|
09.03.2004., 01:04 | #1 |
Premium
Datum registracije: Feb 2003
Lokacija: umag
Postovi: 220
|
Nekaj se čudnoga izleglo u kanti....
Zadnjih par dana mi se događaju jako čudne stvari kad dojdem na net... kad se spojim, malo surfam, sve se nekako uspori, i na radnoj mi se površini pojave dvije ikone: 1: Online pharmacy 2:Fast loans a home page se pretvori u blank.,, naravno pojavi se i nova dial up konekcija, bez broja (samo stoji 1- jedinica) i ostalih podataka. Probao sam sa ad ware 6.0, uvijek nešto najde, ja to obrišem, i konekciju, i sve na kaj naidem, ali vrag se opet pojavi,,, za popizditi. Ima li netko možda ideju koji je to vrag.... I naravno kako se toga riješiti. A bogme je naporno... |
09.03.2004., 09:22 | #2 |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Uklanjanje spywarea: 1. Ad-aware - Trazi, uklanja i stiti od spywarea 1. SpyBot S&D - Trazi, uklanja i stiti od spywarea 2. CWShredder - Uklanja "ukleti" Cool Web Search 3. SpywareBlaster - Stiti od zlih activex skripti 4. BHO - Stiti od BHO (Browser Helper Objects ili programa koji se iz nekog razloga pokrecu s vasim browserom) 5. SpywareGuard - Zastita od spywarea u realnom vremenu (kao antivirusni prog.) 6. HijackThis - Prikazuje sumnjive informacije te ih sredjuje ovisno o tome sto korisnik odabire - Ak' se ne kuzite u software, najbolje je postati log na PCEkspert ili na neko drugo mjesto gdje ce vam drugi reci sto odabrati Ovo zadnje bi bilo najbolje.
__________________
|
|
|
Oglas
|
|
09.03.2004., 18:55 | #3 |
Premium
Datum registracije: Feb 2003
Lokacija: umag
Postovi: 220
|
Probat ču sve redom. Neznam kako ali se taj vrag s "abaut blank" stranicom na webu , smjesti i u moj home page. Ad-warw svaki put pronađe nekoliko raznih sr.., očistim to, ali se kod sljedečeg spajanja na net stvar opet pojavi. Sad sam stavio i spywareblaster, on je našao toga tonu (dvije), označio sam sve i stavio protect. neznam dalje kao če biti. Skinuo sam i onaj zadnji na ponudi, pa budem i njega instalirao (Hijackthis), pa se onda čujemo. Za sada hvala... bokac svima, ma gdje bili |
09.03.2004., 22:37 | #4 |
Premium
Datum registracije: Feb 2003
Lokacija: umag
Postovi: 220
|
Ništa i ništa, jednostavno se vražja stvar pojavi odnekud svaki put. Ni ona dva programa aza skidanje spama ništa ne pomažu. Skinuo sam zadnji dodatak s neta, ima toga dosta, ali. Nakon spajanja na net, pojavi se u mopjim konekcijama, još jedna veza: Dial up conection, i izgleda da tom samo bira nekog vraga. Zanimljivo je to što se oni prozorčići koji pokazuju vezu, izgube pa ispada da nisam spojen a ustvari ja sam i dalje na netu, vrijeme ide. Scenirao sam i sa onim "HijackThis"-om, imam log ali kome da ga pošaljem ? Help, spašavajte, več sam potpuno lud.. bokac |
10.03.2004., 08:10 | #5 | |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Citiraj:
__________________
|
|
10.03.2004., 20:59 | #6 |
cmiiiiiiiiiiiiiiiiiii
Datum registracije: Jul 2003
Lokacija: Osijek
Postovi: 452
|
Kako skinit Spyware guard. probo sam sa flashGetom, i običnim IE-ovim al stalno mi skida down.html BTW, jel ima neka fora da se namjesti da automatski ispravlja malo u veliko slovo nakon točke. To gadno izgleda, a neda mi se stalno ispravljat. |
10.03.2004., 21:24 | #7 |
Stoka
Datum registracije: Dec 2003
Lokacija: Matulji
Postovi: 268
|
Stavi si firewall. Zone Alarm
__________________
Acer Aspire 5741g i5 430M, ATI HD 5470 512mb, 4gb DDR3, 500 gb hdd |
10.03.2004., 21:44 | #8 |
Premium
Datum registracije: Feb 2003
Lokacija: umag
Postovi: 220
|
E, dragi moji evo famozni log od "HijackThis"-a, pa ako netko kuži i zna kaj mi to živi u kanti bez mog znanja, i jo bolje kako to istrijebiti neka slobodno, uz veliku zahvalu, javi... Logfile of HijackThis v1.97.7 Scan saved at 22:24:50, on 9.3.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE D:\WINDOWS\System32\nvsvc32.exe D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\WINDOWS\Twain_32\FlatBed\HotKey.exe D:\WINDOWS\System32\ctfmon.exe D:\WINDOWS\System32\RUNDLL32.EXE D:\Program Files\Brojac impulsa\Brojac3.exe D:\DOCUME~1\ChoroDj\LOCALS~1\Temp\svshost.exe E:\Za spržiti - programs -- itd\Anti - spam alati\Hijackhits\HijackThis.exe D:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.htnet.hr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [EasyTuneIV] D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C42 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42" O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [HotKey] D:\WINDOWS\Twain_32\FlatBed\HotKey.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Brojac Impulsa] D:\Program Files\Brojac impulsa\Brojac3.exe O4 - HKCU\..\Run: [EPSON Stylus C42 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "D:\WINDOWS\System32\E_SA2.tmp" O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Download with Star Downloader - D:\Program Files\Star Downloader\sdie.htm O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O15 - Trusted Zone: *.i-lookup.com O15 - Trusted Zone: *.offshoreclicks.com O15 - Trusted Zone: *.teensguru.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7990.725162037 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab To bi bilo to.. hmmm bokac svima, ma gdje bili |
10.03.2004., 22:14 | #9 |
PizzoZder
Datum registracije: Jan 2003
Lokacija: Umag
Postovi: 12,416
|
Dećec vi imate previše problema sa vašom kantom. Nisam baš neki stručnjak ali ja bih vašu kantu zveknuo u zid ili bih ištekao vaš kompjuter iz struje i poslao ga na godišnji. Vaš odani prijatelj Nino.
__________________
Prodajem kucu na klizistu.. Nije puno presla..... Member Of PC Ekspert 100+kg Demolition Squad NAJNOVIJE = Povoljno RAM..http://www.downloadmoreram.com/... tor i AMD kupili.... NOVO! Prodajem visokokvalitetni tropleteni hardverski konac za fixiranje coolera |
11.03.2004., 00:40 | #10 |
Premium
Datum registracije: Feb 2003
Lokacija: umag
Postovi: 220
|
Dobar savjet Nino: i sam več dobrano razmišljam o tome da izveden neku nepodopštinu sa kantom, jer su mi razno-razne čudne pojave popile sve živce, tako da sve mislim kako će ovaj XP završiti karijeru s formatom. Pozdrav tebi i naravno: bokac svima, ma gdje bili |
|
|
Oglas
|
|
11.03.2004., 08:35 | #11 | |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Citiraj:
Code:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about :blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.htnet.hr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about :blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about :blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about :blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about :blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about :blank O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll O15 - Trusted Zone: *.i-lookup.com O15 - Trusted Zone: *.offshoreclicks.com O15 - Trusted Zone: *.teensguru.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...37990.725162037 Vidim da je pokrenut "D:\DOCUME~1\ChoroDj\LOCALS~1\Temp\svshost.exe", a ne mogu naci pomocu cega. Vjerovatno koristi neku skriptu ili se smjestio negdje gdje HijackThis ne smatra da je opasno. Uglavnom, izbrisi "D:\DOCUME~1\ChoroDj\LOCALS~1\Temp\svshost.exe". Ako ce ti se javljati greska da file ne postoji pri loadanju Windowsa onda jednostavno pokrenes regedit (START>RUN i upises regedit", pozicioniras se u sam root (na pocetak) i pretrazis za svshost i pazi kaj brises jer sigurno se smjestio u liniju nekog korsnog programa.
__________________
|
|
11.03.2004., 21:23 | #13 |
cmiiiiiiiiiiiiiiiiiii
Datum registracije: Jul 2003
Lokacija: Osijek
Postovi: 452
|
ajd ljudi jel bi mogo i meni neko pomoč. ja sam nešt briso sam, imam i spywareblaster i adaware i s hijackom sam nešt briso, al ona prva 3 se stalno vračaju. Logfile of HijackThis v1.97.7 Scan saved at 21:20:06, on 11.3.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\EPOX\USDM\USDM.EXE C:\documents and settings\biohazard\local settings\temp\~vis0001\fsg_4104.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\iMesh\Client\iMeshClient.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\Biohazard\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4701 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4701 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=4701 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\biohazard\local settings\temp\~vis0001\fsg_4104.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update12.js O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm O9 - Extra button: Flash Catcher (HKLM) O9 - Extra 'Tools' menuitem: Flash Catcher (HKLM) O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O10 - Hijacked Internet access by New.Net O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52791412-1BA0-4F11-A1D6-4A65B85F1676}: NameServer = 161.53.114.135 161.53.114.145 BTW onaj fsg_414 je od DIVX-a, njega sam blokiro firewallom, tak da on nesmeta, a bez njega mi divx neradi. Fala |
11.03.2004., 22:51 | #14 |
Premium
Datum registracije: Feb 2003
Lokacija: umag
Postovi: 220
|
Znam da je naporno, kak je tek meni. A bio sam svagdje, kaj da velim. Evo log još jednom: Logfile of HijackThis v1.97.7 Scan saved at 22:49:16, on 11.3.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe D:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE D:\WINDOWS\System32\nvsvc32.exe D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\WINDOWS\Twain_32\FlatBed\HotKey.exe D:\WINDOWS\System32\ctfmon.exe D:\WINDOWS\System32\RUNDLL32.EXE D:\Program Files\Brojac impulsa\Brojac3.exe D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\wincmd\WINCMD32.EXE D:\Program Files\Microsoft Office\Office10\WINWORD.EXE D:\WINDOWS\msagent\AgentSvr.exe E:\Za spržiti - programs -- itd\Anti - spam alati\Hijackhits\HijackThis.exe D:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.htnet.hr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [EasyTuneIV] D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C42 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42" O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [HotKey] D:\WINDOWS\Twain_32\FlatBed\HotKey.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Brojac Impulsa] D:\Program Files\Brojac impulsa\Brojac3.exe O4 - HKCU\..\Run: [EPSON Stylus C42 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "D:\WINDOWS\System32\E_SA2.tmp" O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Download with Star Downloader - D:\Program Files\Star Downloader\sdie.htm O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O15 - Trusted Zone: *.i-lookup.com O15 - Trusted Zone: *.offshoreclicks.com O15 - Trusted Zone: *.teensguru.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7990.725162037 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA33FB5-631C-4E26-B37E-969D6EF3119C}: NameServer = 195.29.150.3 195.29.150.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{3EA33FB5-631C-4E26-B37E-969D6EF3119C}: NameServer = 195.29.150.3 195.29.150.4 Hvala na svakoj pomoći bokac svima, ma gdje bili |
11.03.2004., 23:00 | #15 | |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Citiraj:
__________________
|
|
11.03.2004., 23:06 | #16 | |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Citiraj:
Code:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4701 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4701 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=4701 O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\biohazard\local settings\temp\~vis0001\fsg_4104.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update12.js O10 - Hijacked Internet access by New.Net
__________________
|
|
12.03.2004., 13:06 | #17 |
Super Moderators
Datum registracije: May 2002
Lokacija: Zg
Postovi: 17,469
|
O15 - Trusted Zone: *.teensguru.com O15 - Trusted Zone: *.xxxtoolbar.com :burn: |
12.03.2004., 21:52 | #18 | |
cmiiiiiiiiiiiiiiiiiii
Datum registracije: Jul 2003
Lokacija: Osijek
Postovi: 452
|
Citiraj:
Maknio sam ih, al se searchcentral uvjek vrati. mora da mi se prikrpo na neki program il uvuko u registry, adaware ga ne nadje. što se tiče divx-a, treba mi za enkodiranje, a ffdshow koji sam dobio uz GordianKnot Codec Pack mi se ruši u subtitle studiu. Sad češ reč da koristim SWorkshop, al on mi je dosta zbunjen, tak da njega koristim sam kad nemogu to sredit u SStudiu, SS je puno jednostavniji i več sam se ufuro u njega. SWorkshop je zakon program, al je dosta kompliciran. |
|
12.03.2004., 22:25 | #19 |
Premium
Datum registracije: Feb 2003
Lokacija: umag
Postovi: 220
|
Dečki ja maknuo sve ono kaj ste označili, "životinja" se umirila, nema više onih dosadnih prozora i ostalih gluposti. našao sam i "svshost" bio je u winu pod- Prefetch, obrisao sam i to,,,, i sad čekam da vidim daljnji razvoj situacije.- hvala, imate bokac svima, ma gdje bili |
13.03.2004., 09:22 | #20 | |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Citiraj:
Daj probaj potraziti imas li file: xplugin.dll
__________________
|
|
13.03.2004., 19:39 | #21 |
cmiiiiiiiiiiiiiiiiiii
Datum registracije: Jul 2003
Lokacija: Osijek
Postovi: 452
|
Logfile of HijackThis v1.97.7 Scan saved at 19:36:38, on 13.3.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\SOUNDMAN.EXE C:\documents and settings\biohazard\local settings\temp\~vis0001\fsg_4104.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\iMesh\Client\iMeshClient.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Biohazard\Desktop\hijackthis\HijackThis.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPOX\USDM\USDM.EXE" "5000" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\biohazard\local settings\temp\~vis0001\fsg_4104.exe" O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup O4 - Startup: iMesh.lnk = C:\Program Files\iMesh\Client\iMeshClient.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm O9 - Extra button: Flash Catcher (HKLM) O9 - Extra 'Tools' menuitem: Flash Catcher (HKLM) O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O10 - Hijacked Internet access by New.Net O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52791412-1BA0-4F11-A1D6-4A65B85F1676}: NameServer = 161.53.114.135 161.53.114.145 Izgleda da nema više searchcentrala. Nešt sam čačko po registriju, izgleda da ga nema više. što se tiče fajla, izgleda da ga nemam. Ajd ak imaš još koji prijedlog da izbrišem... |
13.03.2004., 20:07 | #22 | |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Citiraj:
Code:
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\biohazard\local settings\temp\~vis0001\fsg_4104.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup O10 - Hijacked Internet access by New.Net Brisi C:\documents and settings\biohazard\local settings\temp\~vis0001\fsg_4104.exe. Pazi ovo: Microsoft.
__________________
|
|
13.03.2004., 22:32 | #23 |
cmiiiiiiiiiiiiiiiiiii
Datum registracije: Jul 2003
Lokacija: Osijek
Postovi: 452
|
Jesam. Nemam više nikakih sranja. Fala Jedino što sam sad instaliro mozillu, pa mi je sve malo zbunjeno. Trebo bi se naviknit uskoro. De reci, vidio sam dok sam instaliro neki spellchecker, jel mogu namjestit da mi piše veliko slovo poslje točke. |
13.03.2004., 23:37 | #24 | |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Citiraj:
Ne znam za spellchecker jer ga nisam stavio. Pogledaj malo po opcijama, lako moguce da moze. Skini Multizillu, plugin koji omogucava bolju podrsku za tabove. Welcome to Mozilla world
__________________
|
|
13.03.2004., 23:51 | #25 |
cmiiiiiiiiiiiiiiiiiii
Datum registracije: Jul 2003
Lokacija: Osijek
Postovi: 452
|
Program je super, nema šta. Već mi se sviđa, a nije ni tak zbunjen ko što se čini na prvi pogled. Ma ludnica! Vidit ću još i taj MultiZilla. BTW kak da si namjestim da mi umjesto mozilinog dowloada skida preko flashgeta?:confused: |
14.03.2004., 00:27 | #26 |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
__________________
|
14.03.2004., 00:36 | #27 |
cmiiiiiiiiiiiiiiiiiii
Datum registracije: Jul 2003
Lokacija: Osijek
Postovi: 452
|
Ma svaka čast ljudima, program je stvarno super. Nije mi jasno kom se da tak nešt radit džabe, mora da jako mrze i Microsoft i IE... |
09.04.2004., 01:37 | #28 |
Premium
Datum registracije: Feb 2003
Lokacija: umag
Postovi: 220
|
E dečki, kod mene postoji i nastavak svih onih zajebancija od početka. Koje? Pa, telefonski račun, naravno. I to sve pod "Međunarodni pozivi" - ukupno cca 200-njak kunića za prošli mjesec. Na svu sreću pojavilo se samo dva dana ( 07. i 09. ožujak) poslije toga više ne, jer sam instalirao 4 anti spam programa i i uspio sam se riješiti pojavljivanja onih ikona na desktopu itd. A brojčić koji je pozivan je: 006905090 Nije loše za početnika, jel´da? Hvala svima na pomoći, i nadam se da se to neče opet pojaviti u nekom drugom obliku. |
09.04.2004., 09:13 | #29 |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Sad pazi kaj delas
__________________
|
09.04.2004., 14:44 | #30 |
Premium
Datum registracije: Jan 2004
Lokacija: Dimension 8
Postovi: 785
|
Dobro je da si dobio 200kn.Moj friend je skinuo dialer i spojio se na tko zna ciji server i gledao pornjavu itd i na kraju mjeseca 800kn tel racun.Imali smo danima cemu se smijat. |
|
|
Oglas
|
|
|
|