Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Hijack Taskmanager trojan - problem

[es] :: Zaštita :: Hijack Taskmanager trojan - problem
(Zaključana tema (lock), by Dashkes)

[ Pregleda: 2696 | Odgovora: 14 ] > FB > Twit

Postavi temu

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

GArrow
Green Arow

Član broj: 133922
Poruke: 28
*.xdsl.beograd.com.



Profil

icon Hijack Taskmanager trojan - problem09.03.2009. u 09:53 - pre 153 meseci
U pitanju je virus koji mi disabe-uje task manage. Kaze "task manager has been disabled by your administrator".

E sad sto se zastite tice imam Kaspersky 7, i Malwarebytes AntiMalware.
Kaspersky ga uopste ne pronalazi, a AntiMalware ga pronadje i izbrise. I onda mogu da udjem u tm.
Medjutim svaki put kad resetujem kompjuter obet dobijam zabranu da udjem u task manager i opet soji isti trojanac na istom mestu.

Pronasao sam ga i u reg:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Ali ista prica, obrisem ga, i kad resetujem racunar, on je opet tu.
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 12:16 - pre 153 meseci
Skini program HijackThis sa sledece lokacije:

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Kada ga preuzmes preimenuj fajl u bilo sta npr. blabla.exe. Pokreni ga i klikni na "Do a system scan and save a logfile". Taj log fajl iskopiraj ovde da vidimo.

U prilogu imas sliku 1 i 2 da vidis kako to izgleda.

Pozdrav

[Ovu poruku je menjao Nemanja Živanović dana 09.03.2009. u 13:33 GMT+1]
Prikačeni fajlovi
 
0

GArrow
Green Arow

Član broj: 133922
Poruke: 28
*.xdsl.beograd.com.



Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 13:58 - pre 153 meseci
Evo ga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:46, on 9.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\mouse\mouse driver\3.4\lwbwheel.exe
F:\WINDOWS\system32\rundll32.exe
C:\xfigsys\xfigsys.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\DU Meter\DUMeterSvc.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Spyware Terminator\sp_rsser.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\DU Meter\DUMeter.exe
F:\Program Files\XTS\files\xfig2.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Downloads\Bla13.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LWBMOUSE] F:\Program Files\mouse\mouse driver\3.4\lwbwheel.exe
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [xfigsys] C:\xfigsys\xfigsys.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1225531580500
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - F:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6496 bytes
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 14:21 - pre 153 meseci
OK. Prvo sto ces da uradis je da odes na sajt http://www.virustotal.com/. Na prvoj stranici imaces mogucnost da uploadujes fajlove na proveru. Idi na browse, nadji fajl C:\xfigsys\xfigsys.exe potrvrdi sa Open, stikliraj Send it over SSL i pritisni Send File. Kada se zavrsi upload dobices pod stavkom Permalink: jedan link. Iskopiraj adresu tog linka ovde.

Ovaj fajl, koji ces da uploadujes, je Adware (http://www.emsisoft.com/en/malware/?Adware.Win32.XT+Spy). Hajde prvo to da vidimo, pa cemo da FIX-ujemo par redova iz ovog HijackLog-a. I mislim da ce to biti dovoljno.

[Ovu poruku je menjao Nemanja Živanović dana 09.03.2009. u 15:54 GMT+1]
 
0

GArrow
Green Arow

Član broj: 133922
Poruke: 28
*.xdsl.beograd.com.



Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 14:57 - pre 153 meseci
Evo linka linka:

https://www.virustotal.com/ana...64a76b725b700ebce0da63b7e00f9c

Nadam se da sam dobro uradio... i da je ovo link koji trazis....
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 15:05 - pre 153 meseci
Ok, radi sada link. Da li si mozda intalirao program XT Spy? Imas sliku u prilogu. To su njegovi ostaci odnosno delovi, a smatra se vrstom Adware-a. Videcemo da njih uklonimo.

Da li imas administratorska prava na tom racunaru? Ako imas idi u Run (Start > Run) i kucaj gpedit.msc Otvara ti se prozor za editovanje Group Policy-a. Sa leve strane klikni na User configuration pa na Administrative Templates pa na System pa na CTRL+ALT+DEL Options. Kada to poslednje selektujes sa desne strane imas stavku Remove Task Manager. Klikni dva puta na njega (otvara se novi prozor) i oznaci Disabled i potvrdi sa Apply i OK i izadji iz ovog prozora. To bo trebalo da bude to.

[Ovu poruku je menjao Nemanja Živanović dana 09.03.2009. u 16:22 GMT+1]
Prikačeni fajlovi
 
0

GArrow
Green Arow

Član broj: 133922
Poruke: 28
*.xdsl.beograd.com.



Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 15:33 - pre 153 meseci
Uradio sam ovo poslednje sto si mi napisao, ali kada sam restartovao racunar opet kaze da je dissabled tm by admin.

Znaci, prvo uraditi ovo sa gpedit.msc, itd...
Onda kada mi dozvoli da pokrenem tm, endovati process xfigsys.exe iz tm.
Uraditi uninstall ovg xfigsys ili ga jednostavno shift deletovati.

I to je to, sada mi tm radi normalno tj posle reseta ne brljavi.
Problem resen!

Hvala puno Nemanja.
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 15:40 - pre 153 meseci
Drago mi je da smo uspeli zajedno da resimo problem. Hajde ako imas vremena uradi jos jednom scan sa HijackThis-om i postavi log ovde. Treba iz njega da FIX-ujes sledece redove:

C:\xfigsys\xfigsys.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [xfigsys] C:\xfigsys\xfigsys.exe


Nema veze sto si ih ti obrisao rucno, cisto da ih uklonis iz start up-a. Definitivno je XT Spy blokirao pristup TM-u. Takodje potrazi i sledece fajlove:

C:\Program Files\XTS\XTS Run.exe
C:\xfigsys\xfigsys.exe
C:\xfigsys\xfigsys.gyq
C:\xfigsys\xfigsyslg\Flag.dat
C:\Documents and Settings\Tvojekorisnickoime\Desktop\XTS Run.lnk
C:\Documents and Settings\Tvojekorisnickoime\Start Menu\Programs\XTS\XTS Run.lnk

Oni takodje dolaze sa ovim Adware-om.
 
0

GArrow
Green Arow

Član broj: 133922
Poruke: 28
*.xdsl.beograd.com.



Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 16:57 - pre 153 meseci
Evo loga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:19, on 9.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\DU Meter\DUMeterSvc.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Spyware Terminator\sp_rsser.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\mouse\mouse driver\3.4\lwbwheel.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\Totalcmd\TOTALCMD.EXE
F:\Downloads\Bla13.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LWBMOUSE] F:\Program Files\mouse\mouse driver\3.4\lwbwheel.exe
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "F:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1225531580500
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - F:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6262 bytes
 
0

GArrow
Green Arow

Član broj: 133922
Poruke: 28
*.xdsl.beograd.com.



Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 16:59 - pre 153 meseci
Cini mi se da je sada sve ok??
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 17:11 - pre 153 meseci
Odlicno, log je apsolitno cist i ne pokazuje naznake malware-a. Ako imas vremena i ako ti je taj racunar slobodan, voleo bih da proverimo jos malo, da vidimo da nije ostao ili zalutao jos koji malware.

Instaliraj SuperAntiSpyware: http://www.superantispyware.co...productid=SUPERANTISPYWAREFREE

Ili ako link ne radi idi stranicu download pa odaberi free verziju: http://www.superantispyware.com/download.html

Skeniraj sa njim i vidi sta ce on naci...Naravno posle ciscenja racunara mozes obrisati ovaj program, posto vec imas MBAM. Ovaj program se pokazao kao odlicno resenje u slucajevima kada MBAM nije uspeo da ocisti sve "stetocine", pa zato proveravamo sistem sa njim.

Sledeci korak je skeniranje racunara sa Dr.Web CureIt! Mozes ga skinuti sa sledecih adresa:

ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe ili http://free.drweb.com/

Posle preuzimanja restartuj racunar u Safe Mode (dok se pali racunar pritiskaj F8 pa kada se pojavi meni odaberi Safe Mode - prva stavka). Kada se ucita Safe Mode pokreni Dr.Web CureIt! pokretanjem fajla launch.exe. Kad se upali odaberi Start. On ce automatski poceti da skenira racunar. Mozes ga pustiti da skenira (podrazumevano je brzo skeniranje), a kada zavrsi sa skeniranjem odaberi kompletno skeniranje - Complete scan i sa desne strane pritisnu dugme Start Scanning (izgleda kao Play dugme). Ako imas vremena mozes da odmah pri prvom pokretanju pustis kompletno skeniranje, da ne cekas da se brzo skeniranje zavrsi. To ces uraditi tako sto ces pri paljenju programa, kad on krene sa brzim skeniranjem pritisnuti sa desne strane Stop Scanning dugme (izgleda kao Stop dugme), pa onda odabrati kompletno skeniranje - Complete scan i sa desne strane pritisnu dugme Start Scanning.

Javi rezultate.
 
0

GArrow
Green Arow

Član broj: 133922
Poruke: 28
*.xdsl.beograd.com.



Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 18:26 - pre 153 meseci
Wow jos 2 softvera za zastitu od smeca s neta.
SUPERANTISPYWAREFREE - nasao je Samo neki Adware.tracking cookie

Sad cu da probam Dr.Web CureIt
 
0

GArrow
Green Arow

Član broj: 133922
Poruke: 28
*.xdsl.beograd.com.



Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 20:31 - pre 153 meseci
Nesto nece da pokrene aplikaciju iz safe moda....
U svakom slucaju problem je resen!
 
0

Nemanja Živanović

Član broj: 212716
Poruke: 459



+4 Profil

icon Re: Hijack Taskmanager trojan - problem09.03.2009. u 20:34 - pre 153 meseci
Ok. Verujem da vise nema nikakvih "stetocina". Cisto radi svoje sigurnosti mozes sa trenutnim antivirus i antiwalware programima da skeniras racunar.

Pozdrav i drago mi je da smo uspeli da resimo problem.
 
0

nikpel
Bg

Član broj: 118141
Poruke: 43
*.adsl-a-1.sezampro.yu.



Profil

icon Re: Hijack Taskmanager trojan - problem03.09.2009. u 12:34 - pre 147 meseci
- Ako nekoga zbunjuje ceo proces neka uradi samo ovo sto je napisao Nemanja, ja sam vec drugi put na istom mesu posle godinu dana i to je sve - resava problem. Sve radi kako treba, ponavljam neka samo ovo proba i to bi trebao sve da resi.

Hvala i poz!

Da li imas administratorska prava na tom racunaru? Ako imas idi u Run (Start > Run) i kucaj gpedit.msc Otvara ti se prozor za editovanje Group Policy-a. Sa leve strane klikni na User configuration pa na Administrative Templates pa na System pa na CTRL+ALT+DEL Options. Kada to poslednje selektujes sa desne strane imas stavku Remove Task Manager. Klikni dva puta na njega (otvara se novi prozor) i oznaci Disabled i potvrdi sa Apply i OK i izadji iz ovog prozora. To bi trebalo da bude to.
 
0

[es] :: Zaštita :: Hijack Taskmanager trojan - problem
(Zaključana tema (lock), by Dashkes)

[ Pregleda: 2696 | Odgovora: 14 ] > FB > Twit

Postavi temu

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.