Slika na monitoru nestane

1

Slika na monitoru nestane

offline
  • Pridružio: 29 Maj 2011
  • Poruke: 1444
  • Gde živiš: U svom svetu

Saznadoh da imam 32-bitni Windows

Pre 7 dana,na svaka dva dana,slika na monitoru nestane.Sva tri-cetiri puta se to dogodilo tokom mog kuckanja na tastaturi.Moram onda da resetujem komp,da bi sve bilo uredu.Dva dana sve bude ok,onda opet nestane.Nista drugo se ne poremeti,dakle ima tona,ali ne i slike.
Koristim kablovski internet
Windows xp
Hertz 75
SP 3
RADEON 9200 SE


DDS (Ver_2011-06-23.01) - NTFSx86

https://www.mycity.rs/must-login.png

offline
  • Més que un club
  • Glavni vokal @ Harpun
  • Pridružio: 27 Feb 2009
  • Poruke: 3896
  • Gde živiš: Novi Sad,Klisa

Pozdrav Einmana

Nisi detaljno ispratila uputsva koja se nalaze ovde:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html
U koraku #2 se jos i trazi da nam prekopiras sadrzaj izvestaja DDS.txt
Takodje bih te zamolio da odradis ono sto ti se trazi u koraku #3


NIx Car (AMF tim)

offline
  • Pridružio: 29 Maj 2011
  • Poruke: 1444
  • Gde živiš: U svom svetu

Napisano: 29 Jun 2011 15:26

Sta li sam onda radila sat vremena Very Happy ?

Ok,potrudicu se da sve ispunim smešak

Dopuna: 29 Jun 2011 15:30

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by Ivana at 14:13:47 on 2011-06-29
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.511.127 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
svchost.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.rs/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 212.62.32.1 212.62.32.5
TCP: Interfaces\{9ACC8226-C115-45C9-A299-9AE646343919} : DhcpNameServer = 212.62.32.1 212.62.32.5
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: cryptnet32 - cryptnet32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ivana\application data\mozilla\firefox\profiles\gg8mftdn.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=wbst
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4&hl={language}&src=chrm
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
.
============= SERVICES / DRIVERS ===============
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2009-7-5 77312]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbguard.exe [2010-2-21 81920]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-16 363344]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe [2010-2-21 2723840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-16 20952]
S0 ehhwrnbkt;ehhwrnbkt;c:\windows\system32\drivers\ycdtdlixnw.sys [2011-3-5 53760]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-19 136176]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-19 136176]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\msn messenger\usnsvc.exe [2006-12-3 94504]
.
=============== Created Last 30 ================
.
2011-06-01 09:13:53 348256 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\corelphotopaint\9.0\1033\ResourceCache.dll
2011-06-01 09:11:46 348256 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\coreldraw\9.0\1033\ResourceCache.dll
2011-06-01 09:10:29 416 ----a-w- c:\documents and settings\all users\application data\microsoft\msdn\9.0\1033\ResourceCache.dll
2011-06-01 09:10:17 -------- d-----w- c:\documents and settings\ivana\local settings\application data\Microsoft Help
2011-06-01 09:06:56 -------- d-----w- c:\program files\common files\Corel
2011-06-01 09:05:43 -------- d-----w- c:\program files\common files\Protexis
2011-06-01 09:05:39 -------- d-----w- c:\documents and settings\all users\application data\Corel
2011-06-01 08:56:13 -------- d-----w- c:\program files\Corel
2011-06-01 08:43:52 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-01 08:43:07 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-01 08:42:28 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-01 08:42:28 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-01 08:42:27 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-01 08:42:27 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-01 08:42:27 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-01 08:42:27 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-01 08:42:27 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-01 08:42:27 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-01 08:29:51 -------- d-----w- c:\documents and settings\all users\application data\CorelDRAW Graphics Suite X5
2011-06-01 07:28:52 -------- d-----w- c:\program files\common files\Akamai
.
==================== Find3M ====================
.
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2009-09-16 07:06:03 13644 ----a-w- c:\program files\common files\ycyhikodu.reg
.
============= FINISH: 14:14:03,04 ===============

Dopuna: 29 Jun 2011 15:35

Da li je ovo DDS.txt?

Dopuna: 29 Jun 2011 15:35

Sve mi se pomesalo.

Dopuna: 29 Jun 2011 15:47

https://www.mycity.rs/must-login.png



Da li sam uradila korak 2 i 3?Jel treba jos nesto?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav Einmana!



Ja cu voditi ovaj slucaj, s'obzirom da kolega ima privatnih obaveza ...





Arrow


Nadji fajl:

c:\windows\system32\drivers\ycdtdlixnw.sys


i upload-uj mi ga putem sledeceg link-a:


http://www.mycity.rs/ambulanta-upload.php







Arrow


Preuzmi Rootkit Unhooker na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks

klikni OK i sačekaj završetak skeniranja.


Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj.

Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.








goran9888 (AMF Tim)

offline
  • Pridružio: 29 Maj 2011
  • Poruke: 1444
  • Gde živiš: U svom svetu

Citat:
c:\windows\system32\drivers\ycdtdlixnw.sys


i upload-uj mi ga putem sledeceg link-a:



Moras mi pomoci,jer ja apsolutno nista ne znam oko ovog.Dakle,gde treba da trazim taj fajl?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Kako gde?


Pa napisao sam ti lokaciju.

Start -> Run -> %systemroot%\system32\drivers

U tom folderu nadji fajl pod imenom: ycdtdlixnw.sys i posalji mi ga putem linka koji sam ti ostavio u prethodnoj poruci.


Postupak je vise nego prost i veoma su male sanse da se pogresi.





Takodje mi ostavi i trazeni izvestaj Rootkit Unhooker-a.






goran9888 (AMF Tim)

offline
  • Pridružio: 29 Maj 2011
  • Poruke: 1444
  • Gde živiš: U svom svetu

Napisano: 29 Jun 2011 21:10

Nasla sam i poslala taj fajl

Dopuna: 29 Jun 2011 21:19

Citat:
Preuzmi Rootkit Unhooker na Desktop.

Dvoklikom pokreni program;

odaberi Report karticu;

klikni Scan i u prozoru koji se otvori štrikliraj stavke:

SSDT
Shadow SSDT
Processes
Drivers
Stealth Code
Files
Code Hooks

klikni OK i sačekaj završetak skeniranja.



Uradila sam sve ovo,pocinje da skenira ali onda izadje prozor na kojem je stiklirano C D fajl.Trazi da izaberem fajl.Sta sada?

offline
  • Pridružio: 29 Maj 2011
  • Poruke: 1444
  • Gde živiš: U svom svetu

tacnije pise:SELECT DISKS FOR SCAN
C: NTFS
D:NTFS

i to je vec stajalo stiklirano

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Einmana ::Sta sada?


Po defaultu su sve particije striklirane. Ostavi tako i pritisni Ok; nastavice se skeniranje.







goran9888 (AMF Tim)

offline
  • Pridružio: 29 Maj 2011
  • Poruke: 1444
  • Gde živiš: U svom svetu

Napisano: 29 Jun 2011 21:30

ok,jesam i to,ali sada se otvorio prozor PLEASE WAIT WHILE RKU MAKES SCAN .YOU CAN STOP SCAN BY PRESSING CANCEL. Ovo stoji vec 2 minute i ne mice se

Dopuna: 29 Jun 2011 21:35

..i dalje se ne mice taj prozor Sad

Ko je trenutno na forumu
 

Ukupno su 563 korisnika na forumu :: 31 registrovanih, 7 sakrivenih i 525 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksa-, apostata, Boskovic, Chainsaw, Cirkon, dragon986, Georgius, HrcAk47, hyla, Insan, lidija2011, magna86, MB120mm, mercedesamg, Milan A. Nikolic, Misa63, mrkanidja, Najax, nuke92, Panonsky, royst33, Srki98, stalker, t.mile, theNedjeljko, trutcina, USSVoyager, vobo, wolf431, YU-UKI