|
25.08.2007., 18:14 | #91 |
---
Datum registracije: May 2007
Lokacija: -
Postovi: 527
|
|
25.08.2007., 18:35 | #92 |
N00B
Datum registracije: Oct 2006
Lokacija: Split
Postovi: 3,886
|
Stormbreaker to je vec napisano na pocetku ove teme pogledaj prvu stranicu drugi post od Coste... |
|
|
Oglas
|
|
29.08.2007., 17:53 | #94 |
Premium
Datum registracije: Jan 2005
Lokacija: -
Postovi: 1,679
|
HijackThis - How To
Logfile of HijackThis v1.99.1 Scan saved at 17:54:18, on 29.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Security Tools\iesmn.exe C:\Program Files\Security Tools\imsmain.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe D:\Eset\nod32kui.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Security Tools\imsmn.exe C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.exe C:\Program Files\Security Tools\iesmin.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe d:\Eset\nod32krn.exe C:\Program Files\ORL\VNC\WinVNC.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\tHe OnO\Desktop\HijackThis.exe O2 - BHO: (no name) - {5DDE5591-A8AB-4897-93EF-1E4E943F85A7} - C:\Program Files\Security Tools\iesplg.dll O2 - BHO: Editor plugin - {9AEE9C0D-FD38-45fc-B09A-BA9B6B614780} - barka.dll (file missing) O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c00990E9.dat O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - C:\Program Files\Security Tools\iesbpl.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAM_2K.exe O4 - HKLM\..\Run: [nod32kui] d:\Eset\nod32kui.exe /WAITSERVICE O4 - HKLM\..\Run: [VirusProtectPro 3.7] "C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.exe" /h O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\__c005D552.dat O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - d:\Eset\nod32krn.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing) Kaj izbrisati?? |
29.08.2007., 18:00 | #95 |
Soul Eater
Datum registracije: Jan 2007
Lokacija: Isolated
Postovi: 538
|
taj virusprotectpro ti je virus....briši : O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing) O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe i sve sa tim virusprotectpro... edit : a i ovo mi je sumnjivo : O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c00990E9.dat |
29.08.2007., 18:20 | #96 |
Premium
Datum registracije: Jan 2005
Lokacija: -
Postovi: 1,679
|
Izbrisao sam ovo navedeno, ali nije to to...ovak dolje ikona me muči u trayu, evo slike kod otvaranja browsera... http://www.imagesforme.com/images/3779bezimena.JPG isprika moderatorima kaj nisam stavil u "Hijackthis - how to" |
29.08.2007., 19:24 | #97 |
Premium
Datum registracije: Jan 2005
Lokacija: -
Postovi: 1,679
|
pošto je to komp kod starog u školi i služi profesorima za surfanje, problem sam riješio pomoću system restora, još jedanput ispirka kaj nisam postao u određeni topic... |
30.08.2007., 17:44 | #98 |
Registered User
Datum registracije: Dec 2006
Lokacija: njemacka
Postovi: 24
|
global hook i ostale kuke
ljudi,ovako...problemcic kod mene je u tome sto mi se dosta cesto,nadasve je to islo preko IE7 al ni preko foxa nije puno rijedje...da mi se recimo explorer hoce konektirati preko na net,pa ak imam upaljen msn..hoce preko njega, il preko IE7 kojeg sam maknuo pa stavio foxa, pa hoce preko foxa, pa preko antivra...sva moguca cudesa koristi da se spoji na net, ja ga redovito comodom blokiram, al onda nemam koncekcije na net, pa moram srusit firefiox pa ga ponovo dignut da bih dobio vezu i tako stalno....kak da to iskljucim? jos da su mi windiwsi na engleskom, nekako bih i znao...valjda..al na njemackom...nemam blage veze sa vezom...ne kontam njemacki.. ne znam sta vam od sveg ovog trebam postat: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [emMON] emMON.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programme\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: EMmon.lnk = ? O4 - Global Startup: Remote Control.lnk = C:\Programme\KWorld Multimedia\PVR-TV 300U Utilities\EMRCtl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{2C40D273-235F-4A81-93C7-4F01FAF679D1}: NameServer = 62.104.191.241 62.104.196.134 O22 - SharedTaskScheduler: arachnodacty - {80ced3d6-ece9-48ba-8df8-2503d8d87c2b} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programme\Comodo\Firewall\cmdagent.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programme\McAfee\Common Framework\FrameworkService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
30.08.2007., 17:55 | #99 |
N00B
Datum registracije: Oct 2006
Lokacija: Split
Postovi: 3,886
|
Evo ovo možeš maknit O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [emMON] emMON.exe O22 - SharedTaskScheduler: arachnodacty - {80ced3d6-ece9-48ba-8df8-2503d8d87c2b} - (no file) |
30.08.2007., 18:16 | #100 |
Registered User
Datum registracije: Dec 2006
Lokacija: njemacka
Postovi: 24
|
maknuto, al tuneup sa tuneup 1 clicn maintenance sam maknuo,korigirao kaj znam, dosta problema----no, kako da se rijesim tih problema....sto mi se hoce spajat na net preko globalne kuke...explorer, folder lock, babilon sam imao pa sam ga maknuo, sa njim je sve pocelo, mislim on mi je prvi poceo koristit globalnu kuku da se spaja na net, ak blokiram, ode veza, pa moram ponovo...imal nacina da se to makne nekako...da ne moram stalnu rusiti firefox |
|
|
Oglas
|
|
31.08.2007., 08:00 | #101 |
Registered User
Datum registracije: Aug 2007
Lokacija: Zagreb
Postovi: 24
|
Molio bih da mi netko kaze kaj da maknem....HVALA Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:58:20, on 31.8.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: andr - {3162ba5b-4f2d-40c5-8fb6-36c6a0d639e6} - C:\WINDOWS\system32\duznhje.dll (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4639 bytes |
31.08.2007., 11:16 | #102 |
---
Datum registracije: May 2007
Lokacija: -
Postovi: 527
|
mislim da ne trebaš ništa makniti....osim jedino ovoga: O22 - SharedTaskScheduler: andr - {3162ba5b-4f2d-40c5-8fb6-36c6a0d639e6} - C:\WINDOWS\system32\duznhje.dll (file missing) ali bolje da ništa ne diraš jer ti to nije prijetnja kažem, nemoj ništa micati dok još netko ne pregleda |
31.08.2007., 12:13 | #103 |
EMP moderator
Datum registracije: Apr 2005
Lokacija: Osijek
Postovi: 18,504
|
__________________ "Kako su krojači novog svjetskog poretka uspjeli u tako kratko vrijeme slomiti intelektualne sposobnosti društva, uništiti kritičku svijest i ljudima nametnuti izvrnutu logiku?"
|
08.09.2007., 19:23 | #105 |
Premium
Datum registracije: Dec 2005
Lokacija: Zagreb
Postovi: 141
|
poludit cu sisterki dao kom i našla rouge antyspywere i nemogu ga maknut Logfile of HijackThis v1.99.1 Scan saved at 19:20:10, on 8.9.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe H:\Documents and Settings\Segal\My Documents\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{51848130-9430-43FC-AA25-F50EFD4C5152}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{5A918F98-BEBA-4150-8B5E-0DA65D0440EE}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{653CA7F9-6460-4D1C-9C5A-0E6ACF9693F9}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{8AC7542C-9AFD-417B-B19D-C3F3FBF5ED2B}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFD692C-E9A3-44D0-BEE3-266B1C752E17}: NameServer = 85.94.64.11 85.94.64.10 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file) O21 - SSODL: msmhost - {F39759B3-D9EF-4CEF-9953-472C38E52777} - C:\WINDOWS\msmhost.dll O21 - SSODL: msmdev - {656721E8-5CC6-4A4D-8707-F60825A4CB92} - C:\WINDOWS\msmdev.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
__________________
A64 3000+@2,5Ghz // Epox 9NPA+ // 512 MB Geil // XFX 6600 // Bara 120gb + WD 40gb // Chieftek 360W |
08.09.2007., 19:31 | #106 |
---
Datum registracije: May 2007
Lokacija: -
Postovi: 527
|
evo, ovako, briši ovo: O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file) e, sada...ne znam što je ovo tj. neznam treba li se to brisat: O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFD692C-E9A3-44D0-BEE3-266B1C752E17}: NameServer = 85.94.64.11 85.94.64.10 O21 - SSODL: msmhost - {F39759B3-D9EF-4CEF-9953-472C38E52777} - C:\WINDOWS\msmhost.dll O21 - SSODL: msmdev - {656721E8-5CC6-4A4D-8707-F60825A4CB92} - C:\WINDOWS\msmdev.dll neka netko provjeri ove za koje ne znam što su |
09.09.2007., 05:05 | #107 |
Od nonine sestre kunjado
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,130
|
017 pusti ,, a 021 možeš brisat oba dva,,to su BadGuy-si : Postoji "alatka" koja se pokazala dobra za ROUGE infekcije. Rouge remover Pazi : taj FIX vrijedi samo za tu vrstu infekcije Evo uputa : Please put RogueRemover in it's own folder, (I create a new folder in C:\ named RogueRemover). You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder RogueRemover. Go to where your RogueRemover.zip is and Right Click on RogueRemover.zip, select Cut, then open the new folder you just created (RogueRemove) Right Click in the folder and select paste. Double click on the file named RogueRemover.zip and unzip it to C:\RogueRemover Double click on the file named RogueRemover.exe and select Scan. The program will walk you through the remaining steps. |
09.09.2007., 10:28 | #109 |
Premium
Datum registracije: Dec 2005
Lokacija: Zagreb
Postovi: 141
|
puno vam hvala ali iso sam bas na stranu spywera sazno kak se zove i na 04 mi se pojavio bas taj program njega sam zbriso i sve je OK puno hvala na pomoci. Htio postaviti samo jos jedno pitanje na stranici tog spywera pise da je najboji nacin za micanje njega preko XoftspySE ja taj program imam ali ga nije mogao naci to ne kuzim, full je update-an ali ga nije mogo nac samo hijak tako da se slazem sa stormbreaker-om
__________________
A64 3000+@2,5Ghz // Epox 9NPA+ // 512 MB Geil // XFX 6600 // Bara 120gb + WD 40gb // Chieftek 360W |
09.09.2007., 12:15 | #110 |
Adrenaline junkie
Datum registracije: Apr 2006
Lokacija: Doboj - Banja Luka / Republika Srpska
Postovi: 3,582
|
Ajde ako naleti neko kome nije mrsko pregeldati ovaj "mali" log neka da koji komentar sta brisati,... Log je stavljen u attachment zbog velicine (zauzimao je tri posta zbog broja karaktera ). hijackthis.txt
__________________
Lenovo ThinkPad W530 - Core i7 3840QM, 32 GB RAM, SSD Samsung 512 GB, nVidia Quadro K1000M 2 GB, 15.6" 1920x1080 IPS, baterija 9 ćelija Zadnje izmijenjeno od: Milentije. 09.09.2007. u 12:35. |
09.09.2007., 15:01 | #111 |
Od nonine sestre kunjado
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,130
|
U to nitko ne sumnja....... Ali moraš gledati te stvari sa druge perspektive,,grizli je imao sreću da mogao maknut sa HJT-om,,,koji mu je izbrisao Startup tog s**nja iz registry-a.. To je sitnica,,,,koja se kao prvo niti nije vidjela u logu pod 04 entry-a. Želim samo reći da HJT koristi kod takvih "sitnica",, a što da je bila neka infekcija recimo kao : about blank 1/3 ili 2/4,,,ili PEPPER,,,ili LOOK 2 ME ili nedajbože LOP,,Vuno, Virtmunde,Navipromo Rootkit......i sto soma drugih koje HJT vidi ali trebaju posebni alati i načini lječenja tih infekcija.... Nitko ne sumnja u HJT,ali mora nam bit jasno da njega treba znat čitat i prepoznat razno-razne infekcije po njegovim stavkama........ |
09.09.2007., 19:00 | #113 |
---
Datum registracije: May 2007
Lokacija: -
Postovi: 527
|
|
09.09.2007., 19:25 | #114 |
Od nonine sestre kunjado
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,130
|
Upravo tako,,lako je kopirat log pejstat u analyze field,click na analyze i brisat X-eve i upitnike ,a što ustvari to znači za komp i za net ????? Evo samo jednog primjera LOP-infekcije koja dolazi sa instalacijom Messengera plus... Zahvača R1 , 02 i 04 sekcije ,,znači usmjerava te na stranicu koju želi(R1),,,,,,,dodaje razne Browser Helper Objecte u naš Browser (02),,,,i pokreće programe ili aplikacije koje sam stvori ili koje zove preko neta(04).. Sad....lako je stavit kvačicu na to i fix,,,ali stvar je u tome da onaj tko stvarno zna čitat log ZNA da ta infekcija dolazi sa tim programom i da mora maknut : R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fmgdfrbbwolkcsujdqsdmg.ne...pa6xDG9BI4.cgi R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cenzunjgsodceudthxojah.ne...tu_Am/mGG.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anhmrajywkhelucsdxto.net/...QLkDVwAM2Q.php O2 - BHO: (no name) - {19B89A8F-57A9-5E97-9B02-F2CA701ED8DE} - C:\DOCUME~1\Owner\APPLIC~1\SIXTHD~1\Bold okay.exe O2 - BHO: (no name) - {E0F2DF9F-B79F-15E0-FBFE-402D1D7D3EE1} - C:\DOCUME~1\Dad\APPLIC~1\LICENS~1\First Drv.exe O2 - BHO: (no name) - {D74EAF21-F030-988F-6324-4BB6FA9B03D2} - C:\DOCUME~1\DON\APPLIC~1\WINSTO~1\TransPlay.exe O4 - HKLM\..\Run: [skip stupid audio free] C:\Documents and Settings\All Users\Application Data\bows corn skip stupid\pokeadmin.exe O4 - HKCU\..\Run: [objloud] C:\DOCUME~1\Dad\APPLIC~1\MOVEAT~1\coalheart.exe O4 - HKLM\..\Run: [burn owns bags corn] C:\Documents and Settings\All Users\Application Data\ItchWinBurnOwns\Heck Setup.exe O4 - HKLM\..\Run: [GridShimInterMath] C:\Documents and Settings\All Users\Application Data\downloadgluegridshim\onestyle.exe I onda slijedi : Fix You have a LOP infection that often comes together with Messenger Plus. To remove it we will try the simple way first. 1. Go to Add/Remove programs. Double click on "Messenger Plus!" (or click on Remove) 2. The "Messenger Plus! - Setup" is now displayed. Click on the Uninstall button. Note: options displayed on the first screen are not related to the sponsor program. 3. The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, press Uninstall. 4. If you entered the code properly, the program will ask you to confirm that you want to uninstall. You must answer "Yes" to this question, else, you won't have another chance of uninstalling. 5. To complete the uninstallation, follow the instructions that are displayed (the first one is to close all your Internet Explorer windows, that's very important). When everything is complete, restart your computer and, hopefully voila one nasty infection is gone. Jer bez deinstalacije Mess.plus Infekcija se vrača za pol sata neta. Eto...a takvih stvari ima mali milion,,,,,,,Dobro je dok su to sitnice....... |
09.09.2007., 22:32 | #116 |
Od nonine sestre kunjado
Datum registracije: Dec 2006
Lokacija: (Vinjro)
Postovi: 1,130
|
|
24.09.2007., 15:36 | #118 |
Registered User
Datum registracije: Jul 2007
Lokacija: Neverland
Postovi: 2
|
Cini mi se da mi je komp hakiran, pa molim, ako imate vremena da pogledate moj log sta da brisem Logfile of HijackThis v1.99.1 Scan saved at 21:25:23, on 23.9.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Unaprijed hvala! |
24.09.2007., 16:31 | #120 |
Registered User
Datum registracije: Jul 2007
Lokacija: Neverland
Postovi: 2
|
puno hvala brzi ste |
|
|
Oglas
|
|
Uređivanje | |
|
|