MyCity » Ambulanta -> Arhiva Ambulante » IE se sam zatvara

IE se sam zatvara

Napisano na dan: 10.4.2008

Strana:
1
2

IE se sam zatvara

Sledeća strana

Pagination

Odgovori

Strana:
1
2

MoscowBeast Poslao: 10 Apr 2008 20:14 Idi na vrh
offline MoscowBeast Nepopravljivi optimista Civil Works Team Leader @ IKEA Centres Russia Pridružio: 22 Jun 2005 Poruke: 7912 Gde živiš: Moskva, Rusija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Moja devojka ima problem sa kompjuterom, gasi joj se IE sam od sebe. Ponekad nece ni da joj otvori nijednu stranicu (npr. youtube), izbacuje neki error (nisam video to sve, prenosim sta mi je rekla, ako se pojavi opet, reci cu da mi napise tacan error message). Evo HT loga: Logfile of HijackThis v1.99.1 Scan saved at 22:05:29, on 10.04.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20583) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\sstray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\ABBYY Lingvo 11 Six Languages\Lvagent.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Punto Switcher\ps.exe C:\Program Files\PRMT7\PRMTED\EDLauncher.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\QIP\qip.exe C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\PROGRA~1\PRMT7\PRMTED\prmedsvr.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrator\Desktop\test\shtuka.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=21979 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: ObjectWizard module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: RuPass module - {954A0637-9147-4b5e-964E-9F20E58FC29D} - C:\Program Files\RuPass\RuPass.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT7\PRMTIE\prmtie.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 11 Six Languages\Lvagent.exe" /STARTUP O4 - HKLM\..\Run: [LingvoTraining] "C:\Program Files\ABBYY Lingvo 11 Six Languages\Tutor.exe" /ND /NW /AS O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto Switcher\ps.exe O4 - HKCU\..\Run: [EDLauncher] C:\Program Files\PRMT7\PRMTED\EDLauncher.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe O4 - HKCU\..\Run: [Yupdate!] "C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: SATARaid.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with ABBYY &Lingvo - res://C:\Program Files\ABBYY Lingvo 11 Six Languages\Lingvo.exe/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - shell32.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - shell32.dll (file missing) O9 - Extra button: Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - shell32.dll (file missing) O9 - Extra 'Tools' menuitem: &Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - shell32.dll (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - shell32.dll (file missing) O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - shell32.dll (file missing) O9 - Extra 'Tools' menuitem: Добавить в избранное мобильного устройства... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - shell32.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - shell32.dll (file missing) O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT7\PRMTIE\prmtie5.htm O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT7\PRMTIE\prmtie5.htm O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT7\PRMTIE\options.htm O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT7\PRMTIE\options.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0C0EE396-5EBC-4EF8-B55B-F3C1C2F10E68}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{DA8CB534-875D-40F1-A9E0-C2B5C441DCFE}: NameServer = 195.34.32.116 212.188.4.10 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe Hvala doktorima

Profil

bobby Poslao: 10 Apr 2008 20:36 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel namerno instaliran Yandexov toolbar u IE-u?

Profil

MoscowBeast Poslao: 10 Apr 2008 20:57 Idi na vrh
offline MoscowBeast Nepopravljivi optimista Civil Works Team Leader @ IKEA Centres Russia Pridružio: 22 Jun 2005 Poruke: 7912 Gde živiš: Moskva, Rusija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vrlo verovatno, ja sam ga namerno instalirao sebi u FF, zahvalno je to cudo. Pitacu sutra, danas ode da spava

Profil

bobby Poslao: 10 Apr 2008 21:02 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Misko, za sada sam nasao sledece: C:\Program Files\ConnectionServices\ConnectionServices.dll - ovo je AdWare C:\Program Files\RuPass\RuPass.dll - ovo je AdWare koji bi trebao da izbacuje "golisave" sajtove. Desava li se da se pojavljuju pop-upovi sa skromno obucenim curama? Pitam, jer nema nesto puno informacija na meni poznatim sajtovima, o ovim ruskim napastima.

Profil

MoscowBeast Poslao: 11 Apr 2008 08:11 Idi na vrh
offline MoscowBeast Nepopravljivi optimista Civil Works Team Leader @ IKEA Centres Russia Pridružio: 22 Jun 2005 Poruke: 7912 Gde živiš: Moskva, Rusija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pojavljuju se pop-upovi, ali nema golisavih teta. NOD joj valjda blokira pop-up prozore, ali se s vremena na vreme ponesto pojavi.

Profil

bobby Poslao: 11 Apr 2008 17:19 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

MoscowBeast Poslao: 14 Apr 2008 19:33 Idi na vrh
offline MoscowBeast Nepopravljivi optimista Civil Works Team Leader @ IKEA Centres Russia Pridružio: 22 Jun 2005 Poruke: 7912 Gde živiš: Moskva, Rusija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvinjavam se na kasnjenju, tehnicki problemi ComboFix 08-04-13.3 - Administrator 2008-04-14 19:12:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.626 [GMT 4:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))) . 2008-04-10 20:42 . 2008-04-10 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Astatix 2008-03-22 17:27 . 2008-03-22 17:27 <DIR> d-------- C:\Program Files\The Adventure Company . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 15:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2008-04-14 15:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM 2008-04-10 18:24 --------- d-----w C:\Program Files\Игры от NevoSoft 2008-04-10 14:41 --------- d-----w C:\Program Files\ConnectionServices 2008-03-30 13:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss 2008-03-12 15:48 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-12 15:43 --------- d-----w C:\Program Files\Skype 2008-03-12 15:43 --------- d-----w C:\Program Files\Google 2008-03-12 15:43 --------- d-----w C:\Program Files\Common Files\Skype 2008-03-12 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-03-10 16:56 --------- d-----w C:\Program Files\LTU Language 2008-03-08 19:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yandex 2008-03-08 19:18 --------- d-----w C:\Program Files\Yandex 2008-03-08 19:18 --------- d-----w C:\Program Files\Common Files\Yandex 2008-02-25 19:41 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-02-25 16:48 --------- d-----w C:\Program Files\Samsung 2008-02-25 16:43 --------- d-----w C:\Program Files\Alida 2008-02-25 16:37 --------- d-----w C:\Program Files\ESET 2008-02-25 14:49 --------- d-----w C:\Program Files\Yahoo! 2008-02-25 14:49 --------- d-----w C:\Program Files\DivX 2008-02-25 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-25 14:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo! 2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll . ------- Sigcheck ------- 2007-08-28 14:39 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\system32\user32.dll 2007-08-28 14:43 823808 431defbb4a3d7b0dc062c1b064623a2f C:\WINDOWS\system32\wininet.dll 2007-08-28 14:44 360704 f0fe2fcd1632ad924d4c268e0dab5959 C:\WINDOWS\system32\drivers\tcpip.sys 2007-08-28 14:49 2062336 5cf9911d32a07860dab935adf265b8a9 C:\WINDOWS\system32\ntkrnlpa.exe 2007-08-28 14:41 2185472 9a8f4f15f3a85f2b67525425f24df7f6 C:\WINDOWS\system32\ntoskrnl.exe 2007-08-28 14:40 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{954A0637-9147-4b5e-964E-9F20E58FC29D}] 2008-01-29 23:59 81920 --a------ C:\Program Files\RuPass\RuPass.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "C:\Program Files\Yandex\YandexBarIE\yndbar.dll" [2008-03-04 16:52 1447720] [HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{91397D20-1446-11D4-8AF4-0040CA1127B6}"= C:\Program Files\Yandex\YandexBarIE\yndbar.dll [2008-03-04 16:52 1447720] [HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 02:29 165784] "Punto Switcher"="C:\Program Files\Punto Switcher\ps.exe" [2004-11-13 23:18 205824] "EDLauncher"="C:\Program Files\PRMT7\PRMTED\EDLauncher.exe" [2004-11-03 11:01 73728] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 18:21 1289000] "QIP2005"="C:\Program Files\QIP\qip.exe" [2007-11-16 17:17 3264512] "Yupdate!"="C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe" [2008-02-18 19:14 464136] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112] "nForce Tray Options"="sstray.exe" [2003-08-13 13:25 73728 C:\WINDOWS\system32\sstray.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-20 06:30 949376] "Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 11 Six Languages\Lvagent.exe" [2005-09-01 01:32 106496] "LingvoTraining"="C:\Program Files\ABBYY Lingvo 11 Six Languages\Tutor.exe" [2005-09-01 02:33 1282048] "AdslTaskBar"="stmctrl.dll" [2004-08-31 15:53 159744 C:\WINDOWS\system32\stmctrl.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-08-28 14:42 124928 C:\WINDOWS\system32\advpack.dll] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SATARaid.lnk - C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [2002-01-01 01:49:48 598069] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2006-01-12 12:56] R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 13:51] R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-05-12 18:16] Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-14 19:14:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-14 19:15:22 ComboFix-quarantined-files.txt 2008-04-14 15:15:11 Pre-Run: 34,962,595,840 bytes free Post-Run: 34,955,010,048 bytes free

Profil

bobby Poslao: 14 Apr 2008 19:43 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: C:\Program Files\ConnectionServices C:\Program Files\RuPass Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{954A0637-9147-4b5e-964E-9F20E58FC29D}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MoscowBeast Poslao: 14 Apr 2008 20:15 Idi na vrh
offline MoscowBeast Nepopravljivi optimista Civil Works Team Leader @ IKEA Centres Russia Pridružio: 22 Jun 2005 Poruke: 7912 Gde živiš: Moskva, Rusija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Valjda je to to, ne znam da li smo se razumeli preko ICQ ComboFix 08-04-13.3 - Administrator 2008-04-14 21:58:27.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.546 [GMT 4:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\ConnectionServices C:\Program Files\ConnectionServices\ConnectionServices.dll C:\Program Files\ConnectionServices\Uninstall.exe C:\Program Files\RuPass C:\Program Files\RuPass\RuPass.dll C:\Program Files\RuPass\RuPass.exe C:\Program Files\RuPass\Uninstall.exe . ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))) . 2008-04-10 20:42 . 2008-04-10 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Astatix 2008-03-22 17:27 . 2008-03-22 17:27 <DIR> d-------- C:\Program Files\The Adventure Company . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 17:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2008-04-14 15:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM 2008-04-10 18:24 --------- d-----w C:\Program Files\хЦПШ НР NevoSoft 2008-03-30 13:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss 2008-03-12 15:48 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-03-12 15:43 --------- d-----w C:\Program Files\Skype 2008-03-12 15:43 --------- d-----w C:\Program Files\Google 2008-03-12 15:43 --------- d-----w C:\Program Files\Common Files\Skype 2008-03-12 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-03-10 16:56 --------- d-----w C:\Program Files\LTU Language 2008-03-08 19:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yandex 2008-03-08 19:18 --------- d-----w C:\Program Files\Yandex 2008-03-08 19:18 --------- d-----w C:\Program Files\Common Files\Yandex 2008-02-25 19:41 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-02-25 16:48 --------- d-----w C:\Program Files\Samsung 2008-02-25 16:43 --------- d-----w C:\Program Files\Alida 2008-02-25 16:37 --------- d-----w C:\Program Files\ESET 2008-02-25 14:49 --------- d-----w C:\Program Files\Yahoo! 2008-02-25 14:49 --------- d-----w C:\Program Files\DivX 2008-02-25 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-02-25 14:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo! 2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll . ------- Sigcheck ------- 2007-08-28 14:39 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\system32\user32.dll 2007-08-28 14:43 823808 431defbb4a3d7b0dc062c1b064623a2f C:\WINDOWS\system32\wininet.dll 2007-08-28 14:44 360704 f0fe2fcd1632ad924d4c268e0dab5959 C:\WINDOWS\system32\drivers\tcpip.sys 2007-08-28 14:49 2062336 5cf9911d32a07860dab935adf265b8a9 C:\WINDOWS\system32\ntkrnlpa.exe 2007-08-28 14:41 2185472 9a8f4f15f3a85f2b67525425f24df7f6 C:\WINDOWS\system32\ntoskrnl.exe 2007-08-28 14:40 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{91397D20-1446-11D4-8AF4-0040CA1127B6}"= "C:\Program Files\Yandex\YandexBarIE\yndbar.dll" [2008-03-04 16:52 1447720] [HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{91397D20-1446-11D4-8AF4-0040CA1127B6}"= C:\Program Files\Yandex\YandexBarIE\yndbar.dll [2008-03-04 16:52 1447720] [HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{91397D13-1446-11D4-8AF4-0040CA1127B6}] [HKEY_CLASSES_ROOT\Yandex.Toolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 02:29 165784] "Punto Switcher"="C:\Program Files\Punto Switcher\ps.exe" [2004-11-13 23:18 205824] "EDLauncher"="C:\Program Files\PRMT7\PRMTED\EDLauncher.exe" [2004-11-03 11:01 73728] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 18:21 1289000] "Yupdate!"="C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe" [2008-02-18 19:14 464136] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "QIP2005"="C:\Program Files\QIP\qip.exe" [2007-11-16 17:17 3264512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112] "nForce Tray Options"="sstray.exe" [2003-08-13 13:25 73728 C:\WINDOWS\system32\sstray.exe] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-20 06:30 949376] "Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 11 Six Languages\Lvagent.exe" [2005-09-01 01:32 106496] "LingvoTraining"="C:\Program Files\ABBYY Lingvo 11 Six Languages\Tutor.exe" [2005-09-01 02:33 1282048] "AdslTaskBar"="stmctrl.dll" [2004-08-31 15:53 159744 C:\WINDOWS\system32\stmctrl.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-08-28 14:42 124928 C:\WINDOWS\system32\advpack.dll] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SATARaid.lnk - C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [2002-01-01 01:49:48 598069] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2006-01-12 12:56] R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 13:51] R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2004-05-12 18:16] Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-14 22:00:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-14 22:00:50 ComboFix-quarantined-files.txt 2008-04-14 18:00:35 ComboFix2.txt 2008-04-14 15:15:23 Pre-Run: 35,193,606,144 bytes free Post-Run: 35,186,241,536 bytes free

Profil

bobby Poslao: 14 Apr 2008 20:25 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje? Ima li jos problema?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » IE se sam zatvara

Ko je trenutno na forumu

Ukupno su 873 korisnika na forumu :: 5 registrovanih, 0 sakrivenih i 868 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: darkojbn, kolateralnasteta, LUDI, voja64, zziko

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by