Forumi
Home Pravila i pomoć Članovi Kalendar Današnji postovi


Povratak   PC Ekspert Forum > Računala > Problemi > Hardverski problemi
Osvježi stranicu Please costa,hijack...
Ime
Lozinka

Odgovori
 
Uređivanje
Staro 16.03.2005., 19:22   #1
giga
Tlacitelj i neznalica
Moj komp
 
giga's Avatar
 
Datum registracije: Dec 2003
Lokacija: Rijeka
Postovi: 1,868
Hijack this.....
Molio bi te za strucni komentar ovoga:

Logfile of HijackThis v1.99.1
Scan saved at 18:16:59, on 16.3.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Zuta\LOCALS~1\Temp\Rar$EX00.843\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - C:\WINDOWS\DOWNLO~1\ipreg32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\azesearch.ocx (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [tbgpsxvk] c:\windows\system32\tbgpsxvk.exe -start
O4 - HKLM\..\Run: [loader32] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [tcomantidialerrun] C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binarie...lv32_EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31229573-85A8-456B-B732-472748DFBFAD}: NameServer = 161.53.114.145 161.53.114.135
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
__________________
Tko nema ni jednog prijatelja ide kao stranac po zemlji.
Zadnje izmijenjeno od: giga. 16.03.2005. u 22:12.
giga je offline   Reply With Quote
Staro 17.03.2005., 22:02   #2
Costa
Moderator
 
Costa's Avatar
 
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
Ukloni:
R3 - Default URLSearchHook is missing
O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - C:\WINDOWS\DOWNLO~1\ipreg32.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\azesearch.ocx (file missing)
O4 - HKLM\..\Run: [tbgpsxvk] c:\windows\system32\tbgpsxvk.exe -start
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O4 - HKLM\..\Run: [loader32] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binari...slv32_EN_XP.cab

Ovo mi je jako cudno:
O4 - HKLM\..\Run: [loader32] C:\Program Files\Internet Explorer\IEXPLORE.EXE

To je inace OK link do IE-a ali nisam nikad vidio da se tako pokrece pri startupu. Daj ga uploadaj na http://www.virustotal.com/flash/index_en.html pa vidi jel sve u redu.

Instant Access je dialer, ima veze s pornjavom. Ovdje imas detaljno o njemu: http://securityresponse.symantec.com...antaccess.html
Costa je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Staro 17.03.2005., 23:42   #3
giga
Tlacitelj i neznalica
Moj komp
 
giga's Avatar
 
Datum registracije: Dec 2003
Lokacija: Rijeka
Postovi: 1,868
Ovo mi je jako cudno:
O4 - HKLM\..\Run: [loader32] C:\Program Files\Internet Explorer\IEXPLORE.EXE

To je inace OK link do IE-a ali nisam nikad vidio da se tako pokrece pri startupu. Daj ga uploadaj na http://www.virustotal.com/flash/index_en.html pa vidi jel sve u redu.
--------------------------------------------------------------------------------------
Zamolio bi te ako mi mozes objasniti ovaj dio jer mi nije jasan pa ako mi mozes pojasniti,nije za mene ali pretpostavljam da niti ovaj za koga je nece znati...
Ne kuzim sta treba uploadati....
__________________
Tko nema ni jednog prijatelja ide kao stranac po zemlji.
giga je offline   Reply With Quote
Staro 18.03.2005., 08:06   #4
Costa
Moderator
 
Costa's Avatar
 
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
Posjetis VirusTotal, stisnes "Browse" i izaberes iexplore.exe (iz C:\Program files\Internet Explorer\" direktorija. Nakon sto stisnes "Send") pricekas dok ne uploada file i zavrsi s testiranjem. Na kraju vidis da li je file zarazen. Testira ga sa 17 antivirusnih programa.
Costa je offline   Reply With Quote
Staro 18.03.2005., 13:01   #5
giga
Tlacitelj i neznalica
Moj komp
 
giga's Avatar
 
Datum registracije: Dec 2003
Lokacija: Rijeka
Postovi: 1,868
Moja prva reakcija: BOOOŽŽEEE!
Pa zar i to postoji,ja to ne bi skuzio sljedece tri godine,puno hvala!
__________________
Tko nema ni jednog prijatelja ide kao stranac po zemlji.
giga je offline   Reply With Quote
Staro 19.03.2005., 13:19   #6
Izopaceni
Premium
Moj komp
 
Izopaceni's Avatar
 
Datum registracije: Feb 2005
Lokacija: Enemy Territory
Postovi: 210
A kakva je razlika izmedu Hijack This i AD-Awere
__________________
It s Nice To be Important,But More Important is to be nice......
Izopaceni je offline   Reply With Quote
Staro 19.03.2005., 13:44   #7
Freek
Premium
Moj komp
 
Freek's Avatar
 
Datum registracije: Mar 2004
Lokacija: Zagreb/Dubrava
Postovi: 2,869
Citiraj:
Originally posted by Izopaceni
A kakva je razlika izmedu Hijack This i AD-Awere
Hijack je manualni. Dakle sam biraš što želiš izbacit, dakle treba bit upoznat šta je šta. Dok AD-Aware ima svoju bazu preko koje briše spyware.
Freek je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Odgovori

« Prethodna tema | Sljedeća tema »


Pravila postanja
Vi ne možete otvarati nove teme
Vi ne možete pisati odgovore
Vi ne možete uploadati priloge
Vi ne možete uređivati svoje poruke
BB code je Uključeno
Smajlići su Uključeno
[IMG] kod je Uključeno
HTML je Isključeno
Idi na



© 1999-2024 PC Ekspert - Sva prava pridržana ISSN 1334-2940
Ad Management by RedTyger
Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.