HJT Prisijungti

**Bubba** · #1 Lapkritis 6, 2008, 14:34

Ei blogis, Trumpai tariant, aš f'ed iki kitų savo kompiuteryje, truputį ir naudoju savo senąjį. I just ran HJT Prisijungti šis vienas ir norėjome būti tikri, kad buvo cool. Tai buvo spybot'ed. I'm in kenkėjiškų U žinoma, dabar ir daro mano pirmasis PL, so don't tell me, kas nors procesai ar aš gausiu spirti lol, bet aš norėjau sužinoti, ar kompiuteris buvo gera.

I should have done this before I nuvyko ten ši mašina, bet aš pamiršau. Ačiū.

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 4:29:12 dėl 11/6/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Creative \ Bendri failai \ module loader \ DLLML.exe
C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ WINDOWS \ SYSTEM32 \ CTXFISPI.EXE
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ WINDOWS \ system32 \ CTXFIHLP.EXE
C: \ WINDOWS \ CTHELPER.EXE
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ Eraser \ eraser.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ymsgr_tray.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoSTS08.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = "Windows Internet Explorer" pateikė "Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ cpn1 \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ cpn1 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ cpn1 \ yt.dll
O4 - HKLM \ .. \ Run: [AudioDrvEmulator] "C: \ Program Files \ Creative \ Bendri failai \ module loader \ DLLML.exe" -1 AudioDrvEmulator "C: \ Program Files \ Creative \ Bendri failai \ module loader \ audio emuliatorius \ AudDrvEm.dll "
O4 - HKLM \ .. \ Run: [VolPanel] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" / R
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / R
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [LIVEUPDATE] C: \ Program Files \ Byteswarm \ LIVEUPDATE \ LiveUpdate.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM \ .. \ Run: [CTHelper] CTHELPER.EXE
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe"
O4 - HKLM \ .. \ Run: [BuildBU] C: \ dell \ bldbubg.exe
O4 - HKLM \ .. \ Run: [ATICustomerCare] "C: \ Program Files \ ATI \ ATICustomerCare \ ATICustomerCare.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" MSRun
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ \ vptray.exe
O4 - HKCU \ .. \ Run: [Creative Detector] C: \ Program Files \ Creative \ MediaSource \ detektorius \ CTDetect.exe / R
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE"-tyliai
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [Eraser] C: \ Program Files \ Eraser \ eraser.exe-hide
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - Global Startup: HP PSC 1.000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O8 - Extra kontekstinio meniu punktą: & Yahoo! Search - file: / / / C: \ Program Files \ Yahoo! \ Common / ycsrch.htm
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra kontekstinio meniu punktą: Yahoo! & Dictionary - file: / / / C: \ Program Files \ Yahoo! \ Common / ycdict.htm
O8 - Extra kontekstinio meniu punktą: Yahoo! & Maps - file: / / / C: \ Program Files \ Yahoo! \ Common / ycdict.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (31E68DE2-5548-4B23-88F0-C51E6A0F695E) (Microsoft PID Sniffer) -- https: / / support.microsoft.com / OAS / ActiveX / odc.cab
O16 - DPF: (3E68E405-C6DE-49FF-83AE-41EE9F4C36CE) --
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klasė) -- http://v5.windowsupdate.microsoft.co...?1104017934731
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasė) -- http://update.microsoft.com/microsof...?1120930322252
O16 - DPF: (CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA) (Java Plug-in 1.5.0_06) --
O16 - DPF: (CE8267C2-D41A-4A50-A69D-F32B5C289F14) --
O16 - DPF: (F6ACF75C-C32C-447B-9BEF-46B766368D29) (Creative Software AutoUpdate Support Package) -- http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
Ø17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: SearchList = cc.emory.edu, service.emory.edu, emory.edu
Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: SearchList = cc.emory.edu, service.emory.edu, emory.edu
O23 - Service: ATI HotKey Rinkėjas - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ SYSTEM32 \ ati2sgag.exe
O23 - Service: Broadcom ASF IP stebėjimo tarnyba v6.0.4 (BAsfIpM) - Unknown owner - C: \ WINDOWS \ system32 \ basfipm.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ system32 \ CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Sony SPTI tarnyba DVE (ICDSPTSV) - "Sony Corporation - C: \ WINDOWS \ SYSTEM32 \ IcdSptSv.exe
O23 - Service: InstallDriver lentelė Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: LIVEUPDATE - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe

--
End of file - 11.075 baitų

**Gimęs Glazgas** · #2 Lapkritis 6, 2008, 15:32

Kadangi jūs dabar pradeda mokytis apie kenkėjiškų programų, leiskite paklausti - ar manote, kad šis žurnalas yra švarus?

**Bubba** · #3 Lapkritis 6, 2008, 16:02

Mano vakarienė just got fiksuoto, aš su Jumis apie 15 minučių, mano draugas po to, kai aš jį valgyti, kol ji yra karšta.

**Bubba** · #4 Lapkritis 6, 2008, 16:36

Ok sorry. Yeah I think it's švarus, bet ne todėl, kad turiu clue dar, ką aš bandau padaryti. Manau, kad daroma pretty darn gero kompiuterinio saugumo šis dalykas, nes aš jį. Turiu paleisti Spybot ir komercinė versija Symantec (o ne vartotojui versija arba nemokama versija) apie tai, nes aš jį. I used to naudoti "Zone Alarm", kaip mano firewall ir jie buvo padorus metu.

Galvoju, kad nors aš ne atnaujinta Java apie 6 mėnesius ir taip yra pažeidžiamumas egzistuoja. Aš taip pat negalėjo gauti Office "naujinimus įdiegti beveik metus, taigi kitas galimas silpnąsias vietas. Kai mano naujas kompiuteris sumažėjo (Will I išsiliejo kai alaus šiandien nors bando gauti savo pirmąjį PL padaryta) man teko naudoti vieną. Prisiminiau, kad aš ne Numatomos naudoti kompiuterį, kuris nebuvo švarus mokymą, Išbėgau HJT apie šį vieną.

Don't tell me please, nieko apie mano procesą prisijunkite. aš turiu padaryti, kad aš, ir aš tai padaryti. Aš tik noriu būti tikras, kad esu laikantis kenkėjiškų U politiką švarią kompiuterio. Manau gal turėtų būti paskelbtas šis ten, bet aš atėjau, kaip ir pasitikėjimo blogis, ir tiek, kiek jums (aš ne taip jums taip dažnai, kaip Evil). Man patinka tai, jūs bandymai mane, bet aš tiesiog taip nauja šioje kad aš negaliu duoti jokių definative atsakymus. Paklauskite manęs mėnuo lol. Ir ačiū.

EDIT: Aš tačiau užduoti klausimą. Kai aš ant downed kompiuterį jis tik parodė 10 procesai HJT. Kad neatrodė teisę į mane, kad aš atvėrė Windows Task Manager. Be abejo buvo 64 procesai veikia pagal tai. Kodėl didžiulis skirtumas?

**Gimęs Glazgas** · #5 Lapkritis 6, 2008, 16:48

Don't worry, I won't tell you jokių atsakymų. Jeigu aš, kad kas būtų jūsų mokymo prasmė? Jums nereikės mokytis man sakau jums atsakyti - jums išmokti daryti klaidas. Aš tai aiškiai pasakyti, kad visi studentai, jungiančia akademijoje, kur aš studijuoju kenkėjiškų programų pašalinimas.

Aš jums pasakysiu, kad, remiantis Prisijungti parašėte, kad aparatas atrodo švarus. Kažkas prisiminti nors - HJT yra naudinga pradėti tašką žiūri į PC - jis neturi, tačiau suteikia jums visą istoriją. Tai yra tai, ką jūs išmoksite laikui bėgant.

Atsakant į jūsų klausimą apie procesus, Pradėkime nuo pat pradžių - kas tiksliai yra HJT? Ką jis daro?

It's time for bed čia, o aš paimsiu tai iki rytojaus.

**Bubba** · #6 Lapkritis 6, 2008, 17:10

Thanks a lot Bro. I appreciate the help. It's nice, kad "ne" šaltinį, kad galėčiau Bounce mintys ne apie nesirūpindami jūs suteikėte man atsakymus. Jei aš žingsnis per liniją aš žinau, nei jums, nei blogis bus man.

EDIT: aš ruošiuosi tai padaryti procesus iš šio kompiuterio, o ne kita. Tother viena buvo per lengva. Aš žinojau, glaustai Kas Alen tokių buvo. turiu tyrimų tuos off this one.

**evilfantasy** · #7 Lapkritis 6, 2008, 17:42

Tai gaivus man taip pat atsižvelgdamas Gimęs Glazgas pateikti savo nuomonę. Tai gerai, kad įėjimo iš daugiau nei vieno šaltinio.

**Bubba** · #8 Lapkritis 6, 2008, 18:58

Odwróciłem mano "nauja" kompiuteris atgal. Štai HJT žurnalas. Žr Procesai nors? Tai rodo 10, o mano Task Manager rodo 64. What's up su tuo? 10, kad yra showinfg I don't need to know anything žinoti, kas jie. Taip pat žinau, poilsio švarus.

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 1:19:15 dėl 11/6/2008
Platforma: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Veikia procesus:
C: \ Program Files (x86) \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files (x86) \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files (x86) \ BillP Studios \ WinPatrol \ WinPatrol.exe
C: \ Program Files (x86) \ Razer \ Lachesė \ razerhid.exe
C: \ Program Files (x86) \ Razer \ Lachesė \ OSD.exe
C: \ Program Files \ Logitech \ GamePanel Software \ LCD Manager \ Applets \ LCDMedia.exe
C: \ Program Files (x86) \ Razer \ Lachesė \ razertra.exe
C: \ Program Files (x86) \ Razer \ Lachesė \ razerofa.exe
C: \ Program Files (x86) \ Mozilla Firefox \ firefox.exe
C: \ Program Files (x86) \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files (x86) \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
F2 - REG: System.ini: UserInit = userinit.exe
O1 - Hosts::: 1 localhost
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files (x86) \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files (x86) \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 2 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files (x86) \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7DB2D5A0-7241-4E79-B68D-6309F01C5231) - (no file)
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files (x86) \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
O4 - HKLM \ .. \ Run: [JMB36X IDE Installer] C: \ Windows \ RaidTool \ xInsIDE.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files (x86) \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files (x86) \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [WinPatrol] "C: \ Program Files (x86) \ BillP Studios \ WinPatrol \ winpatrol.exe"-expressboot
O4 - HKLM \ .. \ Run: [Lachesė] "C: \ Program Files (x86) \ Razer \ Lachesė \ razerhid.exe"
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ eHoMe \ ehTray.exe
O4 - HKCU \ .. \ Run: [NVIDIA nTune] "C: \ Program Files (x86) \ NVIDIA Corporation \ nTune \ nTuneCmd.exe" resetprofile
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files (x86) \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files (x86) \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [Eraser] C: \ Program Files \ Eraser \ eraser.exe-hide
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [DelayShred] C: \ PROGRA ~ 2 \ McAfee \ mshr \ ShrCL.EXE / P7 / q C: \ Users \ Bill \ AppData \ Local \ Micros ~ 1 \ Windows \ TEMPO R ~ 1 \ Content.IE5 \ RAH40RDV \ V_1_ ~ 1.SH! (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [DelayShred] C: \ PROGRA ~ 2 \ McAfee \ mshr \ ShrCL.EXE / P7 / q C: \ Users \ Bill \ AppData \ Local \ Micros ~ 1 \ Windows \ TEMPO R ~ 1 \ Content.IE5 \ RAH40RDV \ V_1_ ~ 1.SH! (User 'Default user')
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 2 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ PROGRA ~ 2 \ Java \ JRE16 ~ 2.0_0 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ PROGRA ~ 2 \ Java \ JRE16 ~ 2.0_0 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 2 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 2 \ Micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 2 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 2 \ Spybot ~ 1 \ SDHelper.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø20 - AppInit_DLLs: C: \ Windows \ SysWow64 \ guard32.dll
O23 - Service: @% SystemRoot% \ System32 \ Alg.exe, -112 (ALG) - Unknown owner - C: \ Windows \ System32 \ alg.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C: \ Program Files \ COMODO \ COMODO Internet Security \ cmdagent.exe
O23 - Service: @ dfsrres.dll, -101 (DFSR) - Unknown owner - C: \ Windows \ system32 \ DFSR.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ fxsresm.dll, -118 (Fax) - Unknown owner - C: \ Windows \ system32 \ fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C: \ Program Files \ NVIDIA Corporation \ NetworkAccessManager \ bin32 \ nSvcAppFlt. exe
O23 - Service: InstallDriver lentelė Manager (IDriverT) - Macrovision Corporation - C: \ Program Files (x86) \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: @ keyiso.dll, -100 (KeyIso) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @ comres.dll, -2797 (MSDTC) - Unknown owner - C: \ Windows \ System32 \ msdtc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ Netlogon.dll, -102 (Netlogon) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: ForceWare IP tarnyba (nSvcIp) - Unknown owner - C: \ Program Files \ NVIDIA Corporation \ NetworkAccessManager \ bin32 \ nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C: \ Windows \ system32 \ nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: @% SystemRoot% \ System32 \ psbase.dll, -300 (ProtectedStorage) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ Locator.exe, -2 (RpcLocator) - Unknown owner - C: \ Windows \ system32 \ locator.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ Samsrv.dll, -1 (SamSs) - Unknown owner - C: \ Windows \ system32 \ lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Saugesnis Networking Ltd - C: \ Program Files (x86) \ Spybot - Search & Destroy \ SDWinSec.exe
O23 - Service: @% SystemRoot% \ System32 \ SLsvc.exe, -101 (slsvc) - Unknown owner - C: \ Windows \ system32 \ SLsvc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ snmptrap.exe, -3 (SNMPTRAP) - Unknown owner - C: \ Windows \ System32 \ snmptrap.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ Spoolsv.exe, -1 (buferinės) - Unknown owner - C: \ Windows \ System32 \ Spoolsv.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ ui0detect.exe, -101 (UI0Detect) - Unknown owner - C: \ Windows \ system32 \ UI0Detect.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ vds.exe, -100 (vds) - Unknown owner - C: \ Windows \ System32 \ vds.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ vssvc.exe, -102 (VSS) - Unknown owner - C: \ Windows \ system32 \ vssvc.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ wbengine.exe, -104 (wbengine) - Unknown owner - C: \ Windows \ system32 \ wbengine.exe (file missing)
O23 - Service: @% SystemRoot% \ System32 \ Wbem \ wmiapsrv.exe, -110 (wmiApSrv) - Unknown owner - C: \ Windows \ system32 \ wbem \ WmiApSrv.exe (file missing)
O23 - Service: @% ProgramFiles% \ Windows Media Player \ wmpnetwk.exe, -101 (WMPNetworkSvc) - Unknown owner - C: \ Program Files (x86) \ Windows Media Player \ wmpnetwk.exe (file missing)

--
End of file - 9.203 baitų

**Gimęs Glazgas** · #9 Lapkritis 7, 2008, 12:05

Čia nėra atsakymo į du klausimus, aš paklausiau anksčiau apie HJT - tie atsakymai padės jums suprasti, ką jūs žiūrite į žurnalą.

**Bubba** · #10 Lapkritis 7, 2008, 13:26

Atsiprašau, neturėjo atsakyti tuomet, turėjau Look it up ir mušė jį į mano smegenų.

HJT yra įrankis, naudojamas padėti identifikuoti programinę įrangą. Gamina konkrečius parametrus rasta asmenų kompiuteris. Jis nuskaito registrą ir kitus failus (nežinau kuris kitas dar, aš ką tik pradėtas) iki llok formuluotės panašios šnipinėjimo ar pagrobėjas programos būtų palikti. Nuo teisėtą programų atostogos kartais palikti tą patį, ką atsilieka, turiu išmokti skirtumas.