U cemu je problem?

j.vlada

j.vlada

Obećava
Poruka
61
Kad pokusam da udjem na neku adresu ( npr : Forum Krsarice ili bilo koju drugu )
" prebaci " me , na nesto sasvim deseto (ili neki drugi pretrazivac) sto je tematski ipak pomalo povezano s onim "gde sam krenuo".
Koristim : Google i Norton Internet Security - 2007. Sistem je kompletno skeniran i Nortonom i na njihovom sajtu.Antivirus ne nalazi nikakav problem.
Nivo znanja mi je pocetnicki ( vidi se po objasnjenju ! :-D ) pa Vas molim da saveti budu u tom stilu!Hvala
 
Tema definitivno ide na sigurnost i zastitu..

O Nortonu ne bih da dajem komentar, vec bih ti predlozio da skeniras kompjuter sa nekim od alata za borbu protiv Spyware programa, tipa SpyBot Searc & Destoy,,

Nakon toga napisi nam rezultat, a ako bude problema i dalje postavices nam HijakThis Log...
 
GZ:
Tema definitivno ide na sigurnost i zastitu..

O Nortonu ne bih da dajem komentar, vec bih ti predlozio da skeniras kompjuter sa nekim od alata za borbu protiv Spyware programa, tipa SpyBot Searc & Destoy,,

Nakon toga napisi nam rezultat, a ako bude problema i dalje postavices nam HijakThis Log...
Kliknite za proširenje...
Uradio sam tako.Spyware je pronasao i popravio 10 nedostataka ali problem je i dalje tu ! Ova deo tvoje poruke " ako bude problema i dalje postavices nam HijakThis " nisam razumeo pa ne kapiram sta trebam dalje da uradim?
I da ponovim poceticki nivo . . .
Jos nesto! Prokomentarisi malo Norton,uporedi ga s drugim.Voleo bih da znam.Glupo je bacati 70 eura godisnje za nesto sto ne sluzi svrsi. Hvala
 
Idemo redom...

Rekao bih da nemas nekih velikih problema sa destruktivnim virusima kakve Norton moze da otkrije, ali definitivno imas problem sa Spyware programima...

Postavlja se vise pitanja>

Koji browser koristis? Sem navedenog AV programa da li imas firewall (vatreni, zastitni zid), da li si koristio jos neki AntiSpyware program i da li si skenirao u Safe Mode windowsa..

Ako vecinu od ovog nisi odradio, skini sa interneta program Hijak This program, a njega mozes da preuzmes sa ove adrese http://209.133.47.200/~merijn/files/HijackThis.exe zatim pokreni ovaj prgram, ne instalira se, i skeniraj sa istim te nemoj nista oznacavati ni uklanjati..

Nakon sekniranja ovaj program treba da ti odradi log file koji ces da prekopiras ovde, da bi mogli da ga analiziramo, te da ti na taj nacin pomognemo da bi se rijesio problema, te da bi ti takodje mogli da poreporucimo adekvatne alate za rjesavanje problema..

Poz....zzzzz
 
Evo materijala za analizu :
Logfile of HijackThis v1.99.1
Scan saved at 17:49:08, on 04/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\VLADAJ~1\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
Hvala
 
Auuuuuuuu covjece, ovde nema sta nema, a ponajvise nekih nepotrebnih stvari..

Letimicno gledah dok se ne pozabavim u cjelini svim ovim..

Uradi jos i ovo..

Start/run

kucaj msconfig udri enter..

idi na karticu Startup pa nam stavi ovde sta se sve podize sa windowsom..

Mora da je masina pojaka ali istovremeno i veoma spora...
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

cpqset.exe is a process belonging to the Hewlett Packard Configuration Module,
which is bundled with Hewlett Packard laptops. It allows for configuration of multimedia
devices. This program is a non-essential process, but should not be terminated unless
suspected to be causing problems.

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com


Za sada oznaci i ukloni ove linije..

Ali se Norton po svom starom obicaju rasprostranio u cijelom tvom kompu...

Nije nista manje zahtjevan kao ranije... bruka servisa...

Pored toga, i HP/ovi procesi te guse, te sam stoga i trazio da vidim startup listu..

Ovo sto je boldirano je oznaceno kao malvare...

P.S.
Napisao si da si kupio NIS (Norton Internet Security), bez uvrede kad si vec htio da kupis i platis trebao si poceti od windows-a...
Imas li plavu zvjezdicu pored sata???
 
GZ:
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

cpqset.exe is a process belonging...

Ovo sto je boldirano je oznaceno kao malvare...
Kliknite za proširenje...
C:\Program Files\HPQ\Default Settings\cpqset.exe - ovo je malware?
Pošto sam prilično siguran da je ovo regularan proces ( postoji na svim compaq/hp mašinama ), zanima me zašto misliš da je u njemu problem?
 
Komp je konfigurisan na Francuskom ako to ima neke veze!
Uz racunar koristim HP-ov Skener-Fax-Copir-Stampac.
Evo prepisane verzije.Nisam umeo da pekopiram ili pre.slikam.
Sa windowsom se dize i :
-EabServr
-cpqset
-ccapp
-atiptaxx
-SynTPEn
-QPService
-osChek
-issch
-ISUSPM
-HPWAMain ( Main je na francuskom ruka ako to ima veze)
-HPWuSchd2
-FixCamera ( imam instaliranu web kamericu, jel to to?)
-ctfmon
-GoogleToolbarNot...
-msnmsgr
-ISUSPM (ovo ima dva puta? )
Ostali su otkaceni!
Podatci o kompu: Laptop HP , SP2
Procesor AMD Turoin (tm) 64 Tehnology ML-34, 1790 MHz,
Velicina skrivene memorije ( ovo je moj prevod ) - 1024 KB
Verzija BIOS F.42
Memorija: Max. kapacitet 4.00 GB
Memorija instalirana 512.00 MB
Disk driwe : Ukupno 54,87 GB (C: D: )
Iskorisceno 23.72 GB Slobodno 31.15 GB
I, da, mislim da je jako spor.
Pored sata nema nikakve zvezdice. Jel bi trebala da bude?
 
Ne moram da budem u pravu, ali iskustva govore da se ovaj proces moze da zloupotrijebi.. Posto poznajes materiju, onda i razumijes kako.. Istrazivajuci gore postavljeni log, dosta sam toga nasao negativno u ovom procesu, ne procesu regularnom od samog HP-a. vec kao zloupotrebe istog..

Na kraju, ako je sporni proces jako bita, a gore pise da nije, mislim da ga nije ni problem dodati ako treba...

Pored gore stavljenog loga nisam bas nasao neke posebne stvari koje se odnose na neke lose momke, ali je komp pretrpan koje cime...

Zato sam i trazio da mogu da vidim startup listu...

Objasnjenje za HP proces sam dao, mada ako smatras da nije OK, sto ne tvrdim 100% jeste onda OK, stim da uklanjanje ovog procesa ne bi donijelo nikakve stete korisniku, s tim da se kako vec napisah. ovaj proces da aktivirati ponovo..
 
Ma slažem se da treba da ga isključi jer ( verovatno ) ničemu ne služi ( između ostalih koje treba isključiti ). Samo me zanimalo da li nešto ne vidim u tom logu ili... Znaćemo tačno šta je onda kada ukloni ono što si mu rekao, restartuje pc i proveri kako šta radi.
 
j.vlada:
Komp je konfigurisan na Francuskom ako to ima neke veze!
Uz racunar koristim HP-ov Skener-Fax-Copir-Stampac.
Evo prepisane verzije.Nisam umeo da pekopiram ili pre.slikam.
Sa windowsom se dize i :
-EabServr (eabservr.exe is the executable that manages Easy Access Buttons control panel on Compaq laptop computers. This process is required for the Easy Access keys to work.
Scan Your PC including eabservr.exe to Detect any Security Threat )
-cpqset( This program is a non-essential process, but should not be terminated unless suspected to be causing problems) / dakle odcekiraj... nije neophodan proces koji se podize zajedno sa windowsom..
-ccapp/ Nortonov proces /
-atiptaxx (atiptaxx.exe is the traybar process for your ATI graphics card drivers. It gives you easy access to your graphic card settings. This process can be removed to free up system resources.), mozes da decekiras ovu stavku...
-SynTPEn (http://mightychicken.com/mc/process_misprint.php?process_name=syntpenh.exe&misprint=syntpen.hexe),
-QPService (Whether or not you need to run this program on startup must be decided by you. If you feel that you want this program starting automatically so that you have it available as needed, then do not disable it. The following information is a brief description of what is known about this file.) / mozes da decekiras
-osChek..... Nisam nasao info o ovom, decekiraj
-issch (issch.exe is an update service relating to the InstallShield utility which keeps this software up to date. This program is a non-essential process, but should not be terminated unless suspected to be causing problems), takodje decekiraj
-ISUSPM (isuspm.exe is a process that belongs InstallShield from Macrovision. The process automatically checks for the latest updates online. By removing this process you will not get informed about the latest updates for InstallShield.). - ovo je do tebe, zelis li da ostane ukljuceno ili ne, po meni decekiraj
-HPWAMain ( Main je na francuskom ruka ako to ima veze)(hpwamain.exe is a HPWAMain Module from Hewlett-Packard Development Company, L.P. belonging to HP Wireless Assistant), ovo mislim da znas o cemu se radi,
-HPWuSchd2 (hpwuschd2.exe is a process belonging to the Hewlett Packard Software Update Scheduler which displays update information regarding HP's range of products. This program is a non-essential process, but should not be terminated unless suspected to be causing problems.), takodje mislim da ne treba da se podize sa windowsom, decekiraj.
-FixCamera ( imam instaliranu web kamericu, jel to to?), kako sam mogao da procitam ovo nema veze sa tvojom web camerom, vec je upravo jedan od problema koje imas.. decekiraj obavezno..
-ctfmon / OK
-GoogleToolbarNot... / ovaj googleov servis ukoliko smatras da treba da se podize sa windowsom ostavi, ukoliko ne decekiraj, s obzirom da je notifier, vjerujem da ti treba da se podize sa winom..
-msnmsgr // OK
-ISUSPM (ovo ima dva puta? ) Vec napisano sta je sta..
Ostali su otkaceni!
Podatci o kompu: Laptop HP , SP2
Procesor AMD Turoin (tm) 64 Tehnology ML-34, 1790 MHz,
Velicina skrivene memorije ( ovo je moj prevod ) - 1024 KB
Verzija BIOS F.42
Memorija: Max. kapacitet 4.00 GB
Memorija instalirana 512.00 MB
Disk driwe : Ukupno 54,87 GB (C: D: )
Iskorisceno 23.72 GB Slobodno 31.15 GB
I, da, mislim da je jako spor.
Pored sata nema nikakve zvezdice. Jel bi trebala da bude?
Kliknite za proširenje...


Kako si mogao da vidis ima dosta stvari koje se pokrecu sa windowsom te zbog toga i zauzimaju dosta resursa..

FixCamera ..... ovaj proces definitivno nema veze sa tvojom web kamerom, te cu da pokusam da nadjem i objasnjenje i evenutalno rjesenje za isti..

Takodje molim dr.Bora za pomoc, s obzirom da sam jako kratak sa vremenom, a zelim da pomognem..

Poz,.
 
osChek je ustvari HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" - a to je deo NIS-a, stoga ne diraj da ne bi bilo problema.

FixCamera - ovo je nezgodno. Za sada dečekiraj. Koju kameru imaš ? ( Idi u C:\Windows pa nađi FixCamera fajl i pogledaj mu tačnu veličinu i napiši ovde ( desni klik na njega pa opcija na dnu, Svojstva ))

Ajd' sada odradi sve to, restartuj, pa onda proveri kako ti se pc ''ponaša''.
Ako je i dalje sve isto, uradi sledeće. Skini HijackThis ( nemoj ga pokretati već ga sačuvaj na disk ). Promeni mu ime ( nazovi ga bilo kako, npr. ''program'' ) i onda skeniraj pa postavi log ovde.
 
Kamerica je no name - made in Hong Kong, 1.3 mega piksela i odlicno radi.
C: windovs FixCamera.exe 20 Ko aplikacija 01.O6.2006 Nasao sam ga pomocu "onog kera" za pretrazivanje iz start menija. U C: windowsu se nisam uspeo da ga nadjem?!
Sve ono sto smo odcekirali nista nije promenilo sto se tice brzine kojom podize sistem?
Sta i gde jos moze da se brise da bih rasteretio sistem?
 
Kamerica je no name - made in Hong Kong, 1.3 mega piksela i odlicno radi.
C: windovs FixCamera.exe 20 Ko aplikacija 01.O6.2006 Nasao sam ga pomocu "onog kera" za pretrazivanje iz start menija. U C: windowsu se nisam uspeo da ga nadjem?!
Sve ono sto smo odcekirali nista nije promenilo sto se tice brzine kojom podize sistem?
Sta i gde jos moze da se brise da bih rasteretio sistem?
 
j.vlada:
Sve ono sto smo odcekirali nista nije promenilo sto se tice brzine kojom podize sistem?
Kliknite za proširenje...
Kakvo je stanje s internetom? Da li te još uvek preusmerava? Jesi li odradio ovo:
GZ:
U pitanju je SmitFraud...

http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Kliknite za proširenje...
Raspakuj pa pokreni Smitfraudfix fajl ( pre svega toga isključi Auto Protect u Nortonu, ako se tako opcija zove: znači, deaktiviraj ga da ne bi smetao! )
Zatim uradi ono što sam ti rekao sa HijackThis ( promeni mu ime, skeniraj i stavi log ).
 
Svaka cast. Izgleda da je sad problem resen.Molio bih vas da pogledate log I posavetujete me, sta je tu jos za brisanje.
Jos nesto.U Add or Remove imam neke programe kojima za velicinu ne pise nista? To su :
Adobe Flesh player 9 Active X (ne reaguje na brisanje ! )
Ati display driver -To znam sta je
Player Windows media -Velicina ne pise ?!
Windows Media Format 11 runtime -Velicina ne pise ? -
Microsoft Compression Client Pac 1.0 for Windows XP - ? -Velicina ne pise
Microsoft Internationalized Domain Names Mitigacion APIs - ? -Velicina ne pise
Microsoft National Language Support Downlewel APIs - ? -Velicina ne pise
Microsoft User-Mode Driver Framework Feature Pack 1.0 - ? -Velicina ne pise
Ovi ostali Imaju velicinu ali neznam cemu sluze ? Jel smem da brisem ?
- Conexant AC-Link Audio
- J2SE Runtime Environment 5.0 Update 6 ( environ - je - ODPRILIKE)
- MSXML 4.0 SP2 ( KB927978 )
- Quick Launch Buttons 5.20 G1
- Soft Data Modem with SmartCP
- Texas Instrumental PCIxx21/X515/xx12 drivers
- Windows Installer 3.1 (KB893803)
 
Evo i log. Ljudi , za ovo placam pice na Šan Zelizeu!Puno hvala

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:37:47, on 05/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Vlada Janacievski\Bureau\Program.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 9022 bytes
 
Pa, Vlado, dobro je da su problemi rešeni.
Što se tiče ovog u Add/Remove tu nema šta da diraš, sve je potrebno ( više ili manje ).
HT log se čini čist. Postoji još jedan važan detalj. Potrebno je ukloniti zaostale ''zlikovce'' iz pc-a. Za početak treba da sve restore tačke ( System Restore , Oporavak Sistema ) obrišeš. To ćeš uraditi tako što ćeš isključiti System Restore, restartovati pc, pa onda opet uključiti S. Restore. Ovo treba uraditi jer je vrlo moguće da se malware nalazi u nekoj od restore tačaka.
Takođe idi u folder ''C:\Windows\Prefetch'' i tamo sve obriši.
Pobriši i privremene fajlove i sl.( Disk Cleanup koristi ako nemaš nešto drugo ).
I onda još defragmentuj hard disk ( ovo nije zbog malware-a već brzine rada... ).
To je to... :)
 
Prijavite se ili registrujte da biste poslali poruku.

Slične teme

Vilgefortz
Problem sa viberom
2
Odgovora
27
Pregleda
460
Bren
Bren
sOmche
Problem sa game stickom 4k - nemoze se naci igrica
Odgovora
0
Pregleda
201
sOmche
sOmche
Kojot92
Hakovan mi je TikTok
2
Odgovora
26
Pregleda
373
RIA77
R

Back
Top