zlob trojan aka gold codec

2

zlob trojan aka gold codec

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

OK, najverovatnije je da su ti to sve dodaci za MSN Messenger.

Ukoliko ti se ne pojave ponovo neki simptomi zaraze, slucaj proglasavam resenim.
Ukoliko nesto opet krene naopako - znas gde mozes da nas nadjes Smile

offline
  • Pridružio: 06 Dec 2006
  • Poruke: 21

Za sada nema znakova zaraze iako sam pokrenuo par puta IE.
Hvala vam puno svima, puno ste mi pomogli :-)

offline
  • Pridružio: 06 Dec 2006
  • Poruke: 21

Stara tema je zakljucana , a opet se pojavio prilikom pokretanja IE.
Evo log i nadam se da cete mi opet pomoci. Hvala

Logfile of HijackThis v1.99.1
Scan saved at 19:13:52, on 13.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Eset\nod32krn.exe
F:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WFXSVC.EXE
F:\Program Files\Symantec\WinFax\WFXMOD32.EXE
F:\PROGRA~1\eSnips\ClientGW.exe
F:\WINDOWS\system32\wfxsnt40.exe
F:\Program Files\Eset\nod32kui.exe
F:\Program Files\Motherboard Monitor 5\MBM5.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\DAP\DAP.EXE
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Program Files\ICQLite\ICQLite.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\system32\Rscmpt.exe
F:\WINDOWS\system32\taskswitch.exe
F:\WINDOWS\Mixer.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Google\Google Talk\googletalk.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\WINDOWS\system32\Runcheck.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Internet Explorer\iexplore.exe
f:\progra~1\intern~1\iexplore.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ntvdm.exe
F:\Documents and Settings\Penzioner\Desktop\New Folder\H3.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - F:\PROGRA~1\eSnips\SnipBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [eSnips] "F:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MBM 5] "F:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "F:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ICQ Lite] "F:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Rscmpt] F:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Cool Sect Deaf Site] F:\Documents and Settings\All Users\Application Data\Flap Mpeg Cool Sect\LoadLicense.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "F:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [waythat] F:\DOCUME~1\PENZIO~1\APPLIC~1\ONLINE~1\Flaw Flag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Snip to my eSnips account - F:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....4287612571
O17 - HKLM\System\CCS\Services\Tcpip\..\{8735214C-5837-4C76-A635-2C05E499A9B6}: NameServer = 195.222.32.10 195.222.32.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{8735214C-5837-4C76-A635-2C05E499A9B6}: NameServer = 195.222.32.10 195.222.32.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: RvscomSv - RVS Datentechnik GmbH, Munich - F:\Program Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer (RVSINST) - RVS Datentechnik GmbH, Munich - F:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - F:\WINDOWS\system32\WFXSVC.EXE

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Spojio sam teme.

Zamolio bih te da postavis jos jedan log, ali ovaj put pre pravljenja loga iskljuci sve programe koje mozes sam da iskljucis (IE, FireFox, programe u trayu itd).

offline
  • Pridružio: 06 Dec 2006
  • Poruke: 21

Mozda sam mogao jos nesto iskljuciti, ali nisam znao kako ??

Logfile of HijackThis v1.99.1
Scan saved at 11:51:59, on 14.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Eset\nod32krn.exe
F:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WFXSVC.EXE
F:\WINDOWS\system32\wfxsnt40.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\WINDOWS\system32\Rscmpt.exe
F:\WINDOWS\system32\taskswitch.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\Runcheck.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\Program Files\Internet Explorer\iexplore.exe
f:\progra~1\intern~1\iexplore.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\ntvdm.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Documents and Settings\Penzioner\Desktop\New Folder\H3.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - F:\PROGRA~1\eSnips\SnipBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [eSnips] "F:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MBM 5] "F:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "F:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ICQ Lite] "F:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Rscmpt] F:\WINDOWS\system32\Rscmpt.exe
O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Cool Sect Deaf Site] F:\Documents and Settings\All Users\Application Data\Flap Mpeg Cool Sect\LoadLicense.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "F:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [waythat] F:\DOCUME~1\PENZIO~1\APPLIC~1\ONLINE~1\Flaw Flag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Snip to my eSnips account - F:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....4287612571
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: RvscomSv - RVS Datentechnik GmbH, Munich - F:\Program Files\RVS\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer (RVSINST) - RVS Datentechnik GmbH, Munich - F:\Program Files\RVS\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - F:\WINDOWS\system32\WFXSVC.EXE

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Pre nego sto se javi rapha, koji je do sada vodio tvoj slucaj, zamolio bih te da pogledas sledecu temu:
http://www.mycity.rs/AV-Objavljeni-radovi/Uklanjan.....Sword.html

Zamolio bih te da procitas temu, skines IceSword, i kazes nam da li ima crvenih unosa na listi.
Ukoliko ih ima, zapisi sta je nasao, pa nam to prenesi ovde.

offline
  • Cigarette Smoking Man
  • Pridružio: 14 Feb 2005
  • Poruke: 9113
  • Gde živiš: Beograd

Tu sam, izvinjavam se što ste me čekali...
Sada ću da pregledam log, da vidim šta se tu dešava.

offline
  • gibi 
  • Novi MyCity građanin
  • Pridružio: 07 Dec 2005
  • Poruke: 9

[mod by bobby] poruka obrisana

@gibi
Procitaj sledece:
mycity.rs/Ambulanta/Ko-ovde-sme-da-daje-savete.html

[/mod]

offline
  • Pridružio: 06 Dec 2006
  • Poruke: 21

AVG imam na preporuku od prvi put. Ocito kod mene nece da ukloni. Zlob se pokaze kada pokrenem IE. Koristim Firefox odavno, a IE se pokrece zbog aplikacije za ADSL koja je radjena u IE. To je komunikator za pristup internetu.

Dopuna: 14 Dec 2006 14:27

IceSword kaze ovo...

Process : nema crveno
Win32services: nema crveno
SSDT : ima crveno, na vise addr ima ovo
\SystemRoot\System32\vsdatant.sys

current (0xF6C4B2D0) i original addr nisu jednake i ima ih dosta

Dopuna: 14 Dec 2006 14:35

Prt Scr za IceSword sam upload, ima ih 5.

offline
  • Cigarette Smoking Man
  • Pridružio: 14 Feb 2005
  • Poruke: 9113
  • Gde živiš: Beograd

vsdatant.sys pripada ZoneAlarmu, tako da nemoj da ga brišeš...

Hajde ovako:
- Fajlove F:\Documents and Settings\All Users\Application Data\Flap Mpeg Cool Sect\LoadLicense.exe i F:\DOCUME~1\PENZIO~1\APPLIC~1\ONLINE~1\Flaw Flag.exe uploaduj na http://www.mycity.rs/ambulanta-upload.php

- Nakon toga, uđi u Safe Mode, napravi neki folder na bilo kojoj lokaciji i premesti fajlove LoadLicence.exe i Flaw Flag.exe. Znači, da se ne nalaze u default direktorijumu. Ako se ni jedan program ne "buni", ostavi ih u tom folderu za svaki slučaj.

Obavesti me šta se dešava nakon ovih koraka koje sam naveo...

Ko je trenutno na forumu
 

Ukupno su 1408 korisnika na forumu :: 30 registrovanih, 2 sakrivenih i 1376 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1586 - dana 16 Sep 2019 22:25

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksmajstor, aljosa7, amstel2, Apok, Arhiv, azarakhsh, darkstar101, DJ Brain(w)rack, Georgius2, kovacicbozo, krunc, Libertas, lovac12, Luka Vujcic, mercedesamg, Mercury2, Metanoja, Milan A. Nikolic, Milos1977, nikoladgajic, nuke92, PanchoVilla, pein, Pitao_sam, royst33, Skijavoneska, Snorks, soonne, Uciteljgoran, Vl veliki