Poslao: 06 Sep 2007 19:47
|
offline
- chupo17
- Zaslužni građanin
- Pridružio: 09 Feb 2004
- Poruke: 505
- Gde živiš: U Srbiji
|
Ne mogu izbrisati (fix u HiJack-u) Empty.pif ni windows.pif
Logfile of HijackThis v1.99.1
Scan saved at 11:32:56 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\LifeView TVR\RecSche.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Documents and Settings\Slavoljub\Application Data\explorer.exe
C:\Documents and Settings\Slavoljub\Application Data\explorer.exe
C:\Documents and Settings\Slavoljub\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\Slavoljub\Local Settings\Application Data\lsass.exe
C:\Program Files\LifeView TVR\remote.exe
F:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?new-hklm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://drvvv.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://drvvv.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware316\bin\Starware316.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Raketa Krstarice\components\NOWImaging.dll
O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)
O3 - Toolbar: B92 Groowe Navigator - {1F326B8F-CE7F-4C98-96A1-AC7A2B61D742} - C:\WINDOWS\SYSTEM32\GrooweToolbar.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll
O3 - Toolbar: Raketa Krstarice - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\Raketa Krstarice\Toolband.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Remote] C:\Program Files\LifeView TVR\Remote.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - Startup: windows.pif = ?
O4 - Startup: Sid Registration.lnk = D:\ATR1.exe
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Empty.pif = ?
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Radar - C:\Program Files\Internet Radar\Radar.html
O8 - Extra context menu item: Sledeci - C:\Program Files\Internet Radar\Sledeci.html
O9 - Extra button: O sajtu - {A33D72F1-0CA3-4522-AF0E-DBCAC81F29C2} - C:\PROGRAM FILES\INTERNET RADAR\INTERNETRADAR.DLL
O9 - Extra button: Radar - {A727176C-7630-49d5-ACC0-EDA518EA0D73} - C:\Program Files\Internet Radar\Radar.html
O9 - Extra button: Sledeci - {A8B4C482-2491-431d-90CC-19590FB1D12E} - C:\Program Files\Internet Radar\Sledeci.html
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Con.....1575899577
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/celebs-nude/Browser_Plugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Pozdrav
|
|
|
|
Poslao: 06 Sep 2007 20:04
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
E, necemo da se igramo, daj ceo log. Vidim koji proces je sporan, ali moram da vidim ceo log, da vidim odakle se pokrece.
|
|
|
|
Poslao: 06 Sep 2007 20:10
|
offline
- chupo17
- Zaslužni građanin
- Pridružio: 09 Feb 2004
- Poruke: 505
- Gde živiš: U Srbiji
|
Ispravio sam sadrzaj u prvoj poruci, nisam primetio da je deo nedostajao. Moje izvinjenje.
Pozdrav i hvala.
|
|
|
|
Poslao: 06 Sep 2007 20:15
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Imas vise infekcija. Ja trenutno imam goste, pa ne mogu sledecih sat vremena da ti postavim uputstvo.
Ukoliko ti se zuri, napisi to u sledecoj poruci, za slucaj da se na forumu pojavi neko od kolega.
|
|
|
|
Poslao: 06 Sep 2007 20:26
|
offline
- chupo17
- Zaslužni građanin
- Pridružio: 09 Feb 2004
- Poruke: 505
- Gde živiš: U Srbiji
|
U redu je nije previše hitno, u svakom slučaju hvala.
Inače zanimljivo je da ove zaraze Node32 ne čita.
Pozdrav
|
|
|
|
Poslao: 18 Sep 2007 22:01
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Hajmo da infekcije otklanjamo jednu po jednu.
Prvo cemo da otklonimo NewDotNet.
Skinite LSP-Fix za slucaj da kasnije zatreba. Nemojte ga jos uvek startovati
Da bi uklonili New.net, idite na Start | Settings | Control Panel | Add/Remove Programs i medju izlistanim stavkama potrazite New.Net. Ukoliko ga nadjete - deinstalirajte ga.
Ukoliko ga nije moguce naci u Add/Remove programs, onda idite na sledeci link i sledite uputstvo za deinstalaciju iz Procedure 4 koja se nalazi na dnu stranice.
Ukoliko nakon deinstalacije New.net-a ne mozete vise da se prikljucite na internet startujte LSP-fix koji ste skinuli ranije, i kliknite dugme Finish. Restartujte kompjuter, nakon cega bi problem internet konekcije trebao biti resen.
Nakon sto odradis ovo sa NewDotNet-om, otvori sledecu formu:
http://www.mycity.rs/ambulanta-upload.php
Tu mi uploaduj na proveru sledece fajlove:
C:\Documents and Settings\Slavoljub\Application Data\explorer.exe
C:\Documents and Settings\Slavoljub\Local Settings\Application Data\lsass.exe
D:\ATR1.EXE
C:\Program Files\Starware316\bin\Starware316.dll
Posle toga napravi novi HijackThis log, ali pre nego sto napravis novi log, prvo preimenuj HijackThis.exe u TR3.exe.
Postoje infekcije koje ce da se pokazu samo kod preimenovanog HijackThisa.
Dopuna: 18 Sep 2007 22:01
Bump!
Sta je bilo sa ovim? Jel reseno?
|
|
|
|