|
|
|
Poslao: 12 Feb 2007 07:14
|
offline
- MoscowBeast
- Nepopravljivi optimista
- Civil Works Team Leader @ IKEA Centres Russia
- Pridružio: 22 Jun 2005
- Poruke: 7912
- Gde živiš: Moskva, Rusija
|
Mislim da je ovo slucaj za Ambulantu. Nisam strucan po tim pitanjima, bobby sigurno zna da li je ovo za lecenje i ako jeste, za kakav tip lecenja.
|
|
|
|
|
|
|
Poslao: 12 Feb 2007 13:08
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Neka prvo ovde postavi HJT log, pa cu onda videti da li slucaj za Ambulantu ili za neki drugi folder.
|
|
|
|
|
|
|
Poslao: 12 Feb 2007 13:26
|
offline
- Hit-Man
- Prijatelj foruma
- Pridružio: 15 Avg 2006
- Poruke: 2381
- Gde živiš: Trenutno nigde...
|
EVo!
Logfile of HijackThis v1.99.1
Scan saved at 13:25:55, on 2007-02-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\apps\ABoard\ABoard.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
C:\Program\Java\jre1.5.0_09\bin\jusched.exe
C:\Program\QuickTime\qttask.exe
D:\Program\Winamp\winampa.exe
C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program\Spyware Terminator\sp_rsser.exe
D:\DOCUME~1\GORAN0~1.000\LOKALA~1\Temp\Rar$EX00.344\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Internet Explorer\iexplore.exe
D:\Documents and Settings\goran.049747020057.000\Skrivbord\Programi\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: 100% Free Chess Toolbar Helper - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - C:\Program\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: 100% Free Chess Toolbar - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] d:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVP] "C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [Windows LSASS Service] D:\DOCUME~1\GORAN0~1.000\LOKALA~1\Temp\Rar$EX00.344\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: Add to Anti-Banner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: "C:\Program\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
A ovo je pronas'o Kapsersky malopre i opet je sve isto!
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\xpupdate.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\dlh9jkd1q2.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\dlh9jkd1q6.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\dlh9jkd1q7.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\game0.exe.exe
deleted: virus Email-Worm.Win32.Zhelatin.h File: C:\WINDOWS\system32\game5p.exe.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\testtestt.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\vxg4am1et2.exe
deleted: Trojan program Trojan.Win32.Agent.acr File: C:\WINDOWS\system32\vxga4me1.exe
|
|
|
|
|
|
|
Poslao: 12 Feb 2007 13:58
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Racunar jeste zarazen, prebacujem u Ambulantu.
Dopuna: 12 Feb 2007 13:58
Znas vec koji je postupak za upload za ambulantu.
Link za upload je http://www.mycity.rs/ambulanta-upload.php
Spakuj sledece:
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program\100% Free Chess Toolbar <-- ceo folder
D:\DOCUME~1\GORAN0~1.000\LOKALA~1\Temp\Rar$EX00.344\ <-- ceo folder
Da bi video normalno ime ovog zadnjeg foldera potrebno ti je sledece:
- skini program https://www.mycity.rs/must-login.png
- iskopiraj u gornje polje sledeci tekst: D:\DOCUME~1\GORAN0~1.000\LOKALA~1\Temp\Rar$EX00.344\ i stisni Enter
- u donjem polju ces videti normalno (dugacko ime foldera)
- ukoliko ne mozes da nadjes ovaj folder, onda moras da uradis sledece: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html
Znam da imas svedski Windows, ali probaj da nadjes te opcije kod tebe.
|
|
|
|
|
|
|
Poslao: 12 Feb 2007 14:18
|
offline
- Hit-Man
- Prijatelj foruma
- Pridružio: 15 Avg 2006
- Poruke: 2381
- Gde živiš: Trenutno nigde...
|
OK, trebace mi malo- malo vise vremena jer mi ne radi kompjuter kako treba! Kako sam vec opisao svake 30-e sekunde kao da se trgne i sve mi iskljuci i vrati na Desktop! Ni SpyBot-om nisam mog'o da uradim Scan! 
Dopuna: 12 Feb 2007 14:18
Uploadovao sam ova dva ali ovaj ''C:\Program\100% Free Chess Toolbar'' nemogu da ga pronadjem!
Za ovaj zadnji sam uradio preko ovog programa sto si mi dao ali to je samo prazan zuti folder i nista vise! D:\DOCUME~1\GORAN0~1.000\LOKALA~1\Temp\Rar$EX00.344\
|
|
|
|
|
|
|
Poslao: 12 Feb 2007 14:41
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Odakle je onda onaj svchost koji si uploadovao ako nije iz tog foldera?
|
|
|
|
|
|
|
Poslao: 12 Feb 2007 14:47
|
offline
- Hit-Man
- Prijatelj foruma
- Pridružio: 15 Avg 2006
- Poruke: 2381
- Gde živiš: Trenutno nigde...
|
Ne to je taj folder ali sam ga trazio na dva nacina...preko ''trazenja'' i preko tog programa sto si postavio link!
|
|
|
|
|
|
|
|
|
Poslao: 12 Feb 2007 15:23
|
offline
- Hit-Man
- Prijatelj foruma
- Pridružio: 15 Avg 2006
- Poruke: 2381
- Gde živiš: Trenutno nigde...
|
Uradio sam kako si mi napisao i cekirao sam SafeBoot pa onda restart i opet sam vratio na isto jer mi internet ne radi, a ikone na Desktopu su Ogromne!
E sad vidi ovu sliku i sta da otvorim da ne bi' nesto zeznuo!?
https://www.mycity.rs/must-login.png
Dopuna: 12 Feb 2007 15:23
Zaboravio sam!
Slika na Desktopu je samo crne boje, a u uglovima levim i desnim pise da postoji neka greska!
|
|
|
|
|
|
