Koristim program Spybot Search&Destroy I kada skeniram comp on pronadje Common Hijacker.Kako da ga otklonim posto kada stisnem dugme”Fix problems” on ga kao obrise ali prilikom ponovnog skeniranja opet ga pronadje?Samo pise da mu je promenjen prefix .DA ima I neka kockica pored koje pise REGISTRY CHANGE .Inace Spybot S&D sam updateovao pre 3 dana.Sta da radim?
-
- Popularno:
- Najbolje igre 99'
- Postoji 8 vrsta inteligencije: ima li...
- Zasto svi mrze Srbe, a ne mrze Hrvate...
- Da li možete da priznate da imate neke...
- У Хрватску стигло првих шест борбених...
- Novak Djokovic - novi Dzejms Bond
- Slavna domaća zvjezda traži ženu ..
- Englezima nikako da krene
- Perfektno žensko telo
- Oдложено гласање о резолуцији о...
Sta je Common Hijacker i kako ga se resiti?
- Začetnik teme mexxx
- Datum pokretanja
gost 16798
Elita
- Poruka
- 15.861
Koje probleme ti pravi- promenjen home page ili sta?
Iskljuci System Restore i skeniraj iz Safe moda
Iskljuci System Restore i skeniraj iz Safe moda
Samo mi se odjedanput otwori stranica u Exploreru i prekine mi program koji koristim ili film ili igricu .Jednostavno sve se zaustavi da bi se ta stranica otvorila .Ja je zatvorim i nastavim da radim,igram,ili gledam ali posle nekog vremena ona se opet otvori i zeza me!
gost 16798
Elita
- Poruka
- 15.861
Pokusaj sa HijackThis ako ga nemas skini ga odavde direct link:
/downloads-file-328.html
Pa sad ako znas sta trebas da brises brisi a ako ne znas posalji na neki forum logfile HijackThis-a npr:
http://www.lavasoftsupport.com/index.php?showtopic=39030&st=0&#entry282706
i oni ce ti reci sta da obrises
/downloads-file-328.html
Pa sad ako znas sta trebas da brises brisi a ako ne znas posalji na neki forum logfile HijackThis-a npr:
http://www.lavasoftsupport.com/index.php?showtopic=39030&st=0&#entry282706
i oni ce ti reci sta da obrises
gost 16798
Elita
- Poruka
- 15.861
HijackThis direct download: http://209.133.47.12/~merijn/files/HijackThis.exe
Downloadovao sam taj program i pokrenuo .Napravio je spisak ali ne znam sta da cekiram da popravi.Pokusao sam i na tom Lavasoftovom forumu ali ne mogu da postavim temu.Registrovao sam se i nista .
A i engleski mi ne ide bas najbolje.Inace log file je sledeci :
Logfile of HijackThis v1.98.2
Scan saved at 22:10:17, on 14.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\sdkyq32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\system32\winstore.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\temp\salm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FF3F0D99-BB3D-8567-11A3-BD77E0658DEA} - C:\WINDOWS\atlze32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Assi] C:\Documents and Settings\Sinisa\Application Data\zahs?.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra 'Tools' menuitem: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\udgpnfjx.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 212.62.32.1 212.62.32.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 212.62.32.1 212.62.32.5
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
Ako neko zna sta da radim neka pomaga!
A i engleski mi ne ide bas najbolje.Inace log file je sledeci :
Logfile of HijackThis v1.98.2
Scan saved at 22:10:17, on 14.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\sdkyq32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\system32\winstore.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\temp\salm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FF3F0D99-BB3D-8567-11A3-BD77E0658DEA} - C:\WINDOWS\atlze32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Assi] C:\Documents and Settings\Sinisa\Application Data\zahs?.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra 'Tools' menuitem: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\udgpnfjx.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 212.62.32.1 212.62.32.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 212.62.32.1 212.62.32.5
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
Ako neko zna sta da radim neka pomaga!
gost 16798
Elita
- Poruka
- 15.861
1.Iskljuci System Restore
2.U Folder options cekiraj Show hiden files and folders
3. Ako si gledao log u Procesima je problem
C:\temp\salm.exe
U Hijackthis Fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R3 - Default URLSearchHook is missing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
O2 - BHO: (no name) - {FF3F0D99-BB3D-8567-11A3-BD77E0658DEA} - C:\WINDOWS\atlze32.dll
O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
nadji ga u C/Windows/Temp i u Documents and Settings/User/Local Settings/Temp i obrisi
2.U Folder options cekiraj Show hiden files and folders
3. Ako si gledao log u Procesima je problem
C:\temp\salm.exe
U Hijackthis Fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R3 - Default URLSearchHook is missing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
O2 - BHO: (no name) - {FF3F0D99-BB3D-8567-11A3-BD77E0658DEA} - C:\WINDOWS\atlze32.dll
O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
nadji ga u C/Windows/Temp i u Documents and Settings/User/Local Settings/Temp i obrisi
Resiti ga se tako sto nikada ali nikada ne koristiti IE!
Uradio sam sve kako si mi rekao ,iskljucio sam System Restore,
U Folder options cekirao sam Show hiden files and folders.U programu Hijack This skenirao sam comp I on mi je napravio Log File.Cekirao sam sve sto si napisao
I pritisnuo Fix Cheked.Dobio sam obavestenje da ce sve oznacene stavke biti permanentno obrisane I da zatvorim sve otvorene prozore(ne u kuci).To sam I uradio.Ponovo sam skenirao I opet se isto pojavilo.Opet sam ponovio postupak I posle toga uradio restart.
Pri jos jednom skeniranju sve je opet bilo tu .
U C/Windows/Temp nema niceg samo neki folder _ISTMP0.DIR i u Documents and Settings/Default User/Local Settings/Temp nema nista da se obrise.
Da li sam ja lud ili je ova situacija bash komplikovana?I antivirus mi izbacuje stalno neke prozorcice gde pise da imam TROJ_AGENT.AE.Sve je poludelo.
A evo I novog log file –a posle svog tog gore navedenog posla:
Logfile of HijackThis v1.98.2
Scan saved at 11:58:15, on 15.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\sdkyq32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\system32\winstore.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\temp\salm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {C871E993-FDEC-292E-86CE-435FEE5CFF75} - C:\WINDOWS\addsr32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Assi] C:\Documents and Settings\Sinisa\Application Data\zahs?.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra 'Tools' menuitem: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\udgpnfjx.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
U Folder options cekirao sam Show hiden files and folders.U programu Hijack This skenirao sam comp I on mi je napravio Log File.Cekirao sam sve sto si napisao
I pritisnuo Fix Cheked.Dobio sam obavestenje da ce sve oznacene stavke biti permanentno obrisane I da zatvorim sve otvorene prozore(ne u kuci).To sam I uradio.Ponovo sam skenirao I opet se isto pojavilo.Opet sam ponovio postupak I posle toga uradio restart.
Pri jos jednom skeniranju sve je opet bilo tu .
U C/Windows/Temp nema niceg samo neki folder _ISTMP0.DIR i u Documents and Settings/Default User/Local Settings/Temp nema nista da se obrise.
Da li sam ja lud ili je ova situacija bash komplikovana?I antivirus mi izbacuje stalno neke prozorcice gde pise da imam TROJ_AGENT.AE.Sve je poludelo.
A evo I novog log file –a posle svog tog gore navedenog posla:
Logfile of HijackThis v1.98.2
Scan saved at 11:58:15, on 15.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\sdkyq32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\system32\winstore.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\temp\salm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {C871E993-FDEC-292E-86CE-435FEE5CFF75} - C:\WINDOWS\addsr32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Assi] C:\Documents and Settings\Sinisa\Application Data\zahs?.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra 'Tools' menuitem: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\udgpnfjx.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
gost 16798
Elita
- Poruka
- 15.861
Start >Run > ukucaj %temp% > obrisi sve sto mozes obrisati.
Fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKCU\..\Run: [Assi] C:\Documents and Settings\Sinisa\Application Data\zahs?.exe
O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\udgpnfjx.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...2ced1394245b14c137e17952f3a6abadc3d36297b2b37
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
...pa javi sta se desava
Fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\epfbd.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKCU\..\Run: [Assi] C:\Documents and Settings\Sinisa\Application Data\zahs?.exe
O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\udgpnfjx.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...2ced1394245b14c137e17952f3a6abadc3d36297b2b37
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
...pa javi sta se desava
Obrisao sam sve iz Temp-a kako si rekao ,sve sem ~DFFC04.tmp i ~DF6ADB.tmp posle se pojavio jos jedan fajl sa tako nekim imenom ali ni njega ne mogu obrisati (Cannot delete ~DF6ADB : Access is denided.Make sure the disc is not full or write-protected and that the file is not currently in use).Sa Hijack This sam pokusao
Da popravim >Fix Cheked< cekirane stavke po tvom uputstvu ,sve je to on kao obrisao
Ali posle restarta se sve ponovo pojavilo.
Logfile of HijackThis v1.98.2
Scan saved at 21:56:05, on 15.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\sdkyq32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\windows\system32\winstore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {C871E993-FDEC-292E-86CE-435FEE5CFF75} - C:\WINDOWS\addsr32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra 'Tools' menuitem: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
Probao sam prilikom restarta da stiskam F8 (za Safe mod)
Ali mi se otvori boot mali prozorcic gde trebam da odaberem 1st boot device Flopy,Hard,
CD-Rom ili network.Znaci nisam to radio iz Safe moda .
U cemu je problem ?Zasto ne moze da se to resi na ovaj nacin pokusao sam sve kao sto si rekao?
Da popravim >Fix Cheked< cekirane stavke po tvom uputstvu ,sve je to on kao obrisao
Ali posle restarta se sve ponovo pojavilo.
Logfile of HijackThis v1.98.2
Scan saved at 21:56:05, on 15.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\sdkyq32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\windows\system32\winstore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {C871E993-FDEC-292E-86CE-435FEE5CFF75} - C:\WINDOWS\addsr32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra 'Tools' menuitem: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
Probao sam prilikom restarta da stiskam F8 (za Safe mod)
Ali mi se otvori boot mali prozorcic gde trebam da odaberem 1st boot device Flopy,Hard,
CD-Rom ili network.Znaci nisam to radio iz Safe moda .
U cemu je problem ?Zasto ne moze da se to resi na ovaj nacin pokusao sam sve kao sto si rekao?
gost 16798
Elita
- Poruka
- 15.861
Pokusaj ovako da udjes u Safe mode
Start > run > ukucaj msconfig > BOOT.INI > cekiraj SAFEBOOT Apply > OK
Posle restarta trebalo bi da udjes u Safe mode
Kad budes hteo da startujes win normalno samo odcekiraj SAFEBOOT
U Safe modu uradi i log HijackThis
Start > run > ukucaj msconfig > BOOT.INI > cekiraj SAFEBOOT Apply > OK
Posle restarta trebalo bi da udjes u Safe mode
Kad budes hteo da startujes win normalno samo odcekiraj SAFEBOOT
U Safe modu uradi i log HijackThis
Hvala za pomoc!
Uradio sam sve .Sada mi vise ne izlazi obavestenje da imam Trojanca .Ali
.Hijack This je napravio log file posle tog”ciscenja” valjda je sada u redu?
Inace kako da se zastitim od Trojanaca ?Za to nije dovoljan AV on je za viruse I crve jel tako?
I Jos nesto u cemu je caka sa Safe Modom ?Sta to ima kada se iz njega mogu srediti ti paraziti a normalnim putem ne?
Logfile of HijackThis v1.98.2
Scan saved at 11:02:11, on 17.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: Reboot.exe
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 80.74.160.38 80.74.160.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 80.74.160.38 80.74.160.11
Uradio sam sve .Sada mi vise ne izlazi obavestenje da imam Trojanca .Ali
.Hijack This je napravio log file posle tog”ciscenja” valjda je sada u redu?
Inace kako da se zastitim od Trojanaca ?Za to nije dovoljan AV on je za viruse I crve jel tako?
I Jos nesto u cemu je caka sa Safe Modom ?Sta to ima kada se iz njega mogu srediti ti paraziti a normalnim putem ne?
Logfile of HijackThis v1.98.2
Scan saved at 11:02:11, on 17.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: Reboot.exe
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 80.74.160.38 80.74.160.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 80.74.160.38 80.74.160.11
gost 16798
Elita
- Poruka
- 15.861
Pa sad AVP cisti i trojance a Adaware i spy sam "instaliras" - procitaj o tome u "lepljivoj". U safe modu vecina programa pa i virusi nisu aktivni i zato ih mozes brisati. Zasto ne deinstaliras taj Search bar 
http://www.free-web-browsers.com/support/remove-mysearch.shtml
http://www.free-web-browsers.com/support/remove-mysearch.shtml
ostavilo se da nije sve reseno .Javio mi se sada novi problem.Hteo sam da pokrenem Yu recnik pojavila mi se ova poruka u prozorcicu: 16 bit Windows Subsystem
C:\WINDOWS\SYSTEM 32\AUTOEXEC.NT. The system file is not sutable for running
MS-DOS and Microsoft Windows applications.Chose ‘Close’ to terminate application.
Close Ignore
To mi se isto desilo kada sam hteo da instaliram Worms 2 i jos neke igre.
Sta to moze biti ,proverio sam boje mi stoje na 32 bita,da nisam nesto obrisao sto ne treba?
C:\WINDOWS\SYSTEM 32\AUTOEXEC.NT. The system file is not sutable for running
MS-DOS and Microsoft Windows applications.Chose ‘Close’ to terminate application.
Close Ignore
To mi se isto desilo kada sam hteo da instaliram Worms 2 i jos neke igre.
Sta to moze biti ,proverio sam boje mi stoje na 32 bita,da nisam nesto obrisao sto ne treba?
gost 16798
Elita
- Poruka
- 15.861
Trojanca moras obrisati ma sta da je "zarazio" nekad on promeni neki win fajl - instalira se na njegovo mesto i moras ga obrisati. Pokusaj ovako da vratis AUTOEXEC.NT:
Iskljuci System Restore > nadji AUTOEXEC.NT u C:/Windows/Repair > kopiraj ga u C:/Windows/System32
ili uradi Repare win-a
Iskljuci System Restore > nadji AUTOEXEC.NT u C:/Windows/Repair > kopiraj ga u C:/Windows/System32
ili uradi Repare win-a
gost 16798
Elita
- Poruka
- 15.861
...trojanac je kad se instalirao pravi AUTOEXEC.NT prebacio na drugo mesto - najverovatnije u C;/Windows a sam se instalirao na njegovo mesto u C:/Windows/System32
...ako mozes nadji ga i izbrisi ili ga odatle prebaci u system32
...ako mozes nadji ga i izbrisi ili ga odatle prebaci u system32
