Forumi
Home Pravila i pomoć Članovi Kalendar Današnji postovi


Povratak   PC Ekspert Forum > Računala > Problemi > Softverski problemi
Osvježi stranicu (riješeno) Uklanjanje gamadi win32.tdss.rtk, virtumonde.dll, fraud.virusremover2009
Ime
Lozinka

Odgovori
 
Uređivanje
Staro 19.08.2009., 11:20   #1
Barny
Banned
 
Datum registracije: Feb 2007
Lokacija: Zagreb
Postovi: 78
(riješeno) Uklanjanje gamadi win32.tdss.rtk, virtumonde.dll, fraud.virusremover2009
Napalo me win32.tdss.rtk, virtumonde.dll, te fraud.virusremover2009.

Bit nenalazi ništa, ad-aware isto no spybot nalazi ali nemože očistiti.

Naime kao on to popravi ali se uvijek vrate kod ponovnog skena.

Molim pomoć

hvala
Barny je offline   Reply With Quote
Staro 19.08.2009., 11:27   #2
Doink the Clown
Jack of all, master of none
Moj komp
 
Doink the Clown's Avatar
 
Datum registracije: Jan 2009
Lokacija: Matulji - Rijeka
Postovi: 6,214
Malwarebytes' Anti-Malware provrti u safe modu, quick! Pobij štetočine
__________________

C L O W N I N G A R O U N D
Doink the Clown je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Staro 19.08.2009., 12:42   #3
Dizel
3.14zda ®
Moj komp
 
Dizel's Avatar
 
Datum registracije: Nov 2005
Lokacija: Orahovica
Postovi: 8,320
Meni na poslu netko nasrao nekakav PC Antispyware 2010...pas mater, nemos se rijesit gada SpyBotom da se ubijes...jel postoji sto ucinkovito bez mrljanja po registrima?
Dizel je offline   Reply With Quote
Staro 19.08.2009., 12:48   #4
Campeonato
Premuim
 
Campeonato's Avatar
 
Datum registracije: Feb 2008
Lokacija: Osijek
Postovi: 1,748
Format C...
ja sam se samo tako rijesio tog djubreta, ili slicnog neceg... Meni nije nista pomoglo... nece se uninstalirat, nabija prostor na hardu... nikoji program mu nece nista...
__________________

| Intel Core 2 Quad Q9650 @3,00 GHz, c.w. Noctua NH-L9x65 |
| Zotac 9300-ITX-WiFi | Mushkin 8GB DDR2 @800 MHz |
| Sapphire Pulse Radeon RX 570 4G, 4096 MB GDDR5 |
| Samsung 860 Evo 500GB SSD | Windows 10 Pro x64 |
| Seasonic Prime Fanless PX-450 | Phanteks Enthoo Evolv ITX TG |
| Dell UltraSharp U2419H @1080p | Dell KB216 | Roccat Kone Pure SE | Roccat Taito | Creative Pebble |
Campeonato je offline   Reply With Quote
Staro 19.08.2009., 12:52   #5
Barny
Banned
 
Datum registracije: Feb 2007
Lokacija: Zagreb
Postovi: 78
ovo je vrlo obeshrabrujuće, nadam se još uvijek da ima neko ko je uspio
Barny je offline   Reply With Quote
Staro 19.08.2009., 12:58   #6
Doink the Clown
Jack of all, master of none
Moj komp
 
Doink the Clown's Avatar
 
Datum registracije: Jan 2009
Lokacija: Matulji - Rijeka
Postovi: 6,214
Imao sam nešto slično, moraš mu pronaći autorun datoteku i manualno ju izbrisati da se ne može dizati ponovo, ako ni sa Malwares'-om nisi uspio najsigurnije ti je napravit backup format C: i
__________________

C L O W N I N G A R O U N D
Doink the Clown je offline   Reply With Quote
Staro 19.08.2009., 13:04   #7
Barny
Banned
 
Datum registracije: Feb 2007
Lokacija: Zagreb
Postovi: 78
kako se traži autorun datoteka???

EDIT:

imam samo ove info. i to nikako nemogu očistiti i uvjek se vračaju. kad tražim nevidim ih

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrxnxuhrhh.dll (Trojan.TDSS) -> No action taken.

Files Infected:
\\?\globalroot\systemroot\system32\geyekrxnxuhrhh.dll (Trojan.TDSS) -> No action taken.
Zadnje izmijenjeno od: domy_os. 20.08.2009. u 17:31.
Barny je offline   Reply With Quote
Staro 19.08.2009., 13:08   #8
Doink the Clown
Jack of all, master of none
Moj komp
 
Doink the Clown's Avatar
 
Datum registracije: Jan 2009
Lokacija: Matulji - Rijeka
Postovi: 6,214
E toliko potkovan znanjem nisam, znam da mi je frend to riješio kopajući po command promptu, virus se sakrio negdje u rootu a autorun datoteka je bila vidjiva odmah čim otvoriš C particiju i stalno se obnavljala dok ju nije onemogućio u command promptu i onda sve izbrisao Malwarebyte's-om. Sad, ako sam nešto krivo skužio kod njegove metode već će me stručnjaci ispraviti bez brige Što pronalazi Malwarebytes'? Jesi izvrtio scan s njim uopće?
EDIT: Pokušaj skenirat s Avirom još...
__________________

C L O W N I N G A R O U N D
Doink the Clown je offline   Reply With Quote
Staro 19.08.2009., 13:11   #9
Barny
Banned
 
Datum registracije: Feb 2007
Lokacija: Zagreb
Postovi: 78
to i je njegov rezultat. našao je on još ponešto no samo to neće.

EDIT:

našao sam neki "wininit" ini. i unutra zapis :

[rename]
c:\tempjunk1956.tmp=C:\WINDOWS\system32\drivers\geyekrmpjwpkka.sys
nul=c:\tempjunk6375.tmp
c:\tempjunk9540.tmp=C:\WINDOWS\system32\geyekrwykmpskb.dll
c:\tempjunk9914.tmp=C:\WINDOWS\system32\geyekrxnxuhrhh.dll
c:\tempjunk3937.tmp=C:\WINDOWS\system32\geyekraqgrqodg.dat
c:\tempjunk662.tmp=C:\WINDOWS\system32\geyekrealqyxmt.dat
c:\tempjunk739.tmp=C:\WINDOWS\system32\lowsec\local.ds
c:\tempjunk9450.tmp=C:\WINDOWS\system32\lowsec\user.ds
c:\tempjunk5889.tmp=C:\WINDOWS\system32\drivers\geyekrmpjwpkka.sys
c:\tempjunk6927.tmp=C:\WINDOWS\system32\geyekrwykmpskb.dll
c:\tempjunk2367.tmp=C:\WINDOWS\system32\geyekrxnxuhrhh.dll
c:\tempjunk5031.tmp=C:\WINDOWS\system32\geyekraqgrqodg.dat
c:\tempjunk5218.tmp=C:\WINDOWS\system32\geyekrealqyxmt.dat
c:\tempjunk1664.tmp=C:\WINDOWS\system32\drivers\geyekrmpjwpkka.sys
c:\tempjunk4787.tmp=C:\WINDOWS\system32\geyekrwykmpskb.dll
c:\tempjunk5075.tmp=C:\WINDOWS\system32\geyekrxnxuhrhh.dll
c:\tempjunk917.tmp=C:\WINDOWS\system32\geyekraqgrqodg.dat
c:\tempjunk3806.tmp=C:\WINDOWS\system32\geyekrealqyxmt.dat
c:\tempjunk5749.tmp=C:\WINDOWS\system32\zipfldr.dll
c:\tempjunk5161.tmp=C:\WINDOWS\system32\drivers\geyekrmpjwpkka.sys
c:\tempjunk2570.tmp=C:\WINDOWS\system32\geyekrwykmpskb.dll
c:\tempjunk785.tmp=C:\WINDOWS\system32\geyekrxnxuhrhh.dll
c:\tempjunk2474.tmp=C:\WINDOWS\system32\geyekraqgrqodg.dat
c:\tempjunk4629.tmp=C:\WINDOWS\system32\geyekrealqyxmt.dat
c:\tempjunk9664.tmp=C:\WINDOWS\system32\drivers\geyekrmpjwpkka.sys
c:\tempjunk8386.tmp=C:\WINDOWS\system32\geyekrwykmpskb.dll
c:\tempjunk3244.tmp=C:\WINDOWS\system32\geyekrxnxuhrhh.dll
c:\tempjunk6717.tmp=C:\WINDOWS\system32\geyekraqgrqodg.dat
c:\tempjunk6375.tmp=C:\WINDOWS\system32\geyekrealqyxmt.dat

ako to što pomaže
Zadnje izmijenjeno od: domy_os. 20.08.2009. u 17:34.
Barny je offline   Reply With Quote
Staro 19.08.2009., 13:48   #10
Doink the Clown
Jack of all, master of none
Moj komp
 
Doink the Clown's Avatar
 
Datum registracije: Jan 2009
Lokacija: Matulji - Rijeka
Postovi: 6,214
Citiraj:
Autor Doink the Clown Pregled postova
EDIT: Pokušaj skenirat s Avirom još...
Jesi?
__________________

C L O W N I N G A R O U N D
Doink the Clown je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Staro 19.08.2009., 13:55   #11
Barny
Banned
 
Datum registracije: Feb 2007
Lokacija: Zagreb
Postovi: 78
ne tražim odgovore po netu
Barny je offline   Reply With Quote
Staro 19.08.2009., 14:02   #12
hello!
Premium
 
hello!'s Avatar
 
Datum registracije: Aug 2008
Lokacija: Zagreb
Postovi: 105
Probaj s hajackom pokidati tu gamad...pa onda s malvareom očisti ponovno..
hello! je offline   Reply With Quote
Staro 19.08.2009., 14:08   #13
Barny
Banned
 
Datum registracije: Feb 2007
Lokacija: Zagreb
Postovi: 78



Logfile of HijackThis v1.99.1
Scan saved at 14:06:48, on 19.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2C7056E-B9DB-4AF7-9A88-3DED6F6B753F}: NameServer = 194.146.109.223 194.146.109.224
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c9891249ebc698) (gupdate1c9891249ebc698) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service (file missing)

smijem li izbrisati ručno ovaj wininit ini.
-->



Logfile of HijackThis v1.99.1
Scan saved at 14:06:48, on 19.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2C7056E-B9DB-4AF7-9A88-3DED6F6B753F}: NameServer = 194.146.109.223 194.146.109.224
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c9891249ebc698) (gupdate1c9891249ebc698) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service (file missing)

smijem li izbrisati ručno ovaj wininit ini.
Zadnje izmijenjeno od: domy_os. 20.08.2009. u 17:37.
Barny je offline   Reply With Quote
Staro 19.08.2009., 14:28   #14
nino
PizzoZder
Moj komp
 
nino's Avatar
 
Datum registracije: Jan 2003
Lokacija: Umag
Postovi: 12,600
Ovako. Posto svaki dan sredjujem ovakve stvari, moj savjet vam je da:

1. Skinuti hard i proskenirat na drugom kompu sa vec navedenim programima.
2. Usput rucno obrisati raznorazne foldere koji je gamad napravila
3. Vratit disk i u safe modu pogasit nepotrebne i sumnjive startup programe
4. Dignut win normalno i jos jednom proskenirat

Ne sjecam se kad sam zadnji put morao formatirat disk. Sve ocistim na ovaj nacin manje vise.
__________________
Prodajem kucu na klizistu.. Nije puno presla.....
Member Of PC Ekspert 100+kg Demolition Squad
NAJNOVIJE = Povoljno RAM..http://www.downloadmoreram.com/... tor i AMD kupili....
NOVO! Prodajem visokokvalitetni tropleteni hardverski konac za fixiranje coolera
nino je offline   Reply With Quote
Staro 19.08.2009., 15:27   #15
Joke
N00B
Moj komp
 
Joke's Avatar
 
Datum registracije: Oct 2006
Lokacija: Split
Postovi: 3,886
Citiraj:
Autor Doink the Clown Pregled postova
E toliko potkovan znanjem nisam, znam da mi je frend to riješio kopajući po command promptu, virus se sakrio negdje u rootu a autorun datoteka je bila vidjiva odmah čim otvoriš C particiju i stalno se obnavljala dok ju nije onemogućio u command promptu i onda sve izbrisao Malwarebyte's-om. Sad, ako sam nešto krivo skužio kod njegove metode već će me stručnjaci ispraviti bez brige Što pronalazi Malwarebytes'? Jesi izvrtio scan s njim uopće?
EDIT: Pokušaj skenirat s Avirom još...
U vezi autorun-a..
http://forum.pcekspert.com/showthread.php?t=134499#13
Citiraj:
Autor Barny Pregled postova
smijem li izbrisati ručno ovaj wininit ini.
http://www.spywareremove.com/removewininitini.html
http://support.microsoft.com/kb/140570
__________________
IE6
Linux is Not Windows
Joke je offline   Reply With Quote
Staro 19.08.2009., 18:41   #16
Barny
Banned
 
Datum registracije: Feb 2007
Lokacija: Zagreb
Postovi: 78
evo svima koji imaju isti ili će imati isti problem.Izgleda da je sve riješeno.

Nakon svega gore navedenog i napravljenog:

1. prvo spybot (zadnji update)
2. Malwarebytes' Anti-Malware ( hvala Doink the Clown-u) te potom
3. ComboFix ( riješio sve, i zadnje tragove )

strogo se pridržavati uputa i sve će biti ok.

pozdrav!

ps. čuvajte se ovog što sam ja pokupio doista je opako. pogotovo oni koji plačaju račune i prebacuju sredstva.
Zadnje izmijenjeno od: Barny. 19.08.2009. u 19:15.
Barny je offline   Reply With Quote
Staro 20.08.2009., 07:13   #17
Dizel
3.14zda ®
Moj komp
 
Dizel's Avatar
 
Datum registracije: Nov 2005
Lokacija: Orahovica
Postovi: 8,320
Krasno, ovaj PC Antispyware 2010 ne mogu maknit da ga ubies, racunalo na poslu ima 3 accounta i nemam pojma gdje se sve nasrao. Odustajem. Imam u firmi i placene ljude koji se time trebau zajebavati, a ne ja cistac nuklearnog reaktora
Dizel je offline   Reply With Quote
Staro 20.08.2009., 12:09   #18
Joke
N00B
Moj komp
 
Joke's Avatar
 
Datum registracije: Oct 2006
Lokacija: Split
Postovi: 3,886
Citiraj:
Autor Dizel Pregled postova
Krasno, ovaj PC Antispyware 2010 ne mogu maknit da ga ubies, racunalo na poslu ima 3 accounta i nemam pojma gdje se sve nasrao. Odustajem. Imam u firmi i placene ljude koji se time trebau zajebavati, a ne ja cistac nuklearnog reaktora
A sta ne ide sa Malwarebytes? http://www.bleepingcomputer.com/viru...ware-2010#keys
__________________
IE6
Linux is Not Windows
Joke je offline   Reply With Quote
Staro 20.08.2009., 12:20   #19
Dizel
3.14zda ®
Moj komp
 
Dizel's Avatar
 
Datum registracije: Nov 2005
Lokacija: Orahovica
Postovi: 8,320
Nula bodova. I dalje javlja da ima kao nekog spywarea i pokusava se to djubre instalirati...
Dizel je offline   Reply With Quote
Staro 20.08.2009., 12:22   #20
Joke
N00B
Moj komp
 
Joke's Avatar
 
Datum registracije: Oct 2006
Lokacija: Split
Postovi: 3,886
A dobro onda jbg kad si rekao da ne smijes drkeljat po registryma i to..
Citiraj:
Odustajem. Imam u firmi i placene ljude koji se time trebau zajebavati, a ne ja cistac nuklearnog reaktora
EDIT:Nisam rekao da ne znas nego da ne smijes! Kao sta si naveo u postu gore (odnosno bez diranja registrya)..
__________________
IE6
Linux is Not Windows
Zadnje izmijenjeno od: Joke. 20.08.2009. u 14:11.
Joke je offline   Reply With Quote
Staro 20.08.2009., 12:59   #21
Dizel
3.14zda ®
Moj komp
 
Dizel's Avatar
 
Datum registracije: Nov 2005
Lokacija: Orahovica
Postovi: 8,320
Smijem i znam, ali nemam zivaca i strpljenja, konacno nije mi to u opisu radnog mjesta

EDIT: Uspio ocistiti s ovim Malwarebytes' Anti-Malware-om...ali nakon jedno 3-4 skeniranja u safe modu i to full scana, ona brza provjera nije dala rezultate, stalno se vracao neki braviax.exe u system32 direktoriju windoza...
Zadnje izmijenjeno od: Dizel. 20.08.2009. u 16:51.
Dizel je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Odgovori

« Prethodna tema | Sljedeća tema »


Pravila postanja
Vi ne možete otvarati nove teme
Vi ne možete pisati odgovore
Vi ne možete uploadati priloge
Vi ne možete uređivati svoje poruke
BB code je Uključeno
Smajlići su Uključeno
[IMG] kod je Uključeno
HTML je Isključeno
Idi na



© 1999-2024 PC Ekspert - Sva prava pridržana ISSN 1334-2940
Ad Management by RedTyger
Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.