NSIS error

NSIS error

offline
  • Pridružio: 27 Jun 2004
  • Poruke: 1268
  • Gde živiš: Subotica

Logfile of HijackThis v1.99.1
Scan saved at 9:47:28, on 4.7.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\winhlp32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Goran\Desktop\New Folder\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Reklame\Pityu\FlashGet\jccatch.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\Reklame\Pityu\FlashGet\jccatch.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Reklame\Pityu\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Reklame\Pityu\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Reklame\Pityu\FlashGet\flashget.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CD43D4B-F312-46CD-922F-161B33598634}: NameServer = 212.200.112.1,212.200.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CD43D4B-F312-46CD-922F-161B33598634}: NameServer = 212.200.112.1,212.200.112.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CD43D4B-F312-46CD-922F-161B33598634}: NameServer = 212.200.112.1,212.200.112.12
O17 - HKLM\System\CS3\Services\Tcpip\..\{0CD43D4B-F312-46CD-922F-161B33598634}: NameServer = 212.200.112.1,212.200.112.12
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

------------------------------------------------------------------------------------
Kad pokrecem instalaciju nekog programa iz exe fajla pojavljuje mi se prozor NSIS error. To su uglavnom instalacije programa koje sam skinuo sa neta. Cak se to desava i kada je program ceo u rar fajlu i kad ga raspakujem i pokrenem exe dobijem NSIS error. NSIS error prozor kaze
da program ili nije dobro skinut, ili je hardverska greska, ili imam virus.
Posto je ovo komp u firmi i ovo se desava na vise kompova u okviru firme mislim da je u pitanju virus. Imam instaliran NOD32, ali on nista ne pronalazi... Pomoc!

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pogledaj folder C:\Program Files\QuickTime\ i kazi mi da li u njemu imas folder BAK


Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili

offline
  • Pridružio: 27 Jun 2004
  • Poruke: 1268
  • Gde živiš: Subotica

Kao prvo u QuickTime folderu ne postoji folder BAK. Postoji jedan fajl sa BAK ekstenzijom i to je C:\Program Files\Quick Time\QTSystem\Quick Time.qts.BAK...
kao drugo odradio sam sve kako si rekao i evo rezultata:

https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png


Hvala...

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Logovi su mi malo cudni, ali ne vidim nista sto bi pokazalo jasno na nesto konkretno.

Moramo da krenemo pesice:

- Ima li koja nova ikonica kraj sata?
- Imate li na svim kompovima instaliran uTorrent?
- Probaj skeniranje Ewidom:

Skini Ewido micro (8Mb) :
http://downloads.ewido.net/ewido_micro.exe

Kako se radi sa Ewido micro:
- na prvom ekranu odaberi sve particije (štikliraj polja ispred njih)
- klikni na dugme Start Scan
- nakon završenog skeniranja klikni na Save Report i snimi log fajl na sigurno mesto
- klikni na Remove Infections
- iskopiraj nam ovde sadržaj log fajla koji je malopre snimljen

Nakon skeniranja sa Ewidom i postavljanja log fajla, postavi nam i svez log programa HijackThis.

Ko je trenutno na forumu
 

Ukupno su 972 korisnika na forumu :: 38 registrovanih, 4 sakrivenih i 930 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, Arahne, Asparagus, Cassius Clay, comi_pfc, Dimitrije Paunovic, doktor1964, draganl, Dvojac005, goxin, hologram, HrcAk47, hyla, ikan, kolle.the.kid, krkalon, Kubovac, Leonov, ljuba, Lucije Kvint, Luka Blažević, Lutvo_Redzepagic, Magistar78, Mcdado, milan.vukovic, milimoj, Milos82, Ripanjac, sap, ser.hill, Srki94, stegonosa, Sumadija34, vathra, VJ, Vlada78, Zoca