MyCity » Ambulanta -> Arhiva Ambulante » Pomagajte drugovi !!!

Pomagajte drugovi !!!

Napisano na dan: 18.5.2007
2

Pomagajte drugovi !!!
Pagination Prethodna strana

Idi na vrh

Poslao: 19 Maj 2007 21:33
Idi na vrh
offline
  • Pridružio: 08 Jul 2005
  • Poruke: 56
  • Gde živiš: United States of Serbia

Sve uradjeno.
Ovaj bilmez bas uporan, tri puta mjenja, a Skype aktivan.
Zaobisao sam Mail Washer, isao na Oe, i sada dok ovo kucam, ponovo je promjenio lozinku.

Evo nalaza:
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: Not-A-Virus.PSWTool.Win32.PWDump.2
Path: D:\Dokumenta\Programi\NOVI PROGRAMI\LCP 5.04.exe/samdump.dll1
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.PWDump3
Path: D:\Dokumenta\Programi\NOVI PROGRAMI\LCP 5.04.exe/pwservice.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.PWDump3
Path: D:\Dokumenta\Programi\NOVI PROGRAMI\LCP 5.04.exe/pwservice.exe3
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.PWDump.2
Path: D:\Dokumenta\Programi\NOVI PROGRAMI\LCP 5.04.exe/samdump.dll1
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.PWDump3
Path: D:\Dokumenta\Programi\NOVI PROGRAMI\LCP 5.04.exe/pwservice.exe
Risk: Low

Name: Not-A-Virus.PSWTool.Win32.PWDump3
Path: D:\Dokumenta\Programi\NOVI PROGRAMI\LCP 5.04.exe/pwservice.exe3
Risk: Low

Name: Trojan.Razbijac.h
Path: D:\Dokumenta\Programi\Paket za bezbednost\Brisanje kolacica\Delete Cookie v1.0 patch by DEVOTiON.zip/Hide-Ip-Soft.Delete.Cookie.v1.0-DVT/DVT/patch.exe
Risk: High

Name: Trojan.Small
Path: D:\Dokumenta\Programi\Paket za internet\MailWasher\mailwasher.pro.5.3.patch-icu.zip/mailwasher.pro.5.3-patch.exe
Risk: High


Logfile of HijackThis v1.99.1
Scan saved at 21:32:50, on 19.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hide The IP\HideTheIP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\TC PowerPack\totalcmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Documents and Settings\Ljubiša\Desktop\Hijack\Hijack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Hide-The-IP] "C:\Program Files\Hide The IP\HideTheIP.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....5204976593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....5205518171
O17 - HKLM\System\CCS\Services\Tcpip\..\{E15DD953-CF4A-4882-BE39-2FBD1F4B9126}: NameServer = 87.250.124.1 87.250.125.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Poslao: 19 Maj 2007 22:31
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

C:\Program Files\Hide The IP\HideTheIP.exe - koji je ovo program? Ne mogu da nadjem nikakav info o njemu na netu.

Poslao: 19 Maj 2007 23:32
Idi na vrh
offline
  • Pridružio: 08 Jul 2005
  • Poruke: 56
  • Gde živiš: United States of Serbia

Skriva IP adresu, mjenja je, koristeci proxy servere !
Nije on uzrok, koristim ga vec odavno, povremeno po potrebi.

Poslao: 19 Maj 2007 23:35
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nemam vise ideju.
Vidim da nedostaju podesavanja za Proxy server u logu, ali pretpostavljam da je to zbog ovog programa.
Dobar deo loga se odnosi na podesavanja Bonjour protokola. Jel ti je PC povezan sa nekim Apple Mac-om?

Poslao: 20 Maj 2007 00:29
Idi na vrh
offline
  • Pridružio: 08 Jul 2005
  • Poruke: 56
  • Gde živiš: United States of Serbia

Hide the IP odlicno skriva stvarnu adresu, prikazujuci druge.
Ne verujem da je on uzrok.
Za onaj Bonjour, primjetio sam ga, ali ne znam sa kojim sam ga programom instalirao.
Samo da skinem jedan fajl, pa cu da odradim povracaj kopije - bekap totalno cistog sistema, sa DVD, onda idem redom da instaliram par dodatnih programa, i videcu koji ga je postavio.
Nisam uvezan ni sa jednim, ma mozda su dusmani, ali cisto sumnjam,
oni se ne bi ovako identifikovali !
Sutra cu ti javiti sta je u pitanju, odnosno sta ga je instaliralo !

MyCity » Ambulanta -> Arhiva Ambulante » Pomagajte drugovi !!!

Ko je trenutno na forumu
 

Ukupno su 836 korisnika na forumu :: 9 registrovanih, 0 sakrivenih i 827 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, bigfoot, Bluper, darkojbn, DPera, hyla, Valter071, yrraf, zziko