Delimicno resena SmitFraud infekcija, ostao adware-dialer

1

Delimicno resena SmitFraud infekcija, ostao adware-dialer

offline
  • Pridružio: 06 Dec 2005
  • Poruke: 148

Nesto sam sredio, sklonio sam upitnik iz tray bara uz pomoc smitfraudfix-a. Evo loga, pa se "vidimo" sutra.


Logfile of HijackThis v1.99.1
Scan saved at 11:30:04 PM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files\H_j-t.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Dopuna: 26 Jun 2007 7:13

Probao sam sinoc da otvorim log da bih ga iskopirao,ali nisam uspeo (??), pa sam uradio upload, nisam to uradio nesvesno. Skenirao sam laptop, pa onda log na fles, pa na moj racunar, pa na mycity. A i naslov, kasno je bilo, vrucina, umor... U svakom slucaju, hvala sto ste izmenili ovo.

Elem, voleo bih da mi kazete sta jos treba da uradim ovde, koje linije treba da obrisem.

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Za pocetak ces pokrenuti HijackThis ici na opciju "Do a system scan only", oznaciti i obrisati sledece linije:

O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res

Restartuj racunar.
----------------------

Skini program [url=https://www.mycity.rs/must-login.png

Startuj i klikni na dugme Scan na prvom tabu.
Kada zavrsi skeniranje iskopiraj mi ovde sadrzaj liste koju bude napravio.
Klikni i na dugme ZIP, sto ce sve skrivene fajlove da spakuje u Catchme.zip koji ce da se nalazi na Desktopu.
Zatim ces u tab Script prekopirati ovo ispod (celo) i kliknuti Run.
files:
C:\WINDOWS\system32\linkprd.exe

files to kill:
C:\Program Files\Video ActiveX Access\iesplg.dll
C:\Program Files\Video ActiveX Access\iesbpl.dll


Posalji nam taj ZIP preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php
-------------------------

Pokrenuces HijackThis i osim novog loga koji ces da napravis i postujes uz sledecu poruku postovaces i ovo:

HijackThis opcija "Open the Misc Tools Section" pa "Open Uninstall Manager" pa "Refresh List" i Save List.

offline
  • Pridružio: 06 Dec 2005
  • Poruke: 148

Logfile of HijackThis v1.99.1
Scan saved at 6:47:19 PM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\svchost.exe
E:\Program Files\H_j-t.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

-----------------------------------
uninstall_list:

Adobe Reader 7.0
Atheros Wireless LAN
Broadcom 802.11 Network Adapter
BSPlayer
CCleaner (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 1.99.1
Instant Access
Intel(R) Graphics Media Accelerator Driver
K-Lite Codec Pack 2.70 Full
Lexmark Z600 Series
Messenger Service
Microsoft Office Professional Edition 2003
Nero 7 Ultra Edition
NOD32 antivirus system
NOD32 FiX v1.9
Opera 9.10
Realtek High Definition Audio Driver
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
WIDCOMM Bluetooth Software
Winamp (remove only)

----------------------------
"Startuj i klikni na dugme Scan na prvom tabu.
Kada zavrsi skeniranje iskopiraj mi ovde sadrzaj liste koju bude napravio." - ili ovo ne moze, ili sam ja sakat ovih dana po pitanju kopiranja sadrzaja.





Eto to je sve.

Dopuna: 27 Jun 2007 9:47

Evo ga (rasejan sam nesto)...

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, gmer.net
Rootkit scan 2007-06-26 18:50:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\Prefetch\FVLNAL.EXE-2E64802F.pf
C:\WINDOWS\system32\fvlnal.dat
C:\WINDOWS\system32\fvlnal.exe
C:\WINDOWS\system32\fvlnal_nav.dat
C:\WINDOWS\system32\fvlnal_navps.dat

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 5

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pozdrav zanzi,

DeM14n trenutno ima problema sa netom, pa cu ja da upadnem.

Deinstaliraj Instant Access preko Control Panel> Add/Remove Programs.

Nakon toga restartuj jednom komp.

Nakon toga napravi novi log pomocu programa Catchme kog si vec skinuo.
Znaci, dugme Scan, pa iskopiras ovde listu koju bude napravio nakon sto zavrsi skeniranje.

offline
  • Pridružio: 06 Dec 2005
  • Poruke: 148

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Da li radi deinstalaciju ukoliko tu udaris Cancel?

Ukoliko nece tako, onda moramo rucno, ali za to mogu da ti napisem uputstvo tek ujutru (ustajem oko 5:20).

offline
  • Pridružio: 06 Dec 2005
  • Poruke: 148

Na cancel se nista ne desava, a na run, odnosno save se javlja nod.




Ako mozes, napisi kako, ja sam na poslu od 7, a racunar mogu da pogledam tek sutra uvece.

Zanimljivo je i to da se racunar uzasno sporo gasi/restartuje, cak do 12 minuta...

Hvala ti, pa se "vidimo".

Dopuna: 28 Jun 2007 0:54

Sad ne mogu da se konektujem, prijavljuje mi da nemam modem, gledao sam u device manageru, nisam ga nasao. Da li ovaj "nestanak" modema mozda ima veze sa ovim Instant Access?

Probao sam reinstall drajvera za modem, sa diska koji ide uz laptop, sve je proslo kako treba, nije mi se pojavila nikakva greska, ali i dalje mi se pojavljuje ista greska prilikom pokusaja konektovanja (7 pa jos dve cifre, ne setih se da je uslikam).

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

- Skinuti [url=https://www.mycity.rs/must-login.png fajl[/url]
- Desni klik na fajl i odabrati Extract All, raspakovati fajlove na C:\
- Ući u folder C:\bfu_navipromo i startovati BFU.exe
- Po startovanju programa kliknuti na ikonicu foldera i odabrati fajl EGDACCESS.bfu
- Kliknuti na dugme Execute i sačekati dok se obavi čišćenje.
- Kliknuti ponovo na ikonicu foldera i odabrati fajl aftermath.bfu
- Kliknuti na dugme Execute i sačekati dok se obavi čišćenje.

Ukoliko ni nakon ovoga ne proradi prikljucivanje na internet, probaj da pokrenes i sledeci program:
http://www.bleepingcomputer.com/files/lspfix.php

Proveri i profil za konektovanje (podesavanja broja telefona provajdera i oostatak) da li su u redu.

U svakom slucaju, na kraju probaj da nam postavis novi log HijackThis-a ili napisi tacnu poruku greske koju izbacuje, pa da vidimo o cemu se radi.

offline
  • Pridružio: 06 Dec 2005
  • Poruke: 148

Probacu ovo predvece, kad budem seo za ukleti laptop.

Sto se tice profila za konektovanje, sinoc sam se kacio na net 2-3 puta, i posle jednog restarta (ili gasenja), vise nije htelo. A nista nisam menjao, osim sto sam par puta pokusao da sklonim instant access.

Greska je 7xx, ne zapamtih, uslikacu je veceras, pre nego sto probam ove tvoje preporuke.

Hvala i pozdrav.

Dopuna: 28 Jun 2007 18:32

Cim sam seo za racunar, pre 45 minuta, odmah sam probao da se konektujem i uspeo sam iz prve - verovatno se nesto "zaglupeo" modem, ako tako mogu da kazem.

Uradio sam ono sa BFU kako si mi napisao, probao konekciju, radi. Pogledao u add/remove, nema vise instant access-a. Jedino je jos ostao problem sa restartovanjem/gasenjem - malopre sam ga restartovao, trebalo mu je 11 minuta, a sam sistem se podize normalno.

Vlasnik racunara hoce da uradim reinstalaciju, mada sam ja za resavanje problema, a ne za bezanje u "format C".

Bitno je da je racunar cist, da smo sklonili sve sto treba (ipak evo hijackthis loga), ali me buni sporo gasenje sistema.

Lako je raditi reinstalaciju, ali onda necu znati resenje problema.

Pozdrav.


Logfile of HijackThis v1.99.1
Scan saved at 6:24:07 PM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
F:\clean\H_j-t.exe

F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Dopuna: 28 Jun 2007 19:10

Jos me i ovo zanima - broj procesa i zauzetost memorije. Obe slike su uradjene odmah po podizanju sistema, bez ukljucivanja ikakvih programa.





Dopuna: 28 Jun 2007 19:30

Ovo prvi put vidim. Mozda nije za ambulantu, ali sam morao da postavim.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Daj mi uploaduj sledeci fajl:
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe

To je skraceni oblik putanje, puni oblik bi trebao da izgleda:
C:\Documents and Settings\user\Local Settings\Temp\RtkBtMnt.exe

Da bi mogao da stignes do tog fajla moraces da ukljucis prikaz skrivenih fajlova prema sledecem uputstvu:
http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html

Prvo ga spakuj u ZIP, pa onda uradi upload jer mislim da direktno neces moci da ga uploadujes.

Uploaduj ga na:
http://www.mycity.rs/ambulanta-upload.php

Taj program mi je nepoznat, a i sumnjiv mi je iz razloga sto se pokrece sa jako neobicne lokacije (foldera).

Dopuna: 28 Jun 2007 19:53

Inace, mislim da znam zasto se sporo podize i gasi sistem. Mislim da je krivac Nero BackItUp. Verovatno je podesen da pravi rezervne kopije fajlova kojima je pristupano u toku te sesije na raunaru.

Ko je trenutno na forumu
 

Ukupno su 464 korisnika na forumu :: 4 registrovanih, 1 sakriven i 459 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 4channer, raykan, samsung, suton