Nazaj   Siol.net forumi > Storitve Telekoma Slovenije > Tehnična pomoč

Tehnična pomoč za naročnike storitev...

Odgovori
 
Orodja za teme
  #1  
Staro 02.12.2006, 10:26
Mihey Uporabnik Mihey ni prijavljen
Novinec
Član od: Aug 2006
Sporočila: 14
Privzeto Kam je šla Velika Britanija?

http://amazon.co.uk/
http://news.bbc.co.uk/

Dva primera tipičnih strani na strežnikih v Veliki Britaniji. Ali delujeta normalno za vas?

Kajti jaz dobivam čudne strani ("Black Anal Sex" vam vse pove). Kaj je tu narobe? DNS ali pa sta oba moja brskalnika hijacked? Pognal sem skene, uničil razne trojančke pa tako, pa še vedno nič.

Kam je Velika Britanija ušla?
Odgovorite s citatom
  #2  
Staro 02.12.2006, 10:29
wishmaster Uporabnik wishmaster ni prijavljen
Pripravnik
Član od: Dec 2004
Sporočila: 403
Privzeto Re: Kam je šla Velika Britanija?

Mihey, men vredu odpre obe strani. A si pregledal racunalnik z kaksnim antivirusnim programom (lahko online od pande ali bitdefenderja) in za spyware (spybot)
Odgovorite s citatom
  #3  
Staro 02.12.2006, 10:30
kitl Uporabnik kitl ni prijavljen
Uporabnik
Prikazne slike uporabnika/ce kitl
Član od: Sep 2004
Sporočila: 1.155
Privzeto Re: Kam je šla Velika Britanija?

Meni dela BP.
__________________
LP, Kitl
Odgovorite s citatom
  #4  
Staro 02.12.2006, 11:11
Slayer Uporabnik Slayer ni prijavljen
Novinec
Član od: Oct 2000
Sporočila: 8
Privzeto Re: Kam je šla Velika Britanija?

Predvidevam da imas vse privzeto in da ti je en virus rahlo spremenil hosts.
Poglej v:
C:\WINDOWS\system32\drivers\etc
Tam mas en file z imenom "hosts", to odpri z wordpadu.
Ce imas mogoce noter vpisane oni dve strani, potem zbrisi celo vrstico. Ne pa brisat "127.0.0.1 localhost".
Odgovorite s citatom
  #5  
Staro 02.12.2006, 11:40
Mihey Uporabnik Mihey ni prijavljen
Novinec
Član od: Aug 2006
Sporočila: 14
Privzeto Re: Kam je šla Velika Britanija?

Ne, hosts je nedotaknjen, tam sem najprej pregledal. Potem skeniral z Ad-Aware in SpyBot S&D, vse počistil. Problem pa se še pojavlja.

Moral bom poseči po artileriji... HijackThis.

Citat:
Logfile of HijackThis v1.99.1
Scan saved at 11:42:51, on 2.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SiOL\ADSL\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SiOL\ADSL\app\enternet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Doma\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://linux/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecke.../AvDetInst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093344750875
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37380.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {EAAB55CB-9D6E-457A-A10B-4AAEC8317CFC} - http://akamai.downloadv3.com/binarie...ce_8_EN_XP.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C83D819-CDC5-4F72-AFB5-49EC34FAD51B}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{32498B15-0B74-41ED-8B67-76E5EF39C049}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD303C2C-9569-45DD-9AC8-26EDF674C95A}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C83D819-CDC5-4F72-AFB5-49EC34FAD51B}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.60
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SiOL\ADSL\app\pppoeservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Hm, kaj lahko razberete iz tega?

Nazadnje uredil Mihey : 02.12.2006 ob 11:49.
Odgovorite s citatom
  #6  
Staro 02.12.2006, 11:56
jegrcek Uporabnik jegrcek ni prijavljen
Novinec
Član od: Sep 2006
Sporočila: 54
Privzeto Re: Kam je šla Velika Britanija?

skopiraj tale tvoj log na http://www.hijackthis.de/ in boš vidu da imaš kar nekaj stvari za zbrisat
Odgovorite s citatom
  #7  
Staro 02.12.2006, 12:13
Mihey Uporabnik Mihey ni prijavljen
Novinec
Član od: Aug 2006
Sporočila: 14
Privzeto Re: Kam je šla Velika Britanija?

Okej, nevarne zadeve sem zbrisal, vendar s tem problem še ni opravljen. Kaj zdaj?

Še to:
Citat:
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C83D819-CDC5-4F72-AFB5-49EC34FAD51B}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{32498B15-0B74-41ED-8B67-76E5EF39C049}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD303C2C-9569-45DD-9AC8-26EDF674C95A}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C83D819-CDC5-4F72-AFB5-49EC34FAD51B}: NameServer = 85.255.116.149,85.255.112.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.149 85.255.112.60
So ti IP naslovi varni ali naj jih zbrišem?

Nazadnje uredil Mihey : 02.12.2006 ob 12:15.
Odgovorite s citatom
  #8  
Staro 02.12.2006, 12:58
Mihey Uporabnik Mihey ni prijavljen
Novinec
Član od: Aug 2006
Sporočila: 14
Privzeto Re: Kam je šla Velika Britanija?

Malo sem raziskal zgornje naslove... na http://www.dndstuff.com sem vnesel te numerične naslove in zanimivo:

http://www.dnsstuff.com/tools/ipall.ch?ip=85.255.112.60

Zakaj bi bili resni sevisi bazirani v Belorusiji ozioma Ukajini (pod WHOIS)? In tako sem se odločil, da jih zbrišem, in po ponovnem zagonu ... evo, spet lahko berem novice na BBC!

Hvala za pomoč! Upam, da bo kdo tem barabinom stopil na prste.

Nazadnje uredil Mihey : 02.12.2006 ob 13:14.
Odgovorite s citatom
Odgovori

Značke
britanija, šla, velika

Orodja za teme

Dovoljenja
Novih tem ne moreš odpirati
Odgovorov ne moreš objavljati
Priponk ne moreš dodajati
Svjoih objav ne moreš urejati

BB koda je Vključeno
Smeški - Vključeno
[IMG] koda je Vključeno
HTML koda je Izključeno
Hitra izbira


Časovni pas: GMT +1. Trenutno je ura: 10:43.