Forumi
Home Pravila i pomoć Članovi Kalendar Današnji postovi


Povratak   PC Ekspert Forum > Računala > Problemi > Softverski problemi
Osvježi stranicu (rijeseno) Trojan i Zone Alarm
Ime
Lozinka

Odgovori
 
Uređivanje
Staro 13.08.2007., 00:53   #1
elo
Registered User
 
Datum registracije: Aug 2007
Lokacija: Zagreb
Postovi: 24
(rijeseno) Trojan i Zone Alarm
Ovak nikak se nemrem rjesiti trojana cak ga ni nod 32 ne moze maknut..detektira ga al ga nemre maknu..kaj da radim..i di mogu skinuti onaj registar No.za zone alarm pro7 nemrem to nigdje nac...
elo je offline   Reply With Quote
Staro 13.08.2007., 01:01   #2
Mr.Black
Premium
 
Mr.Black's Avatar
 
Datum registracije: Jan 2005
Lokacija: -
Postovi: 1,679
Citiraj:
Autor elo Pregled postova
Ovak nikak se nemrem rjesiti trojana cak ga ni nod 32 ne moze maknut..detektira ga al ga nemre maknu..kaj da radim..i di mogu skinuti onaj registar No.za zone alarm pro7 nemrem to nigdje nac...
pošalji log file od hijack this...
Mr.Black je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Staro 13.08.2007., 01:12   #3
elo
Registered User
 
Datum registracije: Aug 2007
Lokacija: Zagreb
Postovi: 24
Logfile of HijackThis v1.99.1
Scan saved at 1:11:18, on 12.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\EMIL\Local Settings\Temp\wzcdef\HijackThis.exe

O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0028090.dat
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
elo je offline   Reply With Quote
Staro 13.08.2007., 06:39   #4
Joke
N00B
Moj komp
 
Joke's Avatar
 
Datum registracije: Oct 2006
Lokacija: Split
Postovi: 3,886
Hm izgleda da ti je sa Hijack Thisom sve u redu jesi NOD32 podesio prema ovim uputama http://www.wilderssecurity.com/showthread.php?t=37509 i provaj proc komp sa Spybot-Search&Destroy
Joke je offline   Reply With Quote
Staro 13.08.2007., 19:21   #5
tutix
Premium
Moj komp
 
tutix's Avatar
 
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,069
Ovo pobriši:

Citiraj:
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0028090.dat
Ajd napiši o kojem trojancu se radi ako NOD32 već izbacuje. Probaj izgooglat riješenje.
tutix je offline   Reply With Quote
Staro 14.08.2007., 19:49   #6
elo
Registered User
 
Datum registracije: Aug 2007
Lokacija: Zagreb
Postovi: 24
trojan-downloader.Win32.agent.cbm...aj molim vas neka mi neko kaze sto da radim jer mi z-alarm neda nis otvorit a da mi to prvo ne servira kao virus..a nemrem ga nikak ubit..ili kaj god..
elo je offline   Reply With Quote
Staro 14.08.2007., 21:33   #7
tutix
Premium
Moj komp
 
tutix's Avatar
 
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,069
Skini SUPERAntiSpyware , instaliraj, update-aj i pročešljaj time.

A onda skini ovaj patch (WMF Fix) za Windowse XP SP2 i instaliraj ga da spriječiš ovo u budućnosti.
tutix je offline   Reply With Quote
Staro 14.08.2007., 22:37   #8
elo
Registered User
 
Datum registracije: Aug 2007
Lokacija: Zagreb
Postovi: 24
ma kakvi..opet nis jos mi zone alarm javlja da imam trojana..kaj da radim..poludjet cu..javlja mi to svaki put kad nesto otvaram..bilo koji file..dodje mi da ponovno instaliram win..al mi se neda toliko sada za***avati..al ako me izludi morati cu!
P.S.inace hvala na ulozenom trudu
elo je offline   Reply With Quote
Staro 14.08.2007., 23:26   #9
greenfly
Od nonine sestre kunjado
Moj komp
 
greenfly's Avatar
 
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,130
Inače ga Kaspersky uspješno čisti VIDI

Pa probaj trial....ako ti se da !
greenfly je offline   Reply With Quote
Staro 15.08.2007., 10:26   #10
elo
Registered User
 
Datum registracije: Aug 2007
Lokacija: Zagreb
Postovi: 24
evo mislim da sam ga se rijesio..
moze mi netko ovaj log pogledati...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:05, on 15.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: andr - {3162ba5b-4f2d-40c5-8fb6-36c6a0d639e6} - C:\WINDOWS\system32\duznhje.dll (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4374 bytes
elo je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Staro 15.08.2007., 12:01   #11
greenfly
Od nonine sestre kunjado
Moj komp
 
greenfly's Avatar
 
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,130
Ovo :

O22 - SharedTaskScheduler: andr - {3162ba5b-4f2d-40c5-8fb6-36c6a0d639e6} - C:\WINDOWS\system32\duznhje.dll (file missing)

Nemaš više nod32,,ako smijem pitati zašto si ga maknuo?
zasad nemaš instaliran Antivirus,pa ne bi bilo loše da staviš jedan

Mogao bi maknuti i onaj about blank :


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Prođi komp sa OVIM
greenfly je offline   Reply With Quote
Staro 15.08.2007., 14:09   #12
tutix
Premium
Moj komp
 
tutix's Avatar
 
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,069
Ajd reci s čime si ga riješio, da znamo za ubuduće...
tutix je offline   Reply With Quote
Staro 15.08.2007., 21:02   #13
elo
Registered User
 
Datum registracije: Aug 2007
Lokacija: Zagreb
Postovi: 24
eeee kasparsi(vidi 2-3 posta gore) e taj bi pojeo i vece od trojana..i kaj je naj bolje kad ga ubije jos i cujes vrisak kao da si ga ubio..legendarni prograam...
elo je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Odgovori

« Prethodna tema | Sljedeća tema »


Pravila postanja
Vi ne možete otvarati nove teme
Vi ne možete pisati odgovore
Vi ne možete uploadati priloge
Vi ne možete uređivati svoje poruke
BB code je Uključeno
Smajlići su Uključeno
[IMG] kod je Uključeno
HTML je Isključeno
Idi na



© 1999-2024 PC Ekspert - Sva prava pridržana ISSN 1334-2940
Ad Management by RedTyger
Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.