Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Restart za vreme skeniranja

[es] :: Zaštita :: Restart za vreme skeniranja

[ Pregleda: 3150 | Odgovora: 18 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

orizoka
Ruma

Član broj: 204065
Poruke: 13
85.222.178.*



Profil

icon Restart za vreme skeniranja12.12.2008. u 21:50 - pre 186 meseci
Prosle nedelje sam zaradila gomilu trojanaca, spyware-a, ko zna cega, skidajuci neki progam (zastita je bila Trend Micro 2007, uredno update-ovan). Nestale su mi swe ikone na desktopu, klasicna stvar, vidim da se to mnogima desava. Elem, uspela sam da ih se resim pomocu SuperAntySpyware-a i swe je radilo ok.
Medjutim, sledeci dan sam opet htela da skeniram i restartovao se komp u toku skeniranja. Pokusala sam da skeniram i Avirom, Malwarebyte's Anti-Malware i Spyware Terminatorom i nije se restartovao. Medjutim, gasio se prilikom full scan-a kod Malwarebyte-a. Negde sam procitala da iskljucim automatski restart, kad sam to uradila, uradila sam jos goru stvar, pojavljivao mi se plavi ekran cim se podigne sistem, za oko 1 minut rada. Spybot nije pronasao nista. Vec par dana mi je instaliran samo Spyware Terminator, danas se i kod njega pojavio isti problem- restart prilikom skeniranja. Ima li neko ideju o cemu je rec?
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Restart za vreme skeniranja13.12.2008. u 12:07 - pre 186 meseci
Skini HiJackThis program sa sledeceg linka:
http://www.majorgeeks.com/download5554.html
Stavi ga u zaseban Folder na Desktop
* Promeni naziv Foldera i Programa u nesto drugo npr. orizoka.exe

Pokreni HijackThis,izaberi opciju "Do a system scan and save the logfile"
Na kraju skeniranja program ce izbaciti tekstualni log,taj log kopiraj ovde ( opcije copy / paste)

http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

orizoka
Ruma

Član broj: 204065
Poruke: 13
85.222.178.*



Profil

icon Re: Restart za vreme skeniranja13.12.2008. u 16:33 - pre 186 meseci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:14 PM, on 12/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Zoka\Desktop\zooooo\zoooo.exe
C:\Program Files\Trend Micro\zoooo\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/...=aus&qkw=%s&tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A1F092EB-B3DE-4D9A-A1DC-2746B68489CB} - (no file)
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O16 - DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} (FileInterface Class) - https://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B120A0D3-B542-4622-B297-6A90A52DE262}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: mlJDssSi - mlJDssSi.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Unknown owner - C:\Program Files\DU Meter\DUMeterSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6338 bytes
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Restart za vreme skeniranja13.12.2008. u 17:22 - pre 186 meseci
Ola

ovako...


Restartuj kompjuter i pritiskaj F8 taster.
Pojavice se menu
U boot menu-iju izaberi Safe Mode


* Pokreni HijackThis
* Izaberi opciju "Do a system scan only"
* Stikliraj sledece linije:


Code:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/...=aus&qkw=%s&tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {A1F092EB-B3DE-4D9A-A1DC-2746B68489CB} - (no file)

O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - https://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O16 - DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} (FileInterface Class) - https://online.bancaintesabeograd.com/RetailDLL/FSINT.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{B120A0D3-B542-4622-B297-6A90A52DE262}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: mlJDssSi - mlJDssSi.dll (file missing)



* Idi na "Fix Checked"
* Zatvori Hijack This


*******************************


Sad skini SpywareBlaster odavde:
http://www.javacoolsoftware.com/spywareblaster.html
ovde imas uputstvo:
http://www.bleepingcomputer.com/tutorials/tutorial49.html

* skeniraj komp sa ovim pa postavi svez HijackThis log
i reci nam ima li nekih promena (na bolje mislim)

srecno
http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

orizoka
Ruma

Član broj: 204065
Poruke: 13
85.222.178.*



Profil

icon Re: Restart za vreme skeniranja13.12.2008. u 22:29 - pre 186 meseci
Jesam, ewo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:31 PM, on 12/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\zoooo\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Unknown owner - C:\Program Files\DU Meter\DUMeterSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4994 bytes
 
Odgovor na temu

orizoka
Ruma

Član broj: 204065
Poruke: 13
*.adsl.verat.net.



Profil

icon Re: Restart za vreme skeniranja14.12.2008. u 00:21 - pre 186 meseci
Evo ovako, desilo se sledece. Komp se i dalje restartuje, samo sto od prvog sledeceg restarta vise nisam mogla na net...uradila sam sve sto se moglo, restart routera, repair, i nista... obrisala i spywareblaster i opet nista....isla sam na system restore, na dan ranije i net je proradio. Ne smem vise nista da pokusavam sa hijackthis...verovatno cu za par dana odraditi format...odradila bih ga odmah, nego prosto nemam vremena, treba mi komp da zavrsim posao, cim mi je da sve ponovo instaliram. Bas bedak....
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Restart za vreme skeniranja14.12.2008. u 15:33 - pre 186 meseci
bas steta sto odustajes...
pazi ovako...nista u HjT logu nema tooliko strasno da bi prouzrokovalo restartovanje
mozda 020 HjT linija...mozda
ja se bojim da nije u pitanju Hardwerski problem...to takodje zna da prouzrokoje problem...
daj boze da gresim

gornji log koji si dala je bio cist ...
http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

orizoka
Ruma

Član broj: 204065
Poruke: 13
*.adsl.verat.net.



Profil

icon Re: Restart za vreme skeniranja14.12.2008. u 15:47 - pre 186 meseci
Ma nisam odustala, vec sam prsla kad mi je nakon fix checked blokirao net, i cim sam odradila system restore, net je proradio....prosto vise nisam pametna sta bi moglo biti. Komp se restartuje ponekad i bez skeniranja, ali vrlo retko. Jel bi moglo napajanje da pravi problem? Cudno je to sto je sve krenulo nakon sto sam zarazila komp pre desetak dana, zato mislim da je ipak software u pitanju. Necu da ga formatiram jos nekoliko dana, mozda se pronadje resenje u medjuvremenu.
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Restart za vreme skeniranja14.12.2008. u 17:01 - pre 186 meseci
aha...ok...aj probaj ovako...

Fix sve gore sto sam napisao osim ove linije

O17 - HKLM\System\CCS\Services\Tcpip\..\{B120A0D3-B542-4622-B297-6A90A52DE262}: NameServer = 208.67.222.222,208.67.220.220

ova linija bi trebala biti tvoja IP adressa,tj. tvog provajdera..ali nevodi na tvoj provajder..pogledaj sama

http://samspade.org/whois/208.67.220.220
http://samspade.org/whois/208.67.222.222
http://ws.arin.net/whois/?queryinput=208.67.220.220

znaci ovo nije IP tvog provajdera..i treba ga obrisati..ali..aj da se igramo pa ostavi tu liniju

ili..da neradimo napamet..postavi svez Log..
i naravno da napajanje moze da pravi problem...
............................
PS: ako HijackThis program drzis u nekom Folderu odmah si mu omogucila da pravi becup...

ovako radis bekup..
startujes HjT program
izaberi zadnju opciju none of above,just start the program

klikni skroz desno na Config dugme
pa tub becup

izaberi tj. stikliraj liniju koju zelis becup-ovati tj vratiti i ides sa desne strane na Restore

znaci sve sto je Fixovano mozes vratiti !
............................

i nebi bilo na odmet...da pre postavljanja HjT loga ispratis ovu temu (drugi i treci post) pa onda posle toga postavis HJT log
skini neki rootkit alat pa skeniraj s njim
http://www.elitesecurity.org/t...-da-li-biste-nesto-preporucili



http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Restart za vreme skeniranja14.12.2008. u 19:33 - pre 186 meseci
Zeznuli ste se sa ovom linijom

O17 - HKLM\System\CCS\Services\Tcpip\..\{B120A0D3-B542-4622-B297-6A90A52DE262}: NameServer = 208.67.222.222,208.67.220.220

To je OpenDNS, znaci legitimna linija i cim si nju fixala, pa restart, normalno da vise nisi mogla na net, zato sto ti je ruter podesen na OpenDNS server a ne na tvog provajdera. To si ili ti ili neko drugi menjao

tebe zeza ovaj fajl C:\WINDOWS\System32\mlJDssSi.dll
Vi ste ga fixali HJT-om ali je potrebno obrisati ga rucno iz Safe mode a putanja je ova gore. A ako nece, onda se mora obrisati programom KillBox
 
Odgovor na temu

orizoka
Ruma

Član broj: 204065
Poruke: 13
*.adsl.verat.net.



Profil

icon Re: Restart za vreme skeniranja15.12.2008. u 11:46 - pre 186 meseci
Nije mi jasan DU meter, posto vec odavno nije instaliran, a hijackthis ne moze da ga skine...skinula sam onu liniju 20, evo kakav je trenutni log, sad ste me was dwojica zbunili, vise ne znam sta dalje da radim, ni sta da brisem rucno :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:16 PM, on 12/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/...=aus&qkw=%s&tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A1F092EB-B3DE-4D9A-A1DC-2746B68489CB} - (no file)
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - https://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O16 - DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - https://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B120A0D3-B542-4622-B297-6A90A52DE262}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Unknown owner - C:\Program Files\DU Meter\DUMeterSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6346 bytes
 
Odgovor na temu

kristi1

Član broj: 151211
Poruke: 2012
*.ptt.rs.

Sajt: www.mycity.rs/Ambulanta


+88 Profil

icon Re: Restart za vreme skeniranja15.12.2008. u 13:06 - pre 186 meseci
@orizoka fixuj ovu liniju

O2 - BHO: (no name) - {A1F092EB-B3DE-4D9A-A1DC-2746B68489CB} - (no file)

Sto se tice du metera iskljuci ga u services
Klikni start, run, pa kucaj msconfig pa enter. Kad se otvoti prozor klikni na tab services i dechekiraj Dumeter.

Ne znam kakvo je sada stanje, ali u HJT logu nema vise znakova infekcije.
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Restart za vreme skeniranja15.12.2008. u 15:57 - pre 186 meseci
Citat:
sad ste me was dwojica zbunili, vise ne znam sta dalje da radim, ni sta da brisem rucno


nema sta da si zbunjena...ja sam se zeznuo..upravo sa ovom 017 linijom...
ove linkove sto sam dao..lepo pise OpenDNS ,al dobro sta sad..i ja smem da pogresim nekad

Code:
http://samspade.org/whois/208.67.220.220
http://samspade.org/whois/208.67.222.222
http://ws.arin.net/whois/?queryinput=208.67.220.220


bitno je bilo da ubijes 20 liniju sa HjT (iz safe moda) a HJT je ubio i sam file 99% automacki

to je to...kakvo je sad stanje?
http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

orizoka
Ruma

Član broj: 204065
Poruke: 13
*.adsl.verat.net.



Profil

icon Re: Restart za vreme skeniranja15.12.2008. u 16:47 - pre 186 meseci
Stanje je nikakvo, tj. restartuje se i dalje. Nesto je izgleda gadno osteceno, samo sta......
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Restart za vreme skeniranja15.12.2008. u 17:31 - pre 186 meseci
imas li Windowsow instalacioni CD?

Start / Run kopiraj ovo:
Code:
sfc /scannow

pa Enter

kad i ako ti bude trazio instalacioni CD,daj mu
a ako nenadje nista,program ce sam izaci...
ova komanda zamenjuje ostecenje sistemske fajlove
kad zavrsi restartuj kompjuter

javi rezultate

i jel ti se pojavi mozda plavi ekran kad krene da se restartuje?
jel ti izbaci neku gresku pa krene da se restartuje? aj probaj ovo gore..pa cemo videti sta cemo dalje
http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

orizoka
Ruma

Član broj: 204065
Poruke: 13
*.adsl.verat.net.



Profil

icon Re: Restart za vreme skeniranja15.12.2008. u 23:04 - pre 186 meseci
...nemam sada instalacioni, imacu ga do cetwrtka, trenutno sam u guzwi....probacu swe, nema wise sta da izgubim.... Plawi ekran se pojawljiwao onda kada sam iskljucila automatski restart, inace se samo restartuje, ne izbacuje nista pre toga. Sada je krenuo da se restartuje newezano za skeniranje, npr. kad sam na netu, kad se nesto update-uje, kad koristim word, windows explorer i sl.... Danas se 5 puta restartowao, za nekih 6-7 sati rada. I jednom je tastatura krenula da trokira, saswim druga slowa i znakowe je izbaciwala, a to se nikada nije desawalo.
 
Odgovor na temu

orizoka
Ruma

Član broj: 204065
Poruke: 13
*.adsl.verat.net.



Profil

icon Re: Restart za vreme skeniranja06.01.2009. u 22:47 - pre 185 meseci
Windows mi je jos uvek u zivotu. Smirio se sam od sebe, poslednji put se restartovao pre 2 nedelje. Sada nista ne diram. Hvala vam ljudi!
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Restart za vreme skeniranja07.01.2009. u 06:31 - pre 185 meseci
hehe..ja zaboravio vec na ovu temu
drago mi je da je resen problem...

ako ponovo pocne da brljavi..odradi mu gore...ovo gore je kao popravka windowsa...
http://www.itfix.biz/images/Malware.JPG
 
Odgovor na temu

orizoka
Ruma

Član broj: 204065
Poruke: 13
*.adsl.verat.net.



Profil

icon Re: Restart za vreme skeniranja08.01.2009. u 12:20 - pre 185 meseci
Ok, nabawila sam instalacioni, odradicu to ako bude nekih problema. E da, skenirala sam ga sa System Mechanic, to sam zaborawila da napishem. Posle toga je swe manje i manje brljawio, ewo sad je kao ok.
 
Odgovor na temu

[es] :: Zaštita :: Restart za vreme skeniranja

[ Pregleda: 3150 | Odgovora: 18 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.