|
Zaštita Virusi, anti-virus programi, firewall... |
|
Alatke vezane za temu | Vrste prikaza |
6.7.2008, 15:41 | #1 |
Banned
|
Zarazne bolestine
Nadao sam se da nikad necu otvoriti ovde temu, ali ipak morao sam jer vise ne znam sta da radim.
Danas sam preko nasih dragih torrenta skinuo Registry Mechanic i instalacija je bila zarazena svim i svacim.Poceli su da iskacu razni prozorcici, pop-up prozori, jednostavno receno sve je poludelo.Otisao u safe mod, skinuo ad-aware, spybot, skenirao i antivirusom, nasao je neke zaraze i otklonio ih je.Neki problemi su nestali, ali neki su i ostali.Onda sam usao u windows i skenirao sa spybot i nasao je jos nekoliko gamadi.Sve je uspesno otklonio, ali jedan problem nikako nece da nestane.Na prilozenoj slici se bolje vidi: U System propertis pise ispod mog imena pise "Virus Alert!".Onda, u MyComputer, od tri particije (C,D,E), ja imam samo particiju E.Na sve particije mogu da pristupim iz address bara, ali nemam ikonice u MyComputeru.Treca stvar je poruka "Virus Alert!" pored sata koju ne znam kako da otklonim.Mukama jos uvek nije kraj...U Start-u nemam ikonice sa desne strane.Sta da radim? |
6.7.2008, 16:03 | #2 |
Član
Član od: 28.4.2007.
Lokacija: Beograd
Poruke: 435
Zahvalnice: 89
Zahvaljeno 112 puta na 81 poruka
|
Re: Zarazne bolestine
Reinstaliraj Windows! To je univerzalno rješenje i preporuka. Lijek nad lijekovima. ) Šalim se, ne znam tačno kako to vratiti, ali pokušao bih sa System Restore (naravno, datum prije torent avanture).
Odgovarm ti jer ne mogu da vjerujem kako si bio nesmotren. Sistemski programi skinuti sa lokacija koje nisu zvanične u većini slučajeva imaju gomilu virusa i trojanaca. Ako ti se sviđa neki program, skineš probnu verziju sa *zvaničnog* sajta i obaviš šta treba. Poslije toga deinstaliraš ili kupiš program. Ti si to skinuo sa torenta, zaboravio da skeniraš i pokrenuo pod administratorskim nalogom... Kakava li je tek sad žurka u registru. |
6.7.2008, 16:06 | #3 |
Banned
|
Re: Zarazne bolestine
Pre cu ziveti sa virus alertom nego da reinstaliram windows
Od system restore nema vajde, ugasio sam ja to odavno. A jbg, desava se.Fora je u tome sto sam skenirao sa Nod32, ali nista nije pokazao. pa ne bih rekao da je velika zurka, posto registry mechanic ne pokazuje ni jedan problem. |
6.7.2008, 16:08 | #4 |
V.I.P. Zaštita
Član od: 18.5.2008.
Lokacija: Prokuplje
Poruke: 1.505
Zahvalnice: 5
Zahvaljeno 425 puta na 385 poruka
|
Re: Zarazne bolestine
@petko ajde da vidimo sta kaze HijackThis skini sa odavde stavi ga u novi folder i preimenuj u recimo petko.exe, pokreni ga i klikni na "Do a system scan and save a logfile" posle iskopiraj log na forum.
|
6.7.2008, 16:10 | #5 |
Član
Član od: 28.4.2007.
Lokacija: Beograd
Poruke: 435
Zahvalnice: 89
Zahvaljeno 112 puta na 81 poruka
|
Re: Zarazne bolestine
|
6.7.2008, 16:58 | #6 |
Banned
|
Re: Zarazne bolestine
Kod:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:56: VIRUS ALERT!, on 7/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\ESET\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe D:\xampp\mysql\bin\mysqld-nt.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe D:\Program Files\ESET\egui.exe C:\WINDOWS\system32\rundll32.exe D:\Program Files\Office 2007\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Easy\TV Capture\RemoteCtl.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe D:\Program Files\Spyware Doctor\pctsAuxs.exe D:\Program Files\Spyware Doctor\pctsSvc.exe D:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wiaacmgr.exe C:\Documents and Settings\petko\Desktop\petko\petko.exe C:\WINDOWS\system32\wbem\wmiprvse.exe -- End of file - 9513 bytes |
6.7.2008, 16:58 | #7 |
Banned
|
Re: Zarazne bolestine
Kod:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - C:\WINDOWS\system32\qoMeEVNe.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\OFFICE~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8D2526B5-A21A-40BD-9370-D1DC28897BA1} - C:\WINDOWS\system32\efcayvVO.dll (file missing) O2 - BHO: (no name) - {D0BC7019-4D53-4604-AEA5-7C577B080223} - C:\WINDOWS\system32\vtUlIBTJ.dll (file missing) O2 - BHO: (no name) - {E15F84F9-CDB0-46CD-B6C9-FE4BEA23054E} - C:\WINDOWS\system32\jkkhifGy.dll (file missing) O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - C:\WINDOWS\nqgpedlr.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Office 2007\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [1c91f93f] rundll32.exe "C:\WINDOWS\system32\aaecplij.dll",b O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [SpybotDeletingA5467] command /c del "C:\WINDOWS\system32\vtUlIBTJ.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC4759] cmd /c del "C:\WINDOWS\system32\vtUlIBTJ.dll_old" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: TV Capture Remote Control.lnk = C:\Program Files\Easy\TV Capture\RemoteCtl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\OFFICE~1\Office12\GR99D3~1.DLL |
6.7.2008, 16:59 | #8 |
Banned
|
Re: Zarazne bolestine
Kod:
O20 - Winlogon Notify: qoMeEVNe - C:\WINDOWS\SYSTEM32\qoMeEVNe.dll O21 - SSODL: axrfgvek - {88309764-E717-4B93-AFEB-573FEDC4E3B7} - C:\WINDOWS\axrfgvek.dll (file missing) O21 - SSODL: okmdepgb - {E9BBF24A-8590-455F-876F-D505A49E1C4D} - C:\WINDOWS\okmdepgb.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ekrn.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\xampp\FileZillaFTP\FileZillaServer.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe |
6.7.2008, 17:36 | #9 |
V.I.P. Zaštita
Član od: 18.5.2008.
Lokacija: Prokuplje
Poruke: 1.505
Zahvalnice: 5
Zahvaljeno 425 puta na 385 poruka
|
Re: Zarazne bolestine
Iskljuci system restore, ocisti kantu za otpatke, udji u safe mode pokreki hijackThis i oznaci sledece stavke, a onda klikni na fix.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8D2526B5-A21A-40BD-9370-D1DC28897BA1} - C:\WINDOWS\system32\efcayvVO.dll (file missing) O2 - BHO: (no name) - {D0BC7019-4D53-4604-AEA5-7C577B080223} - C:\WINDOWS\system32\vtUlIBTJ.dll (file missing) O2 - BHO: (no name) - {E15F84F9-CDB0-46CD-B6C9-FE4BEA23054E} - C:\WINDOWS\system32\jkkhifGy.dll (file missing) O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - C:\WINDOWS\nqgpedlr.dll (file missing) Skini sa neta ovaj program i pusti skan kad zavrsis sa hijack this-om. imas li inst. disk za Win. |
6.7.2008, 17:39 | #10 |
Banned
|
imam disk.
Evo sad u regularnom winu skeniram sa Malwarebytes' nasao je 41 problematicnih fajlova.qq Sve je uspesno sanirano.Hvala svima koji su mi pomogli Poslednja ispravka: nighthawk (7.7.2008 u 12:04) |
6.7.2008, 18:04 | #11 |
V.I.P. Zaštita
Član od: 18.5.2008.
Lokacija: Prokuplje
Poruke: 1.505
Zahvalnice: 5
Zahvaljeno 425 puta na 385 poruka
|
Re: Zarazne bolestine
Petko ubaci inst.disk klikni na start\run\cmd-enter\u comand promtu kucaj chkdsk c:/r pa yes, da se restartuje i pusti ga da odradi. Sta ustvari radi, ispravlja sistemske fajlove.
posle toga odradi defregmentaciju obavezno. |
6.7.2008, 18:18 | #12 |
Banned
|
Re: Zarazne bolestine
Sve lepo radi, jel potrebno to?
|
6.7.2008, 18:32 | #13 |
V.I.P. Zaštita
Član od: 18.5.2008.
Lokacija: Prokuplje
Poruke: 1.505
Zahvalnice: 5
Zahvaljeno 425 puta na 385 poruka
|
Re: Zarazne bolestine
Pa nije naodmet, bolje ce da ti radi komp, a to ce da traje oko pola sata. Imas i dosta programa koji se pokrecu sa Winom pa to mozes da iskljucis start\run\msconfig\pa odaberi start up i rascekiraj za ono sto znas sta je. Recimo kolko se secam ima nero, winamp, java imas jos pa proveri
|
Bookmarks sajtovi |
Alatke vezane za temu | |
Vrste prikaza | |
|
|