MyCity » Ambulanta -> Arhiva Ambulante » MOlim pomoc za stari problem koji sam imao i ranije

MOlim pomoc za stari problem koji sam imao i ranije

Napisano na dan: 14.4.2007

Strana:
1
2

MOlim pomoc za stari problem koji sam imao i ranije

Sledeća strana

Pagination

Odgovori

Strana:
1
2

alibaba Poslao: 14 Apr 2007 17:11 Idi na vrh
offline alibaba Građanin Pridružio: 02 Apr 2005 Poruke: 102 Gde živiš: U GraDu CaraPapa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U donjem desnom uglu izlazi svaki put kad resetujem komp: system alert znak koji treperi(upitnik) sa odredjenom stranicom ukoliko kliiknem na znak. Znam da je ovo za vas stari problem i mozda je vec bila ova tema na ovom forimu, ali molim vas pomognite mi kako da se resim ovog problema. Od anti-programa koristim: Nod32. ZoneAlarm7, ad-aware, spywareblaster, spyware terminator, spywarevanisher.... Pre ovog problema omao sam trojanzlob kojeg sam ga skeniro i izbriso sa Nod32 posle njega drugi problem Hvala na pomoci a evo i logfile: Logfile of HijackThis v1.99.1 Scan saved at 16:53:18, on 14.4.2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files2\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files2\Eset\nod32kui.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files2\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\Documents and Settings\Marko.MARKOBIT-QKVI0C\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files2\DAP\DAPBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files2\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files2\DAP\DAPIEBar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042407 serial=DR12WTX-9999998-YSP lang=EN O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nod32kui] "C:\Program Files2\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files2\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~2\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~2\DAP\dapextie2.htm O8 - Extra context menu item: Radar - C:\Program Files2\Internet Radar\Radar.html O8 - Extra context menu item: Sledeci - C:\Program Files2\Internet Radar\Sledeci.html O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~2\DAP\DAP.EXE O9 - Extra button: O sajtu - {A33D72F1-0CA3-4522-AF0E-DBCAC81F29C2} - C:\Program Files2\Internet Radar\InternetRadar.dll O9 - Extra button: Radar - {A727176C-7630-49d5-ACC0-EDA518EA0D73} - C:\Program Files2\Internet Radar\Radar.html O9 - Extra button: Sledeci - {A8B4C482-2491-431d-90CC-19590FB1D12E} - C:\Program Files2\Internet Radar\Sledeci.html O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....6141035921 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....6141013859 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files2\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe Hvalaa

Profil

bobby Poslao: 14 Apr 2007 17:47 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preimenuj HijackThis.exe u recimo t3.exe i napravi novi log.

Profil

alibaba Poslao: 14 Apr 2007 20:02 Idi na vrh
offline alibaba Građanin Pridružio: 02 Apr 2005 Poruke: 102 Gde živiš: U GraDu CaraPapa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zaboravio sam jos da napomenem da ne mogu da uklonim windows system alert koji je instaliran a ima ga u ad-removeprograms ali nista ne reaguje kada to pokusavam i dalje stoji molim vas uzasno ne nerviraa

Profil

bobby Poslao: 14 Apr 2007 20:13 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradi ono sto sam ti napisao - promeni ime programa HijackThis, posto se neke infekcije sakrivaju kada ga vide na listi procesa.

Profil

alibaba Poslao: 14 Apr 2007 21:02 Idi na vrh
offline alibaba Građanin Pridružio: 02 Apr 2005 Poruke: 102 Gde živiš: U GraDu CaraPapa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To sam odmah uradio onako kako si mi rekao sve je isto, a pokusao sam da pronadjem windows system alert preko searchwindows opcije(sve su opcije ukljucene za trazenje) od pronalaska nema nista a pokusao sam da pronadjem i znak upitnik u windowsu, sve je isto uptinik samo treperi pri svakom resetovanju on se pojavljuje i izlazi mali prozorcic u donjem uglu u kome pise da je detektovano vise stetocina na sistemu ..svi programi za trazenje spywara ne prikazuju nista Dopuna: 14 Apr 2007 21:02 Naravno pokusao sam i u safe modu

Profil

bobby Poslao: 14 Apr 2007 21:17 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! A sto mi ovde lepo ne postavis novi log sa preimenovanim HijackThisom pa da ja budem miran i da krenemo dalje?

Profil

alibaba Poslao: 14 Apr 2007 21:51 Idi na vrh
offline alibaba Građanin Pridružio: 02 Apr 2005 Poruke: 102 Gde živiš: U GraDu CaraPapa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 21:52:26, on 14.4.2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\Program Files2\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files2\Eset\nod32kui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe C:\Program Files2\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files2\Spyware Terminator\sp_rsser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Marko.MARKOBIT-QKVI0C\Desktop\t3.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files2\DAP\DAPBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files2\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~2\SPYWAR~2\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files2\DAP\DAPIEBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nod32kui] "C:\Program Files2\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042407 serial=DR12WTX-9999998-YSP lang=EN O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files2\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files2\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~2\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~2\DAP\dapextie2.htm O8 - Extra context menu item: Radar - C:\Program Files2\Internet Radar\Radar.html O8 - Extra context menu item: Sledeci - C:\Program Files2\Internet Radar\Sledeci.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files2\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files2\Spyware Terminator\sp_rsser.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Profil

bobby Poslao: 14 Apr 2007 21:56 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili

Profil

alibaba Poslao: 15 Apr 2007 12:43 Idi na vrh
offline alibaba Građanin Pridružio: 02 Apr 2005 Poruke: 102 Gde živiš: U GraDu CaraPapa	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! GMER 1.0.12.12244 - gmer.net Rootkit scan 2007-04-15 12:33:59 Windows 5.1.2600 Service Pack 1 ---- System - GMER 1.0.12 ---- SSDT \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys ZwClose SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort SSDT \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys ZwCreateFile SSDT \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys ZwCreateKey SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile SSDT \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys ZwDeleteKey SSDT \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys ZwDeleteValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection SSDT \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys ZwOpenFile SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation SSDT \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys ZwSetValueKey SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver SSDT \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys ZwWriteFile INT 0x2E srescan.sys F98A6A9D ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 170 805025EC 4 Bytes [ 3A, DD, BD, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 188 80502604 4 Bytes [ 60, 0E, C3, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1A0 8050261C 4 Bytes [ 52, D7, BD, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 8050262C 4 Bytes [ AE, D0, BD, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1C4 80502640 12 Bytes [ F0, 11, C3, F7, 80, 74, C3, ... ] .text ... ? srescan.sys The system cannot find the file specified. .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 170 805025EC 4 Bytes [ 3A, DD, BD, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 188 80502604 4 Bytes [ 60, 0E, C3, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1A0 8050261C 4 Bytes [ 52, D7, BD, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 8050262C 4 Bytes [ AE, D0, BD, F7 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1C4 80502640 12 Bytes [ F0, 11, C3, F7, 80, 74, C3, ... ] .text ... ---- Devices - GMER 1.0.12 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7C428A0] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F7C428A0] vsdatant.sys ---- EOF - GMER 1.0.12 ---- Dopuna: 15 Apr 2007 12:43 GMER 1.0.12.12244 - gmer.net Autostart scan 2007-04-15 12:37:45 Windows 5.1.2600 Service Pack 1 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe, HKLM\SYSTEM\CurrentControlSet\Services\ >>> Adobe LM Service /Adobe LM Service/@ = "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" NOD32krn /NOD32 Kernel Service/@ = C:\Program Files2\Eset\nod32krn.exe NVSvc /NVIDIA Display Driver Service/@ = %SystemRoot%\System32\nvsvc32.exe Spooler /Print Spooler/@ = %SystemRoot%\system32\spoolsv.exe sp_rssrv /Spyware Terminator Realtime Shield Service/@ = C:\Program Files2\Spyware Terminator\sp_rsser.exe UMWdf /Windows User Mode Driver Framework/@ = C:\WINDOWS\System32\wdfmgr.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup @nod32kui"C:\Program Files2\Eset\nod32kui.exe" /WAITSERVICE = "C:\Program Files2\Eset\nod32kui.exe" /WAITSERVICE @SoundManSOUNDMAN.EXE = SOUNDMAN.EXE @TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot @CorelDRAW Graphics Suite 11bC:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042407 serial=DR12WTX-9999998-YSP lang=EN /file not found/ = C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042407 serial=DR12WTX-9999998-YSP lang=EN /file not found/ @nwiznwiz.exe /install = nwiz.exe /install @NvMediaCenterRUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit @SpywareTerminator"C:\Program Files2\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Program Files2\Spyware Terminator\SpywareTerminatorShield.exe" HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler@{abef791f-947e-4cdf-83c3-e72a240afb67} = C:\WINDOWS\System32\ygjun.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /Display Panning CPL Extension/deskpan.dll /file not found/ = deskpan.dll /file not found/ @{A70C977A-BF00-412C-90B7-034C51DA2439} /NvCpl DesktopContext Class/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll @{FFB699E0-306A-11d3-8BD1-00104B6F7516} /Play on my TV helper/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll @{1CDB2949-8F65-4355-8456-263E7C208A5D} /Desktop Explorer/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /Desktop Explorer Menu/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /nView Desktop Context Menu/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll @CorelDRAW Shell Extension Component /CorelDRAW Shell Extension Component/(null) = @{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /Shell Extensions for RealOne Player/C:\Program Files2\Real\RealPlayer\rpshell.dll = C:\Program Files2\Real\RealPlayer\rpshell.dll @{B089FE88-FB52-11d3-BDF1-0050DA34150D} /NOD32 Context Menu Shell Extension/C:\Program Files2\Eset\nodshex.dll = C:\Program Files2\Eset\nodshex.dll @{0006F045-0000-0000-C000-000000000046} /Microsoft Outlook Custom Icon Handler/C:\PROGRA~2\MICROS~1\Office\OLKFSTUB.DLL = C:\PROGRA~2\MICROS~1\Office\OLKFSTUB.DLL @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /WinRAR shell extension/C:\Program Files2\WinRAR\rarext.dll = C:\Program Files2\WinRAR\rarext.dll @{BD88A479-9623-4897-8546-BC62B9628F44} /SPTHandler/C:\Program Files2\Spyware Terminator\sptcontmenu.dll = C:\Program Files2\Spyware Terminator\sptcontmenu.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /Web Folders/ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> EncodeDivXExt@{E9F5B111-CACC-4FD4-81FD-4EB4FD6765A3} = C:\Program Files2\DivX\Dr.DivX\EncodeDivXExt.dll NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Program Files2\Eset\nodshex.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files2\WinRAR\rarext.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files2\WinRAR\rarext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> NOD32 Context Menu Shell Extension@{B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Program Files2\Eset\nodshex.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files2\WinRAR\rarext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{0000CC75-ACF3-4cac-A0A9-DD3868E06852}C:\Program Files2\DAP\DAPBHO.dll = C:\Program Files2\DAP\DAPBHO.dll @{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files2\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Program Files2\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll @{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}C:\PROGRA~2\SPYWAR~2\tools\iesdsg.dll = C:\PROGRA~2\SPYWAR~2\tools\iesdsg.dll @{B56A7D7D-6927-48C8-A975-17DF180C71AC}C:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll = C:\PROGRA~2\SPYWAR~2\tools\iesdpb.dll HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page = HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pageabout:blank = about:blank @Local Page = HKLM\Software\Classes\PROTOCOLS\Handler\ >>> dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll its@CLSID = C:\WINDOWS\System32\itss.dll mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\System32\itss.dll tv@CLSID = C:\WINDOWS\System32\msvidctl.dll vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx wia@CLSID = C:\WINDOWS\System32\wiascr.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>> 000000000001@PackedCatalogItem = imon.dll 000000000002@PackedCatalogItem = imon.dll 000000000003@PackedCatalogItem = imon.dll 000000000004@PackedCatalogItem = imon.dll 000000000005@PackedCatalogItem = imon.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011@PackedCatalogItem = imon.dll C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup >>> Microsoft Office.lnk = Microsoft Office.lnk Remote Control.lnk = Remote Control.lnk ---- EOF - GMER 1.0.12 ----

Profil

bobby Poslao: 15 Apr 2007 20:37 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vidim ga: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler@{abef791f-947e-4cdf-83c3-e72a240afb67} = C:\WINDOWS\System32\ygjun.dll 1) Preuzmi program SmitfraudFix sa ovog linka. 2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti) 3.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link 4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd. Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pretisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo. 5.) 6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om pokrenuće ti se Windows-ov program Disk Cleanup. Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svez HJT log.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » MOlim pomoc za stari problem koji sam imao i ranije

Ko je trenutno na forumu

Ukupno su 1214 korisnika na forumu :: 64 registrovanih, 7 sakrivenih i 1143 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, A.R.Chafee.Jr., Andrija357, Bloody, cavatina, celik, Cirkon, comi_pfc, Dannyboy, Demostant, DPera, dragoljub11987, FOX, Frunze, Gargantua, HrcAk47, Karla, kvcali, Leonov, lord sir giga, mackenzie, Marko Marković, Mcdado, mercedesamg, Milan A. Nikolic, milenko crazy north, Milos ZA, Mitraljeta, moldway, Motocar, nenad81, nesa1962, Nikolaa11, NikolaGTR, oldtimer, Parker, pein, Petar35, powSrb, Regrut Boskica, repac, RILE-NS, royst33, S-lash, Singidunumac, SlaKoj, slonic_tonic, Smd, Steeeefan, stegonosa, Stojković, t84dar, theNedjeljko, Tragač, trajkoni018, Trpe Grozni, TRZH92, tubular, Viktoriya, VJ, wolverined4, YugoSlav, zaoka, zixmix

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by