|
05.12.2005., 16:03 | #1 |
Moderator
Datum registracije: Jan 2005
Lokacija: Rijeka
Postovi: 9,067
|
HijackThis - How To + logovi
Koliko vidim, cesto ljudi postaju svoje logove iz ovog programcica, a bilo bi i vrijeme da svatko nesto nauci o tome. Preuzeo sam dijelove teksta s neke stranice, preveo malo radi lakseg snalazenja i to bi trebalo izgledati nekako ovako odnosno ovako bi trebalo koristiti HijackThis 2.0.2. Bilo bi dobro prije svakog HijackThis scana izvrtiti CWShredder. Programcic uklanja sve klonove cool web search trojana i njegovu mutiranu bracu. Takodjer je dobro provrtiti i BHODemon koji uklanja browser helper objekte. Trenutno radim s jos nekim programcicem koji se pokazao vrlo dobrim. Ako me u skorije vrijeme ne prevari ili lose obavi posao, preporucit cu i njega za rad odnosno uklanjanje spywarea. Dakle, da krenemo. Najbolje je HijackThis pokrenuti u safe modu, makar moze i u normalnom modu, ako racunalo nije nakrcano spywareima te je otezan rad na racunalu. Otvorite Task Manager (CTRL+ALT+DEL). Otvorite karticu s procesima te za svaki od dolje navedenih datoteka, a da se nalaze u HijackThis logu, oznacite proces i ugasite ga. CHKINIT.EXEUkloniti svaku stavku koja se nalazi pod: C:\Documents and Settings\[username]\Local Settings\Temp\neko_ime.EXER0 & R1 Ukloniti svaki koji je povezan s gore spomenutim .exe datotekama.R3: Ukloniti svaki s (no name) ili (no file) ili (file missing) ili (Default URLSearchHook is missing)O1 - Hosts: Ukloniti sve.O2 - BHO: Ukloniti svaki s (no name) ili (no file) ili (file missing) te ukloniti:O3 - Toolbar: Begin2Search.com Bar - {clsid-number} - C:\WINDOWS\SYSTEM\WINB2S32.DLLO4 - HKxx\..\Run [_neki od dolje navedenih_]: ako postoje koji od dolje navedenih .exe datoteka RUNDLL32 AUNPS2.DLL,_Run@16O4 - HKLM\..\RunServices: [Bcvsrv32] bcvsrv32.exeO4 - Global Startup: Reboot.exeO4 - Startup: PowerReg Scheduler V3.exeO9 - Extra button: Ukloniti sve s (file missing)O10: Pod O10 se najcesce javljaju neki hijackeri poputO15 - Trusted Zone: Ukloniti sve bez obzira na ime. Ako niste sigurni za neke, pitajte.O16 - DPF: Takodjer ukloniti sve bez obzira na ime.O17 - HKLM... Ukloniti ako IP adrese nisu od vaseg ISP posluzitelja, dakle, dialeri i druge instance nisu pozeljne.O23 - Service: Popraviti svaki s (file missing)Naravno, nove stvari se pojavljuju dnevno, tako da je tesko sve navesti. Ako niste sigurni za neke i mislite da ih koristite, postajte temu pod ovim podforumom i vec ce vam netko dati odgovor sto ukloniti, a sto ne. Costa, molim ispravi me, ako je sto krivo ili ako ima nesto za nadodati... Update: Takodjer uz cwshredder preporucam koristenje AboutBustera koji uklanja razne varijante cws trojana, jednostavan je za upotrebu i besplatan. Upute za Brute Force Uninstaller i uklanjanje EGDAccessa: - raspakirajte ga u neki direktorij, npr. C:\BFUDOMY: Malo sam editirao post radi lakše preglednosti i updateao linkove.
__________________
___________ HTPC: Intel Core2Duo E8500 × ATI Sapphire HD4670 HDMI × 2x 1GB DDR2 × Samsung 160GB × Lenovo Key+Mouse × Philips 49PFS5501 LED TV × Technics SA-EH780 5.1 × Windows 10 Laptop1: Lenovo x100e w/Windows 10 Zadnje izmijenjeno od: atha. 24.08.2008. u 15:47. |
05.12.2005., 17:52 | #2 |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Dobro si to slozio. Evo par linkova od mene: Automatska provjera HijackThisovog loga. Potrebno je pasteati ili uploadati log i stisnuti "Analyze". Sve je lijepo objasnjeno, ali se svejedno treba biti oprezan jer ipak je to samo skripta. http://www.hijackthis.de/en Stranice na kojima se moze dobiti informacija o nekom programu preko njegovog naziva. http://www.sysinfo.org/startuplist.php http://www.processlibrary.com/ http://castlecops.com/StartupList.html Stranice na koje se moze uploadati file te on biva skeniran s vise antivirusnih programa. http://www.virustotal.com/ (trenutno koristi 22 antivirusa) http://virusscan.jotti.org/ (trenutno koristi 14 antivirusa)
__________________
|
|
|
Oglas
|
|
24.12.2006., 20:35 | #3 |
Headbangig Grunf!
Datum registracije: Aug 2003
Lokacija: headbanger's ball
Postovi: 4,373
|
Najbolje vam je napraviti slijedeće postat HJT log na hijackthis.de, izbaci mišljenje o tome jel neki proces dobr ili ne, a ako želite kompletni popis svega je izvrstan tool silentrunners-->http://www.silentrunners.org/. E sad pošto silent runners ima jako ali stvarno jako detaljan log, ne vjerujem da bi sve stalo u jedan post je najbolje napraviti sve od loga u txt. formatu i hostat ga tak da se može sve vidjet, a d anema straha da s ekod copy paste procesa nekaj uspjelo zaboraviti. Uz to imate jedan jako koristan forum na netu www.windowsbbs.com, kao i www.bleepingcomputer.com, to su jasno dodaten opcije ukoliko želite imati još jedno dodatno mišljenje uz ovo koje bi dobili ovdje.
__________________
Porsche 6cyl.boxer se hladi zrakom komp se hladi vodom! Chairman of G.M.S. , Heavy Metal Thunder! Former member of PCE 100+kg demolition squad Grunf je moj idol! Moji Grunf type modovi NB:Mini Monster NB,VGA:Ye Monster C!, Ye Monster D!,Abit NB:Abit mini Monster,PSU:Ultra Monster! Alfisti site, Alfisti forum |
01.03.2007., 19:37 | #4 |
EMP moderator
Datum registracije: Apr 2005
Lokacija: Osijek
Postovi: 18,576
|
Evo odlučio malo počistit ovu temu jer se razvukla kao glista... U ovaj post ću staviti samo nepoželjne stavke, ako nekome zatreba... Unosi pored kojih piše (file missing) ili (no file) se mogu brisati bez razmišljanja. Posloženo je po abecedi, gledao sam samo naziv datoteke (podebljano). C:\WINDOWS\System32\atmclk.exe O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\system32\azesearch4.ocx O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\bgsvcgen.exe O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\System32\bfzvb.exe C:\WINDOWS\System32\dcomcfg.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\System32\hp100.tmp O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll C:\Program Files\Common Files\Bentley Shared\IEG\IEGLCS\IEGLicSrv.exe O23 - Service: Bentley License Client (IEGLicSrv) - Bentley Systems Inc. - C:\Program Files\Common Files\Bentley Shared\IEG\IEGLCS\IEGLicSrv.exe c:\progra~1\intern~1\iexplore.exe O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll C:\WINDOWS\system32\mwsrvacc.exe O20 - Winlogon Notify: IPConfTSP - D:\WINDOWS\system32\n82ulif9182.dll O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe C:\Programme\Network Monitor\netmon.exe O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe O21 - SSODL: J0DBIEAI - {27756FCF-6C23-64EE-2766-36E42B692DD0} - C:\WINDOWS\System32\Nofffn32.dll O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll O4 - HKLM\..\Run: [jxjcjzaduvy] C:\WINDOWS\System32\rbivra.exe C:\Program Files\Save\Save.exe O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\SrchPlug.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: (no name) - {72AB6B47-F4DC-2BB3-CEAB-F0E286EDA08D} - C:\DOCUME~1\DRAGAN~1\APPLIC~1\SIXTHD~1\thesave.exe O21 - SSODL: mtklefap - {45C9F337-9238-403C-8FAE-A31EB6B2AEE4} - C:\WINDOWS\System32\vhjadq32.dll C:\WINDOWS\system32\webupdate.exe O20 - Winlogon Notify: winmbj32 - winmbj32.dll R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL O2 - BHO: EventHandler Class - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\PROGRA~1\WIACA5~1\WinSB1.DLL O4 - HKLM\..\Run: [Windows Ndis Driver] WinSys32s.exe O4 - HKLM\..\RunServices: [Windows Ndis Driver] WinSys32s.exe O4 - HKCU\..\Run: [Windows Ndis Driver] WinSys32s.exe O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe O4 - HKLM\..\RunServices: [navp.exe] wupdate.exe O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe O2 - BHO: C:\WINDOWS\system32\zgCrypt.dll - {8A5849C4-93F3-429D-FF34-660A2068897C} - C:\WINDOWS\system32\zgCrypt.dll
__________________ "Kako su krojači novog svjetskog poretka uspjeli u tako kratko vrijeme slomiti intelektualne sposobnosti društva, uništiti kritičku svijest i ljudima nametnuti izvrnutu logiku?"
Zadnje izmijenjeno od: domy_os. 02.03.2007. u 11:08. |
16.03.2007., 22:56 | #5 | |
galaxy 2 galaxy
Datum registracije: Aug 2006
Lokacija: Zg
Postovi: 74
|
hijack this log Citiraj:
|
|
16.03.2007., 23:25 | #6 |
Premium
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,067
|
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch O2 - BHO: (no name) - {1B6C7936-6B20-44C0-8409-7FE3C9FEC501} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O2 - BHO: (no name) - {C3178C97-FE42-4A9F-8574-C9BF97524A17} - C:\WINDOWS\system32\mljkkji.dll O2 - BHO: (no name) - {CA904713-251C-4DFA-9DBE-49EB3671682D} - C:\WINDOWS\system32\vtstr.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing) O20 - Winlogon Notify: mljkkji - C:\WINDOWS\SYSTEM32\mljkkji.dll O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll Ovo prvo što je boldano može biti do VMWare-a ako to nemaš uključeno onda možeš zbrisat. |
17.03.2007., 12:44 | #7 | |
Premium
Datum registracije: Dec 2005
Lokacija: split
Postovi: 198
|
moj log Citiraj:
__________________
|
|
17.03.2007., 17:13 | #8 | |
Premium
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,067
|
Blondie Citiraj:
|
|
21.03.2007., 00:03 | #9 | |
Premium
Datum registracije: Feb 2005
Lokacija: -
Postovi: 148
|
Moj log... Citiraj:
|
|
29.03.2007., 18:24 | #10 |
Premium
Datum registracije: Jan 2005
Lokacija: -
Postovi: 1,679
|
HijackThis - How To
ima li ovdje lijeka ?? Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Maxthon\Maxthon.exe c:\program files\mcafee.com\vso\mcmnhdlr.exe c:\program files\mcafee.com\shared\mghtml.exe C:\Documents and Settings\Vedran\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.net.hr/ O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [tcomantidialerrun] C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe O4 - HKLM\..\RunServices: [Virtual CD v6] grplscd.exe O4 - HKLM\..\RunServices: [Topic lnternat] lnternat.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{4E68708A-0F7F-44B5-BCB0-C7F56E7C2173}: NameServer = 161.53.114.145 161.53.114.135 O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe |
|
|
Oglas
|
Oglasni prostor
|
29.03.2007., 22:07 | #11 | |
Premium
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,067
|
Mr.Black Citiraj:
|
|
09.04.2007., 12:23 | #12 |
Od nonine sestre kunjado
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,130
|
Vračaju mi se file-ovi koje čekiram za brisanje......NOD32 nalazi u system32 zaražene filove,i nemože ih sredit....Radi se o"Win32/Trojan Clicker.BHO.NA,J trojan" ,,, dok ewido anty-spyware nalazi "Downloader.Delf.amb" evo loga : Logfile of HijackThis v1.99.1 Scan saved at 22:58:41, on 8.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Damir\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://katz.ws/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161710708754 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify: bfdzvmuvhvxp - C:\WINDOWS\system32\bfdzvmuvhvxp.dll O20 - Winlogon Notify: etufeipphmzs - C:\WINDOWS\system32\etufeipphmzs.dll O20 - Winlogon Notify: npgoeqqjtbbb - C:\WINDOWS\system32\npgoeqqjtbbb.dll O20 - Winlogon Notify: pdvfhaetjqxj - C:\WINDOWS\system32\pdvfhaetjqxj.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVP - GRISOFT, s.r.o. - (no file) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
09.04.2007., 18:15 | #13 | |
Premium
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,067
|
greenfly Probaj u Safe Modu pobrisat, obvezno isključi System Restore dok ideš brisat. Citiraj:
|
|
09.04.2007., 18:56 | #14 | |
Od nonine sestre kunjado
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,130
|
tutix : Citiraj:
Uglavnom......idem probat to brisat , pa javim......hvala |
|
13.04.2007., 12:40 | #15 |
Premium
Datum registracije: Feb 2006
Lokacija: Osijek
Postovi: 4,351
|
Jel može moj log tko pregledat da nenapravim neku glupost? Hvala Logfile of HijackThis v1.99.1 Scan saved at 11:39:02, on 13.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe D:\Program Files\Comodo\Firewall\cmdagent.exe D:\Program Files\Eset\nod32krn.exe D:\WINDOWS\system32\nvsvc32.exe D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe D:\Program Files\Eset\nod32kui.exe D:\WINDOWS\RTHDCPL.EXE D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe D:\WINDOWS\Mixer.exe D:\Program Files\Comodo\Firewall\CPF.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe D:\Program Files\Logitech\SetPoint\SetPoint.exe D:\Program Files\RALINK\Common\RaUI.exe D:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE D:\Program Files\MSN Messenger\msnmsgr.exe E:\downloads\everestultimate_build_0941_vuwl0qkfjnm\everest.exe D:\Program Files\MSN Messenger\usnsvc.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Skype\Plugin Manager\SkypePM.exe E:\Fraps\fraps.exe D:\Program Files\Mozilla Firefox\firefox.exe E:\hijack this\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe |
13.04.2007., 13:02 | #16 |
Moderator
Datum registracije: Jan 2005
Lokacija: Rijeka
Postovi: 9,067
|
Sve pet, šišaj dalje.
__________________
___________ HTPC: Intel Core2Duo E8500 × ATI Sapphire HD4670 HDMI × 2x 1GB DDR2 × Samsung 160GB × Lenovo Key+Mouse × Philips 49PFS5501 LED TV × Technics SA-EH780 5.1 × Windows 10 Laptop1: Lenovo x100e w/Windows 10 |
19.04.2007., 19:06 | #18 |
Premium
Datum registracije: Dec 2005
Lokacija: zagreb
Postovi: 282
|
kak da swe riješim ovog sranja? - ovo je jedino što mi je hijack this ocijenio prijetnjom, al nemam pojma kako riješit problem Visitor's assessment Analyzerdetails "O1 - Hosts: 66.98.148.65 auto.search.msn.es" Kind Extremely nasty Extremely nasty Must be fixed! ...internet explorer mi se svakog malo pali dok surfam, isprobao sam nekoliko spyware remooval, al niš nemam pojma sa čim sam dobio, vjerovatno sam neku glupost instalirao i deinstalirao, a ovo sranje ostalo P.S. evo riješio sam valjda sa hijack this )
__________________
...live long and prosper...V GA-X48-DQ6 Q9450 Gigabyte 6870 2*2GB Mushkina |
22.04.2007., 23:58 | #19 |
80286
Datum registracije: Jul 2004
Lokacija: Dingolfing, DE
Postovi: 1,724
|
Pff...ja bih molio pregled ovoga: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Styler\Styler.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\WinRoll\winroll.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\TClock\tclock.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Miranda IM\miranda32.exe C:\Program Files\Opera\Opera.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WinRoll] "C:\Program Files\WinRoll\winroll.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [GTRipple] C:\Program Files\GTDesktop\Plugins\GTRipple.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Shortcut to tclock.exe.lnk = C:\TClock\tclock.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Hvala puno
__________________
|
23.04.2007., 00:19 | #20 | |
Premium
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,067
|
Nemaš ništa opasno al ovo je nepotrebno: Citiraj:
|
|
26.04.2007., 15:15 | #21 |
Premium
Datum registracije: Jun 2005
Lokacija: Rijeka
Postovi: 4,193
|
Logfile of HijackThis v1.99.1 Scan saved at 14:14:23, on 26.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sygate\SPF\smc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Darksky\QuickMenu\QuickMenuPlus.exe C:\Program Files\ITE\Smart Guardian\ITESmart.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\yz shadow\YzToolbar\YzToolBar.exe C:\Program Files\Samurize\Client.exe C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE C:\Program Files\Samurize\Client.exe C:\Program Files\Opera\Opera.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\foobar2000\foobar2000.exe D:\backup\desktop\Unit 2\OSNOVE\AntiPROG\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-com.hr/ O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Quick&MenuBar - {23849BDD-E8A8-4B9E-AB7A-5830D3828AAE} - C:\Program Files\Darksky\QuickMenu\QuickMenuBar.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickMenuPlus] "C:\Program Files\Darksky\QuickMenu\QuickMenuPlus.exe" O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe" /S O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" O4 - HKCU\..\Run: [ToolBar icon can be changed.] "C:\Program Files\yz shadow\YzToolbar\YzToolBar.exe" O4 - HKCU\..\Run: [Client] "C:\Program Files\Samurize\Client.exe" O4 - HKCU\..\Run: [Nero DriveSpeed] "C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE" O4 - Startup: Client cdcovers.lnk = C:\Program Files\Samurize\Client.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O14 - IERESET.INF: START_PAGE_URL=http://www.t-com.hr/ O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5B3183E1-11C4-47FF-9696-15B9CBF6586E}: NameServer = 85.114.32.7 85.114.32.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{CFDBB84A-7E40-43E6-9059-C4A692890E3F}: NameServer = 85.255.116.138,85.255.112.19 O17 - HKLM\System\CCS\Services\Tcpip\..\{F36749DA-D975-4DB8-A7D6-88CB03B2E1BE}: NameServer = 85.255.116.138,85.255.112.19 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.138 85.255.112.19 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe ako bi neko mogao ovo gore malo prouciti^ tnx |
26.04.2007., 15:35 | #22 | ||
Premium
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,067
|
Citiraj:
Ako nisi ručno podešavao DNS-ove obavezno makni i ovo: Citiraj:
|
||
26.04.2007., 17:40 | #23 |
EMP moderator
Datum registracije: Apr 2005
Lokacija: Osijek
Postovi: 18,576
|
Ne, ne i ne... Što se mene tiče, sve je OK, ono gore više-manje, nije štetno. |
26.04.2007., 17:46 | #24 |
Premium
Datum registracije: Apr 2007
Lokacija: Zagorje
Postovi: 113
|
Logfile of HijackThis v1.99.1 Scan saved at 16:25:34, on 26.4.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ICQLite\ICQLite.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Eset\nod32.exe C:\Program Files\Eset\nod32.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Može neko provjeriti ovo gore hvala I da odmah pitam kaj bi ovo trebalo biti, tj. da li je to nesto normalno ili? C:\System Volume Information\MountPointManagerRemoteDatabase |
26.04.2007., 17:52 | #25 |
EMP moderator
Datum registracije: Apr 2005
Lokacija: Osijek
Postovi: 18,576
|
Samo ovo: O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE Po želji možeš maknuti i neke startup stavke tipa Java, ICQ, Windows Messenger, Adobe Reader Speed Launch i ostalo što ti ne treba u startupu, ali to preko Start > Run > msconfig > Startup jer HijackThisom ćeš ih u potpunosti ukloniti, a u msconfigu skineš kvačicu pa kasnije vratiš, ako ti opet zatreba ili pomoću ovog programčića: http://www.mlin.net/StartupCPL.shtml |
26.04.2007., 18:04 | #26 | |
Premium
Datum registracije: Apr 2007
Lokacija: Zagorje
Postovi: 113
|
Citiraj:
http://www.processlibrary.com/direct...les=ALCMTR.EXE da onda to ostane ili ? Ovo za startup budem maknul .. nisam se još pozabavil s tim jer sam neki dan reinstaliral prozore jer je bilo problema s virusima... Znaš možda nešto o ovome: C:\System Volume Information\MountPointManagerRemoteDatabase |
|
26.04.2007., 23:58 | #27 | |
Premium
Datum registracije: Jan 2006
Lokacija: Zagreb
Postovi: 4,067
|
Citiraj:
A što se tiče ovoga gore to su tako i tako nepotrebni ključevi, ničem ne služe. |
|
01.05.2007., 14:52 | #28 | |
Premium
Datum registracije: Apr 2006
Lokacija: ????
Postovi: 208
|
Pozdrav,može mi netko objasniti što ovdje treba popraviti,uletio mi neki nametnik koji izbacuje system alerts pop up,evo log od hijack this-a, ne bi želio sam pokušati jer bi morao napraviti format C,hvala: Citiraj:
|
|
02.05.2007., 09:57 | #29 | ||||||
Od nonine sestre kunjado
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,130
|
Ovo obavezno : Citiraj:
i ovo : Citiraj:
Citiraj:
Citiraj:
Citiraj:
Citiraj:
Zadnje izmijenjeno od: greenfly. 02.05.2007. u 10:23. |
||||||
02.05.2007., 10:01 | #30 |
Premium
Datum registracije: Apr 2006
Lokacija: ????
Postovi: 208
|
Zahvaljujem greenfly. Ako još netko može reći što ne valja da izbrišem. |
|
|
Oglas
|
|
Uređivanje | |
|
|