca1c56.xml" deleted successfully. File "C:\WINDOWS\system32\bkqqkvfq.ini" deleted successfully. File "C:\WINDOWS\system32\brmjdcbx.ini" deleted successfully. File "C:\WINDOWS\system32\cbwhbibe.ini" deleted successfully. File "C:\WINDOWS\system32\dqeqyxfl.ini" deleted successfully. File "C:\WINDOWS\system32\efcypfeu.dll" deleted successfully. Error: file "C:\WINDOWS\system32\efcypfeu.dll" not found! Deletion of file "C:\WINDOWS\system32\efcypfeu.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\system32\gehrtkmb.ini" deleted successfully. File "C:\WINDOWS\system32\joelouoi.ini" deleted successfully. File "C:\WINDOWS\system32\jspsstfg.ini" deleted successfully. File "C:\WINDOWS\system32\linokiyf.ini" deleted successfully. File "C:\WINDOWS\system32\nmawjhwu.ini" deleted successfully. File "C:\WINDOWS\system32\nnnllfut.dll" deleted successfully. File "C:\WINDOWS\system32\pmnlljct.dll" deleted successfully. File "C:\WINDOWS\system32\pv1bqp25.exe" deleted successfully. File "C:\WINDOWS\system32\qcgusylu.ini" deleted successfully. File "C:\WINDOWS\system32\skfqgrow.ini" deleted successfully. File "C:\WINDOWS\system32\swmaahlk.ini" deleted successfully. File "C:\WINDOWS\system32\ttnkgmsn.ini" deleted successfully. File "C:\WINDOWS\system32\tufllnnn.ini" deleted successfully. File "C:\WINDOWS\system32\tufllnnn.ini2" deleted successfully. File "C:\WINDOWS\system32\urqqkihh.dll" deleted successfully. File "C:\WINDOWS\system32\uyisfdmc.ini" deleted successfully. File "C:\WINDOWS\system32\vaeugjhe.ini" deleted successfully. File "C:\WINDOWS\system32\vbfmhupp.ini" deleted successfully. File "C:\WINDOWS\system32\vbudxnmj.ini" deleted successfully. File "C:\WINDOWS\system32\wbppmxhr.ini" deleted successfully. File "C:\WINDOWS\system32\wuejuibb.ini" deleted successfully. File "C:\WINDOWS\system32\wwfipxbc.ini" deleted successfully. File "C:\WINDOWS\system32\wwfipxbc.ini2" deleted successfully. File "C:\WINDOWS\system32\yplkpucx.ini" deleted successfully. File "C:\WINDOWS\system32\ypndggal.ini" deleted successfully. File "C:\WINDOWS\system32\yyvvuvpv.ini" deleted successfully. File "c:\documents and settings\biscom\local settings\temp\huclhfhj.dll" deleted successfully. File "c:\documents and settings\biscom\local settings\temp\jfcyngex.dll" deleted successfully. File "c:\documents and settings\biscom\local settings\temp\qwbvyjrnb88adcf.dll" deleted successfully. Completed script processing. ***************** Finished! Terminate. Dopuna: 30 Apr 2008 15:55 [Registry - Non-Microsoft Only] Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\84f92fca deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BM87ca1c56 deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{77D3A5B4-CFD1-4046-8909-7CD99A68311F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77D3A5B4-CFD1-4046-8909-7CD99A68311F}\ deleted successfully. File C:\WINDOWS\system32\efcYPfEU.dll not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:autorun.bat deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcYPfEU\ deleted successfully. File C:\WINDOWS\system32\efcYPfEU.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77D3A5B4-CFD1-4046-8909-7CD99A68311F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77D3A5B4-CFD1-4046-8909-7CD99A68311F}\ not found. File C:\WINDOWS\system32\efcYPfEU.dll not found. [Registry - Additional Scans - Non-Microsoft Only] Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\nnnlLFuT deleted successfully. File C:\WINDOWS\system32\nnnlLFuT.dll not found. [Files/Folders - Created Within 30 days] File C:\WINDOWS\System32\bkqqkvfq.ini not found! File C:\WINDOWS\System32\brmjdcbx.ini not found! File C:\WINDOWS\System32\cbwhbibe.ini not found! File C:\WINDOWS\System32\dqeqyxfl.ini not found! File C:\WINDOWS\System32\efcYPfEU.dll not found! File C:\WINDOWS\System32\gehrtkmb.ini not found! File C:\WINDOWS\System32\joelouoi.ini not found! File C:\WINDOWS\System32\jspsstfg.ini not found! File C:\WINDOWS\System32\linokiyf.ini not found! File C:\WINDOWS\System32\nmawjhwu.ini not found! File C:\WINDOWS\System32\nnnlLFuT.dll not found! File C:\WINDOWS\System32\pmnllJCT.dll not found! File C:\WINDOWS\System32\pv1bqp25.exe not found! File C:\WINDOWS\System32\qcgusylu.ini not found! File C:\WINDOWS\System32\skfqgrow.ini not found! File C:\WINDOWS\System32\swmaahlk.ini not found! File C:\WINDOWS\System32\ttnkgmsn.ini not found! File C:\WINDOWS\System32\TuFLlnnn.ini not found! File C:\WINDOWS\System32\TuFLlnnn.ini2 not found! File C:\WINDOWS\System32\urqQkihh.dll not found! File C:\WINDOWS\System32\uyisfdmc.ini not found! File C:\WINDOWS\System32\vaeugjhe.ini not found! File C:\WINDOWS\System32\vbfmhupp.ini not found! File C:\WINDOWS\System32\vbudxnmj.ini not found! [Files/Folders - Modified Within 60 days] File C:\WINDOWS\System32\bkqqkvfq.ini not found! File C:\WINDOWS\System32\brmjdcbx.ini not found! File C:\WINDOWS\System32\cbwhbibe.ini not found! File C:\WINDOWS\System32\dqeqyxfl.ini not found! File C:\WINDOWS\System32\efcYPfEU.dll not found! File C:\WINDOWS\System32\gehrtkmb.ini not found! File C:\WINDOWS\System32\joelouoi.ini not found! File C:\WINDOWS\System32\jspsstfg.ini not found! File C:\WINDOWS\System32\linokiyf.ini not found! File C:\WINDOWS\System32\nmawjhwu.ini not found! File C:\WINDOWS\System32\nnnlLFuT.dll not found! File C:\WINDOWS\System32\pmnllJCT.dll not found! File C:\WINDOWS\System32\pv1bqp25.exe not found! File C:\WINDOWS\System32\qcgusylu.ini not found! File C:\WINDOWS\System32\skfqgrow.ini not found! File C:\WINDOWS\System32\swmaahlk.ini not found! File C:\WINDOWS\System32\ttnkgmsn.ini not found! File C:\WINDOWS\System32\TuFLlnnn.ini not found! File C:\WINDOWS\System32\TuFLlnnn.ini2 not found! File C:\WINDOWS\System32\urqQkihh.dll not found! File C:\WINDOWS\System32\uyisfdmc.ini not found! File C:\WINDOWS\System32\vaeugjhe.ini not found! File C:\WINDOWS\System32\vbfmhupp.ini not found! File C:\WINDOWS\System32\vbudxnmj.ini not found! File C:\WINDOWS\System32\wbppmxhr.ini not found! File C:\WINDOWS\System32\wuejuibb.ini not found! File C:\WINDOWS\System32\wwFiPXbc.ini not found! File C:\WINDOWS\System32\wwFiPXbc.ini2 not found! File C:\WINDOWS\System32\yplkpucx.ini not found! File C:\WINDOWS\System32\ypndggal.ini not found! File C:\WINDOWS\System32\yyvvuvpv.ini not found! File C:\WINDOWS\BM87ca1c56.xml not found! File C:\Documents and Settings\Biscom\Local Settings\Temp\huclhfhj.dll not found! File C:\Documents and Settings\Biscom\Local Settings\Temp\jfcyngex.dll not found! File C:\Documents and Settings\Biscom\Local Settings\Temp\qwbvyjrnB88ADCF.dll not found! [Empty Temp Folders] File delete failed. C:\Documents and Settings\Biscom\Local Settings\Temp\hpuninstaller.exe scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Biscom\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User temp folders emptied. SystemRoot temp folder emptied. IE temp folders emptied RecycleBin -> emptied. Explorer started successfully < End of fix log > OTScanIt by OldTimer - Version 1.0.11.5 fix logfile created on 04302008_154824 Files moved on Reboot... C:\Documents and Settings\Biscom\Local Settings\Temp\hpuninstaller.exe moved successfully. C:\Documents and Settings\Biscom\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.

Profil

Spasite me Poslao: 30 Apr 2008 16:01 Idi na vrh
offline Spasite me Novi MyCity građanin Pridružio: 24 Apr 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! [code] OTScanIt logfile created on: 4/30/2008 3:58:06 PM OTScanIt by OldTimer - Version 1.0.11.5 Folder = C:\Documents and Settings\Biscom\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 503.36 Mb Total Physical Memory \| 104.46 Mb Available Physical Memory \| 20.75% Memory free 1.93 Gb Paging File \| 1.59 Gb Available in Paging File \| 81.94% Paging File free Paging file location(s): C:\pagefile.sys 754 2000;D:\pagefile.sys 0 0; ... ... ...

Profil

dr_Bora Poslao: 30 Apr 2008 17:43 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log je prevelik da bi stao u poruku. Priloži file OTScanIt.Txt (nalazi se u OTScanIt folderu) uz poruku (opcija Prikači fajl).

Profil

Spasite me Poslao: 30 Apr 2008 19:57 Idi na vrh
offline Spasite me Novi MyCity građanin Pridružio: 24 Apr 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nov sam u ovome, pa mi baš i ne ide najbolje. U prilogu je file OTScanIt.Txt mycity.rs/must-login.png

Profil

dr_Bora Poslao: 30 Apr 2008 20:38 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sasvim fino si se snašao sa ovim... Kakvo je sada stanje? Prijavljuje li antivirus nešto? Primetiš li ti neke probleme?

Profil

Spasite me Poslao: 03 Maj 2008 16:42 Idi na vrh
offline Spasite me Novi MyCity građanin Pridružio: 24 Apr 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prijavljivao mi nešto u vezi Avenger-a,pa je i izbrisao to.Ostalo je sve u redu,ne prijavljuje mi nikakve prijetnje,osim ovoga: (ovo je dio nod32log fajla) C:\Avenger\backup.zip »ZIP »avenger/avenger.txt - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/bkqqkvfq.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/bm87ca1c56.xml - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/brmjdcbx.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/cbwhbibe.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/dqeqyxfl.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/efcypfeu.dll - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/gehrtkmb.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/huclhfhj.dll - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/jfcyngex.dll - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/joelouoi.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/jspsstfg.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/linokiyf.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/nmawjhwu.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/nnnllfut.dll - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/pmnlljct.dll - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/pv1bqp25.exe - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/qcgusylu.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/qwbvyjrnb88adcf.dll - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/skfqgrow.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/swmaahlk.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/ttnkgmsn.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/tufllnnn.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/tufllnnn.ini2 - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/urqqkihh.dll - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/uyisfdmc.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/vaeugjhe.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/vbfmhupp.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/vbudxnmj.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/wbppmxhr.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/wuejuibb.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/wwfipxbc.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/wwfipxbc.ini2 - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/yplkpucx.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/ypndggal.ini - error - password-protected file C:\Avenger\backup.zip »ZIP »avenger/yyvvuvpv.ini - error - password-protected file Vjerovatno je to OK.Sta treba da radim sad.Ako je sve u redu HVALA ti za pomoć! Pozdrav

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Imam problem

Ko je trenutno na forumu

Ukupno su 1058 korisnika na forumu :: 27 registrovanih, 5 sakrivenih i 1026 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bokisha253, ccoogg123, DejanSt, DonRumataEstorski, dule10savic, galerija, GandorCC, HrcAk47, Ilija Cvorovic, krkalon, lord sir giga, Metanoja, Milos ZA, nenad81, Nikolaa11, NoOneEver Dreams, raptorsi, ruger357, Shinobi, Srki94, vathra, vladetije, vlajkox, vukovi, zeo, zixmix, žeks62

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by