Haj ĐEk dis - heljp

IceFisherman · 04.02.2005., 20:23

Svako malo dok nisam na netu mi baci onaj prozor za spajanje za na net , prekontroliral sa ad adwareom i spy boot S&D , imam nod32 and ZA

here is the ljog
bi trebalo kaj od tud zbrisati
thanx

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Nod32\nod32krn.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
C:\AbitEq\abiteq.exe
C:\Nod32\nod32kui.exe
C:\ZoneAlarm\zlclient.exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Winamp\winampa.exe
F:\WINDOWS\system32\ctfmon.exe
F:\ScanPanel\ScnPanel.exe
C:\United Devices\UD.EXE
C:\United Devices\ud_7657531.exe
C:\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
C:\msn plus\MsgPlus.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
f:\progra~1\intern~1\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\IceFisherman\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vipwgpvczfbyf.com/b6cKFvC...LeJeqF1iZX.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acatwznggapkuetjshgtt.com...o1hW7_/BM.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/freesec/thankyou.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AE0A8623-0D6C-6157-2E09-66F5282A051E} - F:\DOCUME~1\ICEFIS~1\APPLIC~1\PILELI~1\mealbib.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ABITEQ] C:\AbitEq\abiteq.exe -M
O4 - HKLM\..\Run: [nod32kui] "C:\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
O4 - HKLM\..\Run: [zzzCamInSuiteIII] I:\SETUP.EXE 2***
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\msn plus\MsgPlus.exe"
O4 - HKLM\..\Run: [Win Meow Surf Chin] F:\Documents and Settings\All Users\Application Data\Settings Base Win Meow\BOOB BLAH.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sectjump] F:\DOCUME~1\ICEFIS~1\APPLIC~1\ANTETO~1\DALE RULE SECOND.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: UD Agent.lnk = C:\United Devices\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = F:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Ifran W\Ebay\Ebay.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{F99659E5-4481-40C3-8431-9CA963A23CE9}: NameServer = 213.149.32.23 213.149.32.24
O23 - Service: Ati HotKey Poller - Unknown - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NOD32 Kernel Service - Unknown - C:\Nod32\nod32krn.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

Costa · 05.02.2005., 01:06

Sredi:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vipwgpvczfbyf.com/ b6cKF...ELeJeqF1iZX.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acatwznggapkuetjshgtt.co...Ko1hW7_/BM.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/freesec/thankyou.htm
O2 - BHO: (no name) - {AE0A8623-0D6C-6157-2E09-66F5282A051E} - F:\DOCUME~1\ICEFIS~1\APPLIC~1\PILELI~1\mealbib.exe
O4 - HKLM\..\Run: [zzzCamInSuiteIII] I:\SETUP.EXE 2***
O4 - HKLM\..\Run: [Win Meow Surf Chin] F:\Documents and Settings\All Users\Application Data\Settings Base Win Meow\BOOB BLAH.exe
O4 - HKCU\..\Run: [Sectjump] F:\DOCUME~1\ICEFIS~1\APPLIC~1\ANTETO~1\DALE RULE SECOND.exe

IceFisherman · 05.02.2005., 12:05

thnx, but nakon kej sam to zbrisal sljedila je navala prozoreka ( ček d link) i kolko god sam ja metal da zapamti kaj sam kliknul i denay samo su opet skakali , i još uvek dolaziju
WTF:confused:
http://img214.exs.cx/img214/5939/nekej4tn.gif

Costa · 05.02.2005., 20:09

Daj opet posalji log.

A sto se tice prozora to ti se javlja SpyBotov Tea Timer - program koji poput antivirusa cijelo vrijeme pazi na odredjene stvari. Recimo promjenu homepagea sto ti se sad dogadja. Neki spyware ti se opet aktivirao.

IceFisherman · 05.02.2005., 20:13

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Nod32\nod32krn.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
C:\AbitEq\abiteq.exe
C:\Nod32\nod32kui.exe
C:\ZoneAlarm\zlclient.exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
F:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Winamp\winampa.exe
C:\msn plus\MsgPlus.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\ScanPanel\ScnPanel.exe
f:\progra~1\intern~1\iexplore.exe
C:\United Devices\UD.EXE
C:\United Devices\ud_7657531.exe
C:\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
F:\Program Files\Outlook Express\msimn.exe
C:\Opera75\opera.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Documents and Settings\IceFisherman\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.trecpqqkcdmgjemouoqeom.bi...LeJeqF1iZX.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acatwznggapkuetjshgtt.com...o1hW7_/BM.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/freesec/thankyou.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ABITEQ] C:\AbitEq\abiteq.exe -M
O4 - HKLM\..\Run: [nod32kui] "C:\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\msn plus\MsgPlus.exe"
O4 - HKLM\..\Run: [zzzCamInSuiteIII] I:\SETUP.EXE 2***
O4 - HKLM\..\Run: [Win Meow Surf Chin] F:\Documents and Settings\All Users\Application Data\Settings Base Win Meow\BOOB BLAH.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sectjump] F:\DOCUME~1\ICEFIS~1\APPLIC~1\ANTETO~1\DALE RULE SECOND.exe
O4 - Startup: UD Agent.lnk = C:\United Devices\UD.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = F:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Ifran W\Ebay\Ebay.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{F99659E5-4481-40C3-8431-9CA963A23CE9}: NameServer = 213.149.32.23 213.149.32.24
O23 - Service: Ati HotKey Poller - Unknown - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - F:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NOD32 Kernel Service - Unknown - C:\Nod32\nod32krn.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

ni mi jasno od kam mi je taj sav spajver došel , znam da se je pojavil u petak kad sam reinstaliral windowze

Costa · 06.02.2005., 10:03

Opet ti se sve vratilo. Ostao je neki program koji to sve vraca.

Daj pogledaj jel u F:\Program files imas neki dir slicnog naziva kao Internet Explorer?

05.02.2005., 01:06	#2
Costa Moderator Datum registracije: Aug 2003 Lokacija: Zagreb Postovi: 3,193	Sredi: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vipwgpvczfbyf.com/ b6cKF...ELeJeqF1iZX.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acatwznggapkuetjshgtt.co...Ko1hW7_/BM.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/freesec/thankyou.htm O2 - BHO: (no name) - {AE0A8623-0D6C-6157-2E09-66F5282A051E} - F:\DOCUME~1\ICEFIS~1\APPLIC~1\PILELI~1\mealbib.exe O4 - HKLM\..\Run: [zzzCamInSuiteIII] I:\SETUP.EXE 2*** O4 - HKLM\..\Run: [Win Meow Surf Chin] F:\Documents and Settings\All Users\Application Data\Settings Base Win Meow\BOOB BLAH.exe O4 - HKCU\..\Run: [Sectjump] F:\DOCUME~1\ICEFIS~1\APPLIC~1\ANTETO~1\DALE RULE SECOND.exe

05.02.2005., 20:09	#4
Costa Moderator Datum registracije: Aug 2003 Lokacija: Zagreb Postovi: 3,193	Daj opet posalji log. A sto se tice prozora to ti se javlja SpyBotov Tea Timer - program koji poput antivirusa cijelo vrijeme pazi na odredjene stvari. Recimo promjenu homepagea sto ti se sad dogadja. Neki spyware ti se opet aktivirao.

06.02.2005., 10:03	#6
Costa Moderator Datum registracije: Aug 2003 Lokacija: Zagreb Postovi: 3,193	Opet ti se sve vratilo. Ostao je neki program koji to sve vraca. Daj pogledaj jel u F:\Program files imas neki dir slicnog naziva kao Internet Explorer?

Oglasni prostor
PC Ekspert Forum Oglas

Oglasni prostor
PC Ekspert Forum Oglas