msn problem

1

msn problem

offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

offline
  • den78  Male
  • Super građanin
  • Pridružio: 07 Jul 2005
  • Poruke: 1227
  • Gde živiš: Moe's Tavern

mozda ti ovo bude od pomoci
http://babelfish.altavista.com/babelfish/trurl_pag.....46306.html

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Prebacujem u Ambulantu posto je ovo slucaj za nas Smile

Procitaj http://www.mycity.rs/Ambulanta/Procitati-pre-otvaranja-teme.html
i postavi nam ovde HJT log.

offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Logfile of HijackThis v1.99.1
Scan saved at 5:41:32 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\msnlogm.exe
C:\WINDOWS\msnlogs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sasa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RamSmash] "C:\Program Files\RamSmash\RamSmash.exe" /start
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B73424E-1A5E-47E5-9CCD-56A7B483EB52}: NameServer = 82.208.201.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Abyss Web Server (AbyssWebServer) - - (no file)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

hjt iz posebnog foldera:


Logfile of HijackThis v1.99.1
Scan saved at 5:42:45 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\msnlogm.exe
C:\WINDOWS\msnlogs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sasa\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Sasa\Desktop\bobby\ht4.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RamSmash] "C:\Program Files\RamSmash\RamSmash.exe" /start
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B73424E-1A5E-47E5-9CCD-56A7B483EB52}: NameServer = 82.208.201.3
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Abyss Web Server (AbyssWebServer) - - (no file)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Sporni su sledeci fajlovi:

C:\WINDOWS\msnlogm.exe
C:\WINDOWS\msnlogs.exe


Ukoliko si u mogucnosti da nam posaljes zipovanu kopiju ta dva fajla, koristeci nas upload za malware, bio bih zahvalan:
http://www.mycity.rs/ambulanta-upload.php
Fajlovi ce biti prosledjeni proizvodjacima anti-virus programa na analizu, kako bi ih uvrstili u detekciju.

Nakon toga je potrebno fajlove obrisati sa diska.
Moze se desiti da brisanje ne bude moguce iz normalnog moda rada Windowsa, pa da bude potrebno da to uradis iz Safe Mode-a.

offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Naravno, evo ih u .rar-u

[mod by bobby = obrisao link]. Ti posle izbrisi ovaj link, posto mi onaj sto si ga dao za uploadovanje ne radi.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Preuzeo sam fajlove, hvala.
Za sada samo Panda i Prevx detektuju te fajlove. Poslacu ih i ostalima.

Ti ih sada pobrisi kod sebe i resi se bede Smile

btw. nije mi jasno kako to da upload nije hteo da radi jer meni savrseno funkcionise.

offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

OK, videcu da jos neko proba, mozda je do dozvola (mod <> korisnik).

Dopuna: 02 Dec 2006 12:34

@goust
Pitaju kolege iz AV kompanija koji su simptomi ovoga, posto oni ne nalaze nista maliciozno u ovim programima?
Jel izbacuju pop-upove (osim ovoga o registraciji)?
Jel imas neke redirekcije kada ukucas pogresne adrese u IE-u (vidim da koristis FF, ali probaj da vidimo IE)?
Odakle si skinuo te emoticone?
Jel ti je pri instaliaciji reklo da ce da instalira jos nesto itd, daj sto vise podataka da vide da li da ukljuce ove fajlove u definicije AV programa.

offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Jedino da ponovo instaliram MSN.Emoticons.Plus.v3.0. (i jos nesto u produzetku) pa da onda probam IE. Znas sta, ne znam da li bi se ti petljao sa time ako pokusam da pronadjem link za download, pa da skines ceo program i isprobas ga posto je u pitanju share+ verzija, mada ne vidim zasto ne, jer tebe interesuju virusi Wink

Ko je trenutno na forumu
 

Ukupno su 1139 korisnika na forumu :: 51 registrovanih, 8 sakrivenih i 1080 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Andrija357, Apok, babaroga, bbogdan, Bobrock1, bokisha253, Brana01, CikaKURE, darcaud, Denaya, djboj, dolinalima, Dorcolac, draganl, draggan, DragoslavS, elenemste, FileFinder, Frunze, goxsys, h8propaganda, helen1, HrcAk47, ikan, Istman, Kazablankasrb, Koridor, kybonacci, Leonov, Mika_NS, mkukoleca, mnn2, MrNo, nebidrag, Neutral-M, nextyamb, nick79, Niko Bitan, Nikolaa11, nuke92, Panter, pein, royst33, sasakrajina, sevenino, Tas011, vladaa012, Volkhov-M, vukovi, |_MeD_|