Zakachio sam Trojan-Spy.Win32@mx

1

Zakachio sam Trojan-Spy.Win32@mx

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25503
  • Gde živiš: Beneath the Black Sky

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:40, on 13.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Spyware Doctor\SDTrayApp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Rainlendar\Rainlendar.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Spyware Doctor\svcntaux.exe
H:\Program Files\Spyware Doctor\swdsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\alg.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Trend Micro\HijackThis\hjt.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63D56D19-9B15-458B-989E-664D04D7F549} - H:\WINDOWS\system32\pmkjg.dll
O2 - BHO: {418ecd18-cfce-8e0b-eac4-4f81bdfe86c9} - {9c68efdb-18f4-4cae-b0e8-ecfc81dce814} - H:\WINDOWS\system32\sqxpemmr.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - H:\WINDOWS\system32\mkxnekjd.dll
O2 - BHO: (no name) - {E908A6A7-026C-4FBE-93A9-96020BEEAD53} - H:\WINDOWS\system32\hggdbby.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - H:\WINDOWS\system32\mkxnekjd.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] H:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Rainlendar.lnk = H:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: &Download All with FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - H:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{946CA697-82B2-48B9-8D5D-CF168E8563F5}: NameServer = 213.244.255.2,213.244.255.3
O20 - Winlogon Notify: hggdbby - H:\WINDOWS\SYSTEM32\hggdbby.dll
O20 - Winlogon Notify: mkxnekjd - H:\WINDOWS\SYSTEM32\mkxnekjd.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6615 bytes

Probao sam sa Smitrfraud iz safe moda-a da uklonim ovaj spyware ali nisam uspeo

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini VundoFix:
http://www.atribune.org/ccount/click.php?id=4

* Dvoklikom se startuje fajl VundoFix.exe.
* Izabere opcija Scan for Vundo.
* Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK.
* Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo.
* Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes.
* Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a.
* Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK.
* Uključi se računar i podigne sistem iznova.
* Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25503
  • Gde živiš: Beneath the Black Sky

Reshio sam na drugi nachin...ruchnoi sam obrisao ovaj file:
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - H:\WINDOWS\system32\mkxnekjd.dll

On je bio problematichan i stvarao mi je probleme....s&d,spyware doctor i avast sada nishta ne prijavljuju....

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ima jos, nije samo on.
Molim te uradi ono sto sam ti napisao u prethodnoj poruci.

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25503
  • Gde živiš: Beneath the Black Sky

VundoFix V6.5.10

Checking Java version...

Sun Java not detected
Scan started at 19:39:30 13.11.2007

Listing files found while scanning....

H:\windows\system32\hggdbby.dll
H:\WINDOWS\system32\mkxnekjd.dll

Beginning removal...

Attempting to delete H:\windows\system32\hggdbby.dll
H:\windows\system32\hggdbby.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete H:\windows\system32\hggdbby.dll
H:\windows\system32\hggdbby.dll Has been deleted!

Performing Repairs to the registry.
Done!

Dopuna: 13 Nov 2007 19:57

Evo HJT loga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:38, on 13.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20661)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Spyware Doctor\SDTrayApp.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Rainlendar\Rainlendar.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\Program Files\Spyware Doctor\svcntaux.exe
H:\Program Files\Spyware Doctor\swdsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wdfmgr.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\hjt.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {418ecd18-cfce-8e0b-eac4-4f81bdfe86c9} - {9c68efdb-18f4-4cae-b0e8-ecfc81dce814} - H:\WINDOWS\system32\sqxpemmr.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {F90454F5-25E6-40F7-A68F-C56474AF51C5} - H:\WINDOWS\system32\pmkjg.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] H:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Rainlendar.lnk = H:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: &Download All with FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - H:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{946CA697-82B2-48B9-8D5D-CF168E8563F5}: NameServer = 213.244.255.2,213.244.255.3
O20 - Winlogon Notify: mkxnekjd - mkxnekjd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - H:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII\RpcSandraSrv.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6338 bytes

Dopuna: 13 Nov 2007 19:58

Meni i ova dva fajla deluju sumnjivo:


O2 - BHO: (no name) - {F90454F5-25E6-40F7-A68F-C56474AF51C5} - H:\WINDOWS\system32\pmkjg.dll

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Hmm.. i opet ima jos.

Daj mi sledece fajlove na upload:
H:\WINDOWS\system32\sqxpemmr.dll
H:\WINDOWS\system32\pmkjg.dll

Forma za upload fajlova:
http://www.mycity.rs/ambulanta-upload.php

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25503
  • Gde živiš: Beneath the Black Sky

Uploadovano....

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Oba su malware.

Skini program Avenger sa sledeceg linka:
http://swandog46.geekstogo.com/avenger.zip

Na prvom ekranu selektuj Input script manually pa klikni na ikonicu lupe.
U prozoru koji ce se pojavi unesi sledeci tekst:
H:\WINDOWS\system32\sqxpemmr.dll
H:\WINDOWS\system32\pmkjg.dll


Klikni na dugme Done.
Vratice te na prvi ekran gde je sada potrebno kliknuti na ikonicu semafora.
Ukoliko ti program sam ne zatrazi restart, onda ti sam restartuj racunar.
Nakon restartovanja bi folder trebao da bude obrisan, i backup napravljen u folderu c:\avenger.

Nakon toga skeniraj HijackThisom i stikliraj polja ispred linija u kojima se spominju ovi fajlovi, kao i ispred one linije koju si vec spomenuo:
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)


Sledeci put (zlu ne trebalo), nemoj vise sam da brises stavke iz HJT-a jer onda alatke kao sto je VundoFix gube reference, pa ne mogu da nadju sve fajlove infekcije.

Kada sve odradis, jos jedan restart, pa novi HJT log koji ces mi ovde postaviti.

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25503
  • Gde živiš: Beneath the Black Sky

Hmm kada kliknem na semafor izbacuje mi poruku:

Error:selected files does not appear to be a valid script

Kada kliknem na OK u tom prozoru dobijam:

Press OK to log error and contiune or cancel to abort

Kada pritisnem na OK dobijem poruku:

Error code: 0

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Stativa... moja greska.

Files to Delete:
H:\WINDOWS\system32\sqxpemmr.dll
H:\WINDOWS\system32\pmkjg.dll


Matorim, definitivno...

Ko je trenutno na forumu
 

Ukupno su 1182 korisnika na forumu :: 46 registrovanih, 10 sakrivenih i 1126 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Apok, babaroga, bokisha253, Boris Bosiljčić, BORUTUS, Bubili, Bubimir, cemix, croato, DENIRO, Dimitrise93, DPera, dule10savic, GenZee, goxin, ikan, JOntra, Kruger, Kubovac, KUZMAR, Lieutenant, ljuba, Luka Blažević, mercedesamg, milenko crazy north, Miroljub1979, MiroslavD, mkukoleca, naki011, ostoja, pein, prle122, royst33, sasakrajina, Shinobi, sickmouse, suponik, taz1cl, vathra, VJ, vladulns, voja64, VP6919, |_MeD_|