Linkovi rezultata na Google-u me vode na neke čudne sajtove

dr_Bora · 21.08.2007. u 00:49

Program HijackThis ti se nalazi u:
D:\My Documents\My Downloads

Idi tamo, nađi HiJackThis_v2, desni klik na njega i izaberi opciju Rename, a zatim umesto originalnog imena, ti upiši šta god želiš, npr. možeš ga nazvati Daky.

dakyorlando · 21.08.2007. u 02:46

Tako sam ga i nazvao. Evo sadržaja log fajla.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:44:49 AM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\My Documents\My Downloads\Daky.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Quick TV Agent] D:\Program Files\Terminator\Quick TV\Scheduled.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187399613468
O17 - HKLM\System\CCS\Services\Tcpip\..\{46B0847B-12B2-4D83-AE59-5F59BFFAB534}: NameServer = 85.255.116.164 85.255.112.166
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5376 bytes

dakyorlando · 21.08.2007. u 02:47

Moram da ti odam priznanje dr_Boro na tome što si u stanju da iz ove gomile slova i brojeva da zaključiš šta nije u redu s nekim kompom

8)

snejks · 21.08.2007. u 09:25

O17 - HKLM\System\CCS\Services\Tcpip\..\{46B0847B-12B2-4D83-AE59-5F59BFFAB534}: NameServer = 85.255.116.164 85.255.112.166

zaostatak iz prethodnoga pokušaja brisanja? Imaš li ti firewall neki ako nemaš skini sunbelt firewal sa interneta i stavi ga gore na komp.

dr_Bora · 21.08.2007. u 09:49

Zeznuti ovi Ukrajinci...

Opet pokreni FixWareOut i isprati postupak do kraja.

Nakon restarta, otvori Control Panel, Network Connections i desni klik na tvoju konekciju: izaberi Properties. Pronađi Internet Protocol (TCP/IP): dvoklik na njega će ti otvoriti prozor sa podešavanjima: tu obeleži opciju Obtain DNS server address automatically. Ako bude bilo potrebno, restartuj PC.

Idi na Start - Run: ukucaj:

cmd ( potvrdi sa enter ).

U prozoru koji ti se otvorio, ukucaj:

ipconfig /flushdns ( postoji razmak nakon ipconfig - takođe komandu potvrdi sa enter ).

Nakon toga, pokreni HijackThis, skeniraj i štikliraj sledeću liniju ( ako bude postojala ):

O17 - HKLM\System\CCS\Services\Tcpip\..\{46B0847B-12B2-4D83-AE59-5F59BFFAB534}: NameServer = 85.255.116.164 85.255.112.166

a zatim klikni na Fix Checked ( zatvori IE kao i ostale programe pre toga ).

Restartuj PC. Nakon toga postavi novi HT log i C:\fixwareout\report.txt.

( Ako se ne snađeš sa nekim delovima postupka, nije bitno. Preskoči i nastavi dalje. Nemoj zaboraviti restartovanje pre skeniranja HT-om i postavljanja logova. )

Edit: jedno pitanje: uz NOD32 i Ad-Aware SE, da li imaš još neki program slične namene?

dakyorlando · 21.08.2007. u 14:38

Odgovor na Snejksovo pitanje je: imam firewall. U pitanju je ovaj običan, koji ima svaki Windows.

Tebe Boro nisam razumeo samo u ovoj prvoj rečenici što se odnosila na Ukrajince

. Ostao sam radio prema uputstvu.

U log fajlu posle posla FixWareOut-a pisalo je ovo:

Username "Genije" - 2007-08-21 6:27:46 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kduuu.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{46B0847B-12B2-4D83-AE59-5F59BFFAB534}
"nameserver"="85.255.116.164" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kduuu.ren 71219 08/04/2004

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Quick TV Agent"="D:\\Program Files\\Terminator\\Quick TV\\Scheduled.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

U Internet Protocol opciji Obtain DNS server address automatically već je bila štiklirana.

Nemam opciju Run u Start meniju. Imao sam je pre reinstalacije kompa iznad dugmadi Log off i Turn off computer, ali sada je nema. Otkucao sam "cmd" na Search ali izbacio je previše rezultata i nisam znao na šta da idem pa sam to preskočio.

Pokrenuo sam HT i našao pomenutu liniju, štiklirao i kliknuo na Fix pošto sam isključio ostale programe. Restartovao sam komp, ponovo pokrenuo HT i otišao na Scan and make log file. Međutim, opet sam primetio liniju koja počinje na O17. Evo drugog log fajla:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:47:53 AM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\My Documents\My Downloads\Daky.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Quick TV Agent] D:\Program Files\Terminator\Quick TV\Scheduled.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187399613468
O17 - HKLM\System\CCS\Services\Tcpip\..\{46B0847B-12B2-4D83-AE59-5F59BFFAB534}: NameServer = 85.255.116.164 85.255.112.166
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5183 bytes

Izgleda da ta O17 linija baš neće da ode. Kada kliknem na Fix, koliko mu treba vremena da on to obavi? Moram li da čekam neko obaveštenje jer program mi dugo posle toga ništa ne saopšti.

A odgovor na tvoje pitanje je: imam još jedan program te namene. U pitanju je SpyBot - Search and Destroy verzija 1.4.

snejks · 21.08.2007. u 14:48

Zaražen si sa:
Trojan.Flush.E
is a Trojan horse that modifies the DNS server settings on a compromised computer and redirects the browser to potentially malicious Web sites.

http://www.azvirus.com/trojan.flush.e-removal

dr_Bora · 21.08.2007. u 16:02

Ako misliš na ovo:
http://www.symantec.com/security_response/writeup.jsp?docid=2005-090216-5622-99&tabid=2
nisam baš siguran da je to u pitanju.

dr_Bora · 21.08.2007. u 21:55

@Dakyorlando:

restartuj kompjuter u Safe Mode ( u Safe Mode su ulazi tako što pri paljenju kompjutera pritiskuješ taster F8 i kada se pojavi meni, izabereš opciju Safe Mode ).

Kada se pokrenuo Safe Mode, pokreni FixWareOut i isprati postupak do kraja.

Nakon restartovanja, postavi novi HT log i C:\fixwareout\report.txt.

snejks · 21.08.2007. u 22:02

dr_bora nije isključeno da ga on briše , Fixwareout , ali je moguće da registri ključ i dalje ostaje zabeležen i da se posle par otvaranja internet stranica on opet pojavljuje.

dr_Bora · 21.08.2007. u 22:16

Znam... To je sledeći korak. Upravo smišljam kako da mu objasnim šta raditi u regedit-u, ako ne upali fix u safe modu.

snejks · 22.08.2007. u 00:17

imaš detaljno uputstvo onamo samo ga treba prevesti na naški

dakyorlando · 22.08.2007. u 00:28

Nažalost ne mogu da otvorim safe mode. Pritiskam F8 sve vreme po uključenju, ali ne pojavljuje se meni.

A to me dovodi do nečeg drugog vezanog za paljenje kompa. Možda je i to u pitanju. Možda je malo offtopic ali sad kad smo se već upustili u ovo da ne pravim novu temu. Možda ćeš ti dr_bora znati kako to da odagnam (bio bih ti zahvalan jer ne mogu da startujem San Andreas verovatno zbog osakaćenog procesora).

Moj procesor ima oznaku 2500+, dakle dva i po GHz. Ranije (pre one čuvene reinstalacije koju sam spominjao već X puta) kad bih upalio komp, on bi radio po taktu od 1800 MHz (kad kliknem desnim klikom na My Computer pa na Properties, pod General je pisalo "1.8 Ghz, 256 MB of RAM" (kasnije sam dodao još jedan modul od 512 pa je sad 768 MB of RAM ali to nema veze).

E sada: ponekad, recimo jednom u 10-15 uključivanja, odmah po uključenju, pojavio bi mi se natpis "Warning! CPU has changed or Overclock failed. Press F1 do continue, DEL to enter Setup". Ako bih pritisnuo F1, procesor bi radio na samo 1.1 GHz, dakle ispod svojih mogućnosti. Zato sam uvek pritiskao DEL, a onda samo na Save Changes and Exit, i procesor bi radio na 1.8 GHz. Međutim, posle one reinstalacije, svaki (ama baš svaki) put kad uključim komp pojavi mi se ta poruka. I ako pritisnem F1 i ako uđem u DEL pa na save changes and exit procesor mi je samo na 1.1 Ghz. Da li možda znaš kako da ga "nateram" da opet radi na 1.8 GHz kao što je radio tri godine? Kad sam pitao tipa koji mi je reinstalirao, rekao je "da se ne igram s tim". A što mi je s*ebao procesor to nema veze. Znam da je overklokovanje malo složeno za početnike, ali čini mi se da si ti dovoljno potkovan da bi mogao da me posavetuješ kako da podesim svoj procesor da radi kao i uvek.

dr_Bora · 22.08.2007. u 00:46

To oko procesora se ( najverovatnije ) događa zbog baterije na ploči o kojoj smo neki dan pričali.
Kada je promeniš, onda dobiješ uputstvo za podešavanje. Pre toga nema smisla jer će se BIOS opet resetovati. Kada otvoriš kućište, videćeš bateriju na ploči - pažljivo je izvadi i kupi istu takvu pa zameni ( ne znam tačno cenu, no nije skupa baterija ).

Bilo bi dobro da opet probaš ući u safe mode i odraditi ono odozgo.
Znači, čim se pc upali, pritisni i drži F8 i sigurno ćeš videti meni.
Ako ne ide, probaj opet samo počni još ranije da pritiskuješ F8.

Edit: već kada uđeš u safe mode, prvo odradi skeniranje Ad-Aware-om i SpyBot-om i pobriši sve što pronađu, a zatim fixwareout.

dakyorlando · 22.08.2007. u 01:15

Na žalost... ne mogu. Čim pritisnem dugme za uključivanje kompa odmah počnem da stiskam F8 ali ćorak. Znači, definitivno moram da nabavljam tu bateriju. Samo što se bojim da otvaram komp da nešto ne "screwup"-ujem. A ne znam ništa o toj bateriji - gde da je nađem (da li je ima u svakoj prodavnici kompjuterske opreme), koliko to "nije skupa", da li moram da naglasim koji procesor imam... Posebno se bojim da je vadim i ugrađujem novu. Ali potražiću je što hitnije mogu. Neko će već da mi pomogne oko toga, znam jednog tipa koji drži hardver u malom prstu.

Inače, jedan tip mi je rekao da ima neku 386-icu staru 15 godina koja i danas dobro radi a da joj nikad nije menjao nikakvu procesorsku bateriju... a moja već posle tri godine zaribala... takve sam ti ja sreće...

dr_Bora · 22.08.2007. u 09:44

Agent Orange ti je odgovorio za bateriju, tako da ćeš se snaći sa tim.

Što se tiče ovog ovde problema...

Idi u C:\Windows i pronađi regedit - i pokreni ga.
U levom delu prozora se nalaze ključevi ( one žute ''stvarčice'' ).

Pronađi sledeći ključ:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\ Tcpip\Parameters\Interfaces

Zatim desni klik na Interfaces i izaberi opciju Export.
Otvoriće ti se prozor pod nazivom Export Registry File.
Unesi neki naziv i snimi taj file.
Pronađi snimljeni file i desni klik na njega, pa izaberi opciju Edit - file će se otvoriti u Notepad-u. Iskopiraj njegov sadržaj ovde.
___________________________
Edit: još nešto ćemo da odradimo.

Isključi AMON modul u NOD32 ( otvoriš NOD32 klikom na ikonicu kod sata, zatim klikneš na AMON sa leve strane i dečekiraš File system monitor (AMON) enabled ).

Skini HaxFix ( sačuvaj ga na disku ).
Instaliraj ga. Klikom na Finish, program će se pokrenuti ( ako ne, onda ga pokreni iz start menija ).
Na prvom ekranu, pritisni bilo koji taster.
Na sledećem izaberi opciju 2.Run Auto Fix ( ukucaš broj 2 i enter ).
Sačekaj da se proces završi ( pc će se možda restartovati ).

Nakon toga isprati prethodno uputstvo za pokretanje FixWareOut-a.

Postavi ovde sledeće:
C:\haxfix.log
C:\fixwareout\report.txt
novi HijackThis log.

dakyorlando · 22.08.2007. u 14:22

Evo sadržaja prvog regedit fajla (sve sam uradio po uputstvu iz prvog dela):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46A81C00-48E2-46C1-8D2E-4161CEF23DFF}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
34,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpNameServer"="208.67.220.220,208.67.222.222 "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46B0847B-12B2-4D83-AE59-5F59BFFAB534}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpIPAddress"="77.46.134.221"
"DhcpSubnetMask"="255.255.255.255"
"Domain"=""
"DhcpClassIdBin"=hex:
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000
"NameServer"="85.255.116.164 85.255.112.166"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{550AEF68-591E-4579-916D-649A9F111681}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NameServer"=""
"DhcpNameServer"=""
"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7D2DEFDD-2BAF-49FC-9E3F-80CAC77CE3CB}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83B7B855-C71F-4D5A-A710-D3CE73511C76}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpNameServer"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CFADCEC0-43F2-4B34-B93D-3E9CE7D2A823}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=hex(7):00,00
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"DhcpClassIdBin"=hex:
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000

Kad sam skinuo program HaxFix dobio sam samo opcije 1 (Make log file) i E (Exit HaxFix). Da li da idem na ovu prvu? Ne bih ništa da radim na svoju ruku.

dr_Bora · 22.08.2007. u 14:38

Zatvori ga pa ga opet pokreni. Ako i dalje ne bude bilo opcije Run auto fix, onda pokreni tu prvu, pa će nakon toga da ti se prikaže i ona željena opcija.

dakyorlando · 22.08.2007. u 19:49

Evo HaxFix log fajla:

HAXFIX logfile - by Marckie

version 4.50
Wed 08/22/2007 19:43:18.76

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
ASPI32

checking for matching safeboot services
no matching safeboot services found

checking for other Haxdoor-files
no other Haxdoor-files found

--- Checking for Goldun ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking for other Goldun-files
no other Goldun-files found

checking iexplore.exe
iexplore.exe is not infected

--- Catchme logfile - thank you Gmer ---

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-22 19:43:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden files: 0

--- Analysing Catchme logfile ---

no matching regkeys found

Finished!

Evo report fajla:

Username "Genije" - 2007-08-21 6:27:46 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kduuu.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{46B0847B-12B2-4D83-AE59-5F59BFFAB534}
"nameserver"="85.255.116.164" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kduuu.ren 71219 08/04/2004

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Quick TV Agent"="D:\\Program Files\\Terminator\\Quick TV\\Scheduled.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

A evo i HijackThis. Svi su sad na broju.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:47:02 PM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
D:\My Documents\My Downloads\Daky.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Quick TV Agent] D:\Program Files\Terminator\Quick TV\Scheduled.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187399613468
O17 - HKLM\System\CCS\Services\Tcpip\..\{46B0847B-12B2-4D83-AE59-5F59BFFAB534}: NameServer = 85.255.116.164 85.255.112.166
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5151 bytes

O17 je, izgleda, još tu...

snejks · 22.08.2007. u 20:02

Click Start > Run.
Ukucaj reč - regedit
Click OK.

pronađi i otvori lokaciju :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
\[ADAPTER CLSID]

U desnom panelu obriši vrednost :

"NameServer" = "85.255.116.164 85.255.112.166"

Pronađi u sledeću stavku :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

U desnom panelu obriši vrednosti :

"hgqhp.exe" = "System%\hgqhp.exe"

Pronađi i obriši u registriju podključ:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ruins

Izađi iz registri baze.

Skinuto sa stranice simanteka i prevedeno. za trojan.flush.e

snejks · 22.08.2007. u 20:09

I kada završiš sa ovom zaebancijom moj savet je da reinstaliraš kompjuter sa svežim windowsom.

dakyorlando · 22.08.2007. u 21:01

U HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces ne postoji folder ni fajl s imenom [ADAPTER CLSID], a ni "NameServer" = "85.255.116.164 85.255.112.166".

U HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run nema vrednosti "hgqhp.exe" = "System%\hgqhp.exe".

Ne postoji ni potključ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ruins.

Možda nije u pitanju trojan. Inače, na Google-u mi ponekad slova naprasno postanu veća ili manja: kao da pritisnem CTRL i točkić miša, ali štos je u tome što to uopšte ne pritisnem.

dr_Bora · 22.08.2007. u 21:09

Ovaj ključ:
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\interfaces\{46B0847B-12B2-4D83-AE59-5F59BFFAB534}

Nađi stavku Name server - dvoklik na nju i u prozoru koji se otvori obriši vrednost: 85.255.116.164 85.255.112.166 ( znači isprazni to polje ) i OK.

Restartuj pc i postavi novi log.
________________________________________

Edit: @snejks: nemoj pogrešno da shvatiš, ali... Jesi li pogledao ove HT logove? Jel' vidiš negde u run sekciji "hgqhp.exe" = "System%\hgqhp.exe"?
Nije u pitanju taj trojanac. Glupi wareout pravi probleme. Samo što se ponekada ''malo'' teže uklanja...

dakyorlando · 22.08.2007. u 22:27

@snejks ja sam pre nekih mesec dana reinstalirao komp i osvežio ga novim Windows-om... to sam spomenuo bar deset puta ako ne i više.

Uradio sam kako mi je rečeno. Nisi napisao kakav log da stavim, ali pretpostavio sam da je od Hijack This.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:26:25 PM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
D:\My Documents\My Downloads\Daky.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Quick TV Agent] D:\Program Files\Terminator\Quick TV\Scheduled.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\Terminator\TV7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1187399613468
O17 - HKLM\System\CCS\Services\Tcpip\..\{46B0847B-12B2-4D83-AE59-5F59BFFAB534}: NameServer = 85.255.116.164 85.255.112.166
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5152 bytes

Hvala bogu da postoji copy/paste komanda! Zamislite da sve ovo moram da pišem? :razz:

snejks · 22.08.2007. u 23:11

Ovako izgleda možemo godinu dana a on će i dalje biti ovde , ali će zato dakyorlando da nauči par stvari.

sorry ali ja bih već odavno puknuo reinstall makar samo za tu sitnicu. Celo vreme imam osecaj kao da nešto fali iz tog loga. Neznam šta ali fali definitivno.

Linkovi rezultata na Google-u me vode na neke čudne sajtove

Aktivan član

A picker, a grinner, a lover, and a sinner

A picker, a grinner, a lover, and a sinner

Elita

Aktivan član

A picker, a grinner, a lover, and a sinner

Elita

Aktivan član

Aktivan član

Elita

Aktivan član

Elita

A picker, a grinner, a lover, and a sinner

Aktivan član

A picker, a grinner, a lover, and a sinner

Aktivan član

A picker, a grinner, a lover, and a sinner

Aktivan član

A picker, a grinner, a lover, and a sinner

Elita

Elita

A picker, a grinner, a lover, and a sinner

Aktivan član

A picker, a grinner, a lover, and a sinner

Elita

Slične teme