 Poslao: 05 Jan 2010 00:32 |
|
|
|
|
|
| Poslao: 05 Jan 2010 01:04 |
|
|
|
|
Zdravo,
postavio si mi sve logove osim najvaznijeg:
 Preuzmite program DDS sa ovog, ovog ili ovog linka na Desktop.
- Dvoklikom pokrenite DDS;
- nakon par minuta će se pojaviti poruka o završetku procesa i otvoriće se dva izveštaja;
- snimite oba izveštaja na Desktop (izborom File > Save As);
- dvoklikom otvorite DDS.txt i iskopirajte sadržaj u temu;
- file Attach.txt priložite uz poruku korišćenjem opcije Prikači fajl.
Slikoviti prikaz postupka
Napomena: u slučaju da zaštitni softver omete DDS u radu, privremeno deaktivirajte isti (uputstvo) i ponovo pokrenite DDS.
Dobro bi bilo da mi slikas i to sto je NOD registrovao. |
|
|
|
|
|
| Poslao: 05 Jan 2010 01:46 |
|
|
|
|
znao sam da sam nesto zaboravio...,a to sto je NOD registrovao nemam pojma kako da slikam jer ga nisam spasio !!
DDS (Ver_09-12-01.01) - NTFSx86
Run by œN@ KNœZœV!C at 17:12:52,69 on pon 01/04/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.239.80 [GMT 1:00]
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\£N@ KN£Z£V!C\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.ba/
uInternet Connection Wizard,ShellNext = hxxp://hosting.conduit.com/Uninstall?toolbarid=&version=4.5.191.15
TB: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP0.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [GRID DRAW] c:\docume~1\n@knzv~1\applic~1\namema~1\surfamok.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [LTSMMSG] LTSMMSG.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [PadTouch] "c:\program files\toshiba\padtouch\PadExe.exe
mRun: [TFNF5] TFNF5.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TFncKy] TFncKy.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
dRunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBC}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206561240906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206561211281
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
TCP: {5A5D8AC9-E45E-44AE-B428-08E1027A129B} = 77.78.220.2
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
============= SERVICES / DRIVERS ===============
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-10-26 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-10-26 552064]
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\windows live\messenger\usnsvc.exe [2007-10-18 98328]
=============== Created Last 30 ================
==================== Find3M ====================
2010-01-04 16:05:28 3670016 ---ha-w- c:\documents and settings\³n@ kn³z³v!c\NTUSER.DAT
2009-10-23 16:42:48 21892 ----a-w- c:\windows\system32\UninstXviDDec.exe
2007-10-26 11:50:45 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007102620071027\index.dat
============= FINISH: 17:13:35,16 =============== |
|
|
|
|
|
| Poslao: 05 Jan 2010 17:55 |
|
|
|
|
|
| Poslao: 06 Jan 2010 01:13 |
|
|
|
|
|
| Poslao: 06 Jan 2010 01:15 |
|
|
|
|
| Jesi pokrenuo taj program za koji sam ti dao link? |
|
|
|
|
|
| Poslao: 06 Jan 2010 01:25 |
|
|
|
|
dvoklikom na ikonicu,poceo je raditi i otvorio mi stranicu gdje ima svega..
izvini racunari mi i nisu jaca strana.. |
|
|
|
|
|
| Poslao: 06 Jan 2010 08:13 |
|
|
|
|
| zan pjer papen :: | dvoklikom na ikonicu,poceo je raditi i otvorio mi stranicu gdje ima svega..
izvini racunari mi i nisu jaca strana.. |
Kad je zavrsio, jer bio neki log da se kopira ovde? |
|
|
|
|
|
| Poslao: 06 Jan 2010 12:48 |
|
|
|
|
| ne nije,samo je otvoro prozor sa onim textom koji sam ti poslao |
|
|
|
|
|
| Poslao: 06 Jan 2010 12:53 |
|
|
|
|
Nisi mi poslao nikakav tekst, samo si mi poslao fajl koji sam ja tebi poslao da ga pokrenes.
Znaci, kad kliknes na onaj moj link, otvori ti se prozor gde te pita gde da sacuvas.
Ti ga sacuvaj gde hoces. Kad se skine, a vec se skinuo posto si mi ga poslao, onda ga pokrenes dvoklikom i sacekas log koji ce da se pojavi.
Taj log mi onda iskopiras ili posaljes. |
|
|
|
|
|
| Poslao: 06 Jan 2010 16:26 |
|
|
|
|
----------- Napisano: 06 Jan 2010 14:22 ---------
pokusao sam ti poslati redosljed koraka u slikama koje uradim ali ne moze.Pokusat cu ti objasniti sta uradim.
Kada uradim dvoklik na ikonicu, koja mi se pojavila kada sam spasio onaj tvoj link,otvori mi se prozor Open file-Security Warning koji nudi ipciju Run i Cancel.Ja izaberem Run tada mi se pojavi mali prozor SwizzorSearch i kaze Please wait...i nakon desetak sekundi otvori mi prozor lop-Notped u kojem se nalazi fajl koji si mi poslao.
Tako da log koji trebas ili ga ja ne vidim ili ga nema……
----------- Dopuna: 06 Jan 2010 16:26 ---------
helenu ima li rjesenja za ovaj problem |
|
|
|
|
|
| Poslao: 06 Jan 2010 20:22 |
|
|
|
|
Taj lop-Notped koji se otvori sa tekstom, to mi ovde kopiras.
Znaci, kad se otvori Notepad sa nekim tekstom, kliknes bilo gde na taj tekst pa na tastaturi pritisnes i drzis Ctrl i pritisnes tipku A. Kad se ceo tekst poplavi, onda kliknes na tekst desni klik misem i izaberes Copy opciju, pa onda na forumu u ovoj temi izaberes opciju odgovori i u prazno polje za tekst kliknes bilo gde levim klikom misa i onda kliknes desni klik misa, pa izaberes opciju Paste, i onda ce se meni log iskopirati.
Potom posaljes tu poruku. |
|
|
|
|
|
| Poslao: 06 Jan 2010 22:20 |
|
|
|
|
----------- Napisano: 06 Jan 2010 22:05 ---------
Swizzor Search, run by œN@ KNœZœV!C at 21:59:55,23
C:\Documents and Settings\All Users\Application Data\
..... 5/17/2008 19:53:51 .. Hope meow blue sect
..... 2/17/2008 21:34:47 .. Messenger Plus!
.... 12/18/2003 16:26:12 .. SBSI
C:\Documents and Settings\œN@ KNœZœV!C\Application Data\
AdobeUM
ChessBase
namemailcast
C:\Program Files\
..... 12/19/2003 8:24:15 .. Apoint2K
..... 6/10/2008 18:54:18 .. ChessBase
..... 2/17/2008 18:32:51 .. Circle Developement
..... 2/17/2008 18:32:45 .. Messenger Plus! Live
.... 10/26/2007 13:06:02 .. Microsoft ActiveSync
...... 1/4/2009 23:03:31 .. MyPlayCity.com
..... 8/25/2008 22:05:43 .. namemailcast
..... 6/18/2009 22:09:45 .. The Learning Company
..... 12/19/2003 8:14:04 .. Toshiba
Tasks
C:\WINDOWS\Tasks\AEEFC257918C727B.job *
>>> c:\docume~1\n@knzv~1\applic~1\namema~1\mapi bone that.exe [262144 5/17/2008 19:55:11]
Registry
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GRID DRAW"="C:\\DOCUME~1\\N@KNZV~1\\APPLIC~1\\NAMEMA~1\\surfamok.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
End of file.
...pa znam ovo....
----------- Dopuna: 06 Jan 2010 22:20 ---------
uslikao sam i ono sto mi je NOD detektovao.Samo ne znam kako da promjenim iz doc formata u jpg ili neki drugi format koji mi omogucava da ti posaljem kao sliku. Ako bi ti to pomoglo napisi mi kako da preformatiram tu sliku da bih ti je poslao..... |
|
|
|
|
|
| Poslao: 06 Jan 2010 22:27 |
|
|
|
|
| Pa posalji mi taj doc fajl. |
|
|
|
|
|
| Poslao: 06 Jan 2010 22:32 |
|
|
|
|
|
| Poslao: 07 Jan 2010 01:26 |
|
|
|
|
Preuzmi program OTM na Desktop.
- Dvoklikom pokreni OTM.exe
- U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:
| Kod: |
:files
C:\Documents and Settings\All Users\Application Data\Hope meow blue sect
C:\Documents and Settings\œN@ KNœZœV!C\Application Data\namemailcast
C:\Program Files\Circle Developement
C:\Program Files\namemailcast
C:\WINDOWS\Tasks\AEEFC257918C727B.job
:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GRID DRAW"=-
:Commands
[Reboot]
|
Klikni MoveIt!
Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.
Ukoliko se pojavi upit:
| Confirm :: | The system requires a reboot to finish removing files.
Do you want to reboot now? |
kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.
Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu. |
|
|
|
|
|
| Poslao: 07 Jan 2010 20:49 |
|
|
|
|
pojavi mi se poruka koju si naveo
Confirm ::
The system requires a reboot to finish removing files.
Do you want to reboot now?
kada odem na Yes kompjuter se restartuje a kada se ponovo pokrene logfile mi ne otvori automatski vec sam nasao ikonicu u My documents (desktop.ini-Notped) i u njoj ovo dole sto sam ti iskopirao..
[DeleteOnCopy]
Owner=£N@ KN£Z£V!C
Personalized=5
PersonalizedName=My Documents
[DeleteOnCopy.A]
Owner=£N@ KN£Z£V!C
[DeleteOnCopy.W]
Owner=+AKM-N+AEA- KN+AKM-Z+AKM-V+ACE-C
da li je to ono sto si trazio... |
|
|
|
|
|
| Poslao: 07 Jan 2010 21:41 |
|
|
| dr_Bora |
 Anti Malware Fighter
Rank 2 
Supermoderator
tech foruma |
 |
| |
| Pridružio: 24 Jul 2007 |
| Poruke: 7635 |
Gde živiš: Höganäs, SE
[Povratak na vrh] |
|
|
 |
|
 |
|
Pozdrav... Kolega je zauzet, pa ću ja da nastavim.
Ponovo pokreni Swizzor Search i iskopiraj ovde log koji dobiješ. |
|
|
|
|
|
| Poslao: 07 Jan 2010 21:45 |
|
|
|
|
Swizzor Search, run by œN@ KNœZœV!C at 21:41:09,00
C:\Documents and Settings\All Users\Application Data\
..... 2/17/2008 21:34:47 .. Messenger Plus!
.... 12/18/2003 16:26:12 .. SBSI
C:\Documents and Settings\œN@ KNœZœV!C\Application Data\
AdobeUM
ChessBase
namemailcast
C:\Program Files\
..... 12/19/2003 8:24:15 .. Apoint2K
..... 6/10/2008 18:54:18 .. ChessBase
..... 2/17/2008 18:32:45 .. Messenger Plus! Live
.... 10/26/2007 13:06:02 .. Microsoft ActiveSync
...... 1/4/2009 23:03:31 .. MyPlayCity.com
..... 6/18/2009 22:09:45 .. The Learning Company
..... 12/19/2003 8:14:04 .. Toshiba
Tasks
Registry
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
End of file. |
|
|
|
|
|
| Poslao: 07 Jan 2010 21:50 |
|
|
| dr_Bora |
Anti Malware Fighter
Rank 2
Supermoderator
tech foruma |
|
| |
| Pridružio: 24 Jul 2007 |
| Poruke: 7635 |
Gde živiš: Höganäs, SE
[Povratak na vrh] |
|
|
|
|
|
|
Start > Run i u liniju za unos teksta iskopiraj sledeće:
%appdata%
Klikni Ok.
Otvoriće se prozor Windows Explorera. U tom prozoru obriši folder:
namemailcast
Ukoliko ne vidiš taj folder, aktiviraj prikaz skrivenih file-ova i foldera: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html
Kakvo je sada stanje? Postoji li trenutno neki problem? |
|
|
|
|
|
  |
Strana 1 od 2
|
(Registrovanim korisnicima se NE prikazuju reklame)
 |
|
 |
Ukupno su 193 korisnika na forumu :: 15 Registrovanih, 3 Sakriven i 175 Gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije
Najviše korisnika na forumu ikad bilo je 972 - dana 26 Okt 2008 13:06
Korisnici trenutno na forumu: Da vam Bata nešto kaže..., dr_Bora, Dubara, helen1, jetza88, Kolexxx, magna86, nemanja_066, NoOneEver Dreams, plavii, Rumba King, stankovic, vlada_14, x-Death-x, Žan Klod vam dam |
|
Turista 
