MyCity » Ambulanta -> Arhiva Ambulante » Nepoznati proces

Nepoznati proces

Napisano na dan: 7.7.2007

Strana:
1
2
3
4

Nepoznati proces

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4

milosh86 Poslao: 17 Jul 2007 20:45 Idi na vrh
offline milosh86 Građanin Pridružio: 02 Jan 2006 Poruke: 232	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-17 20:42:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:c9,ae,be,98,2f,b9,a5,dc,28,de,db,fa,cc,1b,40,c8,92,d3,e7,b2,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,e6,54,d1,cf,6f,91,42,50,52,f9,df,dc,76,36,b5,0a,88,.. "khjeh"=hex:e2,28,22,09,ca,79,20,e2,a4,90,82,30,e9,71,6b,a7,c0,94,26,b6,8b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:c8,2d,9f,96,ec,aa,6c,a4,36,99,45,11,7e,fc,86,4d,b4,8e,37,ef,6d,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:c9,ae,be,98,2f,b9,a5,dc,28,de,db,fa,cc,1b,40,c8,92,d3,e7,b2,66,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,e6,54,d1,cf,6f,91,42,50,52,f9,df,dc,76,36,b5,0a,88,.. "khjeh"=hex:e2,28,22,09,ca,79,20,e2,a4,90,82,30,e9,71,6b,a7,c0,94,26,b6,8b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:c8,2d,9f,96,ec,aa,6c,a4,36,99,45,11,7e,fc,86,4d,b4,8e,37,ef,6d,.. scanning hidden registry entries ... scanning hidden files ... C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\0plph5ae.default\urlclassifier2.sqlite-journal scan completed successfully hidden processes: 0 hidden files: 1

Profil

bobby Poslao: 17 Jul 2007 20:53 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Log je cist. Ne znam na koji nacin se prikljucujes na internet, ali probaj u opcijama za konekciju (ili mreznu ukoliko ides preko LAN-a) da obrises drugi DNS server - 213.246.55.5, ili da dovuce nova podesavanja sa DHCP servera.

Profil

milosh86 Poslao: 17 Jul 2007 21:32 Idi na vrh
offline milosh86 Građanin Pridružio: 02 Jan 2006 Poruke: 232	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam ISDN konekciju i podesena je kao i prvi put (prvi put su je podesili "struchnjaci" iz telekoma).Ne mogu bash da se snadjem i da ga obrishem pa ako moze mala pomoc (ne mogu da pronadjem).

Profil

bobby Poslao: 17 Jul 2007 21:41 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uh, nikada nisam imao ISDN, pa nemam ideju uopste kako se podesava. Ako ti nije tesko, otvori to pitanje ovde: http://www.mycity.rs/Modemi-i-mrezna-oprema/ i nadajmo se da ce neko umeti da odgovori. Eventualno mozemo da probamo da resimo to preko HijackThisa, mada nisam siguran na sta ce da izadje, tj. sta ce biti sa prvim DNS serverom koji je legitiman. Ukoliko se odlucis na rizik, onda skeniraj HijackThisom i stikliraj polje ispred sledece linije: O17 - HKLM\System\CCS\Services\Tcpip\..\{35C89F7B-7EF2-43BE-8B4F-B1C2EAD63D29}: NameServer = 82.208.208.10 213.246.55.5 Nakon toga klikni Fix Checked Nakon toga treba da iskljucis internet konekciju, pa da je ukljucis ponovo, i da vidis da li mozes da otvoris neki sajt. Na kraju bi mi trebao novi log, da vidim kakvo je stanje.

Profil

milosh86 Poslao: 17 Jul 2007 21:56 Idi na vrh
offline milosh86 Građanin Pridružio: 02 Jan 2006 Poruke: 232	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Rizikovao sam i obrisao ga i poshto ti ovo sada pishem znachi da radi sve kako treba,za sada. Logfile of HijackThis v1.99.1 Scan saved at 9:57:26 PM, on 7/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Office Mouse Driver\MouseDrv.exe C:\Program Files\Mp4 Player\Mp4Player.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Downloads\T3\T3.exe.exe O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [WireLessMouse] "C:\Program Files\Office Mouse Driver\StartAutorun.exe" MouseDrv.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{35C89F7B-7EF2-43BE-8B4F-B1C2EAD63D29}: NameServer = 82.208.208.10 213.246.55.5 O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe Dopuna: 17 Jul 2007 21:56 Izgleda da je ovako sklepan da radi poshto ga sam ga obrisao vec 2 puta i oba puta se opet pojavljuje.

Profil

bobby Poslao: 17 Jul 2007 22:03 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ajmo ovako: Jel se ISDN konekcija pojavljuje u Start>Settings>Network Connections? Ako je nema tu, vidi onda gde se nalazi i probaj desno dugme na nju pa odaberi Properties. Treba da se pojavi lista protokola i drajvera, odaberi Internet Protocol (TCP/IP) i ispod liste klikni na Properties. Pojavice se novi prozor. Na kartici General, u donjoj polovini, jel selektovana opcija Obtain DNS server address automatically ?

Profil

milosh86 Poslao: 17 Jul 2007 23:22 Idi na vrh
offline milosh86 Građanin Pridružio: 02 Jan 2006 Poruke: 232	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da,ta opcija je selektovana.

Profil

bobby Poslao: 18 Jul 2007 21:21 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nemam bas tacnu ideju, ali ajde da probamo sledece: - skini FixWareout: http://downloads.subratam.org/Fixwareout.exe - U toku instalacije vidi da bude stiklirana opcija "Run Fixit" da bi skeniranje pocelo odmah nakon instalacije - moze traziti i dva puta da restartujes racunar dok ne odradi skeniranje i ciscenje (ukoliko nesto nadje) - na kraju iskopiraj ovde log fajl koji se nalazi u C:\fixwareout\report.txt Na kraju idi na Start > run > kucaj cmd > OK u konzoli kucaj ipconfig /flushdns i stisni Enter Sada napravi i novi HJT log i postavi ga ovde.

Profil

milosh86 Poslao: 18 Jul 2007 22:44 Idi na vrh
offline milosh86 Građanin Pridružio: 02 Jan 2006 Poruke: 232	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Username "Leon" - 2007-07-18 22:12:16 [Fixwareout edited 2007/07/05] »»»»»Prerun check Successfully flushed the DNS Resolver Cache. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... Logfile of HijackThis v1.99.1 Scan saved at 10:49:02 PM, on 7/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mp4 Player\Mp4Player.exe C:\Program Files\Office Mouse Driver\MouseDrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Downloads\T3\T3.exe.exe O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [WireLessMouse] "C:\Program Files\Office Mouse Driver\StartAutorun.exe" MouseDrv.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{35C89F7B-7EF2-43BE-8B4F-B1C2EAD63D29}: NameServer = 82.208.208.10 213.246.55.5 O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Profil

bobby Poslao: 20 Jul 2007 20:37 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Razbijam glavu i dalje mi nije jasno zasto nece da promeni one DNS servere. Mozes li da mi postavis novi log, posto si sigurno u medjuvremenu restartovao racunar. Mozda promena bude prihvacena tek nakon restarta. Ako nece tako, onda cemo morati rucno da editujemo registry bazu, sto mi se bas i ne mili.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Nepoznati proces

Ko je trenutno na forumu

Ukupno su 807 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 803 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, Fabius, Milos82, 1107

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by