|
01.12.2005., 00:20 | #1 |
Premium
Datum registracije: Sep 2003
Lokacija: Sisak
Postovi: 1,058
|
hijack this
Logfile of HijackThis v1.99.1 Scan saved at 0:17:30, on 1.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\mssearchnet.exe C:\Program Files\ULI5289\ALi5289.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\Winamp\winampa.exe C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe D:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Sven\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/ O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp5469.tmp O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AtiTrayTools] C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe O4 - Startup: SpeedFan.lnk = D:\Program Files\SpeedFan\speedfan.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Evo logfile, nasao sam na pizdariju zvanu spy axe koja me terorizira zadnja 3 dana. Micao sam je sa svim i svačim ali nema kruha. Ajd pomozite ljudi! |
01.12.2005., 06:12 | #2 |
Premium
Datum registracije: Jan 2004
Lokacija: Rab
Postovi: 50
|
Probaj ovo (sorry na engleskom) Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later. Be sure to follow ALL instructions! Please download noahdfear's smitRem.exe©. Save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. http://noahdfear.geekstogo.com/clic.../click.php?id=1 *** Download SpyAxeFix.exe © noahdfear. Save it to your desktop. http://noahdfear.geekstogo.com/clic.../click.php?id=8 *** If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.(link at the bottom of my message) Check the link below on how setup and use it - please make sure you update it first. http://russelltexas.com/malware/adawarese/adawarese.htm *** Download Ewido Security suite http://download.ewido.net/ewido-setup.exe Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml *** Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Post me the contents of the smitfiles.txt log as you post back. *** Close all other programs and windows. Double click SpyAxeFix.exe, then click Start to extract the tool to it's own folder. Open the SpyAxeFix folder and double click the SpyAxeFix.bat to start the tool. At one point when the tool runs, your taskbar will dissappear, and your computer will restart when the tool completes. A text file named spyaxe.txt will be created in the SpyAxeFix folder. Post the contents of that log please. *** Open Ad-aware and do a full scan. Remove all it finds. Run Ewido Security suite Run Ewido: * Click on scanner * Click on Complete System Scan and the scan will begin. * NOTE: During some scans with ewido it is finding cases of false positives. * You will need to step through the process of cleaning files one-by-one. * If ewido detects a file you KNOW to be legitimate, select none as the action. * DO NOT select "Perform action on all infections" * If you are unsure of any entry found select none for now. * When the scan is finished, click the Save report button at the bottom of the screen. * Save the report to your desktop Close Ewido *** Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. *** Reboot back into Windows . *** Run the Free use Panda Active Scan. http://www.pandasoftware.com/products/ActiveScan.htm You will need to allow the popups for this site! Click on Scan your PC. A new browser window will open with Panda ActiveScan. If this is the first time you scan your PC, you'll have to download the ActiveX controls (8 MB). A new window will open Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When the download is complete, click on scan my computer to start the scan |
|
|
Oglas
|
|
01.12.2005., 09:10 | #3 |
Moderator
Datum registracije: Jan 2005
Lokacija: Rijeka
Postovi: 8,918
|
iskljuci: C:\WINDOWS\system32\mssearchnet.exe pobrisi: O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp5469.tmp O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) inace, antiblaxx ti se zna klati sa daeom toolsima, ako budesh imao problema da znash o cemu se radi. instaliraj ad-aware, napravi update i full disk scan (ukljuceno sacan within archives) takodjer instaliraj cwshredder, napravi scan. programcic sam obavlja svoje. scaniraj sa antivirusom (koji mora biti up to date.) hijack this i baci log ovamo...
__________________
___________ HTPC: Intel Core2Duo E8500 × ATI Sapphire HD4670 HDMI × 2x 1GB DDR2 × Samsung 160GB × Lenovo Key+Mouse × Philips 49PFS5501 LED TV × Technics SA-EH780 5.1 × Windows 10 Laptop1: Lenovo x100e w/Windows 10 |
02.12.2005., 02:23 | #4 |
Premium
Datum registracije: Sep 2003
Lokacija: Sisak
Postovi: 1,058
|
Logfile of HijackThis v1.99.1 Scan saved at 2:20:30, on 2.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvctrl.exe C:\Program Files\ULI5289\ALi5289.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\Winamp\winampa.exe C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe D:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Documents and Settings\Sven\Desktop\hijackthis\HijackThis.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\wscntfy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.1/ O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp538E.tmp O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AtiTrayTools] C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe O4 - Startup: SpeedFan.lnk = D:\Program Files\SpeedFan\speedfan.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Evo ga, sada jesam ga pobrisao ili ne vidjet cemo. Kako isključim C:\WINDOWS\system32\mssearchnet.exe? |
02.12.2005., 12:47 | #5 |
Moderator
Datum registracije: Jan 2005
Lokacija: Rijeka
Postovi: 8,918
|
ako ti onaj ewido nista ne koristi, uninstaliraj i izbrishi ova dva pod O23. C:\WINDOWS\system32\mssearchnet.exe ides na start menu -> run -> msconfig tu mozesh vidjeti sto ti se sve vrti u pozadini.
__________________
___________ HTPC: Intel Core2Duo E8500 × ATI Sapphire HD4670 HDMI × 2x 1GB DDR2 × Samsung 160GB × Lenovo Key+Mouse × Philips 49PFS5501 LED TV × Technics SA-EH780 5.1 × Windows 10 Laptop1: Lenovo x100e w/Windows 10 |
11.12.2005., 21:33 | #6 |
Premium
Datum registracije: Sep 2003
Lokacija: Sisak
Postovi: 1,058
|
Evo već n-ti put sam pokupio spyware/troyance/i ostale pizdarije koje mi nedaju mira. Idem formatirati hdd jer mi se neda zezati više. Dosada sam koristio avast+zonealarm ali očito taj combo više ne funkcionira. Pa, koje (besplatne) antiviruse/firewallove koristite i koje bi ste preporučili? |
11.12.2005., 21:43 | #7 |
Moderator
Datum registracije: Jan 2005
Lokacija: Rijeka
Postovi: 8,918
|
ja koristim avg antivirus, makar su i avast i nod32 dobri. od firewalla su dobri kerio, sygate i zone alarm. vjeruem da se ovo tvoje mroa rijeshiti u sat vremena, samo treba ima dobar software za ciscenje. no, uvijek postoje extremni slucajevi kada samo format c: pomaze.
__________________
___________ HTPC: Intel Core2Duo E8500 × ATI Sapphire HD4670 HDMI × 2x 1GB DDR2 × Samsung 160GB × Lenovo Key+Mouse × Philips 49PFS5501 LED TV × Technics SA-EH780 5.1 × Windows 10 Laptop1: Lenovo x100e w/Windows 10 |
|
|
Oglas
|
|
|
|