MyCity » Ambulanta -> Arhiva Ambulante » Izlaz na net

Izlaz na net

Napisano na dan: 26.2.2007
1

Izlaz na net
Sledeća strana Pagination

Idi na vrh

Poslao: 26 Feb 2007 07:46
Idi na vrh
offline
  • Pridružio: 22 Jul 2005
  • Poruke: 265
  • Gde živiš: Strawberry town

Nisam znao ni kako da nazovem ovaj problem , a ni kako da ga rešim. Naime od skoro pri uključenju kompa nešto mi taži izlaz na net

Ne vidim šta, ionda kad se konektujem otvara IE i ova stanica http://89.188.16.10/



URI: index.html.ca Content-language: ca Content-type: text/html URI: index.html.cz.iso8859-2 Content-language: cs Content-type: text/html;charset=ISO-8859-2 URI: index.html.de Content-language: de Content-type: text/html URI: index.html.dk Content-language: da Content-type: text/html URI: index.html.ee Content-language: ee Content-type: text/html URI: index.html.el Content-language: el Content-type: text/html URI: index.html.en Content-language: en Content-type: text/html URI: index.html.es Content-language: es Content-type: text/html URI: index.html.et Content-language: et Content-type: text/html URI: index.html.fr Content-language: fr Content-type: text/html URI: index.html.he.iso8859-8 Content-language: he Content-type: text/html;charset=ISO-8859-8 URI: index.html.hr.iso8859-2 Content-language: hr Content-type: text/html;charset=ISO-8859-2 URI: index.html.it Content-language: it Content-type: text/html URI: index.html.ja.iso2022-jp Content-language: ja Content-type: text/html;charset=ISO-2022-JP URI: index.html.ko.euc-kr Content-language: ko Content-type: text/html;charset=EUC-KR URI: index.html.ltz.utf8 Content-language: ltz Content-type: text/html;charset=UTF-8 URI: index.html.lu.utf8 Content-language: lu Content-type: text/html;charset=UTF-8 URI: index.html.nl Content-language: nl Content-type: text/html URI: index.html.nn Content-language: nn Content-Type: text/html URI: index.html.no Content-language: no Content-type: text/html URI: index.html.po.iso8859-2 Content-language: pl Content-type: text/html;charset=ISO-8859-2 URI: index.html.pt Content-language: pt Content-type: text/html URI: index.html.pt-br Content-language: pt-br Content-type: text/html URI: index.html.ru.cp-1251 Content-language: ru Content-type: text/html;charset=WINDOWS-1251 URI: index.html.ru.cp866 Content-language: ru Content-type: text/html;charset=CP866 URI: index.html.ru.iso-ru Content-language: ru Content-type: text/html;charset=ISO-8859-5 URI: index.html.ru.koi8-r Content-language: ru Content-type: text/html;charset=KOI8-r URI: index.html.ru.utf8 Content-language: ru Content-type: text/html;charset=UTF-8 URI: index.html.sv Content-language: sv Content-type: text/html URI: index.html.zh-cn.gb2312 Content-language: zh-CN Content-type: text/html;charset=GB2312 URI: index.html.zh-tw.big5 Content-language: tw, zh-TW Content-type: text/html;charset=Big5
Inače Firefox mi je default,i dok ovo pišem winlogon.exe mi troši 59%CPU,jeli to normalno?

Poslao: 26 Feb 2007 11:56
Idi na vrh
offline
  • oblak  Male
  • Legendarni građanin
  • Glavni moderator foruma Mobilni telefoni
  • LEBE KISELI
  • Pridružio: 14 Feb 2005
  • Poruke: 6355

imas neku zarazu nadji hi-jack this pa okaci log

Poslao: 26 Feb 2007 12:23
Idi na vrh
offline
  • Pridružio: 22 Jul 2005
  • Poruke: 265
  • Gde živiš: Strawberry town

Kako skenirao Nod-om, ništa, Spybots takođe

Dopuna: 26 Feb 2007 12:23

Izvini nešto sam poludeo od jutros nisam lepo pročitao, sad će log

Poslao: 26 Feb 2007 12:25
Idi na vrh
offline
  • ZoNi  Male
  • Free Your Mind!
  • Pridružio: 26 Feb 2005
  • Poruke: 5757
  • Gde živiš: Singidunum

probaj a-squared free (za čišćenje) i NetLimiter Monitor (da vidiš šta to hoće napole)

Poslao: 26 Feb 2007 12:36
Idi na vrh
offline
  • Pridružio: 22 Jul 2005
  • Poruke: 265
  • Gde živiš: Strawberry town

Logfile of HijackThis v1.99.1
Scan saved at 12:30:41, on 26.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
D:\preuzimanja\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C737F40-552E-426F-B84F-603AAE464ACA}: NameServer = 208.67.222.222 208.67.220.220
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe

Dopuna: 26 Feb 2007 12:36

StartupList report, 26.2.2007, 12:38:44
StartupList version: 1.52.2
Started from : D:\preuzimanja\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
D:\preuzimanja\HijackThis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
SoundMan = SOUNDMAN.EXE
nod32kui = "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Task Scheduler jobs:

MP Scheduled Scan.job

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\system32\wshbth.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Daki\LOCALS~1\Temp\~nsu.tmp\Au_.exe|||~

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\system32\webcheck.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 3.875 bytes
Report generated in 0,015 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only

Poslao: 26 Feb 2007 13:11
Idi na vrh
offline
  • Cigarette Smoking Man
  • Pridružio: 14 Feb 2005
  • Poruke: 9113
  • Gde živiš: Beograd

Ako sumljaš na bilo kakvu infekciju, pročitaj ovo i otvori novu temu u Ambulanti... Wink

Poslao: 26 Feb 2007 14:03
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Prebacio sam u Ambulantu.

Procitaj sve sa linka koji ti je dao rapha, kao i sa linka koji imas u toj temi.
Preimenuj HijackThis.exe u recimo rt3.exe. Takodje promeni i ime foldera u kojem se HijackThis nalazu. Moze isto u rt3.
Skeniraj i postavi nam ovde nov log.

Poslao: 26 Feb 2007 15:50
Idi na vrh
offline
  • Pridružio: 22 Jul 2005
  • Poruke: 265
  • Gde živiš: Strawberry town

Logfile of HijackThis v1.99.1
Scan saved at 15:51:51, on 26.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Daki\Desktop\rt3\rt3.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {866C60FD-9134-48CF-BB09-931D19E2B99C} - C:\WINDOWS\system32\vtstt.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\nnnkjhe.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C737F40-552E-426F-B84F-603AAE464ACA}: NameServer = 208.67.222.222 208.67.220.220
O20 - Winlogon Notify: nnnkjhe - C:\WINDOWS\SYSTEM32\nnnkjhe.dll
O20 - Winlogon Notify: vtstt - C:\WINDOWS\system32\vtstt.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe

@bobby
Uradio sve po opisu i evo loga

Poslao: 26 Feb 2007 16:43
Idi na vrh
offline
  • Cigarette Smoking Man
  • Pridružio: 14 Feb 2005
  • Poruke: 9113
  • Gde živiš: Beograd

Pozdrav Boki, pogledaću log pa ti se ubrzo javljam.

Dopuna: 26 Feb 2007 16:43

Komp je definitivno zaražen.
Molio bih te za početak da pošalješ ovaj fajl:
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\nnnkjhe.dll
u Ambulantu na dalju analizu.

http://www.mycity.rs/ambulanta-upload.php

Poslao: 26 Feb 2007 19:16
Idi na vrh
offline
  • Pridružio: 22 Jul 2005
  • Poruke: 265
  • Gde živiš: Strawberry town

@ rapha
Brate jedva sam ga našao jedino ga total commandrer vidi, zipovao sa i uradio upload. A da li mogu da obrišem sad njega sa kompa ili da sačekam . Hvala

05 Mar 2007 17:26 bobby Zaključavanje topica Razlog: Javiti se na PP ukoliko je potrebno otkljucavanje teme  

MyCity » Ambulanta -> Arhiva Ambulante » Izlaz na net

Ko je trenutno na forumu
 

Ukupno su 1163 korisnika na forumu :: 41 registrovanih, 2 sakrivenih i 1120 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, Bahuss, cifra, comi_pfc, DejanCG, DH, dolinalima, Excalibur13, FileFinder, HrcAk47, Još malo pa deda, Koridor, kvcali, kybonacci, laki_bb, Leonov, ljuba, mackenzie, madza, MiG-29M2, mile23, milenko crazy north, MiroslavD, MrNo, mrvica78, oldtimer, pein, Polemarchoi, procesor, robertino, Rogan33, royst33, Silvertooth, theNedjeljko, UAV operator, Udvar, uruk, VJ, Yellow Pinky, šumar bk2