problem crva

nipikopolapafu

nipikopolapafu

Zainteresovan član
Poruka
102
vec sam postavio temu "virus ili softverski program" u kojoj sve objasnjavam. zatim sam pratio upustva koja su mi predlozena. ako neko moza da mi pomogne bicu mu zahvalan.:Devo rezultata:

Logfile of HijackThis v1.99.1
Scan saved at 3:21:49 PM, on 11/25/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wudajoda.exe
C:\WINDOWS\System32\irdvxc.exe
C:\WINDOWS\system32\dllcache\ivchost.exe
C:\WINDOWS\system\NOTEPAD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system\svchost32.exe
C:\WINDOWS\System32\mmdmm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Downloads\Software\za temu analiza\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.yu/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mmsass] mmdmm.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49532677-5F08-4FCD-8F88-69E55EE06648}: NameServer = 80.74.160.38 80.74.160.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: DomainService - - C:\WINDOWS\System32\wudajoda.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINDOWS\system32\dllcache\ivchost.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Network Services (SvcHost32) - Unknown owner - C:\WINDOWS\system\svchost32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


dial-up modem 56k v.92 intel hardware modem

unapre zahvalan nipikopolapafu:-D:grin::-D8-)
 
Ne znam uopšte koliko smisla ima ovde išta raditi...
Ti nemaš instaliran čak ni SP1...

Ako ne instaliraš SP2 odmah nakon što PC bude čist, čim se idući put spojiš na net, opet ćeš imati iste probleme (a ja definitivno drugi put neću odvajati vreme na isti posao).



Potrebno je aktivirati prikaz skrivenih file-ova/foldera:
U Windows Explorer-u, Tools meni: Folder options: na View tabu:
-obeleži Show hidden files and folders
-dečekiraj Hide protected operating system files (Recommended)

---------------------------------------------------------------------------------------------------------------------------------

Pokreni HT, skeniraj i čekiraj sledeće linije:

O4 - HKLM\..\Run: [mmsass] mmdmm.exe
O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\wudajoda.exe
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINDOWS\system32\dllcache\ivchost.exe
O23 - Service: NOTEPAD - Unknown owner - C:\WINDOWS\system\NOTEPAD.exe
O23 - Service: Windows Network Services (SvcHost32) - Unknown owner - C:\WINDOWS\system\svchost32.exe

Klikni Fix Checked.

---------------------------------------------------------------------------------------------------------------------------------

Skini SDFix.

Restartuj kompjuter u Safe Mode ( pri paljenju kompjutera pritiskuj F8 i izaberi Safe Mode iz menija).

Pronađi i obriši sledeće file-ove:

C:\WINDOWS\System32\wudajoda.exe
C:\WINDOWS\System32\irdvxc.exe
C:\WINDOWS\system32\dllcache\ivchost.exe
C:\WINDOWS\system\NOTEPAD.exe
C:\WINDOWS\System32\mmdmm.exe
C:\WINDOWS\system\svchost32.exe

--------------------------

Pokreni SDFix.exe i klikni Install.

Pokreni C:\SDFix\RunThis.bat.
- Ukucaj Y kako bi se započelo skeniranje
- Kada sken. bude gotovo, pritisni bilo koji taster kako bi se kompjuter restartovao.
- Kada sve bude gotovo, logfile će se otvoriti u Notepad-u - iskopiraj ga u temu na forumu.

Takođe, postavi i novi HT log.


Edit: pre idućeg pokretanja programa HijackThis, promeni mu naziv file iz ''HijackThis.exe'' u ''123.exe''.
 
Uh....

SP (Service Pak) za WIndows..

Do sada je Microsoft izdao zvanicno 2 SP(Service Pak-a) za Windows XP operativni sistem..

Kako rece Dr.Bora, neophodno je da instaliras SP2, jer u tom slucaju i kad ocistis racunar uz Borinu pomoc ubrzo ces da imas iste probleme, kao sto ih imas sad ako ne instaliras ovaj SP..

Service Pak za Windows XP je besplatan i moze da se nadje lako..

Nakon sto ocistis racunar uz Dr.Borinu pomoc, instaliraj SP 2 a kako rekoh njega nije tesko naci..
 
SDFix: Version 1.115

Run by nipikopolapafu on Mon 11/26/2007 at 01:49 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\NIKOLA~1\Desktop\PROGRA~1\SDFix

Safe Mode:
Checking Services:

Name:
MSDisk
mshexdefx
SvcHost32

Path:
"C:\WINDOWS\System32\irdvxc.exe" /service
"C:\WINDOWS\system32\dllcache\ivchost.exe"
"C:\WINDOWS\system\svchost32.exe"

MSDisk - Deleted
mshexdefx - Deleted
SvcHost32 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:


Trojan Files Found:

C:\WINDOWS\system32\.exe - Deleted
C:\WINDOWS\system32\.exe - Deleted
C:\WINDOWS\system32\autorun.ini - Deleted
C:\WINDOWS\system32\drivers\NdisWon.sys - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 01:53:25
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:78,b2,2a,40,8b,28,05,a5,96,62,f7,5b,1c,2f,4e,96,33,00,86,70,bb,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,06,0c,c0,74,cf,58,48,95,b2,1d,bc,f4,d6,bf,1d,58,e8,..
"khjeh"=hex:ed,76,6b,03,45,bb,87,b4,ae,04,71,84,5f,c3,0f,a1,27,b4,b3,a9,26,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fa,44,12,73,a6,96,3e,04,9e,49,f3,90,a3,30,7b,0d,78,2f,3d,74,d6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:78,b2,2a,40,8b,28,05,a5,96,62,f7,5b,1c,2f,4e,96,33,00,86,70,bb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,06,0c,c0,74,cf,58,48,95,b2,1d,bc,f4,d6,bf,1d,58,e8,..
"khjeh"=hex:ed,76,6b,03,45,bb,87,b4,ae,04,71,84,5f,c3,0f,a1,27,b4,b3,a9,26,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fa,44,12,73,a6,96,3e,04,9e,49,f3,90,a3,30,7b,0d,78,2f,3d,74,d6,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\NIKOLA~1\Desktop\PROGRA~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 22 Apr 2007 42,995,560 A..H. --- "C:\Downloads\Software\bitdefender_totalsecurity_2008_32b_sh73807.exe"
Tue 17 Apr 2007 19,581,248 A..H. --- "C:\Downloads\Software\kav6.0.2.621en.exe"
Tue 17 Apr 2007 25,967,584 A..H. --- "C:\Downloads\Software\kav7.0.1.269en.exe"
Sun 18 Nov 2007 17,486,728 A..H. --- "C:\Downloads\Software\setupsrb.exe"
Mon 10 Sep 2007 50,176 A.SH. --- "C:\RECYCLER\S-1-5-21-1715567821-1004336348-682003330-1003\Dc10.exe"
Mon 10 Sep 2007 38,912 A.SHR --- "C:\RECYCLER\S-1-5-21-1715567821-1004336348-682003330-1003\Dc11.exe"
Tue 25 Sep 2007 38,649 A.SHR --- "C:\RECYCLER\S-1-5-21-1715567821-1004336348-682003330-1003\Dc12.exe"
Mon 10 Sep 2007 38,912 A.SHR --- "C:\RECYCLER\S-1-5-21-1715567821-1004336348-682003330-1003\Dc13.exe"
Thu 27 Dec 2001 68,528 A.SHR --- "C:\RECYCLER\S-1-5-21-1715567821-1004336348-682003330-1003\Dc14.exe"
Fri 2 Nov 2007 2,560 ..SH. --- "C:\WINDOWS\system32\helperysc.exe"
Sat 3 Nov 2007 97,689 ..SH. --- "C:\WINDOWS\system32\rrutv.bak1"
Sun 25 Nov 2007 104,009 ..SH. --- "C:\WINDOWS\system32\rrutv.bak2"
Sat 3 Nov 2007 263,220 ..SH. --- "C:\WINDOWS\system32\vturr.dll"

Finished!
 
@nipikopolapafu:


Preuzmi VundoFix.

  • Pokreni VundoFix.exe i klikni na taster Scan For Vundo.
  • Nakon završenog skeniranja, ukoliko malware bude pronađen, klikni na Remove Vundo.
  • Isprati postupak do kraja potvrdno odgovarajući na sva pitanja. Kompjuter će se restartovati.
Nakon toga postavi ovde sadržaj file-a C:\vundofix.txt kao i novi HijackThis log.


Pre idućeg pokretanja programa HijackThis i pravljenja loga, promeni mu naziv file iz ''HijackThis.exe'' u ''123.exe''.
Znači, klikneš desnim tasterom miša na ikonicu programa, izabereš Rename iz menija i upišeš novo ime.
 
rezultati za hijack
Logfile of HijackThis v1.99.1
Scan saved at 6:55:41 PM, on 11/26/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Downloads\Software\za temu analiza\123.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.yu/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {008DBE9C-3518-48E1-A250-DCCF4F38A031} - C:\WINDOWS\System32\vturr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {9FB15E90-3727-4C4B-9463-3ECB14F8D600} - C:\WINDOWS\System32\mmcgfhrq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

rezultati za vundo


VundoFix V6.6.2

Checking Java version...

Sun Java not detected
Scan started at 6:28:06 PM 11/26/2007

Listing files found while scanning....


VundoFix V6.6.2

Checking Java version...

Sun Java not detected
Scan started at 6:33:40 PM 11/26/2007

Listing files found while scanning....

C:\windows\system32\abqsdiox.exe
C:\windows\system32\cftwqmkb.dll
C:\windows\system32\clrgbbup.dll
C:\windows\system32\emhgmtds.exe
C:\WINDOWS\System32\ljjjgff.dll
C:\windows\system32\llsmhpgf.exe
C:\WINDOWS\System32\rrutv.bak1
C:\WINDOWS\System32\rrutv.bak2
C:\WINDOWS\System32\rrutv.ini
C:\windows\system32\tgfecxpi.exe
C:\WINDOWS\System32\vturr.dll
C:\windows\system32\xxyvust.dll

Beginning removal...

Attempting to delete C:\windows\system32\abqsdiox.exe
C:\windows\system32\abqsdiox.exe Has been deleted!

Attempting to delete C:\windows\system32\cftwqmkb.dll
C:\windows\system32\cftwqmkb.dll Has been deleted!

Attempting to delete C:\windows\system32\clrgbbup.dll
C:\windows\system32\clrgbbup.dll Has been deleted!

Attempting to delete C:\windows\system32\emhgmtds.exe
C:\windows\system32\emhgmtds.exe Could not be deleted.

Attempting to delete C:\WINDOWS\System32\ljjjgff.dll
C:\WINDOWS\System32\ljjjgff.dll Could not be deleted.

Attempting to delete C:\windows\system32\llsmhpgf.exe
C:\windows\system32\llsmhpgf.exe Has been deleted!

Attempting to delete C:\WINDOWS\System32\rrutv.bak1
C:\WINDOWS\System32\rrutv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\rrutv.bak2
C:\WINDOWS\System32\rrutv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\rrutv.ini
C:\WINDOWS\System32\rrutv.ini Has been deleted!

Attempting to delete C:\windows\system32\tgfecxpi.exe
C:\windows\system32\tgfecxpi.exe Could not be deleted.

Attempting to delete C:\WINDOWS\System32\vturr.dll
C:\WINDOWS\System32\vturr.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyvust.dll
C:\windows\system32\xxyvust.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.6.2

Checking Java version...

Sun Java not detected
Scan started at 6:47:43 PM 11/26/2007

Listing files found while scanning....

C:\windows\system32\emhgmtds.exe
C:\windows\system32\ljjjgff.dll
C:\windows\system32\tgfecxpi.exe

Beginning removal...

Attempting to delete C:\windows\system32\emhgmtds.exe
C:\windows\system32\emhgmtds.exe Has been deleted!

Attempting to delete C:\windows\system32\ljjjgff.dll
C:\windows\system32\ljjjgff.dll Has been deleted!

Attempting to delete C:\windows\system32\tgfecxpi.exe
C:\windows\system32\tgfecxpi.exe Has been deleted!

Performing Repairs to the registry.
Done!
 
Opet ćemo koristiti VundoFix.

Pokreni VundoFix i klikni desnim tasterom u (beli) prozor programa - izaberi opciju Add more file(s).
U prozoru koji se otvori, iskopiraj sledeću liniju u prvi box:

C:\WINDOWS\System32\mmcgfhrq.dll

Klikni Add File(s), Close window, Remove Vundo.

Kada sve bude gotovo, postavi svež HijackThis log.
 
Pokreni HT, skeniraj i čekiraj sledeće linije:

O2 - BHO: (no name) - {008DBE9C-3518-48E1-A250-DCCF4F38A031} - C:\WINDOWS\System32\vturr.dll (file missing)
O2 - BHO: (no name) - {9FB15E90-3727-4C4B-9463-3ECB14F8D600} - C:\WINDOWS\System32\mmcgfhrq.dll (file missing)

Klikni Fix Checked.

----------------------------------------------

Potrebno je resetovati System Restore:
Control Panel - System: System Restore tab: čekiraj Turn off System Restore on all drives.
Restartuj kompjuter, a zatim dečekiraj gornju opciju (tj. uključi SR).


Znači, ovo je sada čisto... Ali neće dugo biti čisto ako ne ažuriraš Windows (tj. instaliraš SP2).
 
Prijavite se ili registrujte da biste poslali poruku.

Slične teme

Vilgefortz
Problem sa viberom
2
Odgovora
26
Pregleda
428
Vilgefortz
Vilgefortz
sOmche
Problem sa game stickom 4k - nemoze se naci igrica
Odgovora
0
Pregleda
199
sOmche
sOmche
Plauerone
kako kontaktirati fb zbog problema
Odgovora
4
Pregleda
230
Meklaud
Meklaud

Back
Top