MyCity » Ambulanta -> Arhiva Ambulante » NSIS error

NSIS error

Napisano na dan: 4.7.2007

NSIS error
Sledeća strana Pagination

Idi na vrh

Poslao: 04 Jul 2007 09:53
Idi na vrh
offline
  • Pridružio: 27 Jun 2004
  • Poruke: 1268
  • Gde živiš: Subotica

Logfile of HijackThis v1.99.1
Scan saved at 9:47:28, on 4.7.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\winhlp32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Goran\Desktop\New Folder\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Reklame\Pityu\FlashGet\jccatch.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\Reklame\Pityu\FlashGet\jccatch.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Reklame\Pityu\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Reklame\Pityu\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Reklame\Pityu\FlashGet\flashget.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CD43D4B-F312-46CD-922F-161B33598634}: NameServer = 212.200.112.1,212.200.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CD43D4B-F312-46CD-922F-161B33598634}: NameServer = 212.200.112.1,212.200.112.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CD43D4B-F312-46CD-922F-161B33598634}: NameServer = 212.200.112.1,212.200.112.12
O17 - HKLM\System\CS3\Services\Tcpip\..\{0CD43D4B-F312-46CD-922F-161B33598634}: NameServer = 212.200.112.1,212.200.112.12
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

------------------------------------------------------------------------------------
Kad pokrecem instalaciju nekog programa iz exe fajla pojavljuje mi se prozor NSIS error. To su uglavnom instalacije programa koje sam skinuo sa neta. Cak se to desava i kada je program ceo u rar fajlu i kad ga raspakujem i pokrenem exe dobijem NSIS error. NSIS error prozor kaze
da program ili nije dobro skinut, ili je hardverska greska, ili imam virus.
Posto je ovo komp u firmi i ovo se desava na vise kompova u okviru firme mislim da je u pitanju virus. Imam instaliran NOD32, ali on nista ne pronalazi... Pomoc!

Poslao: 04 Jul 2007 17:33
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pogledaj folder C:\Program Files\QuickTime\ i kazi mi da li u njemu imas folder BAK


Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili

Poslao: 05 Jul 2007 11:28
Idi na vrh
offline
  • Pridružio: 27 Jun 2004
  • Poruke: 1268
  • Gde živiš: Subotica

Kao prvo u QuickTime folderu ne postoji folder BAK. Postoji jedan fajl sa BAK ekstenzijom i to je C:\Program Files\Quick Time\QTSystem\Quick Time.qts.BAK...
kao drugo odradio sam sve kako si rekao i evo rezultata:

https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png


Hvala...

Poslao: 05 Jul 2007 17:56
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Logovi su mi malo cudni, ali ne vidim nista sto bi pokazalo jasno na nesto konkretno.

Moramo da krenemo pesice:

- Ima li koja nova ikonica kraj sata?
- Imate li na svim kompovima instaliran uTorrent?
- Probaj skeniranje Ewidom:

Skini Ewido micro (8Mb) :
http://downloads.ewido.net/ewido_micro.exe

Kako se radi sa Ewido micro:
- na prvom ekranu odaberi sve particije (štikliraj polja ispred njih)
- klikni na dugme Start Scan
- nakon završenog skeniranja klikni na Save Report i snimi log fajl na sigurno mesto
- klikni na Remove Infections
- iskopiraj nam ovde sadržaj log fajla koji je malopre snimljen

Nakon skeniranja sa Ewidom i postavljanja log fajla, postavi nam i svez log programa HijackThis.

MyCity » Ambulanta -> Arhiva Ambulante » NSIS error

Ko je trenutno na forumu
 

Ukupno su 1220 korisnika na forumu :: 61 registrovanih, 3 sakrivenih i 1156 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, aramis s, babaroga, Ben Roj, bobomicek, Bobrock1, Bojadin Strumski, branko7, Bubimir, darcaud, dejoglina, dekan.m, Denaya, DonRumataEstorski, Dorcolac, DPera, Draganeli, dule10savic, eighty-one, Fog of War, Frunze, ikan, Istman, ivan1973, JimmyNapoli, Klecaviks, Leonov, ljuba, loon123, LUDI, Marko Marković, mikrimaus, milimoj, Milos ZA, miodrag, moldway, naki011, Nemanja.M, nemkea71, nextyamb, Penzula, procesor, raketaš, raptorsi, Romibrat, Smajser, solic, Srky Boy, Srle993, strelac07, theNedjeljko, tubular, USSVoyager, vasa.93, Viktor Petrenko, vladulns, voja64, Wrangler, šumar bk2, 2001