manji kapital -

Magazine
Go Back   Computer soka > Computer Software > Virus, Spyware i sigurnost
Reload this Page

Sysrestore.dll

Registracija Mapa Spy Member List Donacije Pretraživanje Today's Posts Označi Sve Forume Kao Pročitane Forum Rules

Register


 Default 

Sysrestore.dll




Reply
Stranica 1 od 2 1 2
 
Thread Tools
  #1  
Old 26 lipanj 2008, 12:48
Member Group
  
Default Sysrestore.dll

Pa moj problem je ja držati uzimajući moj avast rekavši sysrestore.dll sadrži malaware bilo koji pomoć ugoditi? hvala ti im zabrinuti jer imam iskorišten sistem vratiti u prošlo i ako sada ima virus im pijan
  #2  
Old 26 lipanj 2008, 18:40
Moderator / ica grupe
  
Default Sysrestore.dll

Nije pijan.

Post HijackThis zapisnik tako da možemo imati izgled.
__________________
  #3  
Old 27 lipanj 2008, 08:03
Member Group
  
Default Sysrestore.dll

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 6:20:16 Na 4/19/2008
Platforma: Windows Vista (Winnt 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Pokretanje procesa:
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Windows \ System32 \ CtHelper.exe
C: \ Windows \ System32 \ CTXFIHLP.EXE
C: \ Users \ Označi JR \ Program Files \ DNA \ btdna.exe
C: \ Windows \ System32 \ CTXFISPI.EXE
C: \ Windows \ system32 \ wbem \ unsecapp.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ MSN Messenger \ livecall.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Users \ Označi JR \ Desktop \ dss.exe
C: \ Windows \ system32 \ conime.exe
C: \ programa ~ 1 \ TRENDM ~ 1 \ Hijack ~ 1 \ Označi JR.exe
C: \ Windows \ system32 \ SearchFilterHost.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = o: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = *. lokalne
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts: 72.233.61.2 L2authd.lineage2.com
O1 - Hosts: 72.233.61.2 L2testauthd.lineage2.com
O2 - BHO: RealPlayer Download i Record Plugin za Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - (bf00e119-21a3-4fd1-b178-3b8537e75c92) - C: \ Program Files \ megaupload \ Mega Manager \ MegaIEMn.dll
O4 - HKLM \ .. \ Run: [avast!] C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [Grid Service] "C: \ Program Files \ GridService \ peer.exe"-n Grid
O4 - HKLM \ .. \ Run: [VMWare-tray] "C: \ Program Files \ VMware \ VMware Workstation \ VMWare-tray.exe"
O4 - HKLM \ .. \ Run: [VMware hqtray] "C: \ Program Files \ VMware \ VMware Workstation \ hqtray.exe"
O4 - HKLM \ .. \ Run: [Symantec PIF AlertEng] "C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [UpdReg] C: \ Windows \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [NvSvc] RUNDLL32.EXE C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AsioReg] Regsvr32.exe / S CTASIO.DLL
O4 - HKLM \ .. \ Run: [CTHelper] CTHELPER.EXE
O4 - HKLM \ .. \ Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM \ .. \ Run: [CTXFIREG] CTxfiReg.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Users \ Označi JR \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [igndlm.exe] C: \ Program Files \ Download Manager \ DLM.exe / windowsstart / startifwork
O4 - HKCU \ .. \ Run: [Parna] "C: \ Program Files \ parni \ steam.exe" Nečujno -
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O8 - Extra kontekst meni stavka: Download Link Korištenje Mega Manager ... - C: \ Program Files \ megaupload \ Mega Manager \ mm_file.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - (no file)
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ prxernsp.dll
O13 - smolastoga Prefiks:
O16 - DPF: (0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75) (CKAVWebScan Object) -- http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (dame Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: (69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A) (GameLauncher Control) -- http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: (A4110378-789B-455F-AE86-3A1BFC402853) (ZPA_SHVL Object) -- http://zone.msn.com/bingame/zpagames...l.cab55579.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: (FFB3A759-446F-98B1-BDA9-909C6EB18CC7) (PCPitstop Ispit) -- http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Obavijesti: GoToAssist - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ G2AWinLogon.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # # # (Bonjour Service) - Apple Computer, Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect usluga (CLTNetCnService) - Unknown vlasnika - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: Creative Servis za CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Izdavač \ FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online podjelom Citrix Systems, Inc - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ programa ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Service Notice LiveUpdate Ex (LiveUpdate Obavijest Ex) - Unknown vlasnika - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Obavijest Service - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: MySQL - Unknown vlasnika - C: \ Program.exe (file missing)
O23 - Service: PnkBstrA - Unknown vlasnika - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown vlasnika - C: \ Program Files \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe (file missing)
O23 - Service: Parna Client Service - Ventil Corporation - C: \ Program Files \ Common Files \ Parna \ SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown vlasnika - C: \ Program Files \ VMware \ VMware Workstation \ VMWare-ufad.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc - C: \ Windows \ system32 \ vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - Unknown vlasnika - C: \ Program Files \ Common Files \ VMware \ VMware Virtual Image Editing \ vmount2.exe (file missing)
O23 - Service: VMware NAT Service - VMware, Inc - C: \ Windows \ system32 \ vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - C: \ wamp \ bin \ apache \ apache2.2.8 \ bin \ httpd.exe
O23 - Service: wampmysqld - Unknown vlasnika - C: \ wamp \ bin \ mysql \ mysql5.0.51a \ bin \ mysqld-nt.exe

--
End of file - 9649 bytes
  #4  
Old 27 lipanj 2008, 11:57
Moderator / ica grupe
  
Default Sysrestore.dll

Ne mogu puno reći iz log.

Preuzimanje Dr.Web CureIt! & Spremili na radnu površinu.
  • Dvaput kliknite na cureit.exe za pokretanje programa. "Express skeniranja računala"Obavijest htijenje pojaviti se.
  • U odjeljku "Pokrenite Express Scan Now"Klik"U redu"Za početak. Ovo je kratka skeniranja koji će skenirati datoteke trenutno izvodi u memoriji i kad se nešto nađe, kliknite na Da gumb kad ga pita želite li izliječiti ga.
  • Nakon što je kratko scan završite, kliknite Opcije > Promijeni postavke
  • Odaberite "Scan karticu"I Isključi "Heurističan analiza"
  • Natrag na glavnom prozoru, kliknite na "Custom Scan", zatim "Select Pogoni" (red dot će pokazati koje pogoni su izabrani).
  • Zatim kliknite na "Start / Stop Scanning"Gumb (Zelena strelica na desnoj strani) i skandirati što htijenje početak.
  • Kada završite, poruka će se prikazati pri dnu savjetovanje ako su pronađene bilo kakve viruse.
  • Kliknite na "Da za sve"Ako ga pita želite li izliječiti / premjestiti datoteku.
  • Kada se skeniranje završi, pogledajte ako možete vidjeti ikonu pored datoteke rezultata. Ako je tako, kliknite, a zatim kliknite ikonu pored desne ispod i odaberite "Premjesti neizlječiva".
    (To će ga premjestiti u mapu C: \ Documents and Settings \ UserProfile \ DoctorWeb \ Karantena savijač ako ga se ne može izliječiti)
  • Dalje, u izborniku Dr.Web CureIt na vrhu, kliknite na datoteku i izabrati spremiti izvješće lista.
  • Spremite DrWeb.csv izvješće na radnu površinu.
  • Izlaz Dr.Web Cureit našto ispunjavanja.
  • Važno! Reboot računalu, jer bi to moglo biti moguće da koriste datoteke u će biti premještena / izbrisati za vrijeme ponovno podizanje sustava.
Možete koristiti Notepad za otvaranje DrWeb.cvs izvješće pravo klik i odaberete Otvori s> Notepad

----------

Next post dodaj
Dr. Web log
__________________
  #5  
Old 2. srpanj 2008, 15:39
Member Group
  
Default Sysrestore.dll

ja imati vidik kako obaviti iget za dokumente i postavke? im se ne koristi za vidik koristim imati xp


edit: pronašao ga NVM
  #6  
Old 2. srpanj 2008, 15:41
Member Group
  
Default Sysrestore.dll

svojim govoreći svoje skeniranje pri 80kbs ... imam 130gb skenirati, koje će se dana bilo koji ideja?
  #7  
Old 4. srpanj 2008, 16:44
Moderator / ica grupe
  
Default Sysrestore.dll

Download Combofix by sUBs jedan od linkova ispod.
Važno! Combofix.exe MORA biti spremljene i otrča iz Desktop.
  • Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka Combofix.
  • Važno! Privremeno onemogućiti tvoj AntiVirus, Skripta za blokiranje i bilo koji protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan.
    • Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih.
    • Ako tvoj nije na popisu, a vi ne znate kako ga isključiti, molimo pitati.
  • Upozorenje: Combofix disconnects vašem računalu s Interneta. Se veza automatski obnovljena prije Combofix izvrši njegove vožnji.
  • Dvaput kliknite combofix.exe i slijedite upute.
    • Odaberite Da da biste prihvatili Disclaimers.
  • Kada završite, on će proizvesti prijava za vas.
  • Pošta da se prijavite u vaš sljedeći odgovor.
Upozorenje: Ne mouseclick Combofix's prozor dok je pokrenut. To svibanj uzrokovati da se štala
  • Ako Combofix prometuje na poteškoće i prestaje preuranjeno, veza može biti ručno restored by ponovo pokrenuti računalo.
  • Važno: Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski prije reconnecting na Internet.
Ako je potrebno, pogledajte ovo Combofix tutorial Screenshots s više detalja koji će temeljito je preuzimanje i vođenje Combofix.

----------

Next post dodaj
Combofix log
__________________
  #8  
Old 9. srpnja 2008, 10:13
Member Group
  
Default Sysrestore.dll

ja odustati combofix doesnt lansirati lol valjda ja morati formatirati i izgubiti sve što imam
  #9  
Old 9. srpnja 2008, 10:16
Donatorska Grupa
  
Default Sysrestore.dll

Quote:
Originally Posted by madcows7 View Post
ja odustati combofix doesnt lansirati lol valjda ja morati formatirati i izgubiti sve što imam
Uvijek si mogao napraviti sigurnosnu kopiju podataka prvi ...
  #10  
Old 9. srpnja 2008, 12:58
Moderator / ica grupe
  
Default Sysrestore.dll

Idi na Start> Run i copy / paste u sljedećem:

"% userprofile% \ desktop \ combofix.exe" / killall

Pritisnite Enter i Combofix će se početi prikazivati.

Kada završite, on će proizvesti log datoteke nalaze na C: \ ComboFix.txt

Post sadržaja da se prijavite u vaš sljedeći odgovor.

Napomena: Ne mouseclick combofix's prozor dok je pokrenut. To svibanj nanijeti tvoj sistem to zatajiti.
__________________
Reply
Stranica 1 od 2 1 2

Register

Bookmarks
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer soka.
Kontakt -- Privatnost -- Sitemap -- Vrh

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO by vBSEO © 2009, Crawlability, Inc