MyCity » Ambulanta -> Arhiva Ambulante » Trojanci?

Trojanci?

Napisano na dan: 14.2.2007
1

Trojanci?
Sledeća strana Pagination

Idi na vrh

Poslao: 14 Feb 2007 15:35
Idi na vrh
offline
  • Pridružio: 14 Feb 2007
  • Poruke: 62

Logfile of HijackThis v1.99.1
Scan saved at 15:19:04, on 14.2.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\trajan\Desktop\MOTOROLA\P2kCommander-V4.1.1\P2kAutostart.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Weather Watcher\ww.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\trajan\Desktop\New Folder\h jck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2DC9D850-144D-11E1-B3C9-10805E499D93} - (no file)
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\trajan\Desktop\MOTOROLA\P2kCommander-V4.1.1\P2kAutostart.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - Startup: Winamp Agent.lnk = C:\Program Files\Winamp\winampa.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{50403F8E-B565-4B43-B97E-E9D91DCC2225}: NameServer = 10.10.2.69,10.10.2.79
O20 - AppInit_DLLs: C:\WINDOWS\system32\tracert.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\m464lejq1hoe.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ethernet Packet Service (npacketservice) - Nokia - C:\WINDOWS\system32\npacketsvc.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

Win32/Hidrag.A
Trojan horse Downloader.Small.55.BN
Trojan horse Downloader.Generic3.MIZ
Virus identified Java/Open Stream
Sta da radim?

Poslao: 14 Feb 2007 15:39
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Cek, anti-virus ih nalazi ali ne uspeva da ih obrise, ili sta?

Poslao: 14 Feb 2007 15:49
Idi na vrh
offline
  • Pridružio: 14 Feb 2007
  • Poruke: 62

Kada udjem u virus valut i obrisem sve ,dali obrisem fajl koji je zarazen ili samo virus?mozda je pitanje glupo ali sta ako je zarazen fajl vitalan za komp?

Poslao: 14 Feb 2007 16:00
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ako je fajl vec u virus vaultu, on je vec izbrisan sa sistema, tj. nije vise u funkciji.
U logu gore se vide neke infekcije koje mi mozemo da resimo (ili barem da pokusamo), samo mi tacno opisi simptome koji se javljaju. Da li ti je jedini simptom taj sto imas te fajlove u vaultu ili primecujes jos nesto?

Poslao: 14 Feb 2007 16:07
Idi na vrh
offline
  • Pridružio: 14 Feb 2007
  • Poruke: 62

ne,neprimecujem neke probleme,bar za sada.

Poslao: 14 Feb 2007 16:40
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ja sam trenutno zauzet. Ako se niko od mojih kolega ne javi sa uputstvima za dezinfekciju do veceras, onda cu ja da preuzmem resavanje.
Imas par komada malwarea koji se vide u tom logu, a tvoj AVG ih izgleda ne prepoznaje.

Poslao: 14 Feb 2007 19:49
Idi na vrh
offline
  • Pridružio: 14 Feb 2007
  • Poruke: 62

O.K. Hvala

Poslao: 14 Feb 2007 23:41
Idi na vrh
offline
  • Pridružio: 06 Apr 2005
  • Poruke: 1023

pregledao sam log i komp ti je definitivno zarazen

pronadji sledece fajlove, zipuj ih (ili rar nije bitno) i uploaduj ih ovde
upload

C:\WINDOWS\system32\tracert.dll
C:\WINDOWS\system32\m464lejq1hoe.dll
C:\WINDOWS\svchost.exe
gcasDtServ.exe (za ovaj fajl nisam siguran gde se nalazi tako da ces morati da koristis Search)

Poslao: 15 Feb 2007 14:09
Idi na vrh
offline
  • Pridružio: 14 Feb 2007
  • Poruke: 62

samo jedan fajl sam nasao i poslao (svchost.exe) ostalih fajlova nema.Verovatno zato sto sam izbrisao iz valut-a

Poslao: 15 Feb 2007 14:23
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Poslao si pogresan svchost.exe kog si nasao u Prefetch folderu.
Procitaj sledecu temu i ukljuci opciju da mozes da vidis skrivene fajlove (ukoliko nije vec ukljucena):
http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html

18 Feb 2007 22:02 bobby Zaključavanje topica Razlog: Javiti se na PP ukoliko je potrebno otkljucavanje teme  

MyCity » Ambulanta -> Arhiva Ambulante » Trojanci?

Ko je trenutno na forumu
 

Ukupno su 878 korisnika na forumu :: 24 registrovanih, 2 sakrivenih i 852 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Bickoooo, Bubimir, Dogma21, FOX, HrcAk47, interesujeme, joca83, mercedesamg, MiG-29M2, Miki01, MiroslavD, mkukoleca, mnn2, naki011, nebkv, novator, Prašinar, Primus17, ruma, shone34, Siroo, tubular, vathra, yrraf