Ma sta me ovo snaslo?

1

Ma sta me ovo snaslo?

offline
  • cat007 
  • Novi MyCity građanin
  • Pridružio: 16 Okt 2007
  • Poruke: 13

Imam problem (koji sam delom resio):

Na desktop mi nakon pokretanja izlazi sledeca slika(prozor kao desktop2) i dobivam link u IE
(http://yourprivacyguard.com/privacy/index.php?040a110f41464002583d5056023a69555d6a5d5c4a0213555a44580c0e0c0369040c3c010508053c053d0600565369515c6a6759576f060e0b013a0968040201563c025d6d175305475f47423e540e0104000e010903071f5644580811450d0055524558420c03)
koji mu nisam dozvolio. a Alt+Ctr+Del nije dostupan.
Ovaj fajl Index.html se smesta u (c:\win\privacy_danger)

ZoneAlarm mi ne prijavljuje da postoji neki nov prg. izuzev da sam blokirao ALG service port 1031,1302 koji mi se nudio.

Nod32 mi ne prijavljuje nista, jedino par puta mi je blokirao (ponudio terminate za) adersu koju nisam zapisao. a kod skeniranja mi je nasao niz fajlova koje ne moze da sredi...(u LOCALS~1 \ Temp )

AdAware mi je nasao sledece stvari (fajl-log) i uklonio.

AshampooAntiSpyWare2 mi je nasao niz stvari od kojih i
(cmd.exe /c "C: \ DOCUME~1 \ Dejan \ LOCALS~1 \ Temp \ install-privacy-danger.bat "C: \ DOCUME~1 \ Dejan \ LOCALS~1 \ Temp"")

Ja sam posle sve iz (LOCALS~1 \ Temp...) uklonio preko 2 kor.naloga (jer iz toga nije bilo moguce del.),
medjutim tamo mi se svakih 1-2 min pokrece DOS prozor gde se pokusava pristup na fajlove
(bndsrmnf.dll i regsvr32.) ostalo ne mogu da procitam jer se momentalno zatvara.

Moze te li mi preporuciti sta da skinem s neta da sredim problem odnosno da mi pojasnite sta me to snaslo.
Pozdrav!




mycity.rs/must-login.png

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

procitaj sledecu temu
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

i po uputstvima otvori temu u ambulanti

offline
  • cat007 
  • Novi MyCity građanin
  • Pridružio: 16 Okt 2007
  • Poruke: 13

Logfile of HijackThis v1.99.1
Scan saved at 11:58:33 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Softver\ZoneAlarm\zlclient.exe
C:\Program Files\Softver\NOD32\nod32kui.exe
C:\Program Files\Softver\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\Program Files\Softver\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Softver\NOD32\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Softver\Maxthon\Maxthon.exe
C:\Documents and Settings\Dejan\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 17.17.29.29.
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrmnf.dll (file missing)
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Softver\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32] "C:\Program Files\Softver\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Softver\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\reflection.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{D06597C3-3679-41C6-810A-A5EC47840B6E}: NameServer = 17.17.29.29
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
O20 - Winlogon Notify: pmnnkhh - pmnnkhh.dll (file missing)
O21 - SSODL: sysdx - {38D6A83F-22B6-44FC-AC9E-C6412DA4B115} - C:\WINDOWS\sysdx.dll (file missing)
O21 - SSODL: msvb - {3A6D1C7A-AE85-4F9D-BFF3-67725B842981} - C:\WINDOWS\msvb.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Softver\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Softver\NOD32\nod32krn.exe
O23 - Service: SDService - Unknown owner - SDService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

evo tog fajla. upravo mi se opet javila slika prokleta crvena slika.
Adsl full

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

- pronadji sledece fajlove i stavi ih u jedan zip:
C:\WINDOWS\bndsrmnf.dll
C:\WINDOWS\system32\mllmj.dll
pmnnkhh.dll

C:\WINDOWS\sysdx.dll
C:\WINDOWS\msvb.dll
c:\windows\system32\reflection.dll

uploaduj taj zip preko sledece forme: http://www.mycity.rs/ambulanta-upload.php

- posle toga uradi sledece:

1) Preuzmi program SmitfraudFix sa ovog linka.

2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti)

3.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link

4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd.
Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pretisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo.

5.)



6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om
pokrenuće ti se Windows-ov program Disk Cleanup.



Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt i svez HJT log.

Dopuna: 16 Okt 2007 17:07

kad buses radio sledeci sken sa HJ promeni HijackThis.exe u bilosta.exe (nesto sto ne podseca na hijackthis)

offline
  • cat007 
  • Novi MyCity građanin
  • Pridružio: 16 Okt 2007
  • Poruke: 13

Odradio sam proceduru.
Sada cu da vidimo dali deluje.
Inace nakon restarta Ad-Watch mi je prijavio promene u reg.
odbio sam.


mycity.rs/must-login.png
Logfile of HijackThis v1.99.1
Scan saved at 9:20:47 AM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Softver\ZoneAlarm\zlclient.exe
C:\Program Files\Softver\NOD32\nod32kui.exe
C:\Program Files\Softver\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Softver\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Softver\NOD32\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\SmitFraudFix\HijackThis\HijackThis01.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 17.17.29.29.
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrmnf.dll (file missing)
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Softver\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32] "C:\Program Files\Softver\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Softver\Ad-Aware SE Professional\Ad-Watch.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\reflection.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{D06597C3-3679-41C6-810A-A5EC47840B6E}: NameServer = 17.17.29.29
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
O20 - Winlogon Notify: pmnnkhh - pmnnkhh.dll (file missing)
O21 - SSODL: sysdx - {38D6A83F-22B6-44FC-AC9E-C6412DA4B115} - C:\WINDOWS\sysdx.dll (file missing)
O21 - SSODL: msvb - {3A6D1C7A-AE85-4F9D-BFF3-67725B842981} - C:\WINDOWS\msvb.dll (file missing)
O21 - SSODL: msmhost - {8C36BFE4-F7FD-4187-A38C-4B69461B9D00} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {2F5E88F5-DEF4-4581-BC10-FCC19664D4D3} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Softver\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Softver\NOD32\nod32krn.exe
O23 - Service: SDService - Unknown owner - SDService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

mycity.rs/must-login.png


Pozdrav!

Dopuna: 17 Okt 2007 9:41

Zaboravih da prikacim rapport SmitfraudFix.

mycity.rs/must-login.png

SmitFraudFix v2.240

Scan done at  9:12:25.62, Wed 10/17/2007
Run from C:\SmitFF\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\wsremover.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D06597C3-3679-41C6-810A-A5EC47840B6E}: NameServer=17.17.29.29
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D06597C3-3679-41C6-810A-A5EC47840B6E}: NameServer=17.17.29.29
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D06597C3-3679-41C6-810A-A5EC47840B6E}: NameServer=17.17.29.29


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

uradi sledece:

skini VundoFix:
http://www.atribune.org/ccount/click.php?id=4

* Dvoklikom se startuje fajl VundoFix.exe.
* Izabere opcija Scan for Vundo.
* Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK.
* Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo.
* Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes.
* Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a.
* Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK.
* Uključi se računar i podigne sistem iznova.
* Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

- promeni hijackthis.exe u cat007.exe

- logove kopiraj u temu nemoj ih uploadovati.

offline
  • cat007 
  • Novi MyCity građanin
  • Pridružio: 16 Okt 2007
  • Poruke: 13

Uradjeno!
***************************************************
VundoFix V6.5.10
Checking Java version...
Sun Java not detected
Scan started at 8:29:07 AM 10/18/2007
Listing files found while scanning....
C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.bak2
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\mllmj.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jmllm.bak2
C:\WINDOWS\system32\jmllm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini Has been deleted!
Performing Repairs to the registry.
Done!

***************************************************
Logfile of HijackThis v1.99.1
Scan saved at 8:45:27 AM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softver\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Softver\NOD32\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Softver\ZoneAlarm\zlclient.exe
C:\Program Files\Softver\NOD32\nod32kui.exe
C:\Program Files\Softver\Ad-Aware SE Professional\Ad-Watch.exe
C:\Ambolanta\HijackThis\HijackThis007.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 17.17.29.29.
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrmnf.dll (file missing)
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Softver\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32] "C:\Program Files\Softver\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Softver\Ad-Aware SE Professional\Ad-Watch.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\reflection.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{D06597C3-3679-41C6-810A-A5EC47840B6E}: NameServer = 17.17.29.29
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
O20 - Winlogon Notify: pmnnkhh - pmnnkhh.dll (file missing)
O21 - SSODL: sysdx - {38D6A83F-22B6-44FC-AC9E-C6412DA4B115} - C:\WINDOWS\sysdx.dll (file missing)
O21 - SSODL: msvb - {3A6D1C7A-AE85-4F9D-BFF3-67725B842981} - C:\WINDOWS\msvb.dll (file missing)
O21 - SSODL: msmhost - {8C36BFE4-F7FD-4187-A38C-4B69461B9D00} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {2F5E88F5-DEF4-4581-BC10-FCC19664D4D3} - C:\WINDOWS\msmdev.dll (file missing)
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Softver\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Softver\NOD32\nod32krn.exe
O23 - Service: SDService - Unknown owner - SDService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

***************************************************
Pozdrav, Valjda je to SVE?
ps. da li treba ukloniti putanje gde pise (file missing)?

offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

nisam bas siguran da smo zavrsili. jer to sto pise file missing ne mora da znaci da fajlova stvarno nema.

skeniraj ponovo sa hj i cekiraj sledece linije:
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrmnf.dll (file missing)
O20 - Winlogon Notify: mllmj - C:\WINDOWS\system32\mllmj.dll (file missing)
O20 - Winlogon Notify: pmnnkhh - pmnnkhh.dll (file missing)
O21 - SSODL: sysdx - {38D6A83F-22B6-44FC-AC9E-C6412DA4B115} - C:\WINDOWS\sysdx.dll (file missing)
O21 - SSODL: msvb - {3A6D1C7A-AE85-4F9D-BFF3-67725B842981} - C:\WINDOWS\msvb.dll (file missing)
O21 - SSODL: msmhost - {8C36BFE4-F7FD-4187-A38C-4B69461B9D00} - C:\WINDOWS\msmhost.dll (file missing)
O21 - SSODL: msmdev - {2F5E88F5-DEF4-4581-BC10-FCC19664D4D3} - C:\WINDOWS\msmdev.dll (file missing)

i klikni fix checked.

- restartuj racunar i ponovo skeniraj HJ-om i postavi novi log (i molim te promeni HijackThis.exe u nesto sto u imenu nema HijackThis)

offline
  • cat007 
  • Novi MyCity građanin
  • Pridružio: 16 Okt 2007
  • Poruke: 13

Odradio sam i ovo.
(mada racun.se vise ne ponasa cudno).
evo novog loga. (191919)
==============================================
Logfile of HijackThis v1.99.1
Scan saved at 8:22:50 AM, on 10/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Softver\ZoneAlarm\zlclient.exe
C:\Program Files\Softver\NOD32\nod32kui.exe
C:\Program Files\Softver\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Softver\NOD32\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Dejan\Desktop\191919.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 10.10.10.20.
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Softver\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32] "C:\Program Files\Softver\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Softver\Ad-Aware SE Professional\Ad-Watch.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\reflection.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{D06597C3-3679-41C6-810A-A5EC47840B6E}: NameServer = 17.17.29.29
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: sysdx - {38D6A83F-22B6-44FC-AC9E-C6412DA4B115} - (no file)
O21 - SSODL: msvb - {3A6D1C7A-AE85-4F9D-BFF3-67725B842981} - (no file)
O21 - SSODL: msmhost - {8C36BFE4-F7FD-4187-A38C-4B69461B9D00} - (no file)
O21 - SSODL: msmdev - {2F5E88F5-DEF4-4581-BC10-FCC19664D4D3} - (no file)
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Softver\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Softver\NOD32\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
==============================================
ps. sta je sa linijama 21. (no file)?
Pozdrav i Hvala za sve.

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

cat007 ::Odradio sam i ovo.
(mada racun.se vise ne ponasa cudno).
evo novog loga. (191919)
==============================================
ps. sta je sa linijama 21. (no file)?
Pozdrav i Hvala za sve.

Sudeci prema ovome sto citam u temi, radi se samo o zaostalim kljucevima koji bez fajlova na cije te je brisanje uputio kolega ne pretstavljaju neki poseban problem ili opasnost.

Probaj da ih se resis tako sto ces ponovo stiklirati i brisati te linije preko HJT-a. Ako ne upali a dovoljno poznajes registry bazu da bi mogao da vrsisi promene u njoj (to naravno radis na sopstvenu odgovornost Wink), iskoristi [url=https://www.mycity.rs/must-login.png vbs skriptu[/url] da pronades kljuceve za brisanje.

Za svaki slucaj prvo uradi bekap kompletne reg baze pre ovoga.
Start -> Run -> Regedit
U prozoru koji se otvori, klikni na My Computer, pa Export i sacuvaj celu bazu kao .reg fajl npr. na Desktop.
Ako nesto ne stima posle ovih izmena lako ces dvoklikom na taj fajl vratiti registry bazu u ranije stanje.

Sto se skripte tice: Pokreni je i u polje za unos koje ce se pojaviti kopiraj jedan po jedan od ovih dole navedenih CLSID-a i sacekaj da se pretraga zavrsi.

38D6A83F-22B6-44FC-AC9E-C6412DA4B115
3A6D1C7A-AE85-4F9D-BFF3-67725B842981
8C36BFE4-F7FD-4187-A38C-4B69461B9D00
2F5E88F5-DEF4-4581-BC10-FCC19664D4D3

Dobices txt fajl sa svim kljucevima vezanim za svaki od CLSID-a ponaosob. Pronadjes svaki i brises rucno.

Ko je trenutno na forumu
 

Ukupno su 503 korisnika na forumu :: 3 registrovanih, 1 sakriven i 499 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: cikadeda, goxin, Oluj2.1