manji kapital -

Magazine
Go Back   Computer soka > Computer Software > Virus, Spyware i sigurnost
Reload this Page

HJT log

Registracija Mapa Spy Member List Donacije Pretraživanje Today's Posts Označi Sve Forume Kao Pročitane Forum Rules

Register


 Default 

HJT log




Reply
Stranica 1 od 2 1 2
 
Thread Tools
  #1  
Old 6. studeni 2008, 14:34
Donatorska Grupa
  
Default HJT log

Hej Evil, duga priča kratko, ja f'ed moje drugom računalu za malo i sam koristeći moj stari. JA pravedan ran HJT jedan zapisnik o tom jednom i htjela biti sigurni da je svjež. To je bio spybot'ed. Ja sam u štetni sadržaj U i naravno sada radiš moj prvi PL, stoga nemojte mi reći što je bilo koji od procesi ili ću dobiti šutirali lol, ali sam željela znati ako ovaj računalo je dobro.

Trebala bih to učinio prije nego što sam otišao tamo na ovom stroju, ali sam zaboravio. Hvala.

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 4:29:12 Na 11/6/2008
Platforma: Windows XP SP3 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe
C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Windows \ System32 \ CTXFISPI.EXE
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ WINDOWS \ system32 \ CTXFIHLP.EXE
C: \ WINDOWS \ CTHELPER.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ MOM.exe
C: \ programa ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ gumicu \ eraser.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ programa ~ 1 \ Yahoo! \ Messen ~ 1 \ ymsgr_tray.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ ccc.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ Bin \ hpoSTS08.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Windows Internet Explorer koje Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn1 \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn1 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn1 \ yt.dll
O4 - HKLM \ .. \ Run: [AudioDrvEmulator] "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" -1 AudioDrvEmulator "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ Audio emulator \ AudDrvEm.dll "
O4 - HKLM \ .. \ Run: [VolPanel] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" / r
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [LiveUpdate] C: \ Program Files \ Byteswarm \ LiveUpdate \ LiveUpdate.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM \ .. \ Run: [CTHelper] CTHELPER.EXE
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [BuildBU] c: \ Dell \ bldbubg.exe
O4 - HKLM \ .. \ Run: [ATICustomerCare] "C: \ Program Files \ ATI \ ATICustomerCare \ ATICustomerCare.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Statični \ CLIStart.exe" MSRun
O4 - HKLM \ .. \ Run: [vptray] C: \ programa ~ 1 \ SYMANT ~ 1 \ \ vptray.exe
O4 - HKCU \ .. \ Run: [Creative Detektor] C: \ Program Files \ Creative \ MediaSource \ Detektor \ CTDetect.exe / R
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ programa ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE"-quiet
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [gumicu] C: \ Program Files \ gumicu \-hide eraser.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - Global Startup: HP PSC 1000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O8 - Extra kontekst meni stavka: & Yahoo! Search - file: / / / C: \ Program Files \ Yahoo! \ Common / ycsrch.htm
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra kontekst meni stavka: Yahoo! & Dictionary - file: / / / C: \ Program Files \ Yahoo! \ Common / ycdict.htm
O8 - Extra kontekst meni stavka: Yahoo! & Maps - file: / / / C: \ Program Files \ Yahoo! \ Common / ycdict.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (31E68DE2-5548-4B23-88F0-C51E6A0F695E) (Microsoft njuškalo PID) -- https: / / support.microsoft.com / OAS / ActiveX / odc.cab
O16 - DPF: (3E68E405-C6DE-49FF-83AE-41EE9F4C36CE) --
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1104017934731
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1120930322252
O16 - DPF: (CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA) (Java Plug-in 1.5.0_06) --
O16 - DPF: (CE8267C2-D41A-4A50-A69D-F32B5C289F14) --
O16 - DPF: (F6ACF75C-C32C-447B-9BEF-46B766368D29) (Creative Software automatskog Support Package) -- http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O17 - HKLM \ System \ CS1 \ Services \ TCPIP \ Parameters: SearchList = cc.emory.edu, service.emory.edu, emory.edu
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ Parameters: SearchList = cc.emory.edu, service.emory.edu, emory.edu
O23 - Service: ati brza tipka Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown vlasnika - C: \ Windows \ System32 \ ati2sgag.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Unknown vlasnika - C: \ WINDOWS \ system32 \ basfipm.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Servis za CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Sony SPTI Servis za DVE (ICDSPTSV) - Sony Corporation - C: \ Windows \ System32 \ IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ programa ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: PnkBstrA - Unknown vlasnika - C: \ WINDOWS \ system32 \ PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe

--
End of file - 11075 bytes
  #2  
Old 6. studeni 2008, 15:32
Štetni sadržaj grupe
  
Default HJT log

Budući da su sada počinju učiti o zlonamjernih programa, neka me pita vas - da li vi misliti ovaj log se čisti?
__________________

My System: To je sve moje ...

Procesor (i):
C2D E6750 2.66Ghz
Matične ploče:
Gigabajt P35C-DS3R
RAM memorija:
2 x 1GB gusar DDR2 XMS2 PC26400
Grafička kartica (e):
GeForce 8600GT
Sound Card:
Creative X-Fi
Tvrdi disk (i):
Maxtor 320Gb
Optički pogon (e):
Pioneer DVD-RW
Case / PSU:
Antec 900 / Antec TruPower Trio 650
Hlađenje:
Razne Antec + Zalman 92mm
Network / Internet:
ASUS Router / VirginMedia
Monitor (e):
LGL226WQ 22 "Široki zaslon
Operacijski sustav (e):
XP Pro SP3
  #3  
Old 6. studeni 2008, 16:02
Donatorska Grupa
  
Default HJT log

Moj jaganjčevu pravedan je dobio fiksni, ja ću se vratiti k vama u oko 15 minuta mog prijatelja nakon što jesti dok je topla.
  #4  
Old 6. studeni 2008, 16:36
Donatorska Grupa
  
Default HJT log

Ok žao. Da mislim da je čista, ali ne zato što sam još kao trag za ono što sam pokušava učiniti. Mislim da sam prilično darn practised dobar računalnu sigurnost na ovo sam dobio od nje. Imam pokrenuti Spybot i komercijalni inačici Symantec (za razliku od potrošačke verziju ili besplatnu verziju) na to sam dobio od nje. JA iskorišten za korištenje zone alarm kao vatrozid i moje su bile pristojne na vrijeme.

Iako mislim da nisam updated Java u oko 6 mjeseci ili tako da je ranjivost postoji. JA isto tako je mogao dobiti u uredu za instaliranje ažuriranja za gotovo godinu dana, dakle drugih mogućih propusta. Kada je moj novi kompjuter siđe (lol ja proliven neke pivo na nju, dok je danas težak da biste dobili moj prvi učinio PL) sam morao koristiti ovaj. I sjetio sam se da ne treba koristiti računalo na kojem nisu bili čisti za trening pa sam išla HJT na ovoj.

Nemojte mi reci molim, išta o mojoj proces log. Ja sam to učiniti i ja ću ga. Ja samo želim biti siguran da sam ja u skladu s štetni sadržaji U politike o čista računalo. Mislim, možda sam trebala biti objavljena ovaj postoji, ali ja dolazim kao i povjerenje Zlo, i na koliko ti, (nisam vam pročitati što je češće Evil). Sviđa mi se činjenica koju testiramo mene, ali ja sam tek nova u ovome pa da ja ne mogu dati odgovore definative. Pitaj me za mjesec dana lol. I hvala.

EDIT ću ipak postaviti pitanje. Kada sam se HJT na računalu oboren je samo pokazao 10 procesima. To se nije činilo mi se pravo pa sam otvorio Windows zadaća voditelj. Sigurno je bilo dovoljno 64 procesi prikazuju prema tome. Zašto je ogromna razlika?
  #5  
Old 6. studeni 2008, 16:48
Štetni sadržaj grupe
  
Default HJT log

Ne brini, neću ti reći bilo koji odgovore. Ako sam to, što bi bila točka Vašeg trening? Nećete saznali sa mnom vam odgovora - vas naučiti čineći pogreške. Ja bi se ova jasna svima pridružio polaznika Akademije gdje učim za uklanjanje zlonamjernih programa.

Ja ću ti reći da, na osnovu zapisnika vas postavljene, da stroj, kako se čini čist. Nešto se ipak imati na umu - HJT je koristan polazna točka za gledanjem na PC - ne, međutim, dati vam punu priču. To je nešto naučit ćete tijekom vremena.

U odgovoru na Vaše pitanje o procesima, let's start na početku - što je točno HJT? Što to radim?

Ovo je vrijeme za krevet, ali ja ću uzeti ovo se opet sutra.
  #6  
Old 6. studeni 2008, 17:10
Donatorska Grupa
  
Default HJT log

Puno hvala Bro. Cijenim pomoć. Svoj 'izbirljiv to imati nekog "izvana" resurs koji mogu uletjeti misli isključivanje bez brige o vama daje mi odgovore. Ako sam korak iznad linije znam ni vi ili Zlo će mi reći.

EDIT: Ja ću to učiniti procesa s ovog računala, a ne drugi. Tother pojedinac je previše lako. Znao sam na prvi pogled ono alen one bile. imam za istraživanje one od ove.
  #7  
Old 6. studeni 2008, 17:42
Moderator / ica grupe
  
Default HJT log

To je za mene isto tako osvježavajuće vlasništvo Glaswegian dati svoju pregleda. To je dobro imati ulaz iz više od jednog izvora.
__________________
  #8  
Old 6. studeni 2008, 18:58
Donatorska Grupa
  
Default HJT log

Tako da sam okrenuo moj "novi" natrag na računalo. Evo HJT log. Pogledajte procesi ipak? To pokazuje 10, a moj zadatak manager pokazuje 64. Što je s tim? 10 koji su showinfg ja ne moram znati što znaju što su. Također znam i sve ostalo je čista.

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljen u 1:19:15 Na 11/6/2008
Platforma: Windows Vista SP1 (Winnt 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Pokretanje procesa:
C: \ Program Files (x86) \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files (x86) \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files (x86) \ BillP Studios \ WinPatrol \ WinPatrol.exe
C: \ Program Files (x86) \ Razer \ Lachesis \ razerhid.exe
C: \ Program Files (x86) \ Razer \ Lachesis \ OSD.exe
C: \ Program Files \ Logitech \ GamePanel Software \ LCD Manager \ appleta \ LCDMedia.exe
C: \ Program Files (x86) \ Razer \ Lachesis \ razertra.exe
C: \ Program Files (x86) \ Razer \ Lachesis \ razerofa.exe
C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe
C: \ Program Files (x86) \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files (x86) \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
F2 - REG: SYSTEM.INI: UserInit = userinit.exe
O1 - Hosts::: 1 localhost
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files (x86) \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files (x86) \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 2 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files (x86) \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7DB2D5A0-7241-4E79-B68D-6309F01C5231) - (no file)
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files (x86) \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [JMB36X IDE Setup] C: \ Windows \ RaidTool \ xInsIDE.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files (x86) \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files (x86) \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [WinPatrol] "C: \ Program Files (x86) \ BillP Studios \ WinPatrol \ winpatrol.exe"-expressboot
O4 - HKLM \ .. \ Run: [Lachesis] "C: \ Program Files (x86) \ Razer \ Lachesis \ razerhid.exe"
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [NVIDIA nTune] "C: \ Program Files (x86) \ NVIDIA Corporation \ nTune \ nTuneCmd.exe" resetprofile
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files (x86) \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files (x86) \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [gumicu] C: \ Program Files \ gumicu \-hide eraser.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [DelayShred] c: \ programa ~ 2 \ McAfee \ mshr \ ShrCL.EXE / P7 / q C: \ Users \ Bill \ AppData \ Local \ MICROS ~ 1 \ Windows \ Tempo R ~ 1 \ Content.IE5 \ RAH40RDV \ V_1_ ~ 1.SH! (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [DelayShred] c: \ programa ~ 2 \ McAfee \ mshr \ ShrCL.EXE / P7 / q C: \ Users \ Bill \ AppData \ Local \ MICROS ~ 1 \ Windows \ Tempo R ~ 1 \ Content.IE5 \ RAH40RDV \ V_1_ ~ 1.SH! (User 'Default user')
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 2 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ programa ~ 2 \ Java \ JRE16 ~ 2.0_0 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ programa ~ 2 \ Java \ JRE16 ~ 2.0_0 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 2 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & kraj OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 2 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 2 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 2 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 2 \ Spybot ~ 1 \ SDHelper.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O13 - smolastoga Prefiks:
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs: C: \ Windows \ SysWOW64 \ guard32.dll
O23 - Service: @% SystemRoot% \ system32 \ Alg.exe, -112 (ALG) - Unknown vlasnika - C: \ Windows \ System32 \ alg.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown vlasnika - C: \ Program Files \ COMODO \ COMODO Internet Security \ cmdagent.exe
O23 - Service: @ dfsrres.dll, -101 (DFSR) - Unknown vlasnika - C: \ Windows \ system32 \ DFSR.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ fxsresm.dll, -118 (Fax) - Unknown vlasnika - C: \ Windows \ system32 \ fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (iam) - Unknown vlasnika - C: \ Program Files \ NVIDIA Corporation \ NetworkAccessManager \ bin32 \ nSvcAppFlt. exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files (x86) \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: @ keyiso.dll, -100 (KeyIso) - Unknown vlasnika - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @ comres.dll, -2797 (MSDTC) - Unknown vlasnika - C: \ Windows \ System32 \ msdtc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ netlogon.dll, -102 (Netlogon) - Unknown vlasnika - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: ForceWare IP usluga (nSvcIp) - Unknown vlasnika - C: \ Program Files \ NVIDIA Corporation \ NetworkAccessManager \ bin32 \ nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown vlasnika - C: \ Windows \ system32 \ nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown vlasnika - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: @% SystemRoot% \ System32 \ psbase.dll, -300 (ProtectedStorage) - Unknown vlasnika - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ Locator.exe, -2 (RpcLocator) - Unknown vlasnika - C: \ Windows \ system32 \ locator.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ samsrv.dll, -1 (SamSs) - Unknown vlasnika - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd - C: \ Program Files (x86) \ Spybot - Search & Destroy \ SDWinSec.exe
O23 - Service: @% SystemRoot% \ system32 \ SLsvc.exe, -101 (slsvc) - Unknown vlasnika - C: \ Windows \ system32 \ SLsvc.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ snmptrap.exe, -3 (SNMPTRAP) - Unknown vlasnika - C: \ Windows \ System32 \ snmptrap.exe (file missing)
O23 - Service: @% systemroot% \ system32 \ spoolsv.exe, -1 (red čekanja) - Unknown vlasnika - C: \ Windows \ System32 \ spoolsv.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ ui0detect.exe, -101 (UI0Detect) - Unknown vlasnika - C: \ Windows \ system32 \ UI0Detect.exe (file missing)
O23 - Service: @% SystemRoot% \ system32 \ vds.exe, -100 (vds) - Unknown vlasnika - C: \ Windows \ System32 \ vds.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ vssvc.exe, -102 (VSS) - Unknown vlasnika - C: \ Windows \ system32 \ vssvc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ wbengine.exe, -104 (wbengine) - Unknown vlasnika - C: \ Windows \ system32 \ wbengine.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ wbem \ wmiapsrv.exe, -110 (wmiApSrv) - Unknown vlasnika - C: \ Windows \ system32 \ wbem \ WmiApSrv.exe (file missing)
O23 - Service: @% ProgramFiles% \ Windows Media Player \ wmpnetwk.exe, -101 (WMPNetworkSvc) - Unknown vlasnika - C: \ Program Files (x86) \ Windows Media Player \ wmpnetwk.exe (file missing)

--
End of file - 9203 bytes
  #9  
Old 7. studenog 2008, 12:05
Štetni sadržaj grupe
  
Default HJT log

Niste odgovorili na dva pitanja pitao sam ranije o HJT - odgovore oni će vam pomoći da razumijete ono što tražite u zapisnik.
  #10  
Old 7. studenog 2008, 13:26
Donatorska Grupa
  
Default HJT log

Nažalost, nisam imala odgovor onda sam gledati ga i tukli ga u mom mozgu.

HJT je uslužni program koji se koriste kako bi se identificirali štetnih sadržaja. To izaziva unos posebnih postavki naći na pojedince računalo. Ona skenira registry i druge datoteke (ne znam koje druge još nisam počela) u llok za prijave slične onima spyware programa ili kidnaper bi ostaviti iza sebe. Budući da legitimne programe ostavite ponekad iste stvari ostaviti iza sebe, imam za naučiti razliku.
Reply
Stranica 1 od 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer soka.
Kontakt -- Privatnost -- Sitemap -- Vrh

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO by vBSEO © 2009, Crawlability, Inc