MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Internet explorerom

Problem sa Internet explorerom

Napisano na dan: 29.5.2008

Strana:
1
2

Problem sa Internet explorerom

Sledeća strana

Pagination

Odgovori

Strana:
1
2

hrabrikrojac Poslao: 29 Maj 2008 16:38 Idi na vrh
offline hrabrikrojac Novi MyCity građanin Pridružio: 23 Jan 2008 Poruke: 9 Gde živiš: Bor	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam problem sa IE tako što mi je onemogućeno da promenim stranicu koju otvara po difoltu. Postavljena mi je neka stranica koju nisam ja postavio već verovatno neki virus ili slično i kad god podignem IE on otvara nju. Pokušao sam u Control panelu, Internet options ali je zaključana mogućnost menjanja difoltne stranice. Neznam kako to da rešim. Za sada koristim samo mozillu a IE ne.

Profil

nikoola Poslao: 29 Maj 2008 16:41 Idi na vrh
offline nikoola Legendarni građanin Pridružio: 12 Jan 2004 Poruke: 9661 Gde živiš: Čačak	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Obrati paznju kako se otvara tema u Ambulanti http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

hrabrikrojac Poslao: 29 Maj 2008 21:36 Idi na vrh
offline hrabrikrojac Novi MyCity građanin Pridružio: 23 Jan 2008 Poruke: 9 Gde živiš: Bor	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam problem sa IE tako što mi je onemogućeno da promenim stranicu koju otvara po difoltu. Postavljena mi je neka stranica koju nisam ja postavio već verovatno neki virus ili slično i kad god podignem IE on otvara nju. Pokušao sam u Control panelu, Internet options ali je zaključana mogućnost menjanja difoltne stranice. Neznam kako to da rešim. Za sada koristim samo mozillu a IE ne. Logfile of HijackThis v1.99.1 Scan saved at 21:32:27, on 29.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\All Users\Documents\Svasta\Spas za nindza kornjače\Spas za nas.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = r.rklmci.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = r.rklmci.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = r.rklmci.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = r.rklmci.com R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinDLL (mnsmgr.exe)] rundll32.exe C:\WINDOWS\system32\mnsmgr.exe,start O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Profil

bobby Poslao: 29 Maj 2008 21:48 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Posalji mi sledeci fajl na analizu: C:\WINDOWS\system32\mnsmgr.exe Upload uradi preko sledece forme: http://www.mycity.rs/ambulanta-upload.php Javi ovde kada si zavrsio upload.

Profil

hrabrikrojac Poslao: 29 Maj 2008 22:05 Idi na vrh
offline hrabrikrojac Novi MyCity građanin Pridružio: 23 Jan 2008 Poruke: 9 Gde živiš: Bor	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nemam taj fajl

Profil

bobby Poslao: 29 Maj 2008 22:24 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

hrabrikrojac Poslao: 29 Maj 2008 22:34 Idi na vrh
offline hrabrikrojac Novi MyCity građanin Pridružio: 23 Jan 2008 Poruke: 9 Gde živiš: Bor	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-29.1 - Radosavljevic 2008-05-29 22:27:00.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.204 [GMT 2:00] Running from: C:\Documents and Settings\Radosavljevic\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Radosavljevic\Desktop\My Music\Amelia Pulen\Desktop_.ini C:\WINDOWS\system32\MSINET.oca . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))) . 2008-05-28 23:51 . 2008-05-26 13:58 81,920 ---hs---- C:\WINDOWS\system32\mnsmgr.exe 2008-05-25 23:18 . 2008-05-25 23:18 <DIR> d-------- C:\Program Files\Firefly Studios 2008-05-16 22:25 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-05-10 00:44 . 2008-05-10 00:44 <DIR> d-------- C:\Program Files\Microsoft 2008-05-05 11:12 . 2000-03-17 08:21 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll 2008-05-05 11:12 . 2000-03-17 08:21 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll 2008-05-05 11:12 . 2002-04-24 12:43 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca 2008-05-05 11:12 . 2002-10-17 10:35 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe 2008-05-05 11:12 . 2002-01-07 16:30 24,576 -ra------ C:\WINDOWS\system32\msxml3a.dll 2008-05-02 20:59 . 2008-05-14 17:00 <DIR> d-------- C:\Program Files\Counter Strike - SRPSKA CAST 2008-04-29 20:14 . 2008-04-29 20:44 1,752 --a------ C:\WINDOWS\carax95.ini 2008-04-29 20:11 . 1998-06-02 21:33 205,824 --a------ C:\Temp\Cx95.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-29 19:54 --------- d-----w C:\Documents and Settings\Radosavljevic\Application Data\Skype 2008-05-28 13:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-27 19:30 --------- d-----w C:\Program Files\PokerStars 2008-05-26 12:03 33 ----a-w C:\WINDOWS\Fonts\rebooter.bat 2008-05-25 21:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-25 20:23 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-16 20:27 --------- d-----w C:\Program Files\Valve 2008-05-14 14:52 --------- d-----w C:\Program Files\Corel 2008-05-14 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-04-28 12:59 --------- d-----w C:\Program Files\EA SPORTS 2008-04-21 14:21 --------- d-----w C:\Program Files\VeryPDF PDF2Word v2.0 2008-04-20 18:55 --------- d-----w C:\Program Files\PDF Password Remover v3.0 2008-04-20 09:07 --------- d-----w C:\Program Files\Common Files\xing shared 2008-04-20 09:07 --------- d-----w C:\Documents and Settings\Radosavljevic\Application Data\Talkback 2008-04-20 09:06 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-04-20 09:06 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-04-20 09:06 --------- d-----w C:\Program Files\Common Files\Real 2008-04-14 10:00 --------- d-----w C:\Program Files\Liquid Entertainment . ------- Sigcheck ------- 2006-12-31 10:24 1135616 42736d3152e64bde33b5ae230c8394c1 C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-18 00:02 950664] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 65536 C:\WINDOWS\soundman.exe] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-20 11:06 185896] "WinDLL (mnsmgr.exe)"="C:\WINDOWS\system32\mnsmgr.exe" [2008-05-26 13:58 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide3"="cmd.exe" [2004-08-03 23:56 388608 C:\WINDOWS\system32\cmd.exe] C:\Documents and Settings\Radosavljevic\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2007-09-22 20:26:27 225280] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2007-03-17 21:36:48 57344] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.ACDV"= ACDV.dll "msacm.ac3filter"= ac3filter.acm "VIDC.X264"= x264vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 12:31] R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-20 09:34] R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c55c7008-636a-11dc-a3d7-806d6172696f}] \Shell\AutoRun\command - D:\Autorun.exe Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-29 22:29:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\ComboFix\catchme.tmp [2656] 0xFAE95800 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-29 22:31:35 ComboFix-quarantined-files.txt 2008-05-29 20:31:22 Pre-Run: 6,208,897,024 bytes free Post-Run: 6,207,291,392 bytes free 125

Profil

bobby Poslao: 29 Maj 2008 22:47 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\mnsmgr.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinDLL (mnsmgr.exe)"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ============================= Skeniraj ponovo HijackThisom i stikliraj polja ispred sledecih linija: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.rklmci.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://r.rklmci.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://r.rklmci.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://r.rklmci.com Klikni Fix Checked Restartuj racunar, pa napravi novi HijackThis log koji ces nam ovde iskopirati.

Profil

hrabrikrojac Poslao: 29 Maj 2008 23:19 Idi na vrh
offline hrabrikrojac Novi MyCity građanin Pridružio: 23 Jan 2008 Poruke: 9 Gde živiš: Bor	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-29.1 - Radosavljevic 2008-05-29 23:06:10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.230 [GMT 2:00] Running from: C:\Documents and Settings\Radosavljevic\Desktop\Programi i ostalo\ComboFix.exe Command switches used :: C:\Documents and Settings\Radosavljevic\Desktop\Programi i ostalo\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\mnsmgr.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mnsmgr.exe . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))) . 2008-05-25 23:18 . 2008-05-25 23:18 <DIR> d-------- C:\Program Files\Firefly Studios 2008-05-16 22:25 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-05-10 00:44 . 2008-05-10 00:44 <DIR> d-------- C:\Program Files\Microsoft 2008-05-05 11:12 . 2000-03-17 08:21 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll 2008-05-05 11:12 . 2000-03-17 08:21 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll 2008-05-05 11:12 . 2002-04-24 12:43 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca 2008-05-05 11:12 . 2002-10-17 10:35 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe 2008-05-05 11:12 . 2002-01-07 16:30 24,576 -ra------ C:\WINDOWS\system32\msxml3a.dll 2008-05-02 20:59 . 2008-05-14 17:00 <DIR> d-------- C:\Program Files\Counter Strike - SRPSKA CAST 2008-04-29 20:14 . 2008-04-29 20:44 1,752 --a------ C:\WINDOWS\carax95.ini 2008-04-29 20:11 . 1998-06-02 21:33 205,824 --a------ C:\Temp\Cx95.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-29 20:54 --------- d-----w C:\Documents and Settings\Radosavljevic\Application Data\Skype 2008-05-28 13:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-27 19:30 --------- d-----w C:\Program Files\PokerStars 2008-05-26 12:03 33 ----a-w C:\WINDOWS\Fonts\rebooter.bat 2008-05-25 21:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-25 20:23 43,520 -c--a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-16 20:27 --------- d-----w C:\Program Files\Valve 2008-05-14 14:52 --------- d-----w C:\Program Files\Corel 2008-05-14 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel 2008-04-28 12:59 --------- d-----w C:\Program Files\EA SPORTS 2008-04-21 14:21 --------- d-----w C:\Program Files\VeryPDF PDF2Word v2.0 2008-04-20 18:55 --------- d-----w C:\Program Files\PDF Password Remover v3.0 2008-04-20 09:07 --------- d-----w C:\Program Files\Common Files\xing shared 2008-04-20 09:07 --------- d-----w C:\Documents and Settings\Radosavljevic\Application Data\Talkback 2008-04-20 09:06 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-04-20 09:06 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-04-20 09:06 --------- d-----w C:\Program Files\Common Files\Real 2008-04-14 10:00 --------- d-----w C:\Program Files\Liquid Entertainment . ------- Sigcheck ------- 2006-12-31 10:24 1135616 42736d3152e64bde33b5ae230c8394c1 C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-18 00:02 950664] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 65536 C:\WINDOWS\soundman.exe] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-20 11:06 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide3"="cmd.exe" [2004-08-03 23:56 388608 C:\WINDOWS\system32\cmd.exe] C:\Documents and Settings\Radosavljevic\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2007-09-22 20:26:27 225280] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ TV Remote Control.lnk - C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe [2007-03-17 21:36:48 57344] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.ACDV"= ACDV.dll "msacm.ac3filter"= ac3filter.acm "VIDC.X264"= x264vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 12:31] R3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-20 09:34] R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c55c7008-636a-11dc-a3d7-806d6172696f}] \Shell\AutoRun\command - D:\Autorun.exe Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-29 23:08:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-29 23:10:20 ComboFix-quarantined-files.txt 2008-05-29 21:09:46 ComboFix2.txt 2008-05-29 20:31:36 Pre-Run: 6,983,299,072 bytes free Post-Run: 6,974,517,248 bytes free 125 To je combofix pre rada sa hijackom Logfile of HijackThis v1.99.1 Scan saved at 23:17:05, on 29.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\All Users\Documents\Svasta\Spas za nindza kornjače\Spas za nas.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe To je nakon restarta

Profil

bobby Poslao: 29 Maj 2008 23:33 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\Documents and Settings\Radosavljevic\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ============================ Skeniraj ponovo HijackThisom i stikliraj polje ispred sledece linije: O4 - Startup: PowerReg Scheduler V3.exe Klikni Fix Checked ============================ Javi kako se sada komp ponasa. Jel OK?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa Internet explorerom

Ko je trenutno na forumu

Ukupno su 960 korisnika na forumu :: 22 registrovanih, 6 sakrivenih i 932 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Brana01, dankisha, darionis, Denaya, Dežurni pod palubom, Dimitrije Paunovic, dok80, Kubovac, kunktator, kybonacci, Litostroton, MiG-29M2, mikrimaus, milenko crazy north, mkukoleca, mocnijogurt, Panter, procesor, ruma, vranjanac29, Webb

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by