MyCity » Ambulanta -> Arhiva Ambulante » zaraza neka, mozda vurtumondo

zaraza neka, mozda vurtumondo

Napisano na dan: 27.10.2007

zaraza neka, mozda vurtumondo

Sledeća strana

Pagination

Odgovori

zanzi Poslao: 27 Okt 2007 21:08 Idi na vrh
offline zanzi Građanin Pridružio: 06 Dec 2005 Poruke: 148	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! XP sa SP1, dial up. (nemojte me grditi za SP1, nije moj racunar) Kad racunar nije na netu, sve radi normalno. Kad se nakacim na net, pocinju problemi - u tray baru se pojavi mali zuti trougao sa uzvicnikom, naravno nudi mi opciju da skinem neki program da se spasim bede. Iskljucio sam system restore, obrisao temp i krenuo u ciscenje. SpyBot je nasao virtumondo i obrisao ga (u safe modu), nod je nasao nekih djavola i obrisao, takodje u safe modu. Desavalo mi se da puca explorer dok sam pokusavao da startujem ove programe u safe modu. Vratim se u normal mod, opet isto. Nasao sam sporne fajlove u c/win/system32 i probao rucno da ih brisem, nece da mrdnu. Ne mogu da ih obrisem ni u safe modu, sto me cudi. Startujem hijackthis, obelezim linije sa spornim fajlovima (BHO), nece da ih obrise. Kad ukljucim adaware 2007, krene da skenira i racunar se restartuje. Evo loga, pa da vidimo sta cemo. Hvala. Logfile of HijackThis v1.99.1 Scan saved at 20:12:37, on 27.10.2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\windows\System32\ctfmon.exe C:\Program Files\Eset\nod32krn.exe C:\windows\System32\svchost.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Zoran Cekanovic\Desktop\H_j-t.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\windows\system32\ssqqqro.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\windows\system32\ttmphuad.dll O2 - BHO: (no name) - {ABDCB3A5-39AA-454E-B99D-800191EF8350} - C:\windows\System32\pmkhf.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\windows\system32\ttmphuad.dll O4 - HKLM\..\Run: [b4ac692f] rundll32.exe "C:\windows\System32\xilnlapw.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe O4 - Startup: nod32.lnk = C:\Program Files\ESET\nod32kui.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O17 - HKLM\System\CCS\Services\Tcpip\..\{7C241F75-CB17-4EDE-A35D-903CE3595DA3}: NameServer = 80.93.224.1 80.93.224.2 O20 - Winlogon Notify: ssqqqro - C:\windows\SYSTEM32\ssqqqro.dll O20 - Winlogon Notify: ttmphuad - C:\windows\SYSTEM32\ttmphuad.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

Profil

bobby Poslao: 27 Okt 2007 21:20 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini VundoFix: [Link mogu videti samo ulogovani korisnici] * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

Profil

zanzi Poslao: 27 Okt 2007 22:05 Idi na vrh
offline zanzi Građanin Pridružio: 06 Dec 2005 Poruke: 148	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pre nego sto si odgovorio, probao sam i vundofix verziju 6.3.19 i SmitfraudFix. Vundo nije nasao nista, a SmitfraudFix nisam uspeo da startujem u normal modu, pa sam morao u safe da idem. ---------------------- VundoFix V6.3.19 Checking Java version... Sun Java not detected Scan started at 19:17:14 27.10.2007 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.3.19 Checking Java version... Sun Java not detected Scan started at 21:14:54 27.10.2007 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.5.11 Checking Java version... Sun Java not detected Scan started at 21:51:50 27.10.2007 Listing files found while scanning.... -------------------------------------- SmitFraudFix v2.242 Scan done at 21:40:13,57, sub 27.10.2007 Run from C:\Documents and Settings\Zoran Cekanovic\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ---------------------------- Sad sam skinuo noviju verziju vundofixa, pa cu posle da okacim log. Hvala. Dopuna: 27 Okt 2007 22:05 Evo i novog loga vundofixa i loga hijackthisa. VundoFix V6.5.11 Checking Java version... Sun Java not detected Scan started at 21:51:50 27.10.2007 Listing files found while scanning.... C:\windows\system32\dybrjafn.dll C:\windows\system32\ssqqqro.dll C:\windows\system32\ttmphuad.dll Beginning removal... Attempting to delete C:\windows\system32\dybrjafn.dll C:\windows\system32\dybrjafn.dll Has been deleted! Attempting to delete C:\windows\system32\ssqqqro.dll C:\windows\system32\ssqqqro.dll Could not be deleted. Attempting to delete C:\windows\system32\ttmphuad.dll C:\windows\system32\ttmphuad.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\ssqqqro.dll C:\windows\system32\ssqqqro.dll Has been deleted! Performing Repairs to the registry. Done! -------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22:01:08, on 27.10.2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\windows\System32\ctfmon.exe C:\Program Files\Eset\nod32krn.exe C:\windows\System32\svchost.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Zoran Cekanovic\Desktop\H_j-t.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {EB756CE3-F243-41B6-A770-1F5987271F54} - C:\windows\System32\pmkhf.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe O4 - Startup: nod32.lnk = C:\Program Files\ESET\nod32kui.exe O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O17 - HKLM\System\CCS\Services\Tcpip\..\{7C241F75-CB17-4EDE-A35D-903CE3595DA3}: NameServer = 80.93.224.1 80.93.224.2 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

Profil

bobby Poslao: 27 Okt 2007 22:14 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kada pokrenes VundoFix, u (belom) prozoru programa napravi desni klik misem i izaberi opciju "Add more files?". Kada ti se otvori sledeci prozor copy/paste sledecu putanju fajla: C:\windows\System32\pmkhf.dll Stisni "Remove Vundo". Ostatak procedure vec poznajes.

Profil

zanzi Poslao: 27 Okt 2007 22:55 Idi na vrh
offline zanzi Građanin Pridružio: 06 Dec 2005 Poruke: 148	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Reseno sve. Sta da ti kazem nego hvala. A vlasnik racunara ti porucuje, ako nekad budes blizu Gornjeg Milanovca, vodimo te kod Mica na Savinac - ubedljivo najbolja kobasica u Srbiji. Pozdrav.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » zaraza neka, mozda vurtumondo

Ko je trenutno na forumu

Ukupno su 1060 korisnika na forumu :: 89 registrovanih, 9 sakrivenih i 962 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, ALFASPORTIVO, amaterSRB, Ba4e, bbrasnjo3, BlekMen, Bobrock1, Botovac, brufen, cemix, comi_pfc, dankisha, DeerHunter, dekan.m, doktor097, Dorcolac, Dovla 1980, Draganeli, draganl, draggan, Duh sa sekirom, dule10savic, Electron, gaga23, gasha, Georgius, goranperović66, gregorxix, Hitri, ivanb, jodzula, kaskadija, kendzo-andzo-boni-fju, kib, kovinacc, Kozi-RS, Kubovac, Lester Freamon, luja, M74AB3, menges, Mi lao shu, micke83, milenko crazy north, Milometer, Milos1987, milos97, Mitch22, neutrino, nikolapetkovic, niksa517, nsharambasa, operniki, panzerwaffe, pein, perko91, Povratak1912, Primus17, probisic, proka89, pzoca, Qvazimodo, radionica1, raptorsi, samojednoimeznam, savuni, Sićko, Snorks, Srki94, strn, Szigetwar, Tas011, TRZH92, tuja, ulogovan, Velizar Laro, vladaa012, Vladovbl, VNVK, Vrač, wizzardone, Yellow Pinky, yrraf, YugoSlav, zbazin, zdrebac, Zorge, zrno, Zvrk

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by