|
|
|
|||||||
| Zaštita Virusi, anti-virus programi, firewall... |
 |
|
|
Alatke vezane za temu | Vrste prikaza |
6.7.2008, 15:41
|
#1 |
|
Banned
Član od: 6.11.2005.
Lokacija: Iza tebe
Poruke: 2.242
Zahvalnice: 419
Zahvaljeno 298 puta na 192 poruka
 |
Zarazne bolestine
Nadao sam se da nikad necu otvoriti ovde temu, ali ipak morao sam jer vise ne znam sta da radim.
Danas sam preko nasih dragih torrenta skinuo Registry Mechanic i instalacija je bila zarazena svim i svacim.Poceli su da iskacu razni prozorcici, pop-up prozori, jednostavno receno sve je poludelo.Otisao u safe mod, skinuo ad-aware, spybot, skenirao i antivirusom, nasao je neke zaraze i otklonio ih je.Neki problemi su nestali, ali neki su i ostali.Onda sam usao u windows i skenirao sa spybot i nasao je jos nekoliko gamadi.Sve je uspesno otklonio, ali jedan problem nikako nece da nestane.Na prilozenoj slici se bolje vidi:  U System propertis pise ispod mog imena pise "Virus Alert!".Onda, u MyComputer, od tri particije (C,D,E), ja imam samo particiju E.Na sve particije mogu da pristupim iz address bara, ali nemam ikonice u MyComputeru.Treca stvar je poruka "Virus Alert!" pored sata koju ne znam kako da otklonim.Mukama jos uvek nije kraj...U Start-u nemam ikonice sa desne strane.Sta da radim? |
|
|
|
6.7.2008, 16:03
|
#2 |
|
Član
Član od: 28.4.2007.
Lokacija: Beograd
Poruke: 435
Zahvalnice: 89
Zahvaljeno 112 puta na 81 poruka
|
Re: Zarazne bolestine
Reinstaliraj Windows!
 To je univerzalno rješenje i preporuka. Lijek nad lijekovima.  ) Šalim se, ne znam tačno kako to vratiti, ali pokušao bih sa System Restore (naravno, datum prije torent avanture).Odgovarm ti jer ne mogu da vjerujem kako si bio nesmotren. Sistemski programi skinuti sa lokacija koje nisu zvanične u većini slučajeva imaju gomilu virusa i trojanaca. Ako ti se sviđa neki program, skineš probnu verziju sa *zvaničnog* sajta i obaviš šta treba. Poslije toga deinstaliraš ili kupiš program. Ti si to skinuo sa torenta, zaboravio da skeniraš i pokrenuo pod administratorskim nalogom... Kakava li je tek sad žurka u registru. |
|
|
|
|
6.7.2008, 16:06
|
#3 |
|
Banned
Član od: 6.11.2005.
Lokacija: Iza tebe
Poruke: 2.242
Zahvalnice: 419
Zahvaljeno 298 puta na 192 poruka
|
Re: Zarazne bolestine
Pre cu ziveti sa virus alertom nego da reinstaliram windows
Od system restore nema vajde, ugasio sam ja to odavno. A jbg, desava se.Fora je u tome sto sam skenirao sa Nod32, ali nista nije pokazao. pa ne bih rekao da je velika zurka, posto registry mechanic ne pokazuje ni jedan problem. |
|
|
|
|
6.7.2008, 16:08
|
#4 |
|
V.I.P. Zaštita
Član od: 18.5.2008.
Lokacija: Prokuplje
Poruke: 1.505
Zahvalnice: 5
Zahvaljeno 425 puta na 385 poruka
|
Re: Zarazne bolestine
@petko ajde da vidimo sta kaze HijackThis skini sa odavde stavi ga u novi folder i preimenuj u recimo petko.exe, pokreni ga i klikni na "Do a system scan and save a logfile" posle iskopiraj log na forum.
|
|
|
|
|
6.7.2008, 16:10
|
#5 | |
|
Član
Član od: 28.4.2007.
Lokacija: Beograd
Poruke: 435
Zahvalnice: 89
Zahvaljeno 112 puta na 81 poruka
|
Re: Zarazne bolestine
Citat:
|
|
|
|
|
|
6.7.2008, 16:58
|
#6 |
|
Banned
Član od: 6.11.2005.
Lokacija: Iza tebe
Poruke: 2.242
Zahvalnice: 419
Zahvaljeno 298 puta na 192 poruka
|
Re: Zarazne bolestine
Kod:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:56: VIRUS ALERT!, on 7/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\ESET\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe D:\xampp\mysql\bin\mysqld-nt.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe D:\Program Files\ESET\egui.exe C:\WINDOWS\system32\rundll32.exe D:\Program Files\Office 2007\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Easy\TV Capture\RemoteCtl.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe D:\Program Files\Spyware Doctor\pctsAuxs.exe D:\Program Files\Spyware Doctor\pctsSvc.exe D:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wiaacmgr.exe C:\Documents and Settings\petko\Desktop\petko\petko.exe C:\WINDOWS\system32\wbem\wmiprvse.exe -- End of file - 9513 bytes |
|
|
|
|
6.7.2008, 16:58
|
#7 |
|
Banned
Član od: 6.11.2005.
Lokacija: Iza tebe
Poruke: 2.242
Zahvalnice: 419
Zahvaljeno 298 puta na 192 poruka
|
Re: Zarazne bolestine
Kod:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - C:\WINDOWS\system32\qoMeEVNe.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8D2526B5-A21A-40BD-9370-D1DC28897BA1} - C:\WINDOWS\system32\efcayvVO.dll (file missing)
O2 - BHO: (no name) - {D0BC7019-4D53-4604-AEA5-7C577B080223} - C:\WINDOWS\system32\vtUlIBTJ.dll (file missing)
O2 - BHO: (no name) - {E15F84F9-CDB0-46CD-B6C9-FE4BEA23054E} - C:\WINDOWS\system32\jkkhifGy.dll (file missing)
O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - C:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [1c91f93f] rundll32.exe "C:\WINDOWS\system32\aaecplij.dll",b
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5467] command /c del "C:\WINDOWS\system32\vtUlIBTJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4759] cmd /c del "C:\WINDOWS\system32\vtUlIBTJ.dll_old"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: TV Capture Remote Control.lnk = C:\Program Files\Easy\TV Capture\RemoteCtl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\OFFICE~1\Office12\GR99D3~1.DLL
|
|
|
|
|
6.7.2008, 16:59
|
#8 |
|
Banned
Član od: 6.11.2005.
Lokacija: Iza tebe
Poruke: 2.242
Zahvalnice: 419
Zahvaljeno 298 puta na 192 poruka
|
Re: Zarazne bolestine
Kod:
O20 - Winlogon Notify: qoMeEVNe - C:\WINDOWS\SYSTEM32\qoMeEVNe.dll
O21 - SSODL: axrfgvek - {88309764-E717-4B93-AFEB-573FEDC4E3B7} - C:\WINDOWS\axrfgvek.dll (file missing)
O21 - SSODL: okmdepgb - {E9BBF24A-8590-455F-876F-D505A49E1C4D} - C:\WINDOWS\okmdepgb.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
|
|
|
|
|
6.7.2008, 17:36
|
#9 |
|
V.I.P. Zaštita
Član od: 18.5.2008.
Lokacija: Prokuplje
Poruke: 1.505
Zahvalnice: 5
Zahvaljeno 425 puta na 385 poruka
|
Re: Zarazne bolestine
Iskljuci system restore, ocisti kantu za otpatke, udji u safe mode pokreki hijackThis i oznaci sledece stavke, a onda klikni na fix.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8D2526B5-A21A-40BD-9370-D1DC28897BA1} - C:\WINDOWS\system32\efcayvVO.dll (file missing) O2 - BHO: (no name) - {D0BC7019-4D53-4604-AEA5-7C577B080223} - C:\WINDOWS\system32\vtUlIBTJ.dll (file missing) O2 - BHO: (no name) - {E15F84F9-CDB0-46CD-B6C9-FE4BEA23054E} - C:\WINDOWS\system32\jkkhifGy.dll (file missing) O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - C:\WINDOWS\nqgpedlr.dll (file missing) Skini sa neta ovaj program i pusti skan kad zavrsis sa hijack this-om. imas li inst. disk za Win. |
|
|
|
|
6.7.2008, 17:39
|
#10 |
|
Banned
Član od: 6.11.2005.
Lokacija: Iza tebe
Poruke: 2.242
Zahvalnice: 419
Zahvaljeno 298 puta na 192 poruka
|
imam disk.
Evo sad u regularnom winu skeniram sa Malwarebytes' nasao je 41 problematicnih fajlova.qq Sve je uspesno sanirano.Hvala svima koji su mi pomogli Poslednja ispravka: nighthawk (7.7.2008 u 12:04) |
|
|
|
|
6.7.2008, 18:04
|
#11 |
|
V.I.P. Zaštita
Član od: 18.5.2008.
Lokacija: Prokuplje
Poruke: 1.505
Zahvalnice: 5
Zahvaljeno 425 puta na 385 poruka
|
Re: Zarazne bolestine
Petko ubaci inst.disk klikni na start\run\cmd-enter\u comand promtu kucaj chkdsk c:/r pa yes, da se restartuje i pusti ga da odradi. Sta ustvari radi, ispravlja sistemske fajlove.
posle toga odradi defregmentaciju obavezno. |
|
|
|
|
6.7.2008, 18:18
|
#12 |
|
Banned
Član od: 6.11.2005.
Lokacija: Iza tebe
Poruke: 2.242
Zahvalnice: 419
Zahvaljeno 298 puta na 192 poruka
|
Re: Zarazne bolestine
Sve lepo radi, jel potrebno to?
|
|
|
|
|
6.7.2008, 18:32
|
#13 |
|
V.I.P. Zaštita
Član od: 18.5.2008.
Lokacija: Prokuplje
Poruke: 1.505
Zahvalnice: 5
Zahvaljeno 425 puta na 385 poruka
|
Re: Zarazne bolestine
Pa nije naodmet, bolje ce da ti radi komp, a to ce da traje oko pola sata. Imas i dosta programa koji se pokrecu sa Winom pa to mozes da iskljucis start\run\msconfig\pa odaberi start up i rascekiraj za ono sto znas sta je. Recimo kolko se secam ima nero, winamp, java imas jos pa proveri
|
|
|
|
|
| Bookmarks sajtovi |
| Alatke vezane za temu | |
| Vrste prikaza | |
|
|
Linearni prikaz
