|
Poslao: 12 Okt 2007 22:36
|
offline
- Pridružio: 11 Dec 2005
- Poruke: 45
|
Imam jedan problem od pre jedno dva sata.Naime skinuo sam sa Rapidshare neka dva RAR faila Deamon tools. Pošto sam ih otpakovao na hard disk video sam da to nije to što me zanima i krenuo da ih obrisem.Međutim ni jedan ni drugi folder neće da se izbrise.Izbacuje mi poruku da je onemogućen pristup tim folderima. Ona dva Rar faila sam normalno izbrisao bez ikakvih problema.Skenirao sam ova dva foldera i sa Nod-om ali mi nije prijavio ništa sumljivo.Isao sam i u safe mode ali tamo potpuno isti rezultat.Da budem iskren ovo mi se još nije desilo do sada.Da li neko zna o cemu se radi? Ništa mi ije jasno, kako da obrisem ova dva foldera? p.s. probao sam programe Unlocker i killbox i nisam dobio nikakve rezultate. Unlocker mi izbacuje poruku da ce posle reboota izbrisati folderse ali to se ne desava vec foldersi i dalje postoje, dok mi Killbox odmah izbaci poruku da ne moze da izbrise folderse.U prilogu saljem i log file programa Hijack This pa ako neko moze neka pomogne.Hvala!
Logfile of HijackThis v1.99.1
Scan saved at 23:28:05, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Conexant\AccessRunner ADSL USB\CnxDslTb.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\KeyPass\KEYPASS.EXE
D:\WINDOWS\explorer.exe
F:\SLIKE\forum\trt.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Program Files\Conexant\AccessRunner ADSL USB\CnxDslTb.exe" "Conexant\AccessRunner ADSL USB"
O4 - HKLM\..\Run: [egui] "D:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Global Startup: PC Alert 4.lnk = D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....9691318265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....9691216359
O17 - HKLM\System\CCS\Services\Tcpip\..\{3623401B-15EB-4634-8B52-9A701E301E6B}: NameServer = 195.170.0.1 195.170.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{3623401B-15EB-4634-8B52-9A701E301E6B}: NameServer = 195.170.0.1 195.170.2.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - D:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - D:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
|
|
|
|
|
|
|
Poslao: 12 Okt 2007 22:39
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
U tim RAR fajlovima ti je bila instalacija za Daemon Tools i instalirao si DaemonTools?
Daj mi tacnu putanju do tih foldera koje ne mozes da izbrises.
|
|
|
|
|
|
|
Poslao: 12 Okt 2007 22:44
|
offline
- Pridružio: 11 Dec 2005
- Poruke: 45
|
destinnacija je
F:\Nova fascikla
F:\zabrisanje
valjda si na to mislio?
|
|
|
|
|
|
|
Poslao: 12 Okt 2007 23:07
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Na to sam mislio.
Jesu li ti folderi prazni?
Mozes li da mi napravis screenshotove sadrzaja oba foldera ukoliko nisu prazni?
|
|
|
|
|
|
|
Poslao: 12 Okt 2007 23:15
|
offline
- Pridružio: 11 Dec 2005
- Poruke: 45
|
fascikla ''za brisanje"" je prazna, a fascikla "Nova fascikla'' ima u sebi jos jednu fasciklu pod imenom "brisanje" koja je inace prazna.To je sve!
|
|
|
|
|
|
|
Poslao: 13 Okt 2007 00:34
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Otvori Notepad i iskopiraj sledeci tekst:
cacls "f:\nova fascikla" > 1.txt
cacls "f:\zabrisanje" > 2.txt
Snimi taj fajl pod imenom test.bat u neki prazan folder.
Nakon toga pokreni test.bat.
On ce da napravi fajlove 1.txt i 2.txt. Otvori te fajlove i iskopiraj nam ovde njihov sadrzaj.
|
|
|
|
|
|
|
Poslao: 13 Okt 2007 20:10
|
offline
- Pridružio: 11 Dec 2005
- Poruke: 45
|
nisam shvatio kako da pokrenem test.bat
pokusao sam preko star,run, test.bat ali mi izbacuje poruku da ne moze.Mozda sam trebao na neki drugi nacin?
Dopuna: 13 Okt 2007 20:10
Evo uradio sam to sto si mi rekao i dobio sam 2 tekstualna dokumenta sa sledecim sadrzajem:
1. f:\Nova fascikla Everyone:(OI)(CI)
2. f:\zabrisanje
|
|
|
|
|
|
|
Poslao: 13 Okt 2007 21:14
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Skini program Avenger sa sledeceg linka:
http://swandog46.geekstogo.com/avenger.zip
Na prvom ekranu selektuj Input script manually pa klikni na ikonicu lupe.
U prozoru koji ce se pojavi unesi sledeci tekst:
Folders to delete:
f:\Nova fascikla
f:\zabrisanje
Klikni na dugme Done.
Vratice te na prvi ekran gde je sada potrebno kliknuti na ikonicu semafora.
Ukoliko ti program sam ne zatrazi restart, onda ti sam restartuj racunar.
Nakon restartovanja bi folder trebao da bude obrisan, i backup napravljen u folderu c:\avenger. Probaj sada da sam obrises folder c:\avenger.
Ukoliko nece, onda moramo da smislimo nesto drugo.
|
|
|
|
|
|
|
Poslao: 13 Okt 2007 22:58
|
offline
- Pridružio: 11 Dec 2005
- Poruke: 45
|
Svaka cast, operacija uspela a pacijent ostao ziv.Uradio sam kako si mi objasnio i evo log file Avengera posle restartovanja kompjutera:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ytttbljj
*******************
Script file located at: \??\D:\Documents and Settings\blhrncas.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at D:\Avenger
*******************
Beginning to process script file:
Folder f:\Nova fascikla deleted successfully.
Folder f:\zabrisanje deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
|
|
|
|
|
|
|
|
