|
11.07.2004., 23:01 | #1 |
AutoCad & Allplan expert
Datum registracije: Jan 2004
Lokacija: Zagreb-Karlovac i okilica
Postovi: 2,159
|
trojanci...
TROJ_ALCEMIC.A TROJ_AGENT.AE i jos jedan imam gore, sam neke tri tockice, nema naziva imam pc-cillin sa svim updatevima al nemoze ih uklonit. kako ih najjednostavnije uklonit?
__________________
none |
11.07.2004., 23:18 | #2 |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Vjerovatno ih ne moze ukloniti jer su pokrenuti. Iskljuci sve sto mozes u TaskManageru pa probaj opet. Ili mozda pomogne bootanje u safe modu.
__________________
|
|
|
Oglas
|
|
12.07.2004., 10:31 | #4 |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Ajd napravi scan HijackThisom, cisto da vidim sto ti radi i sto je stavljeno u startup. HijackThis Prikazuje sumnjive informacije te ih sredjuje ovisno o tome sto korisnik odabire - (Ak' se ne kuzite u software, najbolje je postati log na newse ili neki forum gdje ce vam drugi reci sto oznaciti za popravak) (154KB) * Pokrenete HijackThis i stisnete SCAN * Kad izlista podatke stisnete SAVE LOG * Copy - pastate text iz log filea na PC Expert ili SpywareInfo * Kazemo vam sto treba maknuti * Opet pokrenete HT, oznacite nepozeljno i stisnete FIX CHECKED
__________________
|
12.07.2004., 11:15 | #5 |
Premium
Datum registracije: Dec 2002
Lokacija: Agram
Postovi: 2,973
|
http://www.a-2.org/ alat specijalizirn za lov na trojane (postoji free verzija) nasljednik starog i poznatog Ant-Trojana ...
__________________
Some men aren't looking for anything logical. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn. |
19.07.2004., 12:32 | #6 |
AutoCad & Allplan expert
Datum registracije: Jan 2004
Lokacija: Zagreb-Karlovac i okilica
Postovi: 2,159
|
evo ovako stvari stoje; Logfile of HijackThis v1.97.7 Scan saved at 12:28:44, on 19.7.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\znyqwu.exe C:\Program Files\WindowsSA\omniscient.exe C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCCLIENT.EXE C:\Program Files\Trend Micro\PC-cillin 2002\PCCGUIDE.EXE C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE C:\Program Files\Trend Micro\PC-cillin 2002\POP3TRAP.EXE C:\Documents and Settings\MARIN\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3441 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3441 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=3441 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MARIN\Application Data\Mozilla\Profiles\default\8n4zgq35.slt\prefs.js) O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts O1 - Hosts: 81.211.105.69 lender-search.com O1 - Hosts: 81.211.105.68 hot-searches.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [rtmhaunxu] C:\WINDOWS\System32\znyqwu.exe O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_stp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E42ACA56-3DE8-43DC-9F81-32A893E52FE8}: NameServer = 161.53.114.145 161.53.114.135
__________________
none |
21.07.2004., 19:13 | #7 |
Soul Brother
Datum registracije: Apr 2004
Lokacija: Split
Postovi: 153
|
dodji sutra po uputnicu
__________________
hp nx 7010 |
21.07.2004., 19:47 | #8 |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Najprije izgasi preko TaskManagera: C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\znyqwu.exe C:\Program Files\WindowsSA\omniscient.exe Zatim sredi: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3441 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3441 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=3441 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts O1 - Hosts: 81.211.105.69 lender-search.com O1 - Hosts: 81.211.105.68 hot-searches.com O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing) O4 - HKLM\..\Run: [rtmhaunxu] C:\WINDOWS\System32\znyqwu.exe O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/stop-sign_stp.cab
__________________
|
23.07.2004., 11:02 | #10 | |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Citiraj:
BTW za to sto si imao je dovoljno da IE-om posjetis stranicu prilagodjenu nekim propustima Bas sam probao jedan dan- Posjetis, dobijes dodatni program koji koji se malo kasnije pokrene. Sve automatizirano da ne bi slucajno neki korisnik morao kliktati :clap:
__________________
|
|
|
|
Oglas
|
|
|
|