Šta dalje??

1

Šta dalje??

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Download-ovao sam Super Utilities (obe verzije)+ TuneUp pre 2 dana .Od tada mi se na svakom izlasku na internet pojavljuje sajt sa za-odrasle-o slikama
(fp.gad.-network.com)non-stop 1/2-1 min.Skenirao sam NOD-om (In - Depth analysis) , pokušao System Restore i na kraju probao i Safe Mode u kome sam našao neke kukije koje sam naravno obrisao i opet ništa?????
Šta dalje???
Unapred Hvala.Maha!!

Odgovor od : DeM14n:

1. Ukoliko zelite neciju pomoc, pokusajte biti strpljivi i pazljivo procitajte ono sto vam je napisano i odgovorite na svako pitanje koje vam bude postavljeno

2. Ne postoji opravdan izgovor ukoliko nemate instaliran SP2 za WindowsXP. Ukoliko imate samo SP1, nas trud je vise nego uzaludan, jer cete se najverovatnije ponovo zaraziti vec pri sledecem prikljucivanju na internet

3. Ukoliko je vas slucaj takav da je vas antivirus prepoznao neku infekciju, ali ne uspeva da je skloni, obavezno zapisite puno ime infekcije, kao i punu putanju do fajla u kome je infekcija nadjena. Molimo vas da imena infekcija zapisujete tacno, svaki znak i slovo su bitni.

4. Pre nego sto otvorite temu, pogledajte uputstvo za preuzimanje programa HijackThis: http://www.mycity.rs/phpbb/viewtopic.php?t=38423

Nemojte preskociti ni jedan korak iz uputstva, koliko god vam se trivijalnim ucinio.
Pre startovanja programa, preimenujte fajl HijackThis.exe u bilo koje drugo ime (recimo H3.exe, T8.exe...).
Prilozite log programa u vasoj poruci.
Zamolio bih vas da ni u kom slucaju ne pokusate sami da sredite racunar koriscenjem programa HijackThis, vec da sacekate analizu vaseg loga i da postupite po savetu koji vam bude dat.

5. Pozeljno je da na kraju posta napisete kakvom internet konekcijom raspolazete, da bi smo znali da li mozemo da vas uputimo na download vecih programa.

6. Svako onaj koji se zarazio svojom krivicom (posete sajtovima sa za-odrasle-ografijom, warezom, crackovima, koriscenje P2P programa...) nek prvo pomogne sam sebi da se oslobodi losih navika.
Zasto bi smo trosili svoje vreme na nekoga ko ce za kratko vreme ponovo da se zarazi?


Moj odgovor:


Pročitao sam pa da odgovorim.
- Strpljenja imam više nego dovoljno.
- Imam instaliran SP2.
- Imam NOD32 kao što sam i naveo i ne očitava nikakav virus.
- Konekcija je Dial-Up (ali kad mi nešta treba veličina nije bitna naravno u razumnim granicama 20-30 Mb.).
- Problem je nastao posle navedenih download - a.
- Nije mi jasno ovo u vezi programa HijackThis (relativno kratko vreme se bavim comp.)
- Par puta sam pokušao da postavim ovu temu u delu Ambulanta i odbijen sam uz izvinjenje i obrazloženje koje sam naveo.
- Dok ovo pišem opet mi se dešava sve ranije navedeno.
- Evo i kompletnog zapisa:http://fp.gad-network.com/?id=50109&nums=N011WW72Z-FBW.OjvADV&login=5019787&mediaid_prefix=005&asked_billing_id=15&time=312e323137
- A na desktop - u VIDEOZAPPING.COM
Valjda bi to bilo sve.

Odgovor od : rogi23

http://www.majorgeeks.com/downloadget.php?id=3155&.....e6434cfc13
Skini program sa ovog linka, zatim preimenuj ga u nešto drugo, npr airmj.exe (neke štetočine umeju da se sakriju od ovog programa, zato je neophodno da ga prekrstiš)!
Sačuvaj log, i onda ga okači u Ambulanti!
Nadam se da si sada razumeo?!

Moj odgovor:







Dopuna:
Logfile of HijackThis v1.99.1
Scan saved at 15:08:26, on 12.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Super Utilities\SuperUtil.exe
C:\PROGRA~1\Musicmatch\Musicmatch Jukebox\MMDiag.exe
D:\Super Utilities\SuperUtil.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\DOCUME~1\-\LOCALS~1\Temp\{429C9DE9-030C-4FFB-A8CD-BF8F5BFD6EA6}\Blaero Start Orb.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Ectosoft\Smart Wallpaper Lite\smartwallpaper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\-\Desktop\Hijack This\H3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)
O3 - Toolbar: (no name) - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\prodsrvs.exe /res
O4 - HKCU\..\Run: [Super Utilities] D:\Super Utilities\SuperUtil.exe /min
O4 - HKCU\..\Run: [smartwallpaper] C:\Program Files\Ectosoft\Smart Wallpaper Lite\smartwallpaper.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O21 - SSODL: blippers - {f2efa195-4785-4db1-9316-b48c64bb71da} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Rename mi nije uspeo ali to je sigurno moja greška.
Nadam se da će i ovo pomoći.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pozdrav maha,
Komp ti je vidljivo zarazen. Do veceras ce ti se javiti neko od nas sa prvim uputstvima za otklanjanje infekcije.

offline
  • Data Center Engineer
  • Pridružio: 13 Avg 2004
  • Poruke: 3050
  • Gde živiš: Holandija

Pozdrav maha,
zamolio bih te da ZIP-uješ i upload-uješ fajl C:\WINDOWS\system32\prodsrvs.exe sa tvog računara koristeći ovaj link. Nakon toga ponovo pokreni HijackThis, markiraj sledeće linije i klikni na Fix checked dugme.

O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file)
O3 - Toolbar: (no name) - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O21 - SSODL: blippers - {f2efa195-4785-4db1-9316-b48c64bb71da} - (no file)
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\prodsrvs.exe /res
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab


Kad ovo završiš, postavi nam svež log.

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Zdravo bio i ti crossover!!

Dobio sam obaveštenje da sam uspešno uploadovao fajl. Pokrenuo sam HT i čekirao navedene linije. Kliknuo na navedeno dugme i sad je prozor HJ-ka skroz prazan a izgleda da je jedino opcija Scan u funkciji (nisam hteo da diram) jer je jedino ona zacrnjenija od ostalih.
Kako da pošaljem svež log?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Posto crossover nije trenutno tu, uzecu sebi za slobodu da te uputim na sledeci korak.

Restartuj racunar, pa nakon restarta ponovo pokreni HJT i napravi novi log na isti nacin kao sto si napravio i prvi log koji si ovde postavio.

Dopuna: 13 Mar 2007 0:26

Maha, uploadovao si nam pogresan fajl.
Fajl koji je nama potreban se nalazi u C:\Windows\System32 i nosi ekstenziju EXE. Ti si nama uploadovao fajl sa ekstenzijom LNK kog si najverovatnije nasao u Startup folderu.

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

OK.bobby
Nadjem ja taj fajl (prodsrvs.exe)pa udarim desni klik i idem na Send to a onda na Compressed (zipped) folder.Onda to kopiram i prenesem u File upload pa pejstujem. Tada mi javi da je sve u redu.
Možda negde grešim??

A ovo je log posle restart-a.

Logfile of HijackThis v1.99.1
Scan saved at 1:00:06, on 13.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccess.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Super Utilities\SuperUtil.exe
D:\Super Utilities\SuperUtil.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Ectosoft\Smart Wallpaper Lite\smartwallpaper.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\DOCUME~1\-\LOCALS~1\Temp\{2AA7F8B8-92AA-457B-8852-E29226DF187E}\Blaero Start Orb.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\-\Desktop\New Folder\airmj.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Utilities] D:\Super Utilities\SuperUtil.exe /min
O4 - HKCU\..\Run: [smartwallpaper] C:\Program Files\Ectosoft\Smart Wallpaper Lite\smartwallpaper.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{77930581-C0D7-454A-8055-4FBF5FB69BB1}: NameServer = 82.208.208.10 213.246.55.5
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Ako treba uradiću ponovo!!

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini sledeci program:
https://www.mycity.rs/must-login.png

U gornje polje unesi sledeci tekst:
[nick] maha
C:\WINDOWS\system32\prodsrvs.exe


Nakon toga klikni na dugme Prepare Files.
Ukoliko ovaj program uspe da pokupi taj fajl, onda ce biti omogucen klik na dugme Upload. Ukoliko ti to dugme bude omoguceno onda klikni na njega i nama ce stici tvoj fajl. Naravno, treba da si prikljucen na internet da bi Upload bio uspesan.

Ukoliko se dugme Upload ne ukljuci, onda klikni desno dugme na donje polje u programu, odaberi Select All, pa ponovo desno dugme na donje polje, odaberi Copy, pa onda ovde na forumu u polje za pisanje poruke klikni desno dugme, pa odaberi Paste.

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Debug: creating temp folder at C:\ToSubmit\
TempCopy module: ERROR, file (nick) maha does not exists.
BruteForce module: File does not exists, or it is hidden with a realy good rootkit
TempCopy module: C:\WINDOWS\system32\prodsrvs.exe --> C:\ToSubmit\cf2662d7ddc806021aa1045c3e9b9292
Debug: deleting temp folder at C:\ToSubmit\
HTTP module: Uploading...
HTTP module: ERROR, upload did not succeed

Nadam se da je dobro.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Hmm... opet ne valja.
Otvori My Computer i tu otvori C: particiju. Videces fajl Submit.zip.
Uploaduj ga na http://www.mycity.rs/ambulanta-upload.php

Samo da te obavestim da nije do tvog kompa to sto upload nije uspeo.
Program Submitter je jos uvek u test fazi, i definitivno treba jos da ga doradim... Sad

Dopuna: 13 Mar 2007 1:52

Ah, sada sam video sta se desilo.
Nisi iskopirao tekst koji sam ti postavio vec si ga ukucao rucno, pa si pogresio tip zagrada. Trebaju uglaste zagrade, ne one obicne.
Nije bitno, uploaduj onaj Submit.zip za kog sam ti malopre napisao gde se nalazi.

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Imam obaveštenje za uspešan upload. A ujedno mi se pojavljuje Newer version of program components was found.Do you wish to upgrade NOD32 antivirus system now?
Šta uraditi?

Ko je trenutno na forumu
 

Ukupno su 935 korisnika na forumu :: 25 registrovanih, 2 sakrivenih i 908 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksmajstor, bbogdan, bojcistv, Centauro, DragoslavS, elenemste, flash12, GandorCC, HogarStrashni, Lieutenant, Lošmi, mackenzie, madza, Metanoja, MiG-29M2, Military_Enjoyer, milutin134, mkukoleca, Nemanja.M, Prašinar, Primus17, sasa87, t84dar, YugoSlav, ZetaMan