HijackThis - How To + logovi

[Stormbreaker]

ovdje si možete provjeriti svoj log:

http://www.hijackthis.de/

[Joke]

Stormbreaker to je vec napisano na pocetku ove teme pogledaj prvu stranicu drugi post od Coste...

[Stormbreaker]

Citiraj:

Autor Olymp

Stormbreaker to je vec napisano na pocetku ove teme pogledaj prvu stranicu drugi post od Coste...

aha, sorry, nisam vidio...

[Mr.Black]

Logfile of HijackThis v1.99.1
Scan saved at 17:54:18, on 29.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Security Tools\iesmn.exe
C:\Program Files\Security Tools\imsmain.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
D:\Eset\nod32kui.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Security Tools\imsmn.exe
C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.exe
C:\Program Files\Security Tools\iesmin.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
d:\Eset\nod32krn.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\tHe OnO\Desktop\HijackThis.exe

O2 - BHO: (no name) - {5DDE5591-A8AB-4897-93EF-1E4E943F85A7} - C:\Program Files\Security Tools\iesplg.dll
O2 - BHO: Editor plugin - {9AEE9C0D-FD38-45fc-B09A-BA9B6B614780} - barka.dll (file missing)
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c00990E9.dat
O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - C:\Program Files\Security Tools\iesbpl.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\Customizer XP\RAM_2K.exe
O4 - HKLM\..\Run: [nod32kui] d:\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [VirusProtectPro 3.7] "C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.exe" /h
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c005D552.dat
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - d:\Eset\nod32krn.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)

Kaj izbrisati??

[WichitaQ]

taj virusprotectpro ti je virus....briši :

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe
i sve sa tim virusprotectpro...

edit : a i ovo mi je sumnjivo :
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c00990E9.dat

[Mr.Black]

Izbrisao sam ovo navedeno, ali nije to to...ovak dolje ikona me muči u trayu, evo slike kod otvaranja browsera...

http://www.imagesforme.com/images/3779bezimena.JPG

isprika moderatorima kaj nisam stavil u "Hijackthis - how to"

[Mr.Black]

pošto je to komp kod starog u školi i služi profesorima za surfanje, problem sam riješio pomoću system restora, još jedanput ispirka kaj nisam postao u određeni topic...

[nano]

ljudi,ovako...problemcic kod mene je u tome sto mi se dosta cesto,nadasve je to islo preko IE7 al ni preko foxa nije puno rijedje...da mi se recimo explorer hoce konektirati preko na net,pa ak imam upaljen msn..hoce preko njega, il preko IE7 kojeg sam maknuo pa stavio foxa, pa hoce preko foxa, pa preko antivra...sva moguca cudesa koristi da se spoji na net, ja ga redovito comodom blokiram, al onda nemam koncekcije na net, pa moram srusit firefiox pa ga ponovo dignut da bih dobio vezu i tako stalno....kak da to iskljucim? jos da su mi windiwsi na engleskom, nekako bih i znao...valjda..al na njemackom...nemam blage veze sa vezom...ne kontam njemacki..
ne znam sta vam od sveg ovog trebam postat:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [emMON] emMON.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programme\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EMmon.lnk = ?
O4 - Global Startup: Remote Control.lnk = C:\Programme\KWorld Multimedia\PVR-TV 300U Utilities\EMRCtl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C40D273-235F-4A81-93C7-4F01FAF679D1}: NameServer = 62.104.191.241 62.104.196.134
O22 - SharedTaskScheduler: arachnodacty - {80ced3d6-ece9-48ba-8df8-2503d8d87c2b} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programme\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programme\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Joke]

Evo ovo možeš maknit
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [emMON] emMON.exe
O22 - SharedTaskScheduler: arachnodacty - {80ced3d6-ece9-48ba-8df8-2503d8d87c2b} - (no file)

[nano]

maknuto, al tuneup sa tuneup 1 clicn maintenance sam maknuo,korigirao kaj znam, dosta problema----no, kako da se rijesim tih problema....sto mi se hoce spajat na net preko globalne kuke...explorer, folder lock, babilon sam imao pa sam ga maknuo, sa njim je sve pocelo, mislim on mi je prvi poceo koristit globalnu kuku da se spaja na net, ak blokiram, ode veza, pa moram ponovo...imal nacina da se to makne nekako...da ne moram stalnu rusiti firefox

[elo]

Molio bih da mi netko kaze kaj da maknem....HVALA

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:20, on 31.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: andr - {3162ba5b-4f2d-40c5-8fb6-36c6a0d639e6} - C:\WINDOWS\system32\duznhje.dll (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4639 bytes

[Stormbreaker]

mislim da ne trebaš ništa makniti....osim jedino ovoga:

O22 - SharedTaskScheduler: andr - {3162ba5b-4f2d-40c5-8fb6-36c6a0d639e6} - C:\WINDOWS\system32\duznhje.dll (file missing)

ali bolje da ništa ne diraš jer ti to nije prijetnja

kažem, nemoj ništa micati dok još netko ne pregleda

[domy_os]

Stormbreaker, budi dobar pa makni taj sig i pročitaj pravila.

http://forum.pcekspert.com/faq.php

[Stormbreaker]

evo, maknio sam...

[grizli]

poludit cu sisterki dao kom i našla rouge antyspywere i nemogu ga maknut


Logfile of HijackThis v1.99.1
Scan saved at 19:20:10, on 8.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
H:\Documents and Settings\Segal\My Documents\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{51848130-9430-43FC-AA25-F50EFD4C5152}: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A918F98-BEBA-4150-8B5E-0DA65D0440EE}: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{653CA7F9-6460-4D1C-9C5A-0E6ACF9693F9}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AC7542C-9AFD-417B-B19D-C3F3FBF5ED2B}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFD692C-E9A3-44D0-BEE3-266B1C752E17}: NameServer = 85.94.64.11 85.94.64.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)
O21 - SSODL: msmhost - {F39759B3-D9EF-4CEF-9953-472C38E52777} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {656721E8-5CC6-4A4D-8707-F60825A4CB92} - C:\WINDOWS\msmdev.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

[Stormbreaker]

evo, ovako, briši ovo:

O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll

O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll

O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - (no file)


e, sada...ne znam što je ovo tj. neznam treba li se to brisat:

O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFD692C-E9A3-44D0-BEE3-266B1C752E17}: NameServer = 85.94.64.11 85.94.64.10

O21 - SSODL: msmhost - {F39759B3-D9EF-4CEF-9953-472C38E52777} - C:\WINDOWS\msmhost.dll

O21 - SSODL: msmdev - {656721E8-5CC6-4A4D-8707-F60825A4CB92} - C:\WINDOWS\msmdev.dll

neka netko provjeri ove za koje ne znam što su

[greenfly]

017 pusti ,, a 021 možeš brisat oba dva,,to su BadGuy-si :



Postoji "alatka" koja se pokazala dobra za ROUGE infekcije.

Rouge remover Pazi : taj FIX vrijedi samo za tu vrstu infekcije

Evo uputa :

Please put RogueRemover in it's own folder, (I create a new folder in C:\ named RogueRemover).
You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder RogueRemover.

Go to where your RogueRemover.zip is and Right Click on RogueRemover.zip, select Cut, then open the new folder you just created (RogueRemove) Right Click in the folder and select paste.

Double click on the file named RogueRemover.zip and unzip it to C:\RogueRemover

Double click on the file named RogueRemover.exe and select Scan.
The program will walk you through the remaining steps.

[Stormbreaker]

svejedno je hijackthis najbolji