Pomoc oko pmnnonl.dll

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Upravo sam instalirao windows i poceli su da iskacu prozori sa porukom

07.Jan.10 12:46:57 AM Real-time file system protection file C:\WINDOWS\system32\pmnnonl.dll Win32/Adware.Virtumonde application cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
Ali posle sledeceg restarta opet isto se desava i tako u nedogled stalno izlazi

Evo DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Nebojsa at 0:51:55.67 on 07.Jan.10
Internet Explorer: 6.0.2900.3311
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.647 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Nebojsa\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: {cf3fc4e8-8132-4d99-b43d-aec175d64e8b} - c:\windows\system32\pmnnonl.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [AtiPTA] atiptaxx.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: AtiExtEvent - Ati2evxx.dll
Notify: pmnnonl - pmnnonl.dll
SEH: {cf3fc4e8-8132-4d99-b43d-aec175d64e8b} - c:\windows\system32\pmnnonl.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nebojsa\applic~1\mozilla\firefox\profiles\n9zc4k0k.default\
FF - prefs.js: browser.startup.homepage - google.rs

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest ultimate edition\kerneld.wnt [2010-1-7 23152]

=============== Created Last 30 ================

2010-01-06 23:15:03 0 d-----w- c:\windows\system32\PreInstall
2010-01-06 23:15:01 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-06 23:14:59 0 d--h--w- c:\windows\$hf_mig$
2010-01-06 23:14:22 0 d-----w- c:\program files\The KMPlayer
2010-01-06 23:11:08 0 d-----w- c:\program files\common files\COWON
2010-01-06 23:11:05 0 d-----w- c:\program files\JetAudio
2010-01-06 23:10:09 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-01-06 23:09:47 421888 ----a-w- c:\windows\system32\ac3filter.acm
2010-01-06 23:09:42 0 d-----w- c:\program files\AC3Filter
2010-01-06 23:06:11 0 d-----w- c:\program files\ESET
2010-01-06 23:03:33 0 d-----w- c:\program files\Lavalys
2010-01-06 23:03:12 38912 ----a-w- c:\windows\system32\pmnnonl.dll
2010-01-06 22:53:06 0 d-----w- c:\program files\DivX
2010-01-06 22:52:38 0 d-----w- c:\program files\common files\ODBC
2010-01-06 22:52:33 0 d-----w- c:\program files\common files\SpeechEngines
2010-01-06 22:51:54 0 d-----r- c:\documents and settings\all users\Documents
2010-01-06 22:40:54 0 d-----w- c:\program files\MultiRes
2010-01-06 22:40:21 0 d-----w- c:\program files\Radeon Omega Drivers
2010-01-06 22:29:10 0 d-----w- c:\program files\Realtek Sound Manager
2010-01-06 22:29:10 0 d-----w- c:\program files\AvRack
2010-01-06 22:29:02 0 d-----w- c:\program files\Realtek AC97
2010-01-06 22:15:58 0 d-----w- c:\program files\VIA
2010-01-06 22:06:16 0 d-sh--w- c:\documents and settings\all users\DRM
2010-01-06 22:05:46 0 d--h--w- c:\program files\WindowsUpdate
2010-01-06 22:04:41 0 d-----w- c:\program files\common files\MSSoap
2010-01-06 22:02:12 0 d-----w- c:\program files\Online Services
2010-01-06 22:02:03 0 d-----w- c:\program files\Messenger
2010-01-06 22:01:59 0 d-----w- c:\program files\MSN Gaming Zone
2010-01-06 22:01:13 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-01-06 22:40:21 451072 ----a-w- c:\windows\Radeon Omega Drivers v3.8.252 Uninstall.exe
2010-01-06 22:02:38 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 0:53:07.50 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 07 Jan 2010 2:07

ComboFix 10-01-04.01 - Nebojsa 07.Jan.10 1:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.619 [GMT 1:00]
Running from: c:\documents and settings\Nebojsa\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pmnnonl.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-06 23:18 . 2010-01-06 23:18 0 ----a-w- c:\windows\nsreg.dat
2010-01-06 23:18 . 2010-01-06 23:18 -------- d-----w- c:\documents and settings\Nebojsa\Local Settings\Application Data\Mozilla
2010-01-06 23:15 . 2005-02-25 03:35 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-06 23:14 . 2010-01-06 23:50 -------- d--h--w- c:\windows\$hf_mig$
2010-01-06 23:14 . 2010-01-06 23:16 -------- d-----w- c:\program files\The KMPlayer
2010-01-06 23:13 . 2010-01-06 23:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-06 23:12 . 2010-01-06 23:12 -------- d-----w- c:\program files\Google
2010-01-06 23:12 . 2010-01-06 23:12 -------- d-----w- c:\documents and settings\Nebojsa\Local Settings\Application Data\Google
2010-01-06 23:11 . 2010-01-06 23:11 -------- d-----w- c:\program files\Common Files\COWON
2010-01-06 23:11 . 2010-01-06 23:11 -------- d-----w- c:\program files\JetAudio
2010-01-06 23:10 . 2010-01-06 23:10 -------- d-----w- c:\documents and settings\Nebojsa\Application Data\InstallShield
2010-01-06 23:09 . 2010-01-06 23:09 -------- d-----w- c:\program files\AC3Filter
2010-01-06 23:07 . 2010-01-06 23:07 -------- d-----w- c:\documents and settings\Nebojsa\Local Settings\Application Data\ESET
2010-01-06 23:07 . 2010-01-06 23:07 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-01-06 23:06 . 2010-01-06 23:06 -------- d-----w- c:\program files\ESET
2010-01-06 23:06 . 2010-01-06 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-01-06 23:03 . 2010-01-06 23:03 -------- d-----w- c:\program files\Lavalys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 23:11 . 2010-01-06 22:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-06 22:53 . 2010-01-06 22:53 -------- d-----w- c:\program files\DivX
2010-01-06 22:41 . 2010-01-06 22:15 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-06 22:41 . 2010-01-06 22:40 -------- d-----w- c:\program files\MultiRes
2010-01-06 22:40 . 2010-01-06 22:40 451072 ----a-w- c:\windows\Radeon Omega Drivers v3.8.252 Uninstall.exe
2010-01-06 22:40 . 2010-01-06 22:40 -------- d-----w- c:\program files\Radeon Omega Drivers
2010-01-06 22:29 . 2010-01-06 22:29 -------- d-----w- c:\program files\Realtek Sound Manager
2010-01-06 22:29 . 2010-01-06 22:29 -------- d-----w- c:\program files\AvRack
2010-01-06 22:29 . 2010-01-06 22:29 -------- d-----w- c:\program files\Realtek AC97
2010-01-06 22:22 . 2010-01-06 22:15 -------- d-----w- c:\program files\VIA
2010-01-06 22:14 . 2010-01-06 22:14 12328 ----a-w- c:\documents and settings\Nebojsa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 22:07 . 2010-01-06 22:07 -------- d-----w- c:\program files\microsoft frontpage
2010-01-06 22:06 . 2010-01-06 22:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-06 22:02 . 2010-01-06 22:02 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824]
"AtiPTA"="atiptaxx.exe" [2006-02-22 344064]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-02-12 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-02-12 53760]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [01.Jul.08 09:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [01.Jul.08 09:02 468224]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [07.Jan.10 00:03 23152]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Nebojsa\Application Data\Mozilla\Firefox\Profiles\n9zc4k0k.default\
FF - prefs.js: browser.startup.homepage - google.rs
.
- - - - ORPHANS REMOVED - - - -

AddRemove-XPv3.8.252 - c:\windows\Radeon Omega Drivers v3.8.252



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-01-07 02:00
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-07 02:03:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-07 01:03

Pre-Run: 10,474,168,320 bytes free
Post-Run: 10,521,497,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C0E77651B84C23A483FF3E18C6A8DB63

Dopuna: 07 Jan 2010 2:13

I kazi mi sad mi je nestalo dole u levom uglu ona ikonica sa kojom menjam jezik serbian latin serbian cirilic i englis kako da je vratim?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Za ikonicu...

Idi na Start > Control Panel i dvoklik na Regional and Language Options.

Prebaci na karticu Language;

Klikni na Details pa na Add;

Odabereš jezik pa Ok...



Što se tiče infekcije trebalo bi da je sve sada u redu.


Isprati još sledeće...



Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Vidi nije problem bio u tome sto si napisao nego u tome sto mi je posle skeniranja nestao LANGUAGE BAR ali resio sam u opcijama region i la...... pa kad se udje bilo mi je stiklirano

Systemconfiguracion pa opcija TURN OFF ADVANCED TEXT SERVICES i zbog toga mi je nestao language............. Sad ga imam ponovo a jos jedno pitanje otkud mi taj djavo u kompu?????

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

nebojsa77ns ::...a jos jedno pitanje otkud mi taj djavo u kompu?????

Mogu da pretpostavim, ali ne bih da nagađam.

Ono što je bilo maliciozno smo uklonili, tako da smo ovde završili.


Pozdrav.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala i tebi na pomoci.
Pozdrav