Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Gde li ga je strpalo???

[es] :: Security :: Gde li ga je strpalo???

[ Pregleda: 3291 | Odgovora: 12 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

mancic82
aleksandar
nis

Član broj: 57505
Poruke: 38
..nis1-nis.customer.sbb.co.yu.

ICQ: 328774318
Sajt: s2.bitefight.ba/c.php?uid..


Profil

icon Gde li ga je strpalo???26.10.2005. u 15:30 - pre 232 meseci
Znaci, pre neki dan sam trazio nesto po netu i pojavilo mi se upozorenje:
"C:\Documents and Settings\Mancic\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe Infected:
Trojan-Downloader.Win32.TSUpdate.l ..."! E sad, "odem" ja tamo, posto antivirusni nije hteo da ga obrise i pobrisem sve odatle, medjutim on meni i dalje prijavljuje taj virus ili sta li je vec! Posle duzeg vremena provedenog skenirajuci racunar i brisajuci virus vise mi ne prijavljuje da ga ima, medjutim svakih desetak minuta mi se browser sam aktivira i ispisuje adrese tipa:
http://www.ad-w-a-r-e.com/cgi-...ormal&mSkip=1&rnd=7025

http://www.ad-w-a-r-e.com/cgi-...ormal&mSkip=1&rnd=2627

i salje me na neke adrese sa reklamama i nekim "devojkama za dopisivanje"!
Skenirao sam racunar i Ad-awer-eom i Spybot-om i pobrisao to sto je nadjeno, ali mene i dalje salje na te adrese!!! Cime jos da ga skeniram???
Ako neko moze da pomogne neka to uradi molim vas, da ne bih morao da brisem sistem jer me uzasno nervira!
Unapred hvala!
"Inter leges puellarum est gaudium puerorum"
 
Odgovor na temu

Ozzy
Luzern,CH

Član broj: 7888
Poruke: 132
*.dh-hfc.datazug.ch.



Profil

icon Re: Gde li ga je strpalo???26.10.2005. u 18:31 - pre 232 meseci
Pa koji anti-virusni program koristis?Jesi li probao sa Kaspersky?Pogledaj "radi" li ti taj exe file u Task manager.
Ako nesto ne mozes da obrises skini program Copy lock.
Pozdrav Ozzy
 
Odgovor na temu

IcyImpact

Član broj: 64366
Poruke: 939
*.adsl.net.t-com.hr.



Profil

icon Re: Gde li ga je strpalo???26.10.2005. u 19:18 - pre 232 meseci
Skini program HijackThis pa nam kopiraj ono sto je on nasao pa cemo mi vidjeti sta se tu krije.
Knowledge is power.
 
Odgovor na temu

mancic82
aleksandar
nis

Član broj: 57505
Poruke: 38
..nis1-nis.customer.sbb.co.yu.

ICQ: 328774318
Sajt: s2.bitefight.ba/c.php?uid..


Profil

icon Re: Gde li ga je strpalo???27.10.2005. u 07:27 - pre 232 meseci
Koristim Avast! v.4.6-691, a jedini "sumnjivi proces" u task manager-u mi je "wdfmgr.exe" jer jedino njega ne mogu da iskljucim a ne znam ni cemu sluzi!
Evo sta kaze HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 8:16:41, on 27.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005 Client\aaclient.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Mancic\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?50af88e4d2f944b3b5add29a1f81268e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?50af88e4d2f944b3b5add29a1f81268e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DABBEA1-000A-4F98-A19B-B7F0476D4D08}: NameServer = 82.117.214.2,82.117.214.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{7DABBEA1-000A-4F98-A19B-B7F0476D4D08}: NameServer = 82.117.214.2,82.117.214.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{7DABBEA1-000A-4F98-A19B-B7F0476D4D08}: NameServer = 82.117.214.2,82.117.214.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\e6jm0g11e6.dll
O23 - Service: Ad-Axis Client - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware SE Enterprise 2005 Client\aaclient.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


"Inter leges puellarum est gaudium puerorum"
 
Odgovor na temu

IcyImpact

Član broj: 64366
Poruke: 939
*.adsl.net.t-com.hr.



Profil

icon Re: Gde li ga je strpalo???27.10.2005. u 20:47 - pre 232 meseci
Jedino sto sam nasao, a moglo bi biti uzrok tvog problema je: e6jm0g11e6.dll

Jesi imao najnovije definicije kad si radio skeniranja sa Spybotom S&D i Ad-Awareom?


Knowledge is power.
 
Odgovor na temu

AleksandarNS
Consultant
Novi Sad/Beograd

Član broj: 36938
Poruke: 1209
..mtsns-ns.customer.sbb.co.yu.



+4 Profil

icon Re: Gde li ga je strpalo???27.10.2005. u 21:59 - pre 232 meseci
namesti avast! da ti skenira harddisk pre podizanja windows-a.
It's a big mistake to allow computer to realise that you are in a hurry.
 
Odgovor na temu

mancic82
aleksandar
nis

Član broj: 57505
Poruke: 38
..nis1-nis.customer.sbb.co.yu.

ICQ: 328774318
Sajt: s2.bitefight.ba/c.php?uid..


Profil

icon Re: Gde li ga je strpalo???28.10.2005. u 12:17 - pre 232 meseci
Imao sam najnovije definicije kada sam skenirao Spybotom S&D i Ad-Awareom, cak sam isao i u safe mode da ga skeniram, takodje sam uradio i boot-scan Avast-om i obrisao taj virus sto je naso, a sad sam obrisao i e6jm0g11e6.dll, iz registry-a sam obrisao tsl2 i nekog "Alexa", medjutim opet on mene salje na te adrese, a pored toga mi sklanja "quick launch" iz task bara svaki put kada restartujem komp., sto ne znam da li ima veze sa tim ali uzasno nervira!!! U task manager-u nema nista sumnjivo, osim onog wdfmgr.exe za koji sam cuo da ima veze sa media player-om 10 i stvarno ne znam gde je moglo da ga sakrije?!?!?!
Koliko mi se cini format mu ne gine :(
"Inter leges puellarum est gaudium puerorum"
 
Odgovor na temu

AleksandarNS
Consultant
Novi Sad/Beograd

Član broj: 36938
Poruke: 1209
..mtsns-ns.customer.sbb.co.yu.



+4 Profil

icon Re: Gde li ga je strpalo???28.10.2005. u 14:52 - pre 232 meseci
da li ti je ukljuchen system restore?
It's a big mistake to allow computer to realise that you are in a hurry.
 
Odgovor na temu

mancic82
aleksandar
nis

Član broj: 57505
Poruke: 38
82.208.210.*

ICQ: 328774318
Sajt: s2.bitefight.ba/c.php?uid..


Profil

icon Re: Gde li ga je strpalo???28.10.2005. u 18:11 - pre 232 meseci
Ukljucen mi je system restore, jel da ga iskljucim?
"Inter leges puellarum est gaudium puerorum"
 
Odgovor na temu

Shadowed
Vojvodina

Član broj: 649
Poruke: 12875



+4792 Profil

icon Re: Gde li ga je strpalo???28.10.2005. u 18:19 - pre 232 meseci
Ne moras ali preuzmi vlasnistvo nad folderima System Volume Information i skeniraj ono sto je u njima.
 
Odgovor na temu

mancic82
aleksandar
nis

Član broj: 57505
Poruke: 38
..nis1-nis.customer.sbb.co.yu.

ICQ: 328774318
Sajt: s2.bitefight.ba/c.php?uid..


Profil

icon Re: Gde li ga je strpalo???29.10.2005. u 12:52 - pre 232 meseci
Obrisao ja sadrzaj iz:
C:\Documents and Settings\Mancic\Local Settings\Temporary Internet Files\Content.IE5\...
i problem mi je resen! E sad, stvar je u tome sto sam ja sadrzaj tog foldera brisao i pre nego sto sam ovde postavio pitanje ali on se uvek vracao, medjutim sad se ne vraca!
P.S.Jos jedno pitanjce koje nema veze sa ovim, ali da ne otvaram novu temu, nema mi tab-a system restore u control panel/system, kako da ga iskljucim ako pozelim to?
Hvala svima koji su ulozili truda da mi pomognu!
Pozdrav!!!

[Ovu poruku je menjao mancic82 dana 29.10.2005. u 14:15 GMT+1]
"Inter leges puellarum est gaudium puerorum"
 
Odgovor na temu

AleksandarNS
Consultant
Novi Sad/Beograd

Član broj: 36938
Poruke: 1209
..mtsns-ns.customer.sbb.co.yu.



+4 Profil

icon Re: Gde li ga je strpalo???29.10.2005. u 14:10 - pre 232 meseci
Question:
I had a virus and found instructions to disable system restore in order to rid the virus from my system. After disabling system restore, then running my virus scan, the system restore tab has disappeared from the system properties window. How do I get this back?

Solution:
In order to restore your system restore tab, you will need to edit the registry. Be sure that you make a backup copy of the registry prior to making any changes.

Go to Start>> Run. Type in: regedit [Enter]

Navigate to the following registry key;

HKLM\Software\Policies\Microso­ft\Windows NT\SystemRestore

Single click once on the entry; "SystemRestore" to empty its contents into the right pane.

Find the entry "DisableSR", right click on it and delete it.

Preuzeto sa http://www.5starsupport.com

It's a big mistake to allow computer to realise that you are in a hurry.
 
Odgovor na temu

mancic82
aleksandar
nis

Član broj: 57505
Poruke: 38
..nis1-nis.customer.sbb.co.yu.

ICQ: 328774318
Sajt: s2.bitefight.ba/c.php?uid..


Profil

icon Re: Gde li ga je strpalo???29.10.2005. u 15:52 - pre 232 meseci
Hvala, medjutim registry key:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore
nije postojao u mom registry-ju, pa sam resenje za to nasao na
http://www.webuser.co.uk/forum...t.php?Number=126392&page=0

Mozda ce nekom da se javi isti problem, pa eto i resenja za to!
P.S.Ukoliko ovaj post nije za ovde premestite ga, posto mislim da je korisno!
Pozdrav i hvala jos jednom!!!
"Inter leges puellarum est gaudium puerorum"
 
Odgovor na temu

[es] :: Security :: Gde li ga je strpalo???

[ Pregleda: 3291 | Odgovora: 12 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.