MyCity » Ambulanta -> Arhiva Ambulante » Upropasti me virus, pomoc neophodna

Upropasti me virus, pomoc neophodna

Napisano na dan: 14.11.2007

Strana:
1
2
3

Upropasti me virus, pomoc neophodna

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

KoZaK82 Poslao: 15 Nov 2007 21:03 Idi na vrh
offline KoZaK82 Novi MyCity građanin Pridružio: 14 Nov 2007 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jao izvini molim te, ja ne mogu nikako, upravo idem na posao, uvalise mi i nocnu da radim..... Uradicu ovo sve sto si mi napisao sutra u toku dana i odmah saljem log.... hvala na dobroj volji cujemo se sutra, poz

Profil

bobby Poslao: 15 Nov 2007 21:04 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema frke

Profil

KoZaK82 Poslao: 16 Nov 2007 17:12 Idi na vrh
offline KoZaK82 Novi MyCity građanin Pridružio: 14 Nov 2007 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo me, rezultati combofixa: ComboFix 07-11-08.1 - Bojan 2007-11-16 16:51:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.223 [GMT 1:00] Running from: C:\Documents and Settings\Bojan\Desktop\ComboFix.exe * Created a new restore point . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\Bojan\Desktop\Live Safety Center.lnk C:\Documents and Settings\Bojan\Desktop\Online Security Guide.lnk C:\Documents and Settings\Bojan\Favorites\Online Security Guide.lnk C:\WINDOWS\cookies.ini C:\WINDOWS\system32\ggjlm.bak1 C:\WINDOWS\system32\ggjlm.bak2 C:\WINDOWS\system32\ggjlm.ini C:\WINDOWS\system32\ggjlm.ini2 C:\WINDOWS\system32\ggjlm.tmp C:\WINDOWS\system32\lcch.dat C:\WINDOWS\system32\lut.dat C:\WINDOWS\system32\mljgg.dll C:\WINDOWS\system32\sxhnbzkl.dllbox C:\WINDOWS\system32\tconini.dat C:\WINDOWS\system32\tisa.cnf C:\WINDOWS\system32\ubodpnte.dllbox C:\WINDOWS\system32\wtnekdjt.dllbox C:\WINDOWS\winshow.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE ((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))) . 2007-11-16 16:48 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-16 13:39 81,984 --a------ C:\WINDOWS\system32\lpfqadhp.dll 2007-11-16 13:38 85,056 --a------ C:\WINDOWS\system32\xikniwto.dll 2007-11-15 09:24 79,936 --a------ C:\WINDOWS\system32\imaaegvx.dll 2007-11-14 23:03 79,424 --a------ C:\WINDOWS\system32\piqbkabl.dll 2007-11-14 23:00 85,056 --a------ C:\WINDOWS\system32\shuxngbo.dll 2007-11-14 22:53 144,480 --a------ C:\WINDOWS\system32\ubodpnte.dll 2007-11-14 22:52 144,480 --a------ C:\WINDOWS\system32\prjgmicw.dll 2007-11-14 22:52 85,056 --a------ C:\WINDOWS\system32\qmiwwbun.dll 2007-11-14 22:23 79,424 --a------ C:\WINDOWS\system32\rwwvtosr.dll 2007-11-14 22:13 144,480 --a------ C:\WINDOWS\system32\sxhnbzkl.dll 2007-11-14 22:13 85,056 --a------ C:\WINDOWS\system32\pwddhsqg.dll 2007-11-14 22:13 79,424 --a------ C:\WINDOWS\system32\qqdrtfqe.dll 2007-11-14 22:12 144,480 --a------ C:\WINDOWS\system32\kiaujpyq.dll 2007-11-14 21:55 79,424 --a------ C:\WINDOWS\system32\yrmnuwlx.dll 2007-11-14 21:49 <DIR> d-------- C:\VundoFix Backups 2007-11-14 21:01 144,480 --a------ C:\WINDOWS\system32\wohketyj.dll 2007-11-14 20:58 79,424 --a------ C:\WINDOWS\system32\jmijvdio.dll 2007-11-14 20:55 85,056 --a------ C:\WINDOWS\system32\rxhcvfdc.dll 2007-11-14 20:24 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Thinstall 2007-11-14 09:34 81,472 --a------ C:\WINDOWS\system32\pqvdlpub.dll 2007-11-14 09:30 85,056 --a------ C:\WINDOWS\system32\cxhsusej.dll 2007-11-14 09:26 <DIR> d-------- C:\Program Files\Navilog1 2007-11-14 08:54 85,056 --a------ C:\WINDOWS\system32\sxvhjuor.dll 2007-11-14 08:53 81,472 --a------ C:\WINDOWS\system32\lqtqbasa.dll 2007-11-14 00:02 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-14 00:02 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-11-14 00:02 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-13 23:46 80,448 --a------ C:\WINDOWS\system32\gcewkauj.dll 2007-11-13 23:43 85,056 --a------ C:\WINDOWS\system32\kujoviwq.dll 2007-11-12 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-12 22:54 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-12 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-12 22:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-12 21:52 144,480 --a------ C:\WINDOWS\system32\qagbqfdp.dll 2007-11-12 21:49 81,472 --a------ C:\WINDOWS\system32\kvdnxagh.dll 2007-11-12 17:06 <DIR> d-------- C:\Program Files\RegCure 2007-11-12 16:54 81,472 --a------ C:\WINDOWS\system32\nrnpugii.dll 2007-11-12 15:37 81,472 --a------ C:\WINDOWS\system32\xiacdoul.dll 2007-11-12 09:33 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Systweak 2007-11-12 09:33 89,664 --a------ C:\WINDOWS\system32\kwysjeyu.dll 2007-11-12 09:33 81,472 --a------ C:\WINDOWS\system32\oljtdvqq.dll 2007-11-12 09:32 <DIR> d-------- C:\Program Files\Advanced System Optimizer 2007-11-12 00:10 79,936 --a------ C:\WINDOWS\system32\urasxfhh.dll 2007-11-12 00:07 88,128 --a------ C:\WINDOWS\system32\shlfdqgd.dll 2007-11-11 22:21 79,936 --a------ C:\WINDOWS\system32\cfmmjncv.dll 2007-11-11 22:15 88,128 --a------ C:\WINDOWS\system32\palskmfj.dll 2007-11-11 13:31 79,936 --a------ C:\WINDOWS\system32\pjtucjkk.dll 2007-11-11 13:27 88,128 --a------ C:\WINDOWS\system32\ulyhbdgv.dll 2007-11-11 10:04 79,936 --a------ C:\WINDOWS\system32\ookrjbsy.dll 2007-11-11 10:01 88,128 --a------ C:\WINDOWS\system32\stxudpnu.dll 2007-11-11 09:15 79,936 --a------ C:\WINDOWS\system32\vdahondm.dll 2007-11-11 09:09 88,128 --a------ C:\WINDOWS\system32\whdnjxkr.dll 2007-11-11 00:02 81,472 --a------ C:\WINDOWS\system32\clkftbqk.dll 2007-11-10 23:56 85,056 --a------ C:\WINDOWS\system32\mgeoorie.dll 2007-11-10 22:55 81,472 --a------ C:\WINDOWS\system32\dubjgmvc.dll 2007-11-10 21:26 85,056 --a------ C:\WINDOWS\system32\vxvyikcc.dll 2007-11-10 21:23 81,472 --a------ C:\WINDOWS\system32\rwxycuxe.dll 2007-11-10 19:40 81,472 --a------ C:\WINDOWS\system32\rnxbduyv.dll 2007-11-10 19:37 85,056 --a------ C:\WINDOWS\system32\wdlkyghl.dll 2007-11-10 19:06 85,056 --a------ C:\WINDOWS\system32\bqwsxthh.dll 2007-11-10 19:03 81,472 --a------ C:\WINDOWS\system32\uiwqogga.dll 2007-11-09 20:30 88,128 --a------ C:\WINDOWS\system32\ttmfnsox.dll 2007-11-09 20:24 77,888 --a------ C:\WINDOWS\system32\brlnrmnu.dll 2007-11-09 20:17 88,128 --a------ C:\WINDOWS\system32\flurenpi.dll 2007-11-09 20:17 77,888 --a------ C:\WINDOWS\system32\hfnbibxq.dll 2007-11-09 13:16 88,128 --a------ C:\WINDOWS\system32\lcqbpvte.dll 2007-11-09 13:13 77,888 --a------ C:\WINDOWS\system32\rsjkkmev.dll 2007-11-09 10:48 88,128 --a------ C:\WINDOWS\system32\aqfyqvsa.dll 2007-11-09 10:44 77,888 --a------ C:\WINDOWS\system32\qydsascv.dll 2007-11-09 10:21 88,128 --a------ C:\WINDOWS\system32\nqbeghgo.dll 2007-11-09 10:18 77,888 --a------ C:\WINDOWS\system32\vttvfjyx.dll 2007-11-09 10:14 77,888 --a------ C:\WINDOWS\system32\qxtckoju.dll 2007-11-09 10:11 88,128 --a------ C:\WINDOWS\system32\jmljyirb.dll 2007-11-09 00:23 86,080 --a------ C:\WINDOWS\system32\wrnbqedb.dll 2007-11-07 10:31 <DIR> d-------- C:\Program Files\AVIcodec 2007-11-07 07:02 86,080 --a------ C:\WINDOWS\system32\utaxmrnh.dll 2007-11-07 06:59 79,936 --a------ C:\WINDOWS\system32\nnilbthp.dll 2007-11-07 00:36 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2007-11-07 00:27 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-11-07 00:27 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-11-06 18:57 35,328 --a------ C:\WINDOWS\system32\opnlihe.dll 2007-11-06 18:53 35,328 --a------ C:\WINDOWS\system32\khfdbbb.dll 2007-11-06 18:53 35,328 --a------ C:\WINDOWS\system32\ddcdbxw.dll 2007-11-03 21:01 <DIR> d-------- C:\Program Files\YouTube Downloader 2007-10-31 20:04 12,208 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-10-31 20:01 56 -r-hs---- C:\WINDOWS\system32\27733E6785.sys 2007-10-23 12:08 <DIR> d-------- C:\Program Files\uTorrent 2007-10-18 16:08 <DIR> d-------- C:\Program Files\Total Video Converter 2007-10-18 15:57 90,112 --a------ C:\WINDOWS\unvise32.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-16 16:04 --------- d-----w C:\Documents and Settings\Bojan\Application Data\uTorrent 2007-11-08 06:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-07 09:23 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-06 23:29 --------- d-----w C:\Program Files\XviD 2007-11-05 18:24 --------- d-----w C:\Program Files\PeerWeb DC++ 2007-11-02 16:27 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Skype 2007-11-01 15:17 --------- d-----w C:\Program Files\Google 2007-10-31 19:03 --------- d-----w C:\Program Files\DivX 2007-10-30 08:52 3,001 --sha-w C:\Documents and Settings\Bojan\ppUser.dat 2007-10-09 22:33 --------- d-----w C:\Program Files\MSN Messenger 2007-09-30 10:59 --------- d-----w C:\Program Files\EA SPORTS 2007-09-23 21:14 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Nokia Multimedia Player 2007-09-22 19:31 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Contrast 2007-09-22 19:26 --------- d-----w C:\Program Files\Contrast 2007-09-22 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Contrast 2007-09-22 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Laconic Software 2003-09-04 12:20 811,008 ----a-w C:\Program Files\NPSWF32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2520BA45-3D97-4864-82FF-F47F951727BA}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B053E00-78D3-47AE-B763-60FF36FF2886}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-14 22:53 144480 --a------ C:\WINDOWS\system32\ubodpnte.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b7465988-49f1-420b-8a16-59d52bb4808e}] 2007-11-16 13:39 81984 --a------ C:\WINDOWS\system32\lpfqadhp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ubodpnte.dll [2007-11-14 22:53 144480] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 16:36] "RegistryMechanic"="" [] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-14 00:01] "68c63ec9"="C:\WINDOWS\system32\xikniwto.dll" [2007-11-16 13:38] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ubodpnte] ubodpnte.dll 2007-11-14 22:53 144480 C:\WINDOWS\system32\ubodpnte.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljgg.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk] backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk] backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bojan^Start Menu^Programs^Startup^Metacafe.lnk] backup=C:\WINDOWS\pss\Metacafe.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68c63ec9] rundll32.exe "C:\WINDOWS\system32\lcqbpvte.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANR] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) . Contents of the 'Scheduled Tasks' folder "2007-11-16 16:06:46 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-15 08:14:06 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************************************ catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2007-11-16 17:07:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\ubodpnte.dllbox 20810 bytes scan completed successfully hidden files: 1 ************************************************************************ . Completion time: 2007-11-16 17:09:17 - machine was rebooted . --- E O F ---

Profil

bobby Poslao: 16 Nov 2007 21:56 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mozete me zvati Kraljevic Marko kada (i ako) uspem ovo da resim Skini program Avenger sa sledeceg linka: http://swandog46.geekstogo.com/avenger.zip Na prvom ekranu selektuj Input script manually pa klikni na ikonicu lupe. U prozoru koji ce se pojavi unesi sledeci tekst: Files to Delete: C:\WINDOWS\system32\lpfqadhp.dll C:\WINDOWS\system32\xikniwto.dll C:\WINDOWS\system32\imaaegvx.dll C:\WINDOWS\system32\piqbkabl.dll C:\WINDOWS\system32\shuxngbo.dll C:\WINDOWS\system32\ubodpnte.dll C:\WINDOWS\system32\prjgmicw.dll C:\WINDOWS\system32\qmiwwbun.dll C:\WINDOWS\system32\rwwvtosr.dll C:\WINDOWS\system32\sxhnbzkl.dll C:\WINDOWS\system32\pwddhsqg.dll C:\WINDOWS\system32\qqdrtfqe.dll C:\WINDOWS\system32\kiaujpyq.dll C:\WINDOWS\system32\yrmnuwlx.dll C:\WINDOWS\system32\wohketyj.dll C:\WINDOWS\system32\jmijvdio.dll C:\WINDOWS\system32\rxhcvfdc.dll C:\WINDOWS\system32\pqvdlpub.dll C:\WINDOWS\system32\cxhsusej.dll C:\WINDOWS\system32\sxvhjuor.dll C:\WINDOWS\system32\lqtqbasa.dll C:\WINDOWS\system32\gcewkauj.dll C:\WINDOWS\system32\kujoviwq.dll C:\WINDOWS\system32\qagbqfdp.dll C:\WINDOWS\system32\kvdnxagh.dll C:\WINDOWS\system32\nrnpugii.dll C:\WINDOWS\system32\xiacdoul.dll C:\WINDOWS\system32\kwysjeyu.dll C:\WINDOWS\system32\oljtdvqq.dll C:\WINDOWS\system32\urasxfhh.dll C:\WINDOWS\system32\shlfdqgd.dll C:\WINDOWS\system32\cfmmjncv.dll C:\WINDOWS\system32\palskmfj.dll C:\WINDOWS\system32\pjtucjkk.dll C:\WINDOWS\system32\ulyhbdgv.dll C:\WINDOWS\system32\ookrjbsy.dll C:\WINDOWS\system32\stxudpnu.dll C:\WINDOWS\system32\vdahondm.dll C:\WINDOWS\system32\whdnjxkr.dll C:\WINDOWS\system32\clkftbqk.dll C:\WINDOWS\system32\mgeoorie.dll C:\WINDOWS\system32\dubjgmvc.dll C:\WINDOWS\system32\vxvyikcc.dll C:\WINDOWS\system32\rwxycuxe.dll C:\WINDOWS\system32\rnxbduyv.dll C:\WINDOWS\system32\wdlkyghl.dll C:\WINDOWS\system32\bqwsxthh.dll C:\WINDOWS\system32\uiwqogga.dll C:\WINDOWS\system32\ttmfnsox.dll C:\WINDOWS\system32\brlnrmnu.dll C:\WINDOWS\system32\flurenpi.dll C:\WINDOWS\system32\hfnbibxq.dll C:\WINDOWS\system32\lcqbpvte.dll C:\WINDOWS\system32\rsjkkmev.dll C:\WINDOWS\system32\aqfyqvsa.dll C:\WINDOWS\system32\qydsascv.dll C:\WINDOWS\system32\nqbeghgo.dll C:\WINDOWS\system32\vttvfjyx.dll C:\WINDOWS\system32\qxtckoju.dll C:\WINDOWS\system32\jmljyirb.dll C:\WINDOWS\system32\wrnbqedb.dll C:\WINDOWS\system32\utaxmrnh.dll C:\WINDOWS\system32\nnilbthp.dll C:\WINDOWS\system32\opnlihe.dll C:\WINDOWS\system32\khfdbbb.dll C:\WINDOWS\system32\ddcdbxw.dll C:\WINDOWS\system32\ubodpnte.dllbox C:\WINDOWS\system32\27733E6785.sys Klikni na dugme Done. Vratice te na prvi ekran gde je sada potrebno kliknuti na ikonicu semafora. Ukoliko ti program sam ne zatrazi restart, onda ti sam restartuj racunar. Nakon restartovanja bi fajlovi trebali da budu obrisani, i backup napravljen u folderu c:\avenger. Postavi mi log koji ti Avenger bude napravio. Pusti ponovo Combofix pa mi postavi novi log. Skeniraj ponovo HijackThisom i postavi mi novi log.

Profil

KoZaK82 Poslao: 16 Nov 2007 22:19 Idi na vrh
offline KoZaK82 Novi MyCity građanin Pridružio: 14 Nov 2007 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! AVENGER: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\aefypxoc ***************** Script file located at: \??\C:\WINDOWS\nvtnmhbf.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: File C:\WINDOWS\system32\lpfqadhp.dll deleted successfully. File C:\WINDOWS\system32\xikniwto.dll deleted successfully. File C:\WINDOWS\system32\imaaegvx.dll deleted successfully. File C:\WINDOWS\system32\piqbkabl.dll deleted successfully. File C:\WINDOWS\system32\shuxngbo.dll deleted successfully. File C:\WINDOWS\system32\ubodpnte.dll not found! Deletion of file C:\WINDOWS\system32\ubodpnte.dll failed! Could not process line: C:\WINDOWS\system32\ubodpnte.dll Status: 0xc0000034 File C:\WINDOWS\system32\prjgmicw.dll not found! Deletion of file C:\WINDOWS\system32\prjgmicw.dll failed! Could not process line: C:\WINDOWS\system32\prjgmicw.dll Status: 0xc0000034 File C:\WINDOWS\system32\qmiwwbun.dll deleted successfully. File C:\WINDOWS\system32\rwwvtosr.dll deleted successfully. File C:\WINDOWS\system32\sxhnbzkl.dll not found! Deletion of file C:\WINDOWS\system32\sxhnbzkl.dll failed! Could not process line: C:\WINDOWS\system32\sxhnbzkl.dll Status: 0xc0000034 File C:\WINDOWS\system32\pwddhsqg.dll deleted successfully. File C:\WINDOWS\system32\qqdrtfqe.dll deleted successfully. File C:\WINDOWS\system32\kiaujpyq.dll not found! Deletion of file C:\WINDOWS\system32\kiaujpyq.dll failed! Could not process line: C:\WINDOWS\system32\kiaujpyq.dll Status: 0xc0000034 File C:\WINDOWS\system32\yrmnuwlx.dll deleted successfully. File C:\WINDOWS\system32\wohketyj.dll not found! Deletion of file C:\WINDOWS\system32\wohketyj.dll failed! Could not process line: C:\WINDOWS\system32\wohketyj.dll Status: 0xc0000034 File C:\WINDOWS\system32\jmijvdio.dll deleted successfully. File C:\WINDOWS\system32\rxhcvfdc.dll deleted successfully. File C:\WINDOWS\system32\pqvdlpub.dll deleted successfully. File C:\WINDOWS\system32\cxhsusej.dll deleted successfully. File C:\WINDOWS\system32\sxvhjuor.dll deleted successfully. File C:\WINDOWS\system32\lqtqbasa.dll deleted successfully. File C:\WINDOWS\system32\gcewkauj.dll deleted successfully. File C:\WINDOWS\system32\kujoviwq.dll deleted successfully. File C:\WINDOWS\system32\qagbqfdp.dll not found! Deletion of file C:\WINDOWS\system32\qagbqfdp.dll failed! Could not process line: C:\WINDOWS\system32\qagbqfdp.dll Status: 0xc0000034 File C:\WINDOWS\system32\kvdnxagh.dll deleted successfully. File C:\WINDOWS\system32\nrnpugii.dll deleted successfully. File C:\WINDOWS\system32\xiacdoul.dll deleted successfully. File C:\WINDOWS\system32\kwysjeyu.dll deleted successfully. File C:\WINDOWS\system32\oljtdvqq.dll deleted successfully. File C:\WINDOWS\system32\urasxfhh.dll deleted successfully. File C:\WINDOWS\system32\shlfdqgd.dll deleted successfully. File C:\WINDOWS\system32\cfmmjncv.dll deleted successfully. File C:\WINDOWS\system32\palskmfj.dll deleted successfully. File C:\WINDOWS\system32\pjtucjkk.dll deleted successfully. File C:\WINDOWS\system32\ulyhbdgv.dll deleted successfully. File C:\WINDOWS\system32\ookrjbsy.dll deleted successfully. File C:\WINDOWS\system32\stxudpnu.dll deleted successfully. File C:\WINDOWS\system32\vdahondm.dll deleted successfully. File C:\WINDOWS\system32\whdnjxkr.dll deleted successfully. File C:\WINDOWS\system32\clkftbqk.dll deleted successfully. File C:\WINDOWS\system32\mgeoorie.dll deleted successfully. File C:\WINDOWS\system32\dubjgmvc.dll deleted successfully. File C:\WINDOWS\system32\vxvyikcc.dll deleted successfully. File C:\WINDOWS\system32\rwxycuxe.dll deleted successfully. File C:\WINDOWS\system32\rnxbduyv.dll deleted successfully. File C:\WINDOWS\system32\wdlkyghl.dll deleted successfully. File C:\WINDOWS\system32\bqwsxthh.dll deleted successfully. File C:\WINDOWS\system32\uiwqogga.dll deleted successfully. File C:\WINDOWS\system32\ttmfnsox.dll deleted successfully. File C:\WINDOWS\system32\brlnrmnu.dll deleted successfully. File C:\WINDOWS\system32\flurenpi.dll deleted successfully. File C:\WINDOWS\system32\hfnbibxq.dll deleted successfully. File C:\WINDOWS\system32\lcqbpvte.dll deleted successfully. File C:\WINDOWS\system32\rsjkkmev.dll deleted successfully. File C:\WINDOWS\system32\aqfyqvsa.dll deleted successfully. File C:\WINDOWS\system32\qydsascv.dll deleted successfully. File C:\WINDOWS\system32\nqbeghgo.dll deleted successfully. File C:\WINDOWS\system32\vttvfjyx.dll deleted successfully. File C:\WINDOWS\system32\qxtckoju.dll deleted successfully. File C:\WINDOWS\system32\jmljyirb.dll deleted successfully. File C:\WINDOWS\system32\wrnbqedb.dll deleted successfully. File C:\WINDOWS\system32\utaxmrnh.dll deleted successfully. File C:\WINDOWS\system32\nnilbthp.dll deleted successfully. File C:\WINDOWS\system32\opnlihe.dll deleted successfully. File C:\WINDOWS\system32\khfdbbb.dll deleted successfully. File C:\WINDOWS\system32\ddcdbxw.dll deleted successfully. File C:\WINDOWS\system32\ubodpnte.dllbox deleted successfully. File C:\WINDOWS\system32\27733E6785.sys deleted successfully. Completed script processing. ***************** Finished! Terminate. COMBOFIX: ComboFix 07-11-08.1 - Bojan 2007-11-16 22:08:38.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.253 [GMT 1:00] Running from: C:\Documents and Settings\Bojan\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\Bojan\Desktop\Live Safety Center.lnk C:\Documents and Settings\Bojan\Desktop\Online Security Guide.lnk C:\Documents and Settings\Bojan\Favorites\Online Security Guide.lnk . ((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))) . 2007-11-16 16:48 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-14 21:49 <DIR> d-------- C:\VundoFix Backups 2007-11-14 20:24 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Thinstall 2007-11-14 09:26 <DIR> d-------- C:\Program Files\Navilog1 2007-11-14 00:02 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-14 00:02 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-11-14 00:02 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-12 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-12 22:54 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-12 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-12 22:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-12 17:06 <DIR> d-------- C:\Program Files\RegCure 2007-11-12 09:33 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Systweak 2007-11-12 09:32 <DIR> d-------- C:\Program Files\Advanced System Optimizer 2007-11-07 10:31 <DIR> d-------- C:\Program Files\AVIcodec 2007-11-07 00:36 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2007-11-07 00:27 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll 2007-11-07 00:27 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-11-03 21:01 <DIR> d-------- C:\Program Files\YouTube Downloader 2007-10-31 20:04 12,208 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-10-23 12:08 <DIR> d-------- C:\Program Files\uTorrent 2007-10-18 16:08 <DIR> d-------- C:\Program Files\Total Video Converter 2007-10-18 15:57 90,112 --a------ C:\WINDOWS\unvise32.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-16 21:01 --------- d-----w C:\Documents and Settings\Bojan\Application Data\uTorrent 2007-11-08 06:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-07 09:23 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-06 23:29 --------- d-----w C:\Program Files\XviD 2007-11-05 18:24 --------- d-----w C:\Program Files\PeerWeb DC++ 2007-11-02 16:27 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Skype 2007-11-01 15:17 --------- d-----w C:\Program Files\Google 2007-10-31 19:03 --------- d-----w C:\Program Files\DivX 2007-10-30 08:52 3,001 --sha-w C:\Documents and Settings\Bojan\ppUser.dat 2007-10-09 22:33 --------- d-----w C:\Program Files\MSN Messenger 2007-09-30 10:59 --------- d-----w C:\Program Files\EA SPORTS 2007-09-23 21:14 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Nokia Multimedia Player 2007-09-22 19:31 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Contrast 2007-09-22 19:26 --------- d-----w C:\Program Files\Contrast 2007-09-22 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Contrast 2007-09-22 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Laconic Software 2003-09-04 12:20 811,008 ----a-w C:\Program Files\NPSWF32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2520BA45-3D97-4864-82FF-F47F951727BA}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B053E00-78D3-47AE-B763-60FF36FF2886}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b7465988-49f1-420b-8a16-59d52bb4808e}] C:\WINDOWS\system32\lpfqadhp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 16:36] "RegistryMechanic"="" [] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-14 00:01] "68c63ec9"="C:\WINDOWS\system32\xikniwto.dll" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ubodpnte] ubodpnte.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fantastic Flame Agent.lnk] backup=C:\WINDOWS\pss\Fantastic Flame Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk] backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bojan^Start Menu^Programs^Startup^Metacafe.lnk] backup=C:\WINDOWS\pss\Metacafe.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\68c63ec9] rundll32.exe "C:\WINDOWS\system32\lcqbpvte.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANR] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) . Contents of the 'Scheduled Tasks' folder "2007-11-16 21:04:52 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-15 08:14:06 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************************************ catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2007-11-16 22:11:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-11-16 22:12:01 . --- E O F --- HIJACK THIS: Logfile of HijackThis v1.99.1 Scan saved at 10:16:59 PM, on 11/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Bojan\Desktop\giza\troter.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {2520BA45-3D97-4864-82FF-F47F951727BA} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {9B053E00-78D3-47AE-B763-60FF36FF2886} - (no file) O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: {e8084bb2-5d95-61a8-b024-1f948895647b} - {b7465988-49f1-420b-8a16-59d52bb4808e} - C:\WINDOWS\system32\lpfqadhp.dll (file missing) O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [68c63ec9] rundll32.exe "C:\WINDOWS\system32\xikniwto.dll",b O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: ubodpnte - ubodpnte.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Profil

bobby Poslao: 16 Nov 2007 23:07 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skeniraj ponovo HijackThisom i stikliraj polja ispred sledecih linija: O2 - BHO: (no name) - {2520BA45-3D97-4864-82FF-F47F951727BA} - (no file) O2 - BHO: (no name) - {9B053E00-78D3-47AE-B763-60FF36FF2886} - (no file) O2 - BHO: {e8084bb2-5d95-61a8-b024-1f948895647b} - {b7465988-49f1-420b-8a16-59d52bb4808e} - C:\WINDOWS\system32\lpfqadhp.dll (file missing) O4 - HKLM\..\Run: [68c63ec9] rundll32.exe "C:\WINDOWS\system32\xikniwto.dll",b O20 - Winlogon Notify: ubodpnte - ubodpnte.dll (file missing) Klikni Fix Checked ======= Pregledaj Program Files folder i kazi mi da li imas neki folder u cijem imenu stoji TrustIn Takodje, pogledaj da li postoje sledeci fajlovi: C:\Windows\System32\tisa.dll C:\Windows\System32\ticads.exe C:\Windows\System32\ticont.dll C:\Windows\System32\tips.exe C:\Windows\System32\lcch.dat C:\Windows\System32\tipp.dat C:\Windows\System32\tconini.dat C:\Windows\System32\lut.dat C:\Windows\System32\tisa.cnf C:\Windows\System32\tippcls.dat C:\Windows\ads.js ======= Udji u C:\Avenger i kazi mi koje fajlove tu imas i koliko su veliki.

Profil

KoZaK82 Poslao: 16 Nov 2007 23:36 Idi na vrh
offline KoZaK82 Novi MyCity građanin Pridružio: 14 Nov 2007 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Uradio sve sto si napisao sa "Hijacked this" - u Folderu Program Files nema nijedan folder u cijem imenu stoji TrustIn - nijedan od ovih fajlova nije prisutan u System32 - nisam mozda razumeo najbolje ovo sto si mi rekao da udjem u C:\Avenger i kazem ti koje fajlove tu imam i koliko su veliki. Imam zip koji se zove backup, valjda je to ovo sto sam obrisao u proslom koraku, ne znam sta ti tacno treba?

Profil

bobby Poslao: 16 Nov 2007 23:45 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hteo sam da te zamolim da mi uploadujes taj backup.zip ukoliko nije preterano velik fajl. Isto (opet, ukoliko ti nije tesko da uploadujes), da mi spakujes u jedan ZIP i ceo folder C:\QooBox Avengerov backup bih poslao coveku koji pravi VundoFix, tako da on moze da doradi taj program da automatski uklanja ove verzije koje kod tebe nije prepoznao. QooBox je potreban meni licno, tako da je to manje bitno ukoliko ti je spor net pa ti je tesko uploadovati. Ukoliko se odlucis za upload, to mozes uraditi preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Da se vratimo na infekciju. Kako ti se komp sada ponasa? Ima li jos nekih simptoma? Po logovima bih rekao da smo se otarasili bede.

Profil

KoZaK82 Poslao: 16 Nov 2007 23:50 Idi na vrh
offline KoZaK82 Novi MyCity građanin Pridružio: 14 Nov 2007 Poruke: 12	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! cini mi se da jesmo u ovom trenutku.... sad cu da ti uploadujem oba .zip, pa to je najmanje sto mogu da uradim za tebe.... 4mb+13mb aj malo cu da testiram komp pa ti saljem zapazanja

Profil

bobby Poslao: 16 Nov 2007 23:55 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Taj od 13mb nece moci da se uploaduje jer forma ogranicava na 10mb. Pretpostavljam da je to folder C:\QooBox Velik je jer je u njemu kompletan backup registry baze (fajlovi sa ekstenzijom DAT). Vidi da spakujes ostale fajlove, te DAT fajlove nemoj.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Upropasti me virus, pomoc neophodna

Ko je trenutno na forumu

Ukupno su 984 korisnika na forumu :: 16 registrovanih, 5 sakrivenih i 963 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: brundo65, comi_pfc, Dimitrise93, DonRumataEstorski, dragoljub11987, flash12, Kenanjoz, Krvava Devetka, mikki jons, novator, radionica1, saputnik plavetnila, sasa76, slonic_tonic, Srle993, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by