Dlančnik (PDA)

Poglejte polno različico : Kam je šla Velika Britanija?


Mihey
02.12.2006, 09:26
http://amazon.co.uk/
http://news.bbc.co.uk/

Dva primera tipičnih strani na strežnikih v Veliki Britaniji. Ali delujeta normalno za vas?

Kajti jaz dobivam čudne strani ("Black Anal Sex" vam vse pove). Kaj je tu narobe? DNS ali pa sta oba moja brskalnika hijacked? Pognal sem skene, uničil razne trojančke pa tako, pa še vedno nič.

Kam je Velika Britanija ušla?

wishmaster
02.12.2006, 09:29
Mihey, men vredu odpre obe strani. A si pregledal racunalnik z kaksnim antivirusnim programom (lahko online od pande ali bitdefenderja) in za spyware (spybot)

kitl
02.12.2006, 09:30
Meni dela BP.

Slayer
02.12.2006, 10:11
Predvidevam da imas vse privzeto in da ti je en virus rahlo spremenil hosts.
Poglej v:
C:\WINDOWS\system32\drivers\etc
Tam mas en file z imenom "hosts", to odpri z wordpadu.
Ce imas mogoce noter vpisane oni dve strani, potem zbrisi celo vrstico. Ne pa brisat "127.0.0.1 localhost".

Mihey
02.12.2006, 10:40
Ne, hosts je nedotaknjen, tam sem najprej pregledal. Potem skeniral z Ad-Aware in SpyBot S&D, vse počistil. Problem pa se še pojavlja.

Moral bom poseči po artileriji... HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 11:42:51, on 2.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SiOL\ADSL\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SiOL\ADSL\app\enternet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Doma\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://linux/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093344750875
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37380.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {EAAB55CB-9D6E-457A-A10B-4AAEC8317CFC} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_8_EN_XP.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C83D819-CDC5-4F72-AFB5-49EC34FAD51B}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{32498B15-0B74-41ED-8B67-76E5EF39C049}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD303C2C-9569-45DD-9AC8-26EDF674C95A}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C83D819-CDC5-4F72-AFB5-49EC34FAD51B}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.60
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SiOL\ADSL\app\pppoeservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Hm, kaj lahko razberete iz tega?

jegrcek
02.12.2006, 10:56
skopiraj tale tvoj log na http://www.hijackthis.de/ in boš vidu da imaš kar nekaj stvari za zbrisat

Mihey
02.12.2006, 11:13
Okej, nevarne zadeve sem zbrisal, vendar s tem problem še ni opravljen. Kaj zdaj?

Še to:
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C83D819-CDC5-4F72-AFB5-49EC34FAD51B}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{32498B15-0B74-41ED-8B67-76E5EF39C049}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD303C2C-9569-45DD-9AC8-26EDF674C95A}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C83D819-CDC5-4F72-AFB5-49EC34FAD51B}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.60

So ti IP naslovi varni ali naj jih zbrišem?

Mihey
02.12.2006, 11:58
Malo sem raziskal zgornje naslove... na http://www.dndstuff.com sem vnesel te numerične naslove in zanimivo:

http://www.dnsstuff.com/tools/ipall.ch?ip=85.255.112.60

Zakaj bi bili resni sevisi bazirani v Belorusiji ozioma Ukajini (pod WHOIS)? In tako sem se odločil, da jih zbrišem, in po ponovnem zagonu ... evo, spet lahko berem novice na BBC! :2thumbs:

Hvala za pomoč! Upam, da bo kdo tem barabinom stopil na prste.