MyCity » Ambulanta -> Arhiva Ambulante » work offline - nonstop, dosadi bogu i narodu

work offline - nonstop, dosadi bogu i narodu

Napisano na dan: 18.4.2007

work offline - nonstop, dosadi bogu i narodu

Sledeća strana

Pagination

Odgovori

zanzi Poslao: 18 Apr 2007 23:14 Idi na vrh
offline zanzi Građanin Pridružio: 06 Dec 2005 Poruke: 148	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako se podigne sistem, javlja se prozorcic sa work offline, i javlja se svakih 10 sekundi. Instaliran nod32, nije nasao nista ni u normal, ni safe modu. SpyBot je nasao smitfraud 888, tako nekako, i obrisao. Evo hijackthis loga, pa da vidimo za dalje. Racunar je na dialup-u, tako da cu morati na poslu da skidam neki program koji mi preporucite, pa da ga nosim da sredjujemo problem. Logfile of HijackThis v1.99.1 Scan saved at 9:49:31 PM, on 4/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\878RMTMon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\878RMT.exe C:\Documents and Settings\nezzy\Desktop\H_J_T.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\pmnnkhh.dll O2 - BHO: (no name) - {381A93DD-ABC5-476E-A4E3-934B62D9B210} - C:\WINDOWS\system32\jkhfg.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\878RMTMon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll O20 - Winlogon Notify: pmnnkhh - C:\WINDOWS\SYSTEM32\pmnnkhh.dll O20 - Winlogon Notify: wvurstq - wvurstq.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Hvala, pa se vidimo sutra.

Profil

crossover Poslao: 18 Apr 2007 23:58 Idi na vrh
offline crossover Legendarni građanin Data Center Engineer Pridružio: 13 Avg 2004 Poruke: 3050 Gde živiš: Holandija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, uskoro ću pregledati log i staviti dalja uputstva.

Profil

zanzi Poslao: 19 Apr 2007 07:01 Idi na vrh
offline zanzi Građanin Pridružio: 06 Dec 2005 Poruke: 148	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll O20 - Winlogon Notify: pmnnkhh - C:\WINDOWS\SYSTEM32\pmnnkhh.dll O20 - Winlogon Notify: wvurstq - wvurstq.dll (file missing) Ovo mi je bilo sumnjivo na prvi pogled, ali reko' bolje da ovo vidi jos neko.

Profil

crossover Poslao: 19 Apr 2007 18:52 Idi na vrh
offline crossover Legendarni građanin Data Center Engineer Pridružio: 13 Avg 2004 Poruke: 3050 Gde živiš: Holandija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zakačio si Vundo. Evo šta ćeš sad uraditi Skini Vundofix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

Profil

zanzi Poslao: 19 Apr 2007 22:08 Idi na vrh
offline zanzi Građanin Pridružio: 06 Dec 2005 Poruke: 148	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of HijackThis v1.99.1 Scan saved at 10:07:35 PM, on 4/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\878RMTMon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\878RMT.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\nezzy\Desktop\H_11J_T.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - (no file) O2 - BHO: (no name) - {1B5B17B4-B435-4D63-A359-863BDC4BFCE2} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {C56F19CD-8BC1-4A4C-8846-8EB623D06791} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O2 - BHO: (no name) - {E9EEEBC2-D7E3-42ED-B619-DD749E82ABE0} - C:\WINDOWS\system32\jkhfg.dll (file missing) O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\878RMTMon.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB26680-28E6-4E3F-A900-070C6E4AE6A5}: NameServer = 212.62.32.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: jkhfg - C:\WINDOWS\ O20 - Winlogon Notify: pmnnkhh - C:\WINDOWS\ O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe VundoFix V6.3.19 Checking Java version... Scan started at 9:57:22 PM 4/19/2007 Listing files found while scanning.... C:\WINDOWS\system32\betnmmbt.dll C:\WINDOWS\system32\bwtkgjgk.dll C:\WINDOWS\system32\cbaeeoev.dll C:\WINDOWS\system32\ddcyxxu.dll C:\WINDOWS\system32\dxcqghvx.dll C:\WINDOWS\system32\gfhkj.bak1 C:\WINDOWS\system32\gfhkj.bak2 C:\WINDOWS\system32\gfhkj.ini C:\WINDOWS\system32\gfhkj.ini2 C:\WINDOWS\system32\gfhkj.tmp C:\WINDOWS\system32\gpqcpect.dll C:\WINDOWS\system32\gyrlpmdy.dll C:\WINDOWS\system32\jkhfg.dll C:\WINDOWS\system32\jsejcjpq.dll C:\WINDOWS\system32\jxmssbqu.dll C:\WINDOWS\system32\kfgybvgi.dll C:\WINDOWS\system32\klyquhaf.dll C:\WINDOWS\system32\nudgmnkd.dll C:\WINDOWS\system32\owhkjxfo.dll C:\WINDOWS\system32\pbldfitu.dll C:\WINDOWS\system32\pmnnkhh.dll C:\WINDOWS\system32\qepjhltr.dll C:\WINDOWS\system32\qraekkmp.dll C:\WINDOWS\system32\rdklqccn.dll C:\WINDOWS\system32\snktcdpk.dll C:\WINDOWS\system32\usiucofj.dll C:\WINDOWS\system32\wfouxemd.dll C:\WINDOWS\system32\wsjvvcum.dll C:\WINDOWS\system32\xgbfxpdx.dll C:\WINDOWS\system32\xgdybnbf.dll C:\WINDOWS\system32\yekgmxdp.dll C:\WINDOWS\system32\ytlmcktm.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\betnmmbt.dll C:\WINDOWS\system32\betnmmbt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\bwtkgjgk.dll C:\WINDOWS\system32\bwtkgjgk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\cbaeeoev.dll C:\WINDOWS\system32\cbaeeoev.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcyxxu.dll C:\WINDOWS\system32\ddcyxxu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\dxcqghvx.dll C:\WINDOWS\system32\dxcqghvx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\gfhkj.bak1 C:\WINDOWS\system32\gfhkj.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\gfhkj.bak2 C:\WINDOWS\system32\gfhkj.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\gfhkj.ini C:\WINDOWS\system32\gfhkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\gfhkj.ini2 C:\WINDOWS\system32\gfhkj.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\gfhkj.tmp C:\WINDOWS\system32\gfhkj.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\gpqcpect.dll C:\WINDOWS\system32\gpqcpect.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\gyrlpmdy.dll C:\WINDOWS\system32\gyrlpmdy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jkhfg.dll C:\WINDOWS\system32\jkhfg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jsejcjpq.dll C:\WINDOWS\system32\jsejcjpq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jxmssbqu.dll C:\WINDOWS\system32\jxmssbqu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kfgybvgi.dll C:\WINDOWS\system32\kfgybvgi.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\klyquhaf.dll C:\WINDOWS\system32\klyquhaf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nudgmnkd.dll C:\WINDOWS\system32\nudgmnkd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\owhkjxfo.dll C:\WINDOWS\system32\owhkjxfo.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pbldfitu.dll C:\WINDOWS\system32\pbldfitu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnnkhh.dll C:\WINDOWS\system32\pmnnkhh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qepjhltr.dll C:\WINDOWS\system32\qepjhltr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qraekkmp.dll C:\WINDOWS\system32\qraekkmp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rdklqccn.dll C:\WINDOWS\system32\rdklqccn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\snktcdpk.dll C:\WINDOWS\system32\snktcdpk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\usiucofj.dll C:\WINDOWS\system32\usiucofj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wfouxemd.dll C:\WINDOWS\system32\wfouxemd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wsjvvcum.dll C:\WINDOWS\system32\wsjvvcum.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xgbfxpdx.dll C:\WINDOWS\system32\xgbfxpdx.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xgdybnbf.dll C:\WINDOWS\system32\xgdybnbf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yekgmxdp.dll C:\WINDOWS\system32\yekgmxdp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ytlmcktm.dll C:\WINDOWS\system32\ytlmcktm.dll Has been deleted! Performing Repairs to the registry. Done! Vise se ne pojavljuje work offline, ali mi ovaj hijackthis log i dalje nije bas cist (bar mi se tako cini).

Profil

crossover Poslao: 20 Apr 2007 01:05 Idi na vrh
offline crossover Legendarni građanin Data Center Engineer Pridružio: 13 Avg 2004 Poruke: 3050 Gde živiš: Holandija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovi celu proceduru za Vundofix, ali ovaj put iz safe mode-a.

Profil

zanzi Poslao: 20 Apr 2007 10:05 Idi na vrh
offline zanzi Građanin Pridružio: 06 Dec 2005 Poruke: 148	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Planirao sam to da uradim veceras, ali evo, malopre mi se javio ovaj drug ciji je racunar i rekao mi je da je zamenio AV program i poslao mi log hijackthis-a. Logfile of HijackThis v1.99.1 Scan saved at 2:55:57 AM, on 4/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\878RMTMon.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\878RMT.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\nezzy\Desktop\H_11J_T.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - (no file) O2 - BHO: (no name) - {1B5B17B4-B435-4D63-A359-863BDC4BFCE2} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {C56F19CD-8BC1-4A4C-8846-8EB623D06791} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O2 - BHO: (no name) - {E9EEEBC2-D7E3-42ED-B619-DD749E82ABE0} - (no file) O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file) O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\878RMTMon.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB26680-28E6-4E3F-A900-070C6E4AE6A5}: NameServer = 80.74.160.12 80.74.160.14 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Dopuna: 20 Apr 2007 10:00 A uradio je vundo jutros u safe modu i kaze da nista nije nasao. Dopuna: 20 Apr 2007 10:05 O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - (no file) O2 - BHO: (no name) - {1B5B17B4-B435-4D63-A359-863BDC4BFCE2} - (no file) O2 - BHO: (no name) - {C56F19CD-8BC1-4A4C-8846-8EB623D06791} - (no file) O2 - BHO: (no name) - {E9EEEBC2-D7E3-42ED-B619-DD749E82ABE0} - (no file) O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file) Sta se desava s ovim linijama, moze li to i treba li da se brise? Zaboravih da napisem - kaze da mu je ovaj drugi AV nasao nekih 30-ak trojanaca (kad budem otisao kod njega mogu tacno da napisem sta je nasao). crossover, sta da ti kazem nego hvala lepo.

Profil

crossover Poslao: 20 Apr 2007 16:18 Idi na vrh
offline crossover Legendarni građanin Data Center Engineer Pridružio: 13 Avg 2004 Poruke: 3050 Gde živiš: Holandija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! O2 linije čekiraj i briši.

Profil

zanzi Poslao: 21 Apr 2007 00:01 Idi na vrh
offline zanzi Građanin Pridružio: 06 Dec 2005 Poruke: 148	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Brisao sam nesto rucno kroz hijackthis, uradim log, sve u redu. Restartujem racunar opet iste linije prisutne. Onda sam iskljucio TeaTimer, opet obrisao, restartovao, i sad je sve u redu. Jos jednom hvala za trud.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » work offline - nonstop, dosadi bogu i narodu

Ko je trenutno na forumu

Ukupno su 876 korisnika na forumu :: 10 registrovanih, 1 sakriven i 865 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: comi_pfc, Darko_X, draggan, goxin, havoc995, prle122, sasa76, Shilok, stalja, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by