Sta je Common Hijacker i kako ga se resiti?
Prikazujem rezultate 1 do 17 od 17

Tema: Sta je Common Hijacker i kako ga se resiti?

  1. #1
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano Sta je Common Hijacker i kako ga se resiti?

    Koristim program Spybot Search&Destroy I kada skeniram comp on pronadje Common Hijacker.Kako da ga otklonim posto kada stisnem dugme”Fix problems” on ga kao obrise ali prilikom ponovnog skeniranja opet ga pronadje?Samo pise da mu je promenjen prefix .DA ima I neka kockica pored koje pise REGISTRY CHANGE .Inace Spybot S&D sam updateovao pre 3 dana.Sta da radim?



  2. #2
    Elita
    Učlanjen
    16.06.2004.
    Pol
    ženski
    Poruke
    15.793
    Reputaciona moć
    0

    Podrazumevano

    Koje probleme ti pravi- promenjen home page ili sta?
    Iskljuci System Restore i skeniraj iz Safe moda

  3. #3
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano

    Samo mi se odjedanput otwori stranica u Exploreru i prekine mi program koji koristim ili film ili igricu .Jednostavno sve se zaustavi da bi se ta stranica otvorila .Ja je zatvorim i nastavim da radim,igram,ili gledam ali posle nekog vremena ona se opet otvori i zeza me!

  4. #4
    Elita
    Učlanjen
    16.06.2004.
    Pol
    ženski
    Poruke
    15.793
    Reputaciona moć
    0

    Podrazumevano

    Pokusaj sa HijackThis ako ga nemas skini ga odavde direct link:

    /downloads-file-328.html

    Pa sad ako znas sta trebas da brises brisi a ako ne znas posalji na neki forum logfile HijackThis-a npr:
    http://www.lavasoftsupport.com/index.php?showtopic=39030&st=0&#entry282706
    i oni ce ti reci sta da obrises

  5. #5
    Elita
    Učlanjen
    16.06.2004.
    Pol
    ženski
    Poruke
    15.793
    Reputaciona moć
    0

  6. #6
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano

    Downloadovao sam taj program i pokrenuo .Napravio je spisak ali ne znam sta da cekiram da popravi.Pokusao sam i na tom Lavasoftovom forumu ali ne mogu da postavim temu.Registrovao sam se i nista .
    A i engleski mi ne ide bas najbolje.Inace log file je sledeci :
    Logfile of HijackThis v1.98.2
    Scan saved at 22:10:17, on 14.11.2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\sdkyq32.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Virtual CD v4\System\vcdsecs.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\windows\system32\winstore.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\Program Files\Windows AdControl\WinAdCtl.exe
    C:\Program Files\Windows AdControl\WinAdAlt.exe
    C:\temp\salm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\epfbd.dll/sp.html#29836
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\epfbd.dll/sp.html#29836
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {FF3F0D99-BB3D-8567-11A3-BD77E0658DEA} - C:\WINDOWS\atlze32.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Assi] C:\Documents and Settings\Sinisa\Application Data\zahs?.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    O4 - Startup: Reboot.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
    O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
    O9 - Extra 'Tools' menuitem: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
    O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\udgpnfjx.exe
    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...a29296baabe1d6
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 212.62.32.1 212.62.32.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 212.62.32.1 212.62.32.5
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)

    Ako neko zna sta da radim neka pomaga!

  7. #7
    Elita
    Učlanjen
    16.06.2004.
    Pol
    ženski
    Poruke
    15.793
    Reputaciona moć
    0

    Podrazumevano

    1.Iskljuci System Restore
    2.U Folder options cekiraj Show hiden files and folders
    3. Ako si gledao log u Procesima je problem
    C:\temp\salm.exe

    U Hijackthis Fix:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R3 - Default URLSearchHook is missing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    O2 - BHO: (no name) - {FF3F0D99-BB3D-8567-11A3-BD77E0658DEA} - C:\WINDOWS\atlze32.dll
    O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
    O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)

    nadji ga u C/Windows/Temp i u Documents and Settings/User/Local Settings/Temp i obrisi

  8. #8
    Zainteresovan član
    Učlanjen
    05.08.2004.
    Pol
    muški
    Lokacija
    NS
    Poruke
    450
    Reputaciona moć
    53

    Podrazumevano

    Resiti ga se tako sto nikada ali nikada ne koristiti IE!

  9. #9
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano

    Uradio sam sve kako si mi rekao ,iskljucio sam System Restore,
    U Folder options cekirao sam Show hiden files and folders.U programu Hijack This skenirao sam comp I on mi je napravio Log File.Cekirao sam sve sto si napisao
    I pritisnuo Fix Cheked.Dobio sam obavestenje da ce sve oznacene stavke biti permanentno obrisane I da zatvorim sve otvorene prozore(ne u kuci).To sam I uradio.Ponovo sam skenirao I opet se isto pojavilo.Opet sam ponovio postupak I posle toga uradio restart.
    Pri jos jednom skeniranju sve je opet bilo tu .

    U C/Windows/Temp nema niceg samo neki folder _ISTMP0.DIR i u Documents and Settings/Default User/Local Settings/Temp nema nista da se obrise.
    Da li sam ja lud ili je ova situacija bash komplikovana?I antivirus mi izbacuje stalno neke prozorcice gde pise da imam TROJ_AGENT.AE.Sve je poludelo.
    A evo I novog log file –a posle svog tog gore navedenog posla:
    Logfile of HijackThis v1.98.2
    Scan saved at 11:58:15, on 15.11.2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\sdkyq32.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Virtual CD v4\System\vcdsecs.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\windows\system32\winstore.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\Program Files\Windows AdControl\WinAdCtl.exe
    C:\temp\salm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    C:\Program Files\Windows AdControl\WinAdAlt.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\epfbd.dll/sp.html#29836
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\epfbd.dll/sp.html#29836
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {C871E993-FDEC-292E-86CE-435FEE5CFF75} - C:\WINDOWS\addsr32.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Assi] C:\Documents and Settings\Sinisa\Application Data\zahs?.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    O4 - Startup: Reboot.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
    O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
    O9 - Extra 'Tools' menuitem: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
    O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\udgpnfjx.exe
    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...a29296baabe1d6
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab

  10. #10
    Elita
    Učlanjen
    16.06.2004.
    Pol
    ženski
    Poruke
    15.793
    Reputaciona moć
    0

    Podrazumevano

    Start >Run > ukucaj %temp% > obrisi sve sto mozes obrisati.

    Fix:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\epfbd.dll/sp.html#29836
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\epfbd.dll/sp.html#29836
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKCU\..\Run: [Assi] C:\Documents and Settings\Sinisa\Application Data\zahs?.exe
    O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
    O13 - WWW Prefix: http://www.microsoet.com/start.php?url=
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\udgpnfjx.exe
    O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...dc3d36297b2b37
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {9076A11F-5EA6-4A67-BDE9-8D3C7C453DAC} - http://www.thecoolbar.com/installfiles/coolbar.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab

    ...pa javi sta se desava

  11. #11
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano

    Obrisao sam sve iz Temp-a kako si rekao ,sve sem ~DFFC04.tmp i ~DF6ADB.tmp posle se pojavio jos jedan fajl sa tako nekim imenom ali ni njega ne mogu obrisati (Cannot delete ~DF6ADB : Access is denided.Make sure the disc is not full or write-protected and that the file is not currently in use).Sa Hijack This sam pokusao
    Da popravim >Fix Cheked< cekirane stavke po tvom uputstvu ,sve je to on kao obrisao
    Ali posle restarta se sve ponovo pojavilo.

    Logfile of HijackThis v1.98.2
    Scan saved at 21:56:05, on 15.11.2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\sdkyq32.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Virtual CD v4\System\vcdsecs.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\Program Files\Windows AdControl\WinAdCtl.exe
    C:\windows\system32\winstore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows AdControl\WinAdAlt.exe
    C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wow-access.com/search/main.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wow-access.com/search/main.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wow-access.com/search/main.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {C871E993-FDEC-292E-86CE-435FEE5CFF75} - C:\WINDOWS\addsr32.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKLM\..\Run: [winstart] C:\windows\system32\winstore.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    O4 - Startup: Reboot.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
    O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
    O9 - Extra 'Tools' menuitem: I-M-MEDIA - {07B85830-3127-415f-93FB-BE6E2CC521DA} - C:\PROGRA~1\I-M-ME~1\I-M-MEDIA.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O13 - DefaultPrefix: http://www.microsoet.com/start.php?url=
    O13 - WWW Prefix: http://www.microsoet.com/start.php?url=

    Probao sam prilikom restarta da stiskam F8 (za Safe mod)
    Ali mi se otvori boot mali prozorcic gde trebam da odaberem 1st boot device Flopy,Hard,
    CD-Rom ili network.Znaci nisam to radio iz Safe moda .
    U cemu je problem ?Zasto ne moze da se to resi na ovaj nacin pokusao sam sve kao sto si rekao?

  12. #12
    Elita
    Učlanjen
    16.06.2004.
    Pol
    ženski
    Poruke
    15.793
    Reputaciona moć
    0

    Podrazumevano

    Pokusaj ovako da udjes u Safe mode
    Start > run > ukucaj msconfig > BOOT.INI > cekiraj SAFEBOOT Apply > OK
    Posle restarta trebalo bi da udjes u Safe mode
    Kad budes hteo da startujes win normalno samo odcekiraj SAFEBOOT
    U Safe modu uradi i log HijackThis

  13. #13
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano

    Hvala za pomoc!

    Uradio sam sve .Sada mi vise ne izlazi obavestenje da imam Trojanca .Ali
    .Hijack This je napravio log file posle tog”ciscenja” valjda je sada u redu?
    Inace kako da se zastitim od Trojanaca ?Za to nije dovoljan AV on je za viruse I crve jel tako?
    I Jos nesto u cemu je caka sa Safe Modom ?Sta to ima kada se iz njega mogu srediti ti paraziti a normalnim putem ne?

    Logfile of HijackThis v1.98.2
    Scan saved at 11:02:11, on 17.11.2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
    C:\Program Files\Virtual CD v4\System\vcdsecs.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    C:\Program Files\a2\a2guard.exe
    C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Sinisa\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\redgz.dll/sp.html#29836
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
    O4 - Startup: Reboot.exe
    O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O17 - HKLM\System\CCS\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 80.74.160.38 80.74.160.11
    O17 - HKLM\System\CS1\Services\Tcpip\..\{06582DD5-62FA-4E00-9141-0C57C6FF5DB7}: NameServer = 80.74.160.38 80.74.160.11

  14. #14
    Elita
    Učlanjen
    16.06.2004.
    Pol
    ženski
    Poruke
    15.793
    Reputaciona moć
    0

    Podrazumevano

    Pa sad AVP cisti i trojance a Adaware i spy sam "instaliras" - procitaj o tome u "lepljivoj". U safe modu vecina programa pa i virusi nisu aktivni i zato ih mozes brisati. Zasto ne deinstaliras taj Search bar
    http://www.free-web-browsers.com/support/remove-mysearch.shtml

  15. #15
    Zainteresovan član
    Učlanjen
    07.09.2004.
    Pol
    muški
    Poruke
    132
    Reputaciona moć
    50

    Podrazumevano

    ostavilo se da nije sve reseno .Javio mi se sada novi problem.Hteo sam da pokrenem Yu recnik pojavila mi se ova poruka u prozorcicu: 16 bit Windows Subsystem
    C:\WINDOWS\SYSTEM 32\AUTOEXEC.NT. The system file is not sutable for running
    MS-DOS and Microsoft Windows applications.Chose ‘Close’ to terminate application.
    Close Ignore
    To mi se isto desilo kada sam hteo da instaliram Worms 2 i jos neke igre.
    Sta to moze biti ,proverio sam boje mi stoje na 32 bita,da nisam nesto obrisao sto ne treba?

  16. #16
    Elita
    Učlanjen
    16.06.2004.
    Pol
    ženski
    Poruke
    15.793
    Reputaciona moć
    0

    Podrazumevano

    Trojanca moras obrisati ma sta da je "zarazio" nekad on promeni neki win fajl - instalira se na njegovo mesto i moras ga obrisati. Pokusaj ovako da vratis AUTOEXEC.NT:
    Iskljuci System Restore > nadji AUTOEXEC.NT u C:/Windows/Repair > kopiraj ga u C:/Windows/System32
    ili uradi Repare win-a

  17. #17
    Elita
    Učlanjen
    16.06.2004.
    Pol
    ženski
    Poruke
    15.793
    Reputaciona moć
    0

    Podrazumevano

    ...trojanac je kad se instalirao pravi AUTOEXEC.NT prebacio na drugo mesto - najverovatnije u C;/Windows a sam se instalirao na njegovo mesto u C:/Windows/System32
    ...ako mozes nadji ga i izbrisi ili ga odatle prebaci u system32

Slične teme

  1. Kako ovo rešiti
    Autor loznicanin u forumu Hardver
    Odgovora: 8
    Poslednja poruka: 08.03.2009., 15:36
  2. kako resiti ovo?
    Autor forgotten vampire u forumu Dom i porodica
    Odgovora: 12
    Poslednja poruka: 05.11.2007., 00:12
  3. problem - kako resiti ovo ?
    Autor purpurna magla u forumu Prirodne nauke
    Odgovora: 42
    Poslednja poruka: 08.11.2006., 14:50
  4. Message Mates I Common hijacker
    Autor Oboleli u forumu Sigurnost i zaštita
    Odgovora: 1
    Poslednja poruka: 09.10.2004., 18:54

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •