Automatski se iskljuci Mozila i Explorer! Virus?

1

Automatski se iskljuci Mozila i Explorer! Virus?

offline
  • Pridružio: 15 Avg 2006
  • Poruke: 2381
  • Gde živiš: Trenutno nigde...

Petljao sam nesto k'o i svaki covek koji nema pojima o kompjuterima u nadi da nesto nauci i naleteo na virus kojeg je ''valjda'' uspesno otklonio Kaspersky ali ne znam zasto sada nemogu da koristim Google i kada u njemu napisem bilo koju rec i kliknem na ''trazi'' automatski me izbaci! Primetio sam da mi i Explorer s vremena na vreme iskljuci!
A da udjem u Folder gde mi je antispyware ''SpyBot'' nema sanse! Da li je ovo virus i sta da radim!? Svakih 30 sekundi kompjuter kao da se trgne (i jedva sam napisao ovu poruku)

Izvini Marko sto si ovoliko citao, a posebno moj problem! Confused Bebee Dol

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

Mislim da je ovo slucaj za Ambulantu. Nisam strucan po tim pitanjima, bobby sigurno zna da li je ovo za lecenje i ako jeste, za kakav tip lecenja.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Neka prvo ovde postavi HJT log, pa cu onda videti da li slucaj za Ambulantu ili za neki drugi folder.

offline
  • Pridružio: 15 Avg 2006
  • Poruke: 2381
  • Gde živiš: Trenutno nigde...

EVo!
Logfile of HijackThis v1.99.1
Scan saved at 13:25:55, on 2007-02-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\apps\ABoard\ABoard.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
C:\Program\Java\jre1.5.0_09\bin\jusched.exe
C:\Program\QuickTime\qttask.exe
D:\Program\Winamp\winampa.exe
C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program\Spyware Terminator\sp_rsser.exe
D:\DOCUME~1\GORAN0~1.000\LOKALA~1\Temp\Rar$EX00.344\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Internet Explorer\iexplore.exe
D:\Documents and Settings\goran.049747020057.000\Skrivbord\Programi\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: 100% Free Chess Toolbar Helper - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - C:\Program\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: 100% Free Chess Toolbar - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] d:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVP] "C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [Windows LSASS Service] D:\DOCUME~1\GORAN0~1.000\LOKALA~1\Temp\Rar$EX00.344\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: Add to Anti-Banner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: "C:\Program\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe


A ovo je pronas'o Kapsersky malopre i opet je sve isto!
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\xpupdate.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\dlh9jkd1q2.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\dlh9jkd1q6.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\dlh9jkd1q7.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\game0.exe.exe
deleted: virus Email-Worm.Win32.Zhelatin.h File: C:\WINDOWS\system32\game5p.exe.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\testtestt.exe
deleted: virus Email-Worm.Win32.Zhelatin.i File: C:\WINDOWS\system32\vxg4am1et2.exe
deleted: Trojan program Trojan.Win32.Agent.acr File: C:\WINDOWS\system32\vxga4me1.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Racunar jeste zarazen, prebacujem u Ambulantu.

Dopuna: 12 Feb 2007 13:58

Znas vec koji je postupak za upload za ambulantu.
Link za upload je http://www.mycity.rs/ambulanta-upload.php

Spakuj sledece:
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program\100% Free Chess Toolbar <-- ceo folder
D:\DOCUME~1\GORAN0~1.000\LOKALA~1\Temp\Rar$EX00.344\ <-- ceo folder

Da bi video normalno ime ovog zadnjeg foldera potrebno ti je sledece:
- skini program https://www.mycity.rs/must-login.png
- iskopiraj u gornje polje sledeci tekst: D:\DOCUME~1\GORAN0~1.000\LOKALA~1\Temp\Rar$EX00.344\ i stisni Enter
- u donjem polju ces videti normalno (dugacko ime foldera)
- ukoliko ne mozes da nadjes ovaj folder, onda moras da uradis sledece: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html

Znam da imas svedski Windows, ali probaj da nadjes te opcije kod tebe.

offline
  • Pridružio: 15 Avg 2006
  • Poruke: 2381
  • Gde živiš: Trenutno nigde...

OK, trebace mi malo- malo vise vremena jer mi ne radi kompjuter kako treba! Kako sam vec opisao svake 30-e sekunde kao da se trgne i sve mi iskljuci i vrati na Desktop! Ni SpyBot-om nisam mog'o da uradim Scan! Bebee Dol

Dopuna: 12 Feb 2007 14:18

Uploadovao sam ova dva ali ovaj ''C:\Program\100% Free Chess Toolbar'' nemogu da ga pronadjem!

Za ovaj zadnji sam uradio preko ovog programa sto si mi dao ali to je samo prazan zuti folder i nista vise! D:\DOCUME~1\GORAN0~1.000\LOKALA~1\Temp\Rar$EX00.344\

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Odakle je onda onaj svchost koji si uploadovao ako nije iz tog foldera?

offline
  • Pridružio: 15 Avg 2006
  • Poruke: 2381
  • Gde živiš: Trenutno nigde...

Ne to je taj folder ali sam ga trazio na dva nacina...preko ''trazenja'' i preko tog programa sto si postavio link!

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ajmo ovako...

Preuzmi program ATF Cleaner ali ga nemoj jos pokretati, trebace nam za kasnije.

Preuzmi program SmitfraudFix sa ovog linka.

Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti)

Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link ]

Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd.
Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pretisni bilo koje dugme na tastaturi da bi prešao na sledeći korak.



Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om
pokrenuće ti se Windows-ov program Disk Cleanup.



Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt.

Sada pokreni ATF Cleaner koji smo malopre rekli da skines.

Stiklaraj Select All i nakon toga klikni na Empty Selected.
Kada se pojavi poruka Done Cleaning mozete ovaj program zatvoriti.


Sada ponovo restartuj komp u normalan mod rada i ponovi ciscenje ATF Cleanerom.

Skeniraj ponovo HJT-om i stikliraj polja ispred sledecih linija:

O2 - BHO: 100% Free Chess Toolbar Helper - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - C:\Program\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll (file missing)
O3 - Toolbar: 100% Free Chess Toolbar - {6F4F95AF-1647-4B72-A632-055405455423} - C:\Program\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows LSASS Service] D:\DOCUME~1\GORAN0~1.000\LOKALA~1\Temp\Rar$EX00.344\svchost.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)


Ne zaboravi da nam postavis nov log programa HJT, kao i log SmitFraudFix-a koji se nalazi na C:\rapport.txt

offline
  • Pridružio: 15 Avg 2006
  • Poruke: 2381
  • Gde živiš: Trenutno nigde...

Uradio sam kako si mi napisao i cekirao sam SafeBoot pa onda restart i opet sam vratio na isto jer mi internet ne radi, a ikone na Desktopu su Ogromne!

E sad vidi ovu sliku i sta da otvorim da ne bi' nesto zeznuo!?
https://www.mycity.rs/must-login.png

Dopuna: 12 Feb 2007 15:23

Zaboravio sam!

Slika na Desktopu je samo crne boje, a u uglovima levim i desnim pise da postoji neka greska!

Ko je trenutno na forumu
 

Ukupno su 854 korisnika na forumu :: 22 registrovanih, 7 sakrivenih i 825 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., babaroga, bestguarder, Dimitrije Paunovic, djboj, ILGromovnik, indja, kovinacc, ljuba, MILO-VAN, nenad81, Oscar2, panzerwaffe, pein, Srle993, suton, tmanda323, vathra, Wrangler, Zimbabwe, 1107