Forumi


Povratak   PC Ekspert Forum > Računala > Problemi > Softverski problemi
Ime
Lozinka

Odgovori
 
Uređivanje
Staro 05.12.2005., 15:03   #1
atha
Modernator
Moj komp
 
atha's Avatar
 
Datum registracije: Jan 2005
Lokacija: Rijeka
Postovi: 8,916
Post HijackThis - How To + logovi

Koliko vidim, cesto ljudi postaju svoje logove iz ovog programcica, a bilo bi i vrijeme da svatko nesto nauci o tome.

Preuzeo sam dijelove teksta s neke stranice, preveo malo radi lakseg snalazenja i to bi trebalo izgledati nekako ovako odnosno ovako bi trebalo koristiti HijackThis 2.0.2.

Bilo bi dobro prije svakog HijackThis scana izvrtiti CWShredder. Programcic uklanja sve klonove cool web search trojana i njegovu mutiranu bracu.

Takodjer je dobro provrtiti i BHODemon koji uklanja browser helper objekte.

Trenutno radim s jos nekim programcicem koji se pokazao vrlo dobrim. Ako me u skorije vrijeme ne prevari ili lose obavi posao, preporucit cu i njega za rad odnosno uklanjanje spywarea.

Dakle, da krenemo. Najbolje je HijackThis pokrenuti u safe modu, makar moze i u normalnom modu, ako racunalo nije nakrcano spywareima te je otezan rad na racunalu.

Otvorite Task Manager (CTRL+ALT+DEL). Otvorite karticu s procesima te za svaki od dolje navedenih datoteka, a da se nalaze u HijackThis logu, oznacite proces i ugasite ga.
CHKINIT.EXE
DLLHOST.EXE
NVCTRL.EXE
REGSERV.EXE
DLLSERV.EXE
TMNTSRV32.EXE
RMCTRL.EXE (ne gasiti ako se koristi power dvd.)
RUNDLL.EXE
SMSSU.EXE
MSSEARCHNET.EXE
Ukloniti svaku stavku koja se nalazi pod:
C:\Documents and Settings\[username]\Local Settings\Temp\neko_ime.EXE
R0 & R1
Ukloniti svaki koji je povezan s gore spomenutim .exe datotekama.
Ukloniti svaki koji zavrshava s = about:blank
R3:
Ukloniti svaki s (no name) ili (no file) ili (file missing) ili (Default URLSearchHook is missing)
O1 - Hosts:
Ukloniti sve.
O2 - BHO:
Ukloniti svaki s (no name) ili (no file) ili (file missing) te ukloniti:

C:\WINDOWS\SYSTEM\DSKTRF.DLL
C:\WINDOWS\SYSTEM32\winb2s32.dll
C:\WINDOWS\multimpp.dll
C:\WINDOWS\systb.dll
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\xxxx.tmp
C:\WINDOWS\System32\yyyy.tmp
O3 - Toolbar:
Begin2Search.com Bar - {clsid-number} - C:\WINDOWS\SYSTEM\WINB2S32.DLL

odnosno bilo koji toolbar u IE koji ne koristite.
O4 - HKxx\..\Run [_neki od dolje navedenih_]: ako postoje koji od dolje navedenih .exe datoteka
RUNDLL32 AUNPS2.DLL,_Run@16
"C:\Program Files\AutoUpdate\AutoUpdate.exe"
bcvsrv32.exe
RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun <<== izbrisati samo cfgmgr52.dll
C:\WINDOWS\conscorr.exe
internat.exe
loadqm.exe
C:\WINNT\mmups.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\Program Files\MsUpdate\MsUpdate.exe
oddtreg.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
updatesp2.exe
C:\WINDOWS\system32\svc.exe
C:\Program Files\TV Media\Tvm.exe
C:\WINDOWS\System32\twink64.exe blabla..
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
C:\Program Files\Winamp\winampA.exe <-- Spelling!
C:\Program Files\Windows ControlAd\WinCtlAd.exe and/or WinCtlAdALT.EXE
winlog.exe
C:\WINDOWS\winupdate.exe
C:\WINDOWS\winupdates.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\WINDOWS\System32\wintask.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
..\Web Offer\WO.EXE
..\WildTangent\ANYTHING......
O4 - HKLM\..\RunServices:
[Bcvsrv32] bcvsrv32.exe
[sp2update] updatesp2.exe
[] winlog.exe

AKO IMATE NEKI OD GORE NAVEDENIH, Start > Run > services.msc
pronadjite ga, stop (ako se vrti u pozadini) i postaviti na disabled.
O4 - Global Startup:
Reboot.exe
_bilo koji_.lnk = ?
O4 - Startup:
PowerReg Scheduler V3.exe
O9 - Extra button:
Ukloniti sve s (file missing)

WeatherBug - {clsid-number} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10:
Pod O10 se najcesce javljaju neki hijackeri poput
New.Net / WebHancer / CommonName

O14 - IERESET.INF:
SEARCH_PAGE_URL= [blank]
START_PAGE_URL= [blank]
O15 - Trusted Zone:
Ukloniti sve bez obzira na ime. Ako niste sigurni za neke, pitajte.
O16 - DPF:
Takodjer ukloniti sve bez obzira na ime.
O17 - HKLM...
Ukloniti ako IP adrese nisu od vaseg ISP posluzitelja, dakle, dialeri i druge instance nisu pozeljne.
O23 - Service:
Popraviti svaki s (file missing)
Naravno, nove stvari se pojavljuju dnevno, tako da je tesko sve navesti. Ako niste sigurni za neke i mislite da ih koristite, postajte temu pod ovim podforumom i vec ce vam netko dati odgovor sto ukloniti, a sto ne.

Costa, molim ispravi me, ako je sto krivo ili ako ima nesto za nadodati...

Update:

Takodjer uz cwshredder preporucam koristenje AboutBustera koji uklanja razne varijante cws trojana, jednostavan je za upotrebu i besplatan.

Upute za Brute Force Uninstaller i uklanjanje EGDAccessa:
- raspakirajte ga u neki direktorij, npr. C:\BFU
- desni klik na http://metallica.geekstogo.com/EGDACCESS.bfu i odaberite
Save As odnosno Save Link As ili Save Target As (ovisno o internet pregledniku)
za download EGDACCESS Remover Toola
- spremite ga u direktorij koji ste malo prije otvorili (C:\BFU)
- pokrenite Brute Force Uninstaller dvoklikom na BFU.exe
- u polju "scriptline to execute" upisite C:\bfu\EGDACCESS.bfu
- klik na execute i neka pocne
- pricekaj da zavrsi i izadjite iz programa
DOMY: Malo sam editirao post radi lakše preglednosti i updateao linkove.
__________________

___________
HTPC: Intel Core2Duo E8500 × ATI Sapphire HD4670 HDMI × 2x 1GB DDR2 × Samsung 160GB ×
Lenovo Key+Mouse
× Philips 49PFS5501 LED TV × Technics SA-EH780 5.1 × Windows 10
Laptop1: Lenovo x100e w/Windows 10

Zadnje izmijenjeno od: atha. 24.08.2008. u 14:47.
atha je offline   Reply With Quote
Staro 05.12.2005., 16:52   #2
Costa
Moderator
 
Costa's Avatar
 
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,191
Dobro si to slozio. Evo par linkova od mene:

Automatska provjera HijackThisovog loga. Potrebno je pasteati ili uploadati log i stisnuti "Analyze". Sve je lijepo objasnjeno, ali se svejedno treba biti oprezan jer ipak je to samo skripta.
http://www.hijackthis.de/en

Stranice na kojima se moze dobiti informacija o nekom programu preko njegovog naziva.
http://www.sysinfo.org/startuplist.php
http://www.processlibrary.com/
http://castlecops.com/StartupList.html

Stranice na koje se moze uploadati file te on biva skeniran s vise antivirusnih programa.
http://www.virustotal.com/ (trenutno koristi 22 antivirusa)
http://virusscan.jotti.org/ (trenutno koristi 14 antivirusa)
Costa je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Staro 24.12.2006., 19:35   #3
Isus
Headbangig Grunf!
Moj komp
 
Isus's Avatar
 
Datum registracije: Aug 2003
Lokacija: headbanger's ball
Postovi: 4,372
Najbolje vam je napraviti slijedeće postat HJT log na hijackthis.de, izbaci mišljenje o tome jel neki proces dobr ili ne, a ako želite kompletni popis svega je izvrstan tool silentrunners-->http://www.silentrunners.org/.

E sad pošto silent runners ima jako ali stvarno jako detaljan log, ne vjerujem da bi sve stalo u jedan post je najbolje napraviti sve od loga u txt. formatu i hostat ga tak da se može sve vidjet, a d anema straha da s ekod copy paste procesa nekaj uspjelo zaboraviti.

Uz to imate jedan jako koristan forum na netu
www.windowsbbs.com, kao i www.bleepingcomputer.com, to su jasno dodaten opcije ukoliko želite imati još jedno dodatno mišljenje uz ovo koje bi dobili ovdje.
__________________
Porsche 6cyl.boxer se hladi zrakom komp se hladi vodom!
Chairman of G.M.S. , Heavy Metal Thunder!
Former member of PCE 100+kg demolition squad
Grunf je moj idol!
Moji Grunf type modovi
NB:Mini Monster NB,VGA:Ye Monster C!, Ye Monster D!,Abit NB:Abit mini Monster,PSU:Ultra Monster!
Alfisti site, Alfisti forum
Isus je offline   Reply With Quote
Staro 01.03.2007., 18:37   #4
domy_os
EMP moderator
 
domy_os's Avatar
 
Datum registracije: Apr 2005
Lokacija: Zagreb - Osijek
Postovi: 15,906
Evo odlučio malo počistit ovu temu jer se razvukla kao glista...

U ovaj post ću staviti samo nepoželjne stavke, ako nekome zatreba... Unosi pored kojih piše (file missing) ili (no file) se mogu brisati bez razmišljanja. Posloženo je po abecedi, gledao sam samo naziv datoteke (podebljano).

C:\WINDOWS\System32\atmclk.exe

O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\system32\azesearch4.ocx

O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

C:\WINDOWS\system32\bgsvcgen.exe

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\bfzvb.exe

C:\WINDOWS\System32\dcomcfg.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\System32\hp100.tmp

O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

C:\Program Files\Common Files\Bentley Shared\IEG\IEGLCS\IEGLicSrv.exe

O23 - Service: Bentley License Client (IEGLicSrv) - Bentley Systems Inc. - C:\Program Files\Common Files\Bentley Shared\IEG\IEGLCS\IEGLicSrv.exe

c:\progra~1\intern~1\iexplore.exe

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

C:\WINDOWS\system32\mwsrvacc.exe

O20 - Winlogon Notify: IPConfTSP - D:\WINDOWS\system32\n82ulif9182.dll

O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe

C:\Programme\Network Monitor\netmon.exe

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

O21 - SSODL: J0DBIEAI - {27756FCF-6C23-64EE-2766-36E42B692DD0} - C:\WINDOWS\System32\Nofffn32.dll

O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll

O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll

O4 - HKLM\..\Run: [jxjcjzaduvy] C:\WINDOWS\System32\rbivra.exe

C:\Program Files\Save\Save.exe

O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\SrchPlug.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: (no name) - {72AB6B47-F4DC-2BB3-CEAB-F0E286EDA08D} - C:\DOCUME~1\DRAGAN~1\APPLIC~1\SIXTHD~1\thesave.exe

O21 - SSODL: mtklefap - {45C9F337-9238-403C-8FAE-A31EB6B2AEE4} - C:\WINDOWS\System32\vhjadq32.dll

C:\WINDOWS\system32\webupdate.exe

O20 - Winlogon Notify: winmbj32 - winmbj32.dll

R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL

O2 - BHO: EventHandler Class - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL

O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL

O4 - HKLM\..\Run: [Windows Ndis Driver] WinSys32s.exe

O4 - HKLM\..\RunServices: [Windows Ndis Driver] WinSys32s.exe

O4 - HKCU\..\Run: [Windows Ndis Driver] WinSys32s.exe

O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

O4 - HKLM\..\RunServices: [navp.exe] wupdate.exe

O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe

O2 - BHO: C:\WINDOWS\system32\zgCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zgCrypt.dll
__________________
Member Of FKT Team


MBO: ASRock Z68 Pro3
CPU: Intel Core i5-2500 + Arctic Cooling Freezer 7 Pro
RAM: 2 x 2 GB + 2 x 4 GB G.Skill DDR3-1600
VGA: Intel HD Graphics
SB: Creative X-Fi Xtreme Music
TV Tuner: Leadtek WinFast DTV1800 H
SSD: Samsung 840 Pro 128 GB
HDD: 3 x WD Caviar Green 2 TB + 2 x Samsung SpinPoint F1 1 TB
ODD: LG GSA-H62N
PSU: Corsair VX450W
Case: Sharkoon Rebel 9 Economy Edition > Link To Case Mod
OS: Windows 10 Home x64

LCD monitor: LG 27MA73D + LG L1920P Flatron
LCD TV: Philips 26PFL3312
Keyboard: Logitech Wave Cordless
Mice: Logitech MX1100 Cordless Laser
Remote: iMON Inside Black
Gamepad: Logitech Cordless Rumblepad 2
Speakers 1: Creative Labs Inspire T6100
Speakers 2: Aiwa P22 Amplifier + C22 Preamplifier & 2 x Pioneer 80 W @ 8 Ohm
Headphones: Canyon CN-HS2
Printers: Canon Pixma iP4300 + MP240 & HP LaserJet 6L
Scanner: Canon CanoScan 4400F + CanoScan LiDE 60
External storage: Sharkoon SATA QuickPort Pro + 2 x Samsung SpinPoint F1 1 TB + 2 x WD Caviar Green 1 TB + WD Caviar Green 2 TB
AP/Router: Linksys WRT54GL rev. 1.1 with DD-WRT v24-sp2 (08/12/10) vpn

Connected To B.net



HP ENVY x360 - 15-w100nm

CPU: Intel Core i7-6500U @ 2.5 GHz
RAM: 2 x 8 GB Crucial DDR3-1600
VGA: Intel HD Graphics 520 + nVIDIA GeForce 930M
SSD: Samsung 850 Evo 1 TB
LCD: 15.6" LG Philips IPS @ 1920 x 1080
Other: Intel Dual Band Wireless-AC 7265, Realtek RTL8168/8111 Gigabit-LAN, Bluetooth 4.0, 2 x USB 3.0 + 1 x USB 2.0, HDMI, SD card reader, accelerometer, compass, gyroscope,...
OS: Windows 10 Home x64

Mice: Logitech VX Nano
External HDD: Hitachi Travelstar 5K1000 1 TB in LC Power LC-25USB3-II


Zadnje izmijenjeno od: domy_os. 02.03.2007. u 10:08.
domy_os je offline   Reply With Quote
Staro 16.03.2007., 21:56   #5
Flytech
galaxy 2 galaxy
Moj komp
 
Flytech's Avatar
 
Datum registracije: Aug 2006
Lokacija: Zg
Postovi: 74
hijack this log
Citiraj:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UtilKit\DLULMeterFree\UKDUMFree.exe
C:\Program Files\Asus\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\HJT\analyse.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B6C7936-6B20-44C0-8409-7FE3C9FEC501} - (no file)
O2 - BHO: LightFrame3IECOM - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\system32\LightFrame3IECOM.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C3178C97-FE42-4A9F-8574-C9BF97524A17} - C:\WINDOWS\system32\mljkkji.dll
O2 - BHO: (no name) - {CA904713-251C-4DFA-9DBE-49EB3671682D} - C:\WINDOWS\system32\vtstr.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TelekomatXP] C:\Program Files\UtilKit\DLULMeterFree\UKDUMFree.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [RtWLan (ASUS) Application] C:\Program Files\Asus\ASUS WiFi-AP Solo\RtWLan.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: mljkkji - C:\WINDOWS\SYSTEM32\mljkkji.dll
O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Flytech je offline   Reply With Quote
Staro 16.03.2007., 22:25   #6
tutix
Premium
Moj komp
 
tutix's Avatar
 
Datum registracije: Jan 2006
Lokacija: Popovača | Zagreb
Postovi: 3,950
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: (no name) - {1B6C7936-6B20-44C0-8409-7FE3C9FEC501} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: (no name) - {C3178C97-FE42-4A9F-8574-C9BF97524A17} - C:\WINDOWS\system32\mljkkji.dll
O2 - BHO: (no name) - {CA904713-251C-4DFA-9DBE-49EB3671682D} - C:\WINDOWS\system32\vtstr.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: mljkkji - C:\WINDOWS\SYSTEM32\mljkkji.dll
O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll

Ovo prvo što je boldano može biti do VMWare-a ako to nemaš uključeno onda možeš zbrisat.
tutix je offline   Reply With Quote
Staro 17.03.2007., 11:44   #7
blondie
Premium
Moj komp
 
blondie's Avatar
 
Datum registracije: Dec 2005
Lokacija: split
Postovi: 197
moj log

Citiraj:
Logfile of HijackThis v1.99.1
Scan saved at 11:31:57, on 17.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Relja\MAXadsl - Provjera prometa\MAXadslPP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webteh\BSplayerPro\bsplayer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [FlashGet] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B862B68-791F-44CB-A4D5-FC9B85BEC85E}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
__________________



CPU AMD Athlon64 BOX 3200+sck939 // MB Gigabyte K8N-SLI s939 nForce4 SLI // Powercolor Radeon x800gt // 2x256 MB RAM // HDD Seagate 120 GB s-ata150 // DVD+RW/-RW NEC ND-3550ABL // Codegen midi tower 6205L-CA, 400W // Mon. Samsung SM793DF 17" DynaFlat // ASUS TV TUNER My Cinema P7131H Dual


blondie je offline   Reply With Quote
Staro 17.03.2007., 16:13   #8
tutix
Premium
Moj komp
 
tutix's Avatar
 
Datum registracije: Jan 2006
Lokacija: Popovača | Zagreb
Postovi: 3,950
Blondie

Citiraj:
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
tutix je offline   Reply With Quote
Staro 20.03.2007., 23:03   #9
niksy
Premium
 
Datum registracije: Feb 2005
Lokacija: -
Postovi: 148
Moj log...

Citiraj:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\KMaestro\KMaestro.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adobe.com/shockwave/downl...m/default.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: SearchTran - {C3A6061D-1CF6-488a-86C9-B89423F1E64B} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\KMaestro\KMaestro.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Sample Toolband Serach - res://bla/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{63BEA76E-2787-4FE7-B38A-2E7689E82BB0}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
niksy je offline   Reply With Quote
Staro 29.03.2007., 17:24   #10
Mr.Black
Premium
 
Mr.Black's Avatar
 
Datum registracije: Jan 2005
Lokacija: -
Postovi: 1,619
HijackThis - How To

ima li ovdje lijeka ??


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Maxthon\Maxthon.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Documents and Settings\Vedran\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.net.hr/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [tcomantidialerrun] C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\RunServices: [Virtual CD v6] grplscd.exe
O4 - HKLM\..\RunServices: [Topic lnternat] lnternat.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E68708A-0F7F-44B5-BCB0-C7F56E7C2173}: NameServer = 161.53.114.145 161.53.114.135
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Mr.Black je offline   Reply With Quote
Oglas
 
Oglas
Oglasni prostor

Staro 29.03.2007., 21:07   #11
tutix
Premium
Moj komp
 
tutix's Avatar
 
Datum registracije: Jan 2006
Lokacija: Popovača | Zagreb
Postovi: 3,950
Mr.Black

Citiraj:
O4 - HKLM\..\RunServices: [Virtual CD v6] grplscd.exe
O4 - HKLM\..\RunServices: [Topic lnternat] lnternat.exe
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
tutix je offline   Reply With Quote
Staro 09.04.2007., 11:23   #12
greenfly
Od nonine sestre kunjado
Moj komp
 
greenfly's Avatar
 
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,129
Vračaju mi se file-ovi koje čekiram za brisanje......NOD32 nalazi u system32 zaražene filove,i nemože ih sredit....Radi se o"Win32/Trojan Clicker.BHO.NA,J trojan" ,,, dok ewido anty-spyware nalazi "Downloader.Delf.amb"

evo loga :

Logfile of HijackThis v1.99.1
Scan saved at 22:58:41, on 8.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Damir\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://katz.ws/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161710708754
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: bfdzvmuvhvxp - C:\WINDOWS\system32\bfdzvmuvhvxp.dll
O20 - Winlogon Notify: etufeipphmzs - C:\WINDOWS\system32\etufeipphmzs.dll
O20 - Winlogon Notify: npgoeqqjtbbb - C:\WINDOWS\system32\npgoeqqjtbbb.dll
O20 - Winlogon Notify: pdvfhaetjqxj - C:\WINDOWS\system32\pdvfhaetjqxj.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVP - GRISOFT, s.r.o. - (no file)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
greenfly je offline   Reply With Quote
Staro 09.04.2007., 17:15   #13
tutix
Premium
Moj komp
 
tutix's Avatar
 
Datum registracije: Jan 2006
Lokacija: Popovača | Zagreb
Postovi: 3,950
greenfly

Probaj u Safe Modu pobrisat, obvezno isključi System Restore dok ideš brisat.

Citiraj:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://katz.ws/

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161710708754

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Unknown

O20 - Winlogon Notify: bfdzvmuvhvxp - C:\WINDOWS\system32\bfdzvmuvhvxp.dll
Unknown

O20 - Winlogon Notify: etufeipphmzs - C:\WINDOWS\system32\etufeipphmzs.dll

O20 - Winlogon Notify: npgoeqqjtbbb - C:\WINDOWS\system32\npgoeqqjtbbb.dll
Unknown

O20 - Winlogon Notify: pdvfhaetjqxj - C:\WINDOWS\system32\pdvfhaetjqxj.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVP - GRISOFT, s.r.o. - (no file)
Instaliraj si obavezno neki Firewall, i preporučam da prijeđeš na neki alternativni web browser; Firefox ili Operu.
tutix je offline   Reply With Quote
Staro 09.04.2007., 17:56   #14
greenfly
Od nonine sestre kunjado
Moj komp
 
greenfly's Avatar
 
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,129
tutix :

Citiraj:
Instaliraj si obavezno neki Firewall, i preporučam da prijeđeš na neki alternativni web browser; Firefox ili Operu.
Koristim samo Firefox,,ne znam odakle je onaj "internet explorer"tamo...
Uglavnom......idem probat to brisat , pa javim......hvala
greenfly je offline   Reply With Quote
Staro 13.04.2007., 11:40   #15
Buger
Premium
Moj komp
 
Datum registracije: Feb 2006
Lokacija: Osijek
Postovi: 4,050
Jel može moj log tko pregledat da nenapravim neku glupost?

Hvala


Logfile of HijackThis v1.99.1
Scan saved at 11:39:02, on 13.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\WINDOWS\Mixer.exe
D:\Program Files\Comodo\Firewall\CPF.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\RALINK\Common\RaUI.exe
D:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
E:\downloads\everestultimate_build_0941_vuwl0qkfjnm\everest.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Skype\Plugin Manager\SkypePM.exe
E:\Fraps\fraps.exe
D:\Program Files\Mozilla Firefox\firefox.exe
E:\hijack this\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Buger je offline   Reply With Quote
Staro 13.04.2007., 12:02   #16
atha
Modernator
Moj komp
 
atha's Avatar
 
Datum registracije: Jan 2005
Lokacija: Rijeka
Postovi: 8,916
Sve pet, šišaj dalje.
__________________

___________
HTPC: Intel Core2Duo E8500 × ATI Sapphire HD4670 HDMI × 2x 1GB DDR2 × Samsung 160GB ×
Lenovo Key+Mouse
× Philips 49PFS5501 LED TV × Technics SA-EH780 5.1 × Windows 10
Laptop1: Lenovo x100e w/Windows 10
atha je offline   Reply With Quote
Staro 13.04.2007., 12:22   #17
Buger
Premium
Moj komp
 
Datum registracije: Feb 2006
Lokacija: Osijek
Postovi: 4,050
Citiraj:
Autor atha Pregled postova
Sve pet, šišaj dalje.
ok hvala
Buger je offline   Reply With Quote
Staro 19.04.2007., 18:06   #18
duldul
Premium
 
duldul's Avatar
 
Datum registracije: Dec 2005
Lokacija: zagreb
Postovi: 282
kak da swe riješim ovog sranja? - ovo je jedino što mi je hijack this ocijenio prijetnjom, al nemam pojma kako riješit problem

Visitor's assessment Analyzerdetails
"O1 - Hosts: 66.98.148.65 auto.search.msn.es"

Kind

Extremely nasty
Extremely nasty
Must be fixed!

...internet explorer mi se svakog malo pali dok surfam, isprobao sam nekoliko spyware remooval, al niš
nemam pojma sa čim sam dobio, vjerovatno sam neku glupost instalirao i deinstalirao, a ovo sranje ostalo


P.S. evo riješio sam valjda sa hijack this )
__________________
...live long and prosper...V

GA-X48-DQ6
Q9450
Gigabyte 6870
2*2GB Mushkina
duldul je offline   Reply With Quote
Staro 22.04.2007., 22:58   #19
rams
80286
Moj komp
 
rams's Avatar
 
Datum registracije: Jul 2004
Lokacija: Dingolfing, DE
Postovi: 1,590
Pff...ja bih molio pregled ovoga:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\TClock\tclock.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinRoll] "C:\Program Files\WinRoll\winroll.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GTRipple] C:\Program Files\GTDesktop\Plugins\GTRipple.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Shortcut to tclock.exe.lnk = C:\TClock\tclock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Hvala puno
__________________
rams je offline   Reply With Quote
Staro 22.04.2007., 23:19   #20
tutix
Premium
Moj komp
 
tutix's Avatar
 
Datum registracije: Jan 2006
Lokacija: Popovača | Zagreb
Postovi: 3,950
Nemaš ništa opasno al ovo je nepotrebno:

Citiraj:
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
tutix je offline   Reply With Quote
Staro 26.04.2007., 14:15   #21
SniperWolf
Premium
 
SniperWolf's Avatar
 
Datum registracije: Jun 2005
Lokacija: Rijeka
Postovi: 4,172
Logfile of HijackThis v1.99.1
Scan saved at 14:14:23, on 26.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Darksky\QuickMenu\QuickMenuPlus.exe
C:\Program Files\ITE\Smart Guardian\ITESmart.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\yz shadow\YzToolbar\YzToolBar.exe
C:\Program Files\Samurize\Client.exe
C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Samurize\Client.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\foobar2000\foobar2000.exe
D:\backup\desktop\Unit 2\OSNOVE\AntiPROG\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-com.hr/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Quick&MenuBar - {23849BDD-E8A8-4B9E-AB7A-5830D3828AAE} - C:\Program Files\Darksky\QuickMenu\QuickMenuBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickMenuPlus] "C:\Program Files\Darksky\QuickMenu\QuickMenuPlus.exe"
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /S
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe"
O4 - HKCU\..\Run: [ToolBar icon can be changed.] "C:\Program Files\yz shadow\YzToolbar\YzToolBar.exe"
O4 - HKCU\..\Run: [Client] "C:\Program Files\Samurize\Client.exe"
O4 - HKCU\..\Run: [Nero DriveSpeed] "C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE"
O4 - Startup: Client cdcovers.lnk = C:\Program Files\Samurize\Client.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.t-com.hr/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B3183E1-11C4-47FF-9696-15B9CBF6586E}: NameServer = 85.114.32.7 85.114.32.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFDBB84A-7E40-43E6-9059-C4A692890E3F}: NameServer = 85.255.116.138,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{F36749DA-D975-4DB8-A7D6-88CB03B2E1BE}: NameServer = 85.255.116.138,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

ako bi neko mogao ovo gore malo prouciti^
tnx
__________________
Pošteni Trgovci: 1,2
SniperWolf je offline   Reply With Quote
Staro 26.04.2007., 14:35   #22
tutix
Premium
Moj komp
 
tutix's Avatar
 
Datum registracije: Jan 2006
Lokacija: Popovača | Zagreb
Postovi: 3,950
Citiraj:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

Ako nisi ručno podešavao DNS-ove obavezno makni i ovo:

Citiraj:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B3183E1-11C4-47FF-9696-15B9CBF6586E}: NameServer = 85.114.32.7 85.114.32.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFDBB84A-7E40-43E6-9059-C4A692890E3F}: NameServer = 85.255.116.138,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{F36749DA-D975-4DB8-A7D6-88CB03B2E1BE}: NameServer = 85.255.116.138,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19
tutix je offline   Reply With Quote
Staro 26.04.2007., 16:40   #23
domy_os
EMP moderator
 
domy_os's Avatar
 
Datum registracije: Apr 2005
Lokacija: Zagreb - Osijek
Postovi: 15,906
Ne, ne i ne... Što se mene tiče, sve je OK, ono gore više-manje, nije štetno.
domy_os je offline   Reply With Quote
Staro 26.04.2007., 16:46   #24
Quick22
attacking soon
Moj komp
 
Quick22's Avatar
 
Datum registracije: Apr 2007
Lokacija: Zagorje
Postovi: 104
Logfile of HijackThis v1.99.1
Scan saved at 16:25:34, on 26.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Može neko provjeriti ovo gore
hvala

I da odmah pitam kaj bi ovo trebalo biti, tj. da li je to nesto normalno ili?
C:\System Volume Information\MountPointManagerRemoteDatabase
Quick22 je offline   Reply With Quote
Staro 26.04.2007., 16:52   #25
domy_os
EMP moderator
 
domy_os's Avatar
 
Datum registracije: Apr 2005
Lokacija: Zagreb - Osijek
Postovi: 15,906
Samo ovo:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Po želji možeš maknuti i neke startup stavke tipa Java, ICQ, Windows Messenger, Adobe Reader Speed Launch i ostalo što ti ne treba u startupu, ali to preko Start > Run > msconfig > Startup jer HijackThisom ćeš ih u potpunosti ukloniti, a u msconfigu skineš kvačicu pa kasnije vratiš, ako ti opet zatreba ili pomoću ovog programčića:

http://www.mlin.net/StartupCPL.shtml
domy_os je offline   Reply With Quote
Staro 26.04.2007., 17:04   #26
Quick22
attacking soon
Moj komp
 
Quick22's Avatar
 
Datum registracije: Apr 2007
Lokacija: Zagorje
Postovi: 104
Citiraj:
Autor domy_os Pregled postova
Samo ovo:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Po želji možeš maknuti i neke startup stavke tipa Java, ICQ, Windows Messenger, Adobe Reader Speed Launch i ostalo što ti ne treba u startupu, ali to preko Start > Run > msconfig > Startup jer HijackThisom ćeš ih u potpunosti ukloniti, a u msconfigu skineš kvačicu pa kasnije vratiš, ako ti opet zatreba ili pomoću ovog programčića:

http://www.mlin.net/StartupCPL.shtml
Ovdje kaže da to ne brišem ...
http://www.processlibrary.com/direct...les=ALCMTR.EXE
da onda to ostane ili ?

Ovo za startup budem maknul .. nisam se još pozabavil s tim jer sam neki dan reinstaliral prozore jer je bilo problema s virusima...

Znaš možda nešto o ovome:
C:\System Volume Information\MountPointManagerRemoteDatabase
Quick22 je offline   Reply With Quote
Staro 26.04.2007., 22:58   #27
tutix
Premium
Moj komp
 
tutix's Avatar
 
Datum registracije: Jan 2006
Lokacija: Popovača | Zagreb
Postovi: 3,950
Citiraj:
Autor domy_os Pregled postova
Ne, ne i ne... Što se mene tiče, sve je OK, ono gore više-manje, nije štetno.
Molim te objasni. Zašto ne. Ako i makne to i kojim slučajem poslije ovoga ne može na internet samo treba ugasit i upalit internet konekciju. A kako se Hijackthis sređuje u Safe-modu, restart je neizbježan. Zato molim te objasni.

A što se tiče ovoga gore to su tako i tako nepotrebni ključevi, ničem ne služe.
tutix je offline   Reply With Quote
Staro 01.05.2007., 13:52   #28
Enigma neo
Premium
Moj komp
 
Enigma neo's Avatar
 
Datum registracije: Apr 2006
Lokacija: ????
Postovi: 205
Pozdrav,može mi netko objasniti
što ovdje treba popraviti,uletio mi neki
nametnik koji izbacuje system alerts pop up,evo log od hijack this-a,
ne bi želio sam pokušati jer bi morao napraviti format C,hvala:

Citiraj:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:41:01 ENIGM@, on 1.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\sdtrayapp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Enigm@\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [PMsn Paraiso] C:\Program Files\PMsn Paraiso\PMsn Paraiso.exe Mini
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Enigm@\Application Data\Mozilla\Firefox\Profiles\v5in12tu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Enigm@\Application Data\Mozilla\Firefox\Profiles/v5in12tu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Cab1 - http://host1.uviewit.com/cgi-bin/uViewIt-Web.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DED400E3-F8E8-40F6-AB17-86529611FAED}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: depreciable - {716002db-288c-4bf0-80cd-a467e78d8b55} - C:\WINDOWS\system32\dxovx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - -C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - ----C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - -"C:\Program Files\Eset\nod32krn.exe" (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Usluga Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - ----"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - ----"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
Enigma neo je offline   Reply With Quote
Staro 02.05.2007., 08:57   #29
greenfly
Od nonine sestre kunjado
Moj komp
 
greenfly's Avatar
 
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,129
Ovo obavezno :
Citiraj:
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
Ako ti taj "Maks Blast" ne služi ničemu možeš brisat sve što se njega tiče.

i ovo :
Citiraj:
O22 - SharedTaskScheduler: depreciable - {716002db-288c-4bf0-80cd-a467e78d8b55} - C:\WINDOWS\system32\dxovx.dll
Citiraj:
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
Citiraj:
O4 - HKLM\..\Run: [PMsn Paraiso] C:\Program Files\PMsn Paraiso\PMsn Paraiso.exe Mini
Citiraj:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Zadnje izmijenjeno od: greenfly. 02.05.2007. u 09:23.
greenfly je offline   Reply With Quote
Staro 02.05.2007., 09:01   #30
Enigma neo
Premium
Moj komp
 
Enigma neo's Avatar
 
Datum registracije: Apr 2006
Lokacija: ????
Postovi: 205
Zahvaljujem greenfly.
Ako još netko može reći što ne valja da izbrišem.
Enigma neo je offline   Reply With Quote
Oglasni prostor
Oglas
 
Oglas
Odgovori


Uređivanje

Pravila postanja
Vi ne možete otvarati nove teme
Vi ne možete pisati odgovore
Vi ne možete uploadati priloge
Vi ne možete uređivati svoje poruke

BB code je Uključeno
Smajlići su Uključeno
[IMG] kod je Uključeno
HTML je Isključeno

Idi na