Po uputstvu dr.Bore
Prikazujem rezultate 1 do 21 od 21

Tema: Po uputstvu dr.Bore

  1. #1
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Po uputstvu dr.Bore

    Evo brate sve radim kako si reko sad pomagaj.

    Uradio sam sistem restore i prijavio je da nemoze nesto da uradi.Ali posle toga sam uspeo da pokrenem HiJack i evo postavicu sta je izbacio pa bi molio boru ili nekog ko zna da mi pomogne.
    Inace komp radi ocajno.Windovs se dize dosta dugo po ukljucenju.Koci se za vreme rada.Kad sam na internetu i otvorim drugi prozor IE nastaje totalni haos,ne moze ni refres na deskopu da uradi ni my computer da otvori.Da ne nabrajam sve sada uglavnom uzas

    Samo da dodam neke podatke mozda pomogne dr.Bori.Imam NOD32,stalno se abdejtuje jer sam skoro non stop na netu [ADSl telekom].Windovs xp sp2,neznam sta jos da ti navedem kao bitan podatak.U pocetku sam mislio da usporeno radi i da nece nesto da otvori zato sto ima malo RAM memorije,256,medjutim vidim da je nesto drugo problem jer se desava svasta.Recimo kad otvorim samo stranicu krstarice [nista drugo nije otvoreno] i kad kliknem na odgovor prvo traje dok se stranica otvori a onda ne reaguje nego gde god da stanem misem na stranici nema ni strelice ni ruke od kursora vec ono neznam kako se zove kad kucas tekst [kao veliko T sa jos jedno linijicom odozdo] to traje neko vreme dok ne sacekam da se unormali. Kad ne sacekam nego silujem da zatvorim neku stranicu koja zeza,otvorim taskmgr on onda kao jos radi ,pa onda kao zavrsi odmah,pa onda kad posle nekoliko desetina klika na end on zatvori i pise kao ono prozorce send problem i dont send.ITD ima dosta takvih gluposti

    I malopre mi se desilo ko zna koji put [nije skoro] da sam konektovan ali IE ne otvara ni jednu stranicu i pise da nisam konektovan.Posle treceg sistem restore [koji uzgred to ne radi vec sam napomenuo] uzpeo sam da otvorim krstaricu.

    Evo HJ scan:


    Logfile of HijackThis v1.99.1
    Scan saved at 1:53:41, on 27.9.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\SynthCoreA.exe
    C:\Program Files\RAMfreer\RAMfreer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    D:\download\Krstarica\Za dr.Boru.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.digitalfan.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.digitalfan.com/search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.digitalfan.com/search
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A3804E2C-C67F-4E37-8B6A-E3400A317A5E} - C:\WINDOWS\msagent\intl\wmsmp3.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [Marine Aquarium 2] C:\WINDOWS\SynthCoreA.exe
    O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm077YYYU
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: fontview.dll
    O20 - Winlogon Notify: wmsmp3 - C:\WINDOWS\msagent\intl\wmsmp3.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



  2. #2
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Po uputstvu dr.Bore

    Evo i link sa fajlovima koje si trazio:http://rapidshare.com/files/58503235/za_dr_boru.ace.html

  3. #3
    Elita
    Učlanjen
    04.04.2005.
    Pol
    muški
    Lokacija
    iza sedam brda i dolina u 3pm
    Poruke
    15.324
    Reputaciona moć
    380

    Podrazumevano Re: Po uputstvu dr.Bore

    Pih ja nisam mogao ni da ga skinem , Avast je prijavio "Trojan Horse" u fontview.dll , pri pokušaju downloada evo izveštaja skenera:
    27.9.2007 6:19:00 1190866740 SYSTEM 1552 Sign of "Win32:Agent-LMG [Trj]" has been found in "http://rs166gc2.rapidshare.com/files/58503235/2443915/za_dr_boru.ace\fontview.dll" file.

    dr_Boro ali nije taj mene zbunjivao mene zbunjuje sledeći fajl
    O20 - Winlogon Notify: wmsmp3 - C:\WINDOWS\msagent\intl\wmsmp3.dll
    malo sam googlao i nigde nisam našao wmsmp3.dll kao fajl , znači sumnjam da će tu trebati jedan od ove trojice :vundofix , smitfraud ili SDfix

  4. #4
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Po uputstvu dr.Bore

    Idemo ovako...

    Pokreni HT, skeniraj i čekiraj sledeće linije:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.digitalfan.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.digitalfan.com/search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.digitalfan.com/search
    O2 - BHO: (no name) - {A3804E2C-C67F-4E37-8B6A-E3400A317A5E} - C:\WINDOWS\msagent\intl\wmsmp3.dll
    O4 - HKLM\..\Run: [Marine Aquarium 2] C:\WINDOWS\SynthCoreA.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...?p=ZRxdm077YYYU
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...p1.0.0.15-3.cab
    O20 - AppInit_DLLs: fontview.dll
    O20 - Winlogon Notify: wmsmp3 - C:\WINDOWS\msagent\intl\wmsmp3.dll


    a zatim klikni na Fix Checked.

    Restartuj kompjuter u Safe Mode ( pri paljenju PC-a, pritiskuj F8 i izaberi Safe Mode iz menija koji se pojavi ).

    Pronađi i, ako je moguće, obriši sledeće file-ove:

    C:\WINDOWS\SynthCoreA.exe
    C:\WINDOWS\system32\fontview.dll
    C:\WINDOWS\msagent\intl\wmsmp3.dll

    Restartuj PC u normal mode.

    ------------------------------------------------------------------------------------------

    Skini i raspakuj http://forum.krstarica.com/attachment.php?attachmentid=23863
    Pokreni Lista_Servisa.bat - kada bude gotovo, dobićeš file Lista_Servisa.txt.

    Skini i raspakuj priloženi file listsys.zip - pokreni listsys.bat - dobićeš file C:\syslista.txt.

    Ukoliko ga nisi obrisao, uploaduj file: O20 - Winlogon Notify: wmsmp3 - C:\WINDOWS\msagent\intl\wmsmp3.dll

    Uz iduću poruku priloži zipovane: Lista_Servisa.txt i C:\syslista.txt, kao i novi HijackThis log.

    Ako nešto ne uspeš obrisati (što je vrlo verovatno), nije bitno - samo odradi ovo ostalo...

    Btw, nemoj koristiti System Restore dok ne završimo sa svime...
    Priloženi fajlovi Priloženi fajlovi
    Poslednji put ažurirao/la dr_Bora : 27.09.2007. u 09:15

  5. #5
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Po uputstvu dr.Bore

    E ovako ono u HJ sam uradeo.Pokrenuo sam safe mod ali ove fajlove nemogu da nadjem.Prvi fajl ne nalazi u serch.Drugi i treci nece ni da trazi kad kliknem na start serch izbaci prozorce i pise taj i taj fajl is not a valid folder.Travio sam i u Windsows explorer nema tih fajlova.Da li da nastavim sada dalje sa ovim sto si napisao ili ne?

  6. #6
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Po uputstvu dr.Bore

    Odradi ostalo...

  7. #7
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Po uputstvu dr.Bore

    Citat Original postavio dr_Bora
    Odradi ostalo...

    E ovako listu servisa sam napravio i upakovao ali nece da se uploaduje ovde pise neispravan tip fajla,inace je u WinRar.
    Ovaj drugi fajl listsys.zip sam skinuo raspakovao i pokrenuo otvori se crni prozor C:\WINDOWS\sistem32\cmd.exe
    i u njemu pise:\download\krstarica\listsys>cd C:\WINDOWS\sistem32\drivers

    D:\download\krstarica\listsys>dir *.sis /S /X 1/>C:\syslista.txt
    File Not Found

    D:\download\krstarica\listsys>pause

    Press ani key to continue....

    I kad pritisnem bilo koji taster prozor se zatvara i nista se ne desava.


    Dalje,Fajl O20 - Winlogon Notify: wmsmp3 je jos uvek u HJ ali neznam kako da ga iskopiran negde da bi ga uplodovao.

    Fajl C:\WINDOWS\msagent\intl\wmsmp3.dll nisam nasao ni u safemodu ni sada ga nema nigde.

    A evo sada scan:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:31:01, on 27.9.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\RAMfreer\RAMfreer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    D:\download\Krstarica\Za dr.Boru.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A3804E2C-C67F-4E37-8B6A-E3400A317A5E} - C:\WINDOWS\msagent\intl\wmsmp3.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: wmsmp3 - C:\WINDOWS\msagent\intl\wmsmp3.dll
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    E sad neznam dali sam sve uradio kako treba ili sam nesto zabrljao.Kazi sta sada treba da radim.Pozdrav

  8. #8
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Po uputstvu dr.Bore

    Idemo opet...

    Skini priloženi file i sačuvaj ga negde na C disku ( a ne u D:\download\krstarica\ , zbog toga malopre nije radilo ), raspakuj i pokreni... Biće gotovo nakon nekoliko sekundi.
    Zatim zipuj ( znači, zip a ne rar ) file-ove: Lista_Servisa.txt i C:\syslista.txt i priloži uz poruku.
    Priloženi fajlovi Priloženi fajlovi
    Poslednji put ažurirao/la dr_Bora : 27.09.2007. u 17:13

  9. #9
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Po uputstvu dr.Bore

    Evo druze kako si sve rekao.
    Priloženi fajlovi Priloženi fajlovi
    Poslednji put ažurirao/la MonteCarlo : 27.09.2007. u 21:04

  10. #10
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Po uputstvu dr.Bore

    OK... Da krenemo sa brisanjem...

    Skini Avenger i raspakuj ga.
    Skini priloženi file skripta.txt.

    Pokreni Avenger:
    - obeleži opciju Load script from file
    - klikni na ikonicu folder-a i otvori file skripta.txt
    - zatvori sve pokrenute programe
    - klikni na ikonicu semafora
    - odgovori sa Yes na oba postavljena pitanja

    Nakon toga će se kompjuter dva puta restartovati - u međuvremenu nemoj bilo šta da radiš na kompjuteru.

    Kada sve bude gotovo, postavi ovde sadržaj file-a C:\avenger.txt kao i novi HT log.
    Priloženi fajlovi Priloženi fajlovi

  11. #11
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Po uputstvu dr.Bore

    Evo


    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Service s\nfwljcte

    *******************

    Script file located at: \??\C:\Program Files\ixkfqufg.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Driver IWin service unloaded successfully.
    Driver Neth unloaded successfully.
    Driver Win PPPe unloaded successfully.


    File C:\WINDOWS\system32\iwinapp.exe not found!
    Deletion of file C:\WINDOWS\system32\iwinapp.exe failed!

    Could not process line:
    C:\WINDOWS\system32\iwinapp.exe
    Status: 0xc0000034



    File C:\WINDOWS\system32\netid.exe not found!
    Deletion of file C:\WINDOWS\system32\netid.exe failed!

    Could not process line:
    C:\WINDOWS\system32\netid.exe
    Status: 0xc0000034



    File C:\WINDOWS\system32\winser.exe not found!
    Deletion of file C:\WINDOWS\system32\winser.exe failed!

    Could not process line:
    C:\WINDOWS\system32\winser.exe
    Status: 0xc0000034

    File C:\WINDOWS\msagent\intl\wmsmp3.dll deleted successfully.
    File C:\WINDOWS\SynthCoreA.exe deleted successfully.
    File C:\WINDOWS\system32\fontview.dll deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.



    Evo i HJ scan:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:44:24, on 27.9.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\RAMfreer\RAMfreer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\download\Krstarica\Za dr.Boru.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A3804E2C-C67F-4E37-8B6A-E3400A317A5E} - C:\WINDOWS\msagent\intl\wmsmp3.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: wmsmp3 - C:\WINDOWS\msagent\intl\wmsmp3.dll (file missing)
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

  12. #12
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Po uputstvu dr.Bore

    Odlično...

    Pokreni HT, skeniraj i štikliraj sledeće linije:

    O2 - BHO: (no name) - {A3804E2C-C67F-4E37-8B6A-E3400A317A5E} - C:\WINDOWS\msagent\intl\wmsmp3.dll (file missing)
    O4 - Startup: PowerReg Scheduler.exe
    O20 - Winlogon Notify: wmsmp3 - C:\WINDOWS\msagent\intl\wmsmp3.dll (file missing)

    a zatim klikni na Fix Checked.

    Skini priloženi file, raspakuj i pokreni...

    Restartuj PC i postavi još jedan HT log. Takođe, uploaduj file C:\Avenger\backup.zip na RapidShare.
    Priloženi fajlovi Priloženi fajlovi

  13. #13
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Po uputstvu dr.Bore

    evo


    Logfile of HijackThis v1.99.1
    Scan saved at 0:24:24, on 28.9.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\RAMfreer\RAMfreer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\download\Krstarica\Za dr.Boru.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Program Files\Popup Manager\PopupMgr_1.0.2.1P.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [RAMfreer] C:\Program Files\RAMfreer\RAMfreer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


    Evo i trazeni fajl [valjda sam pogodio] : http://rapidshare.com/files/58722520/backup.zip.html

  14. #14
    Elita
    Učlanjen
    04.04.2005.
    Pol
    muški
    Lokacija
    iza sedam brda i dolina u 3pm
    Poruke
    15.324
    Reputaciona moć
    380

    Podrazumevano Re: Po uputstvu dr.Bore

    qq jopet trojanac
    28.9.2007 6:21:45 1190953305 SYSTEM 1652 Sign of "Win32:Agent-LMG [Trj]" has been found in "http://rs208cg.rapidshare.com/files/58722520/2980149/backup.zip\avenger\fontview.dll" file.

    I ja inače sa zanimanjem pratim ovaj slučaj i rad dr_Bore , može dosta da se nauči , ali kada budete završili s ovim bih vas zamolio da pouklanjate ove linkove da se neko ne bi slučajno zaebao

  15. #15
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Po uputstvu dr.Bore

    To je onaj od ranije koga MonteCarlo nije mogao pronaći i obrisati, pa sam sada usput iskoristio Avenger da ''počistim''...

    Ovde sada sve izgleda OK.

    MonteCarlo, jel' imaš web kameru?
    Čemu služi RAMfreer? Neki RAM optimizator?
    Ja bih to deinstalirao jer smatram da samo usporava kompjuter. No, ti si gazda...

    Otvori Control Panel - System - System Restore: čekiraj: Turn Off System Restore on all drives.
    Restartuj kompjuter a zatim istu opciju dečekiraj (tj. uključi SR).

    Pobriši sve privremene file-ove (pokreni Disk Cleanup).
    Isprazni folder C:\WINDOWS\Prefetch\ ( obriši sve .pf fileove u njemu i layout.ini ).
    Obriši folder C:\Avenger\.
    Defragmentuj hard disk ( ako želiš, zbog brzine rada )

    Kako sada radi kompjuter? Primetiš li neke probleme?

  16. #16
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Po uputstvu dr.Bore

    Imam Web kameru.Taj RAM Freer sam skinuo i pokreneuo po preporuci kao dobar programcic koji ce mi posluziti za oslobadjanje RAM od nepotrebnih programa posto imam malo RAM memorije.Medjutim ako kazes da je bolje da ga obrisem uradicu?

    Reci mi samo gde je taj Disk Cleanup i kako se pokrece.

  17. #17
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Po uputstvu dr.Bore

    Nasao sam i disk clinup i obrisao ali kad me pitao koje sve foldere bila su cekirana samo prva dva temporari i jos jedan,nisam nista vise cekirao tako da je samo to i obrisao ako sam trebao jos nesto reci.Ostalo sam sve uradio.I recimi zasto si me pitao za web kameru treba li i tu nesto da radim?I da li da deinstaliram taj RAM freer?

  18. #18
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Po uputstvu dr.Bore

    U Disk Cleanup-u čekiraj Temporary Internet Files i Temporary Files.
    U vezi kamere je sve ok (video sam proces koji bi trebao da ide uz kameru, pa sam hteo da proverim).

    Što se tiče RAM Freer-a kao i ostalih ''optimizatora'' za memoriju, mislim da od njih nema nikakve koristi.
    Ako hoćeš da ''uštediš'' na RAM-u, bolje je da središ neke startup aplikacije.
    ACDSee: isključi detekciju ubačenih diskova...
    Control Panel - Java: isključi autoupdate...
    MSN IM, Yahoo IM, WinZip QuickPick, Ares: isključi pokretanje sa windows-om...

    Sve to možeš uraditi u opcijama samih programa ( ne znam napamet nazive opcija, ali sigurno postoje: potraži... ).

  19. #19
    Zainteresovan član
    Učlanjen
    13.02.2005.
    Pol
    muški
    Lokacija
    Bor
    Poruke
    128
    Reputaciona moć
    48

    Podrazumevano Re: Po uputstvu dr.Bore

    Sve sam zavrsio druze.I sada komp radi super.Neznam kako da ti zahvalim na ulozenom znanju i vremenu.Neznam ni sta si sve radio ni koliko ucenja je potrebno za toliko znanja.U svakom slucaju hvala puno.

  20. #20
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: Po uputstvu dr.Bore

    Molim...

    Poštovanje...

  21. #21
    Početnik
    Učlanjen
    16.10.2007.
    Poruke
    2
    Reputaciona moć
    0

    Podrazumevano Re: Po uputstvu dr.Bore

    sve ovo citam gledam i pokusavam da dokucim ali nije u mom domenu pa kazem svaka cast ljudi ja takodje imam pr. sa kom. ali meni tako nemozes boro pmoci

Slične teme

  1. BORE
    Autor gost 151384 u forumu Žene
    Odgovora: 116
    Poslednja poruka: 12.02.2009., 18:51
  2. bore na licu
    Autor llazovic u forumu Žene
    Odgovora: 23
    Poslednja poruka: 17.04.2007., 18:46
  3. Prve Bore!!!
    Autor plavamala u forumu Žene
    Odgovora: 27
    Poslednja poruka: 10.02.2007., 01:53
  4. PO ĆALETOVOM UPUTSTVU !!!
    Autor krvolok u forumu Arhiva
    Odgovora: 63
    Poslednja poruka: 22.11.2006., 23:29
  5. BORE
    Autor Ljubica u forumu Zdravlje
    Odgovora: 1
    Poslednja poruka: 19.10.2003., 23:09

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •