MyCity » Ambulanta -> Arhiva Ambulante » U cemu je problem?

U cemu je problem?

Napisano na dan: 2.4.2007
2

U cemu je problem?
Pagination Prethodna strana

Idi na vrh

Poslao: 06 Apr 2007 10:50
Idi na vrh
offline
  • Pridružio: 25 Okt 2006
  • Poruke: 276

Nema ga. Vidim da se showwipe.exe pojavljuje u liniji 04, a nema ga vise u runing processes...isti je slucaj i sa creative tray.exe...nema ga u procesima, a ostao je ispod...sta god ovo 04 znacilo...
Evo u toku je Kaspersky online scan...vec 2 sata skenira...jos toliko ce sigurno! Nasao je 10 virusa i 53 infected files, ali ne vidim koje dok ne zavrsi...tako da cu se sutra baciti na brisanje istih pa ti posaljem novi log.
Laku noc

Dopuna: 06 Apr 2007 10:31

Hm...Kaspersky nije nasao nista bitno...ovih 10 virusa su instalacije nekih programa, tipa mirc i torpark, ne znam kako je njih registrovao kao viruse, a ostatak su fajlovi iz NOD ovog foldera INFECTED, tnpr C:\Program Files\Eset\infected\V23QQEBA.NQF
Da li da obrisem sve iz tog foldera?

Dopuna: 06 Apr 2007 10:36

Upravo mi je Zone alarm "rekao" da Tune Up (koji sam pokrenuo) pokusava da obrise neki registry fajl ili slicno, tj da mu zabrani da se pokrene, a ime mu je "mags heck phone rdr"...to je nesto ostalo od onog foldera?

Dopuna: 06 Apr 2007 10:50

Jos 2. stvari:
Kao prvo, ne mogu da pristupim registru preko RUN/REGEDIT, kaze da je disabled by admin. a ja sam na admin nalogu,
i drugo, pristupio sam mu preku Tune Up-a i nasao 2 vrijednosti pri pretrazi "corn heck" i 2 pri pretrazi "creative tray" i obrisao sam ih. Evo log:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:43, on 6.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BORGChat\BORGChat.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\TuneUp Utilities 2007\Integrator.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Nemanja\Desktop\ZekaThis\ZekaThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BORGChat.lnk = C:\Program Files\BORGChat\BORGChat.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - [Link mogu videti samo ulogovani korisnici]\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - [Link mogu videti samo ulogovani korisnici]\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - [Link mogu videti samo ulogovani korisnici]\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - [Link mogu videti samo ulogovani korisnici]\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{41F6F2FD-3DE5-4A73-9B5D-E36C684E463D}: NameServer = 192.168.0.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Dopuna: 06 Apr 2007 10:50

sad je izgleda OK?



Poslao: 06 Apr 2007 17:45
Idi na vrh
offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

trebalo bi da je to to. Htedoh ja da ti predlozim fix te linije ali mi je bilo sumnjivo sto u logu ne pise file mising pa sam mislio da se ponovo pojavio.

ako se bude pojavilo jos nesto javi.



Poslao: 12 Apr 2007 23:46
Idi na vrh
offline
  • Pridružio: 25 Okt 2006
  • Poruke: 276

Hvala puno.

MyCity » Ambulanta -> Arhiva Ambulante » U cemu je problem?

Ko je trenutno na forumu
 

Ukupno su 661 korisnika na forumu :: 82 registrovanih, 9 sakrivenih i 570 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: AndrejPetar, Avalon015, BORUTUS, Bosnjo, bozzo27, branko7, BrusLi, BZ, celt, Comyymoc, dd201176, DeerHunter, DezurniOperativni, djboj, Djota1, DM1994, doktor097, doktor1964, draganl, Duh sa sekirom, dusan.l, dusanobr, Dzigy, Džekson, geo.dule, Gogi_avio, goranperović66, HrcAk47, Ivica1102, Jester, JK, Kiki98TZ, Kobrim, Konda, kybonacci, Lazur_01, lord sir giga, Mastrum Ridkali, mean_machine, mercedesamg, Mihajlo, mikoyan21, milanpb, milenko crazy north, Miletić Zoran, MiljanXD, mirkoro, Mićko, mnn2, nebojsag, Njubara, OgnjenMitric, Orc, Pale2025, pein, Podmukli neprijatelj, procesor, Schmidt, ShtagodShtagod, Simonsen23, Sinduk, Smiljkovich, SOVO515, stefanmpurtic, tecataki, theNedjeljko, tomigun, Tvrtko I, umpah-pah, uruk, velisa andjelic, veljko82, voja64, vojnik švejk, xAlex2, yufighter, Zastava, Zec, zemljanin, zmajbre, 1107, 800077