Pojavilo mi se na ekranu Error Safe!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kao sto naslov kaze pojavilo mi se Error Safe i pise dali hocu da nastavim jer kompjuter ima mnogo gresaka i ja kliknuo OK i onda je trezio i pronasao 4 problema!

E sad, ovo je samo Trial verzija, a ja bih Free i dali postoji tako nesto!?
Ako razumete sta hocu da pitam!?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Mogu da te obavestim da si pao na trik i da ti je sada racunar najverovatnije zarazen.

Pogledaj forum Ambulanta i u njemu teme izdvojene sa "Vazno", pa postavi ovde HJT log.

Nakon sto postavis log, ja cu da premestim temu u Ambulantu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 02:14:59, on 2006-12-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe
C:\apps\ABoard\ABoard.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
D:\Documents and Settings\goran.049747020057\Mina dokument\Winamp\winampa.exe
C:\Program\Java\jre1.5.0_09\bin\jusched.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\QuickTime\qttask.exe
C:\Program\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program\MSN Messenger\msnmsgr.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program\Emoticons Mail\emomail.exe
C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program\Hbtools\HBTV\HBTV.exe
C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\HbTools\Bin\4.8.2.0\HbtSrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]\APPS\IE\offline\sw.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DE7A547A42203AC1 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program\HbTools\Bin\4.8.2.0\HbtHostIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program\Delade filer\Ulead Systems\AutoDetector\monitor.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Documents and Settings\goran.049747020057\Mina dokument\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "d:\Program\SPYWAR~2\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\Program\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program\HbTools\Bin\4.8.2.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [goikmuup] C:\WINDOWS\system32\zcoxmgvt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\Program\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [9] "D:\Program\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [EZ Smileys] "D:\EZ Smileys\EZSmileys.exe"
O4 - HKCU\..\Run: [Emoticons Mail] C:\Program\Emoticons Mail\emomail.exe
O4 - HKCU\..\Run: [Error Safe] "C:\Program\Error Safe Free\ers.exe" /min
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm
O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program\Delade filer\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Unknown owner - C:\Program\WinClamAVShield\sp_clamsrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Za pocetak, sledece fajlove spakuj u jedan ZIP, i uploaduj nam na:
[Link mogu videti samo ulogovani korisnici]

Fajlovi su:
C:\Program\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
D:\Documents and Settings\goran.049747020057\Mina dokument\Winamp\winampa.exe
C:\APPS\IE\offline\sw.htm
C:\WINDOWS\system32\zcoxmgvt.exe
D:\Program\Vidalia\vidalia.exe"
D:\EZ Smileys\EZSmileys.exe"
C:\Program\Emoticons Mail\emomail.exe
C:\WINDOWS\system32\ebkp.dll
C:\Program\Delade filer\BOONTY Shared\Service\Boonty.exe

kao i cele foldere;
C:\Program\MyWebSearch
C:\Program\HbTools
C:\Program\Error Safe Free

Ukoliko znas cemu sluze sledeci programi, i sam si ih instalirao, onda njihove fajlove ne moras da uploadujes:
Boonty
Vidalia
Emoticons Mail
EZSmileys
Vade Retro Outlook Express

WinAmp je takodje sumnjiv zato sto radi sa desktopa, a ne iz foldera u kojem se obicno instaliraju programi.

I jos nesto, molim te da sledeci put iskljucis programe koje si sam ukljucio pre nego sto napravis sledeci log, posto nam to samo pravi vise posla.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

uploadovao sam 2 foldera, a ovaj treci nije mogao i cekao sam 20 minuta na upload ali nista! Sta da radim?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jel je taj treci folder veci od 10mb kada se spakuje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jao Boby zaboravio sam koji sam folder uploadovao!

Ovde imam, celi folderi od (44,3 KB),
celi folderi_1 (10,8 MB)
i celi folderi_2 (2,42 MB)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Onaj od 10,8 razbij na dva ZIP-a.

U onome sto si vec uploadovao, nasao sam preko 30 malicioznih fajlova.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Boby, ovo sam ti malopre poslao ali ovaj od 23 MB, ZIP-om 8 MB nece nikako da se razbije!
Ima samo jedna ikonica i kad kliknem da se otvori pise samo OK i kao neko upozorenje!
Neznam zasto, nemogu nikako da pristupim,a da ih uploadujem celih 8 MB sam pokusavao nekoliko puta i nista! Zaustavi se na polovini!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve ovo sto si mi do sada poslao je maliciozno, znaci lose.
Ako nije frka, sutra ujutru cu da ti napisem uputstvo za otklanjanje, posto sam sada umoran i mogu nesto slucajno da izostavim.

Nisi mi rekao za ono ostalo sto sam ti potrazio, da li neke od tih programa prepoznajes (da li si ih ti instalirao)?

Ima u onom mom gornjem postu jos par stvari koje su mi jako bitne:

C:\APPS\IE\offline\sw.htm
C:\WINDOWS\system32\zcoxmgvt.exe
C:\WINDOWS\system32\ebkp.dll

Za one ostale programe sa spiska iz prethodnog posta zamolio bih te znaci da mi kazes da li si ih ti instalirao i da li znas cemu sluze, da te ne bih uputio da ih brises bezveze.