MyCity » Ambulanta -> Arhiva Ambulante » nemam komandu desktop

nemam komandu desktop

Napisano na dan: 2.3.2008

nemam komandu desktop

Sledeća strana

Pagination

Odgovori

vahu Poslao: 02 Mar 2008 16:08 Idi na vrh
offline vahu Novi MyCity građanin Pridružio: 02 Mar 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na racunaru koji koristim na poslu imao sam problema sa virusima, trojancima, spijunima i ostalim gamadima.Kad sam uz dosta muke sve sredio sa raznoraznim programima nestale su mi neke windowsove komande tipa kad idem display properties nemam uopste komandu desktop i ne mogu da menjam pozadinu. Ne mogu ni da menjam foldere, nemam ni alatku u toolbarsu/address,desktop,quik lanch itd.Svi ce mi reci da je najbolje resenje obaranje windowsa, ali to mi komplikuje stvari jer mi je bitan jedan program koji ne smem da izbrisem.da bih instalirao windows moram da saljem komp u firmu gde ga ne bih gledao par nedelja.Zato pitam, DA LI NEKO ZNA NACIN DA POVRATIM WINDOWS I DA GA UBRZAM?????: POMOZITE MI!!! POZDRAV SVIMA

Profil

dr_Bora Poslao: 02 Mar 2008 17:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Uputstvo za otvaranje teme: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html To, naravno, u slučaju da želiš pomoć pri čišćenju kompjutera od malware-a. Citat:Kad sam uz dosta muke sve sredio sa raznoraznim programima nestale su mi neke windowsove komande tipa kad idem display properties nemam uopste komandu desktop i ne mogu da menjam pozadinu. Ne mogu ni da menjam foldere, nemam ni alatku u toolbarsu/address,desktop,quik lanch itd. Ukoliko smatraš da na tvome kompjuteru više nema malware-a, možeš pokušati ispratiti uputstvo dato ispod - to će možda da reši neke od navedenih problema (jasno ti je da ja ne mogu znati šta si ti sve radio na tom kompjuteru i šta je ustvari prouzrokovalo probleme, stoga ne mogu garantovati i da će oni biti rešeni). Preuzeti FixPolicies.exe i sacuvati ga na Desktopu. Dvoklik na FixPolicies.exe. U prozoru koji ce se otvoriti, na donjoj paleti poslova kliknuti na Install button. Program ce kreirati novi folder sa imenom FixPolicies. Uci u novi folder, i onda dvoklik na sledeci fajl koji se nalazi u njemu: Fix_Policies.cmd Crni prozor ce se na trenutak otvoriti i onda zatvoriti. Restartovati kompjuter kako bi izmene bile prihvacene.

Profil

vahu Poslao: 03 Mar 2008 12:08 Idi na vrh
offline vahu Novi MyCity građanin Pridružio: 02 Mar 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Prvo sam skidao "programe" koji bi mi resili navedene probleme.Ubrzo sam ukapirao da su to trojanci. I stalno me je upozoravali na kriticnu gresku windowsa.Instalirao sam Kav gde mi je vecinu problema resio ali tada su mi nestale odredjene komande.Posle 2-3 dan opet mi se javlja da skinem neke programe kako bi windows mogao normalno da radi.da napomenem da sam pokusavao sa Spw.terminatorom . Adw. 2007 itd. Onda sam instalirao nod 32 sa zadnjim dopunom i spybot s&d gde mi je sve sredio i gde mi se vise nisu javljale greske, ali nisam imao windowsovih komandi za desktop i toolbars... Dopuna: 03 Mar 2008 12:08 Logfile of HijackThis v1.99.1 Scan saved at 11:57:31, on 3.3.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Microsoft SQL Server\MSSQL$SERVER\Binn\sqlservr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft SQL Server\MSSQL$SERVER\Binn\sqlagent.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\NexT\Desktop\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1C4005C2-520C-4702-BF5E-086CF3B5231B} - (no file) O2 - BHO: {a802a307-3aa1-c119-ef54-33e1f060c8f1} - {1f8c060f-1e33-45fe-911c-1aa3703a208a} - C:\WINDOWS\system32\saduypor.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A2428C86-C415-4C1F-9939-D7F80C67DA88} - (no file) O2 - BHO: (no name) - {D36D2089-0427-4F49-AF09-6C6B11AB8D9F} - (no file) O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [e0050a52] rundll32.exe "C:\WINDOWS\system32\vpahgmvh.dll",b O4 - HKLM\..\Run: [BMe33639ce] Rundll32.exe "C:\WINDOWS\system32\bpxbnuvq.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{4FFC92A3-57A6-41E1-B4B0-D767F3371198}: NameServer = 77.105.0.19 77.105.0.18 O20 - Winlogon Notify: gebyawu - gebyawu.dll (file missing) O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

Profil

dr_Bora Poslao: 03 Mar 2008 17:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovde još uvek ima malware-a... Pokreni HijackThis, skeniraj i čekiraj sledeće linije: O2 - BHO: (no name) - {1C4005C2-520C-4702-BF5E-086CF3B5231B} - (no file) O2 - BHO: {a802a307-3aa1-c119-ef54-33e1f060c8f1} - {1f8c060f-1e33-45fe-911c-1aa3703a208a} - C:\WINDOWS\system32\saduypor.dll O2 - BHO: (no name) - {A2428C86-C415-4C1F-9939-D7F80C67DA88} - (no file) O2 - BHO: (no name) - {D36D2089-0427-4F49-AF09-6C6B11AB8D9F} - (no file) O4 - HKLM\..\Run: [e0050a52] rundll32.exe "C:\WINDOWS\system32\vpahgmvh.dll",b O4 - HKLM\..\Run: [BMe33639ce] Rundll32.exe "C:\WINDOWS\system32\bpxbnuvq.dll",s O20 - Winlogon Notify: gebyawu - gebyawu.dll (file missing) O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing) a zatim klikni Fix Checked. ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

vahu Poslao: 06 Mar 2008 13:46 Idi na vrh
offline vahu Novi MyCity građanin Pridružio: 02 Mar 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-03-05.3 - NexT 2008-03-06 13:31:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.149 [GMT 1:00] Running from: C:\Documents and Settings\NexT\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMe33639ce.xml C:\WINDOWS\pskt.ini C:\WINDOWS\rs.txt C:\WINDOWS\search_res.txt C:\WINDOWS\system32\jhhvnbmb.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\qhhrglvx.dll C:\WINDOWS\system32\saduypor.dll C:\WINDOWS\system32\vwfvbdiq.dll C:\WINDOWS\system32\warnrcwl.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DHLP -------\LEGACY_IPRIP -------\Iprip ((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))) . 2008-03-06 13:13 . 2008-03-06 13:13 <DIR> d-------- C:\WINDOWS\LastGood 2008-03-06 12:43 . 2008-03-06 12:43 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-03-06 12:43 . 2006-08-06 16:57 93,952 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys 2008-03-06 12:12 . 2001-08-23 12:00 2,178,131 --a--c--- C:\WINDOWS\system32\dllcache\shvlres.dll 2008-03-06 12:11 . 2001-08-23 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-03-06 12:10 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll 2008-03-06 12:09 . 2002-08-29 01:32 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2008-03-06 12:08 . 2008-03-06 12:08 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-03-06 12:08 . 2008-03-06 12:08 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-03-06 12:08 . 2008-03-06 12:08 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-03-06 12:08 . 2008-03-06 12:08 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-03-06 12:08 . 2008-03-06 12:08 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-03-06 12:08 . 2008-03-06 12:08 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-03-06 12:06 . 2002-08-29 03:40 1,267,712 --a--c--- C:\WINDOWS\system32\dllcache\cimwin32.dll 2008-03-06 12:03 . 2002-08-29 01:27 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-03-06 12:01 . 2002-08-28 23:34 607,360 --a------ C:\WINDOWS\system32\drivers\ltmdmnt.sys 2008-03-06 12:00 . 2002-08-29 01:06 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2008-03-06 12:00 . 2002-08-29 03:46 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2008-03-06 11:59 . 2002-08-29 03:41 696,320 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll 2008-03-06 11:59 . 2002-08-29 03:41 147,456 --a--c--- C:\WINDOWS\system32\dllcache\sapi.cpl 2008-03-06 11:59 . 2002-08-29 03:41 132,096 --a------ C:\WINDOWS\system\WINSPOOL.DRV 2008-03-06 11:59 . 2002-08-29 03:41 71,168 --a------ C:\WINDOWS\system32\storprop.dll 2008-03-06 11:59 . 2001-08-23 12:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-03-06 11:59 . 2001-08-23 12:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2008-03-06 11:59 . 2001-08-23 12:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2008-03-06 11:59 . 2001-08-23 12:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2008-03-06 10:12 . 2008-03-06 10:12 <DIR> d---s---- C:\Documents and Settings\NexT\UserData 2008-03-06 09:49 . 2008-03-06 09:54 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$ 2008-03-06 09:49 . 2008-03-06 09:49 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-03-06 09:49 . 2004-01-10 06:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2008-03-06 09:24 . 2008-03-06 09:24 <DIR> d-------- C:\Documents and Settings\NexT\Application Data\MSN6 2008-03-06 09:24 . 2008-03-06 09:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2008-03-06 09:19 . 2008-03-06 09:19 <DIR> d-------- C:\WINDOWS\system32\bits 2008-03-05 20:19 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd 2008-03-05 20:19 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat 2008-03-05 20:19 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg 2008-03-05 20:19 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2008-03-05 19:38 . 2008-03-03 11:27 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-03-05 19:38 . 2007-01-15 19:09 293,888 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys 2008-03-05 19:38 . 2008-03-03 11:18 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-03-05 19:38 . 2004-08-13 04:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys 2008-03-05 19:07 . 2008-03-05 19:07 <DIR> d-------- C:\Program Files\Malicious Software Removal Tool 2008-03-05 19:04 . 2007-03-12 16:16 212,240 --a------ C:\WINDOWS\system32\RICHTX32.OCX 2008-03-05 19:04 . 2007-03-12 16:16 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX 2008-03-05 19:04 . 2007-03-12 16:16 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL 2008-03-05 19:04 . 2007-03-12 16:16 10,752 --a------ C:\WINDOWS\system32\aamd532.dll 2008-03-05 19:00 . 2008-03-05 19:04 <DIR> d-------- C:\Program Files\AutoPatcher 2008-03-05 16:22 . 2008-03-05 16:22 <DIR> d-------- C:\Program Files\MT882 2008-03-05 16:22 . 2005-08-22 10:22 39,424 --------- C:\WINDOWS\system32\GsiDi32.dll 2008-03-05 16:22 . 2005-08-22 10:22 38,400 --a------ C:\WINDOWS\system32\CoInst.dll 2008-03-05 16:22 . 2006-03-20 08:32 30,336 --a------ C:\WINDOWS\system32\drivers\glauiad.sys 2008-03-05 16:22 . 2006-03-22 10:59 19,220 --------- C:\WINDOWS\wwdslcfg.ini 2008-03-05 16:19 . 2008-03-05 19:58 77 --a------ C:\WINDOWS\system32\VGAunistlog.ini 2008-03-03 20:34 . 2008-03-06 12:09 299,552 --a------ C:\WINDOWS\WMSysPrx.prx 2008-03-03 20:34 . 2008-03-06 12:09 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml 2008-03-03 20:27 . 2001-08-18 13:00 226,304 --a--c--- C:\WINDOWS\system32\dllcache\provthrd.dll 2008-03-03 20:26 . 2001-08-17 13:59 50,048 --a------ C:\WINDOWS\system32\drivers\dmusic.sys 2008-03-03 20:22 . 2001-08-17 22:37 117,248 --a------ C:\WINDOWS\system32\ksproxy.ax 2008-03-03 20:22 . 2001-08-17 12:12 31,232 --a------ C:\WINDOWS\system32\drivers\sisnic.sys 2008-03-03 20:22 . 2001-08-17 22:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2008-03-03 20:17 . 2001-08-18 13:00 1,085,913 -ra------ C:\WINDOWS\SET38.tmp 2008-03-03 20:17 . 2001-08-18 13:00 13,608 -ra------ C:\WINDOWS\SET44.tmp 2008-03-03 20:17 . 2001-08-18 13:00 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2008-03-03 20:17 . 2001-08-18 13:00 10,496 --a--c--- C:\WINDOWS\system32\dllcache\irenum.sys 2008-03-03 14:30 . 2008-03-03 14:31 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-03-03 12:18 . 2008-03-03 12:18 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-03 11:16 . 2008-03-03 11:16 <DIR> d-------- C:\Documents and Settings\NexT\Application Data\Malwarebytes 2008-03-03 11:15 . 2008-03-03 11:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-03 11:15 . 2008-03-03 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-01 15:18 . 2008-03-02 11:00 534 ---hs---- C:\WINDOWS\system32\sapsykea.ini 2008-02-29 22:52 . 2008-02-29 22:52 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-02-29 17:37 . 2008-02-29 17:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-29 17:37 . 2008-02-29 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-29 12:01 . 2008-02-29 12:01 294 ---hs---- C:\WINDOWS\system32\rdnqlqwc.ini 2008-02-28 23:21 . 2008-02-28 23:21 <DIR> d-------- C:\Program Files\Microsoft VM 2008-02-28 11:41 . 2008-02-28 12:35 414 ---hs---- C:\WINDOWS\system32\ucynayyi.ini 2008-02-26 19:00 . 2008-02-29 21:55 <DIR> d-------- C:\Documents and Settings\NexT\Application Data\Lavasoft 2008-02-26 12:45 . 2008-02-26 12:45 0 --a------ C:\WINDOWS\nsreg.dat 2008-02-26 12:44 . 2008-02-26 12:44 107,132 --a------ C:\WINDOWS\UninstallFirefox.exe 2008-02-26 12:44 . 2008-02-26 13:06 2,927 --a------ C:\WINDOWS\mozver.dat 2008-02-25 13:01 . 2008-02-26 15:04 2,359,350 --a------ C:\WINDOWS\Webshots for NexT.bmp 2008-02-25 13:00 . 2003-10-09 13:02 32,768 --a------ C:\WINDOWS\system32\WSVersionATX.ocx 2008-02-25 12:22 . 2008-02-25 12:22 <DIR> d-------- C:\Program Files\ESET 2008-02-25 12:22 . 2008-02-25 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-02-25 01:09 . 2008-03-06 10:29 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner 2008-02-25 00:52 . 2008-03-06 10:29 <DIR> d-------- C:\Program Files\Free Window Registry Repair 2008-02-24 20:20 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2008-02-24 20:20 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-02-23 15:23 . 2008-02-23 15:23 269,334 --a------ C:\WINDOWS\system32\hcnehgnqtob.bmp 2008-02-23 15:21 . 2008-02-23 15:21 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-02-23 14:39 . 2008-02-23 14:39 269,334 --a------ C:\WINDOWS\system32\kfihof.bmp 2008-02-21 08:36 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-02-20 19:15 . 2008-02-20 19:15 <DIR> d-------- C:\Documents and Settings\NexT\Application Data\AdobeUM 2008-02-17 08:40 . 2008-02-17 08:40 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-02-17 08:40 . 2008-02-17 08:40 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs 2008-02-17 08:40 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-08 17:42 . 2008-02-08 17:42 <DIR> d---s---- C:\WINDOWS\system32\%SystemDrive% 2008-02-08 17:42 . 2008-02-29 18:42 173 --a------ C:\WINDOWS\Wininit.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-06 11:09 558,142 ----a-w C:\WINDOWS\java\Packages\Q1777R5Z.ZIP 2008-03-05 18:58 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-28 22:24 155,995 ----a-w C:\WINDOWS\java\Packages\AEFTVFP3.ZIP 2008-02-23 22:44 --------- d-----w C:\Program Files\KMPlayer 2008-02-23 22:18 --------- d-----w C:\Program Files\Games 2008-02-23 14:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-21 21:32 --------- d-----w C:\Program Files\Winamp 2007-12-24 11:21 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-22 11:38 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2007-12-21 14:17 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll . ------- Sigcheck ------- 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys ------w 29,056 2006-02-28 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\ip6fw.sys ----a-w 29,056 2006-02-28 12:00:00 C:\WINDOWS\system32\drivers\ip6fw.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41 13312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2002-05-09 03:19 303104] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-08-29 03:41 13312] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check(4).lnk] backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check(4).lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^NexT^Start Menu^Programs^Startup^Webshots.lnk] backup=C:\WINDOWS\pss\Webshots.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareRemover2007] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe33639ce] C:\WINDOWS\system32\bpxbnuvq.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cwriter] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e0050a52] C:\WINDOWS\system32\vpahgmvh.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ptask] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMDrive] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Tray] --a------ 2002-05-09 03:19 303104 C:\WINDOWS\system32\sistray.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG] --a------ 2002-09-16 10:05 32768 C:\WINDOWS\sisUSBrg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2004-12-20 19:41 33792 C:\Program Files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17979:TCP"= 17979:TCP:NortonAV "15652:TCP"= 15652:TCP:NortonAV "12643:TCP"= 12643:TCP:NortonAV "18025:TCP"= 18025:TCP:NortonAV "17985:TCP"= 17985:TCP:NortonAV "16115:TCP"= 16115:TCP:NortonAV "12920:TCP"= 12920:TCP:NortonAV R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2007-12-21 08:21] R2 MSSQL$SERVER;MSSQL$SERVER;C:\Program Files\Microsoft SQL Server\MSSQL$SERVER\Binn\sqlservr.exe [2002-12-17 17:26] R2 SQLAgent$SERVER;SQLAgent$SERVER;C:\Program Files\Microsoft SQL Server\MSSQL$SERVER\Binn\sqlagent.EXE [2002-12-17 17:23] R3 iadusb;MT882;C:\WINDOWS\System32\DRIVERS\glauiad.sys [2006-03-20 08:32] S0 fvdscsi;fvdscsi;C:\WINDOWS\System32\DRIVERS\fvdscsi.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50a45db6-afcf-11dc-964e-000c6ec87aa9}] \Shell\Auto\command - Song.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Song.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5e22a70-af00-11dc-964a-000c6ec87aa9}] \Shell\Auto\command - UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9b17eb0-aef2-11dc-9648-000c6ec87aa9}] \Shell\Auto\command - UFO.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-03-06 13:36:43 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\WgaTray.exe . ************************************************************************ . Completion time: 2008-03-06 13:38:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-06 12:37:58 . 2008-03-06 08:55:59 --- E O F --- Dopuna: 06 Mar 2008 13:46 Svaka cast doktore!!!!!Sad mogu da menjam pozadinu. Kako da ubrzam dizanje sistema? Dugo ceka da se uloguje?Ikonica c diska izgleda kao veliko X crvene boje!!! Dopuna: 06 Mar 2008 13:46 Logfile of HijackThis v1.99.1 Scan saved at 13:46:25, on 6.3.2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Microsoft SQL Server\MSSQL$SERVER\Binn\sqlservr.exe C:\WINDOWS\system32\sistray.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Microsoft SQL Server\MSSQL$SERVER\Binn\sqlagent.EXE C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\NexT\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

Profil

dr_Bora Poslao: 06 Mar 2008 17:13 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ukoliko imaš neki USB flash drive, priključi ga u toku narednog postupka... Preuzmi program Flash_Disinfector. program se pokreće dvoklikom na Flash_Disinfector.exe kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay) kliknuti na OK i sačekati da se proces završi kada se pojavi poruka Done !!, kliknuti na OK. ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\sapsykea.ini C:\WINDOWS\system32\rdnqlqwc.ini C:\WINDOWS\system32\ucynayyi.ini C:\WINDOWS\system32\bpxbnuvq.dll C:\WINDOWS\system32\vpahgmvh.dll Folder:: C:\WINDOWS\privacy_danger C:\Program Files\BestsellerAntivirus C:\Program Files\AdwareRemover2007 Registry:: [-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareRemover2007] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe33639ce] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cwriter] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e0050a52] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ptask] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50a45db6-afcf-11dc-964e-000c6ec87aa9}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5e22a70-af00-11dc-964a-000c6ec87aa9}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9b17eb0-aef2-11dc-9648-000c6ec87aa9}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

vahu Poslao: 10 Mar 2008 22:15 Idi na vrh
offline vahu Novi MyCity građanin Pridružio: 02 Mar 2008 Poruke: 4	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Doktore,puno vam hvala.Mislim da sam iscistio racunar od malware-a. Radi sad bez greske osim sto po nekad zablokira kad idem da ugasim racunar. Pozdrav.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » nemam komandu desktop

Ko je trenutno na forumu

Ukupno su 983 korisnika na forumu :: 15 registrovanih, 2 sakrivenih i 966 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Bubimir, hyla, ILGromovnik, Istman, jukeboxer, koom0001, ladro, Mi lao shu, panzerwaffe, procesor, Skywhaler, SlaKoj, Tvrtko I, vathra, voja64

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by