problem crva
Prikazujem rezultate 1 do 10 od 10

Tema: problem crva

  1. #1
    Zainteresovan član nipikopolapafu (avatar)
    Učlanjen
    11.11.2007.
    Pol
    muški
    Lokacija
    futogcity
    Poruke
    101
    Tekstova u blogu
    2
    Reputaciona moć
    38

    Exclamation problem crva

    vec sam postavio temu "virus ili softverski program" u kojoj sve objasnjavam. zatim sam pratio upustva koja su mi predlozena. ako neko moza da mi pomogne bicu mu zahvalan.evo rezultata:

    Logfile of HijackThis v1.99.1
    Scan saved at 3:21:49 PM, on 11/25/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\wudajoda.exe
    C:\WINDOWS\System32\irdvxc.exe
    C:\WINDOWS\system32\dllcache\ivchost.exe
    C:\WINDOWS\system\NOTEPAD.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system\svchost32.exe
    C:\WINDOWS\System32\mmdmm.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\FREEDO~1\fdm.exe
    C:\Downloads\Software\za temu analiza\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.yu/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [mmsass] mmdmm.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
    O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{49532677-5F08-4FCD-8F88-69E55EE06648}: NameServer = 80.74.160.38 80.74.160.12
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: DomainService - - C:\WINDOWS\System32\wudajoda.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
    O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINDOWS\system32\dllcache\ivchost.exe
    O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Windows Network Services (SvcHost32) - Unknown owner - C:\WINDOWS\system\svchost32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    dial-up modem 56k v.92 intel hardware modem

    unapre zahvalan nipikopolapafu:-D:grin::-D8-)
    Poslednji put ažurirao/la nipikopolapafu : 25.11.2007. u 16:14 Razlog: naslov



  2. #2
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: problem crva

    Ne znam uopšte koliko smisla ima ovde išta raditi...
    Ti nemaš instaliran čak ni SP1...

    Ako ne instaliraš SP2 odmah nakon što PC bude čist, čim se idući put spojiš na net, opet ćeš imati iste probleme (a ja definitivno drugi put neću odvajati vreme na isti posao).



    Potrebno je aktivirati prikaz skrivenih file-ova/foldera:
    U Windows Explorer-u, Tools meni: Folder options: na View tabu:
    -obeleži Show hidden files and folders
    -dečekiraj Hide protected operating system files (Recommended)

    ---------------------------------------------------------------------------------------------------------------------------------

    Pokreni HT, skeniraj i čekiraj sledeće linije:

    O4 - HKLM\..\Run: [mmsass] mmdmm.exe
    O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
    O23 - Service: DomainService - - C:\WINDOWS\System32\wudajoda.exe
    O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
    O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINDOWS\system32\dllcache\ivchost.exe
    O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe
    O23 - Service: Windows Network Services (SvcHost32) - Unknown owner - C:\WINDOWS\system\svchost32.exe

    Klikni Fix Checked.

    ---------------------------------------------------------------------------------------------------------------------------------

    Skini SDFix.

    Restartuj kompjuter u Safe Mode ( pri paljenju kompjutera pritiskuj F8 i izaberi Safe Mode iz menija).

    Pronađi i obriši sledeće file-ove:

    C:\WINDOWS\System32\wudajoda.exe
    C:\WINDOWS\System32\irdvxc.exe
    C:\WINDOWS\system32\dllcache\ivchost.exe
    C:\WINDOWS\system\NOTEPAD.exe
    C:\WINDOWS\System32\mmdmm.exe
    C:\WINDOWS\system\svchost32.exe

    --------------------------

    Pokreni SDFix.exe i klikni Install.

    Pokreni C:\SDFix\RunThis.bat.
    - Ukucaj Y kako bi se započelo skeniranje
    - Kada sken. bude gotovo, pritisni bilo koji taster kako bi se kompjuter restartovao.
    - Kada sve bude gotovo, logfile će se otvoriti u Notepad-u - iskopiraj ga u temu na forumu.

    Takođe, postavi i novi HT log.


    Edit: pre idućeg pokretanja programa HijackThis, promeni mu naziv file iz ''HijackThis.exe'' u ''123.exe''.
    Poslednji put ažurirao/la dr_Bora : 25.11.2007. u 22:31

  3. #3
    Zainteresovan član nipikopolapafu (avatar)
    Učlanjen
    11.11.2007.
    Pol
    muški
    Lokacija
    futogcity
    Poruke
    101
    Tekstova u blogu
    2
    Reputaciona moć
    38

    Podrazumevano Re: problem crva

    sta je to SP1 I SP2

  4. #4
    Domaćin
    Učlanjen
    04.04.2004.
    Pol
    muški
    Poruke
    3.887
    Reputaciona moć
    0

    Podrazumevano Re: problem crva

    Uh....

    SP (Service Pak) za WIndows..

    Do sada je Microsoft izdao zvanicno 2 SP(Service Pak-a) za Windows XP operativni sistem..

    Kako rece Dr.Bora, neophodno je da instaliras SP2, jer u tom slucaju i kad ocistis racunar uz Borinu pomoc ubrzo ces da imas iste probleme, kao sto ih imas sad ako ne instaliras ovaj SP..

    Service Pak za Windows XP je besplatan i moze da se nadje lako..

    Nakon sto ocistis racunar uz Dr.Borinu pomoc, instaliraj SP 2 a kako rekoh njega nije tesko naci..

  5. #5
    Zainteresovan član nipikopolapafu (avatar)
    Učlanjen
    11.11.2007.
    Pol
    muški
    Lokacija
    futogcity
    Poruke
    101
    Tekstova u blogu
    2
    Reputaciona moć
    38

    Podrazumevano Re: problem crva

    SDFix: Version 1.115

    Run by nipikopolapafu on Mon 11/26/2007 at 01:49 AM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\DOCUME~1\NIKOLA~1\Desktop\PROGRA~1\SDFix

    Safe Mode:
    Checking Services:

    Name:
    MSDisk
    mshexdefx
    SvcHost32

    Path:
    "C:\WINDOWS\System32\irdvxc.exe" /service
    "C:\WINDOWS\system32\dllcache\ivchost.exe"
    "C:\WINDOWS\system\svchost32.exe"

    MSDisk - Deleted
    mshexdefx - Deleted
    SvcHost32 - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:


    Trojan Files Found:

    C:\WINDOWS\system32\.exe - Deleted
    C:\WINDOWS\system32\.exe - Deleted
    C:\WINDOWS\system32\autorun.ini - Deleted
    C:\WINDOWS\system32\drivers\NdisWon.sys - Deleted




    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-26 01:53:25
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:78,b2,2a,40,8b,28,05,a5,96,62,f7,5b,1c ,2f,4e,96,33,00,86,70,bb,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
    "a0"=hex:20,01,00,00,06,0c,c0,74,cf,58,48,95,b2,1d ,bc,f4,d6,bf,1d,58,e8,..
    "khjeh"=hex:ed,76,6b,03,45,bb,87,b4,ae,04,71,84,5f ,c3,0f,a1,27,b4,b3,a9,26,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
    "khjeh"=hex:fa,44,12,73,a6,96,3e,04,9e,49,f3,90,a3 ,30,7b,0d,78,2f,3d,74,d6,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:78,b2,2a,40,8b,28,05,a5,96,62,f7,5b,1c ,2f,4e,96,33,00,86,70,bb,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,06,0c,c0,74,cf,58,48,95,b2,1d ,bc,f4,d6,bf,1d,58,e8,..
    "khjeh"=hex:ed,76,6b,03,45,bb,87,b4,ae,04,71,84,5f ,c3,0f,a1,27,b4,b3,a9,26,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
    "khjeh"=hex:fa,44,12,73,a6,96,3e,04,9e,49,f3,90,a3 ,30,7b,0d,78,2f,3d,74,d6,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\NIKOLA~1\Desktop\PROGRA~1\SDFix\backup s\backups.zip

    Files with Hidden Attributes:

    Sun 22 Apr 2007 42,995,560 A..H. --- "C:\Downloads\Software\bitdefender_totalsecurity_2 008_32b_sh73807.exe"
    Tue 17 Apr 2007 19,581,248 A..H. --- "C:\Downloads\Software\kav6.0.2.621en.exe"
    Tue 17 Apr 2007 25,967,584 A..H. --- "C:\Downloads\Software\kav7.0.1.269en.exe"
    Sun 18 Nov 2007 17,486,728 A..H. --- "C:\Downloads\Software\setupsrb.exe"
    Mon 10 Sep 2007 50,176 A.SH. --- "C:\RECYCLER\S-1-5-21-1715567821-1004336348-682003330-1003\Dc10.exe"
    Mon 10 Sep 2007 38,912 A.SHR --- "C:\RECYCLER\S-1-5-21-1715567821-1004336348-682003330-1003\Dc11.exe"
    Tue 25 Sep 2007 38,649 A.SHR --- "C:\RECYCLER\S-1-5-21-1715567821-1004336348-682003330-1003\Dc12.exe"
    Mon 10 Sep 2007 38,912 A.SHR --- "C:\RECYCLER\S-1-5-21-1715567821-1004336348-682003330-1003\Dc13.exe"
    Thu 27 Dec 2001 68,528 A.SHR --- "C:\RECYCLER\S-1-5-21-1715567821-1004336348-682003330-1003\Dc14.exe"
    Fri 2 Nov 2007 2,560 ..SH. --- "C:\WINDOWS\system32\helperysc.exe"
    Sat 3 Nov 2007 97,689 ..SH. --- "C:\WINDOWS\system32\rrutv.bak1"
    Sun 25 Nov 2007 104,009 ..SH. --- "C:\WINDOWS\system32\rrutv.bak2"
    Sat 3 Nov 2007 263,220 ..SH. --- "C:\WINDOWS\system32\vturr.dll"

    Finished!
    Poslednji put ažurirao/la nipikopolapafu : 26.11.2007. u 02:23

  6. #6
    Poznat FLUID (avatar)
    Učlanjen
    20.09.2005.
    Pol
    muški
    Lokacija
    dovoljno daleko
    Poruke
    7.943
    Reputaciona moć
    124

  7. #7
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: problem crva

    @nipikopolapafu:


    Preuzmi VundoFix.

    • Pokreni VundoFix.exe i klikni na taster Scan For Vundo.
    • Nakon završenog skeniranja, ukoliko malware bude pronađen, klikni na Remove Vundo.
    • Isprati postupak do kraja potvrdno odgovarajući na sva pitanja. Kompjuter će se restartovati.

    Nakon toga postavi ovde sadržaj file-a C:\vundofix.txt kao i novi HijackThis log.


    Pre idućeg pokretanja programa HijackThis i pravljenja loga, promeni mu naziv file iz ''HijackThis.exe'' u ''123.exe''.
    Znači, klikneš desnim tasterom miša na ikonicu programa, izabereš Rename iz menija i upišeš novo ime.

  8. #8
    Zainteresovan član nipikopolapafu (avatar)
    Učlanjen
    11.11.2007.
    Pol
    muški
    Lokacija
    futogcity
    Poruke
    101
    Tekstova u blogu
    2
    Reputaciona moć
    38

    Podrazumevano Re: problem crva

    rezultati za hijack
    Logfile of HijackThis v1.99.1
    Scan saved at 6:55:41 PM, on 11/26/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Downloads\Software\za temu analiza\123.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.yu/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {008DBE9C-3518-48E1-A250-DCCF4F38A031} - C:\WINDOWS\System32\vturr.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {9FB15E90-3727-4C4B-9463-3ECB14F8D600} - C:\WINDOWS\System32\mmcgfhrq.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    rezultati za vundo


    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 6:28:06 PM 11/26/2007

    Listing files found while scanning....


    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 6:33:40 PM 11/26/2007

    Listing files found while scanning....

    C:\windows\system32\abqsdiox.exe
    C:\windows\system32\cftwqmkb.dll
    C:\windows\system32\clrgbbup.dll
    C:\windows\system32\emhgmtds.exe
    C:\WINDOWS\System32\ljjjgff.dll
    C:\windows\system32\llsmhpgf.exe
    C:\WINDOWS\System32\rrutv.bak1
    C:\WINDOWS\System32\rrutv.bak2
    C:\WINDOWS\System32\rrutv.ini
    C:\windows\system32\tgfecxpi.exe
    C:\WINDOWS\System32\vturr.dll
    C:\windows\system32\xxyvust.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\abqsdiox.exe
    C:\windows\system32\abqsdiox.exe Has been deleted!

    Attempting to delete C:\windows\system32\cftwqmkb.dll
    C:\windows\system32\cftwqmkb.dll Has been deleted!

    Attempting to delete C:\windows\system32\clrgbbup.dll
    C:\windows\system32\clrgbbup.dll Has been deleted!

    Attempting to delete C:\windows\system32\emhgmtds.exe
    C:\windows\system32\emhgmtds.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\ljjjgff.dll
    C:\WINDOWS\System32\ljjjgff.dll Could not be deleted.

    Attempting to delete C:\windows\system32\llsmhpgf.exe
    C:\windows\system32\llsmhpgf.exe Has been deleted!

    Attempting to delete C:\WINDOWS\System32\rrutv.bak1
    C:\WINDOWS\System32\rrutv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\rrutv.bak2
    C:\WINDOWS\System32\rrutv.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\rrutv.ini
    C:\WINDOWS\System32\rrutv.ini Has been deleted!

    Attempting to delete C:\windows\system32\tgfecxpi.exe
    C:\windows\system32\tgfecxpi.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\vturr.dll
    C:\WINDOWS\System32\vturr.dll Has been deleted!

    Attempting to delete C:\windows\system32\xxyvust.dll
    C:\windows\system32\xxyvust.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 6:47:43 PM 11/26/2007

    Listing files found while scanning....

    C:\windows\system32\emhgmtds.exe
    C:\windows\system32\ljjjgff.dll
    C:\windows\system32\tgfecxpi.exe

    Beginning removal...

    Attempting to delete C:\windows\system32\emhgmtds.exe
    C:\windows\system32\emhgmtds.exe Has been deleted!

    Attempting to delete C:\windows\system32\ljjjgff.dll
    C:\windows\system32\ljjjgff.dll Has been deleted!

    Attempting to delete C:\windows\system32\tgfecxpi.exe
    C:\windows\system32\tgfecxpi.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

  9. #9
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: problem crva

    Opet ćemo koristiti VundoFix.

    Pokreni VundoFix i klikni desnim tasterom u (beli) prozor programa - izaberi opciju Add more file(s).
    U prozoru koji se otvori, iskopiraj sledeću liniju u prvi box:

    C:\WINDOWS\System32\mmcgfhrq.dll

    Klikni Add File(s), Close window, Remove Vundo.

    Kada sve bude gotovo, postavi svež HijackThis log.

  10. #10
    Aktivan član dr_Bora (avatar)
    Učlanjen
    27.12.2004.
    Pol
    muški
    Poruke
    1.248
    Reputaciona moć
    60

    Podrazumevano Re: problem crva

    Pokreni HT, skeniraj i čekiraj sledeće linije:

    O2 - BHO: (no name) - {008DBE9C-3518-48E1-A250-DCCF4F38A031} - C:\WINDOWS\System32\vturr.dll (file missing)
    O2 - BHO: (no name) - {9FB15E90-3727-4C4B-9463-3ECB14F8D600} - C:\WINDOWS\System32\mmcgfhrq.dll (file missing)

    Klikni Fix Checked.

    ----------------------------------------------

    Potrebno je resetovati System Restore:
    Control Panel - System: System Restore tab: čekiraj Turn off System Restore on all drives.
    Restartuj kompjuter, a zatim dečekiraj gornju opciju (tj. uključi SR).


    Znači, ovo je sada čisto... Ali neće dugo biti čisto ako ne ažuriraš Windows (tj. instaliraš SP2).

Slične teme

  1. Dugovecnost kod crva i daf-2 gen
    Autor Maron u forumu Prirodne nauke
    Odgovora: 0
    Poslednja poruka: 31.07.2008., 22:34
  2. Imam li crva ili sam utripovao?
    Autor absonic u forumu Sigurnost i zaštita
    Odgovora: 1
    Poslednja poruka: 17.08.2004., 09:57
  3. kako da uklonim crva sa kompa
    Autor didulidudidu u forumu Sigurnost i zaštita
    Odgovora: 6
    Poslednja poruka: 16.06.2004., 22:37
  4. Razlika izmedju Virusa, Trojanaca, Crva?
    Autor hauba u forumu Sigurnost i zaštita
    Odgovora: 1
    Poslednja poruka: 09.05.2004., 01:02
  5. bez crva
    Autor antikus u forumu Preduzetništvo i radni odnosi
    Odgovora: 1
    Poslednja poruka: 05.12.2003., 22:19

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •