HiJackThis
Strana 1 od 2 12 PoslednjaPoslednja
Prikazujem rezultate 1 do 25 od 43

Tema: HiJackThis

  1. #1
    Početnik
    Učlanjen
    11.06.2008.
    Pol
    muški
    Lokacija
    Despotovac
    Poruke
    15
    Reputaciona moć
    0

    Podrazumevano HiJackThis

    Da li neko zna kako funkcionise ovaj program. Pustim odradi svoje izbaci mi u notepadu sledece:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 7:34:46, on 21.11.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\r_server.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Novosoft\Handy Backup\hbagent.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Miladinovic-L9\Desktop\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.handybackup.net/install/index.5.7.php?v=5.7.0.4&dtr=0&for=0&os=Microsoft%20Windows%20XP%20(Service%20Pack%202)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [Handy Backup] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D0E2E477-E0F8-4EAA-B0D1-C881CC420CB5}: NameServer = 192.168.0.1
    O20 - Winlogon Notify: hblogon - C:\WINDOWS\SYSTEM32\hblogon.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MILADI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    --
    End of file - 3705 bytes


    E sada kako ja da postupim sta da radim sta da obrisem, kako? Help...[/B][/COLOR]



  2. #2
    Ističe se
    Učlanjen
    09.06.2007.
    Pol
    muški
    Poruke
    2.540
    Reputaciona moć
    0

    Podrazumevano Re: HiJackThis

    Ukoliko nisi upoznat kako se radi sa pomenutim programom, moj ti je savet da ne čačkaš i ne brišeš ništa, jer možeš da napraviš više štete nego koristi. Poznavanje rada samog programa zahteva dosta vremena i dosta vežbanja (tu pre svega mislim na proučavanje i studiranje raznoraznih HijackThis logova), kako bi se uspešno ovladalo radom sa pomenutim programom.

    Program najpre skenira kompjuter i to treba raditi iz Safe Moda. Zatim, pravi taj log fajl koji se detaljno proučava i tek nakon toga, ukoliko se primeti da ima nečeg malicioznog, pristupa se čišćenju istog.

    A o samom programu kako se koristi i kako analizirati log fajl, možeš nešto više pročati na sledećem linku http://www.bleepingcomputer.com/tutorials/tutorial42.html#O4Diag

  3. #3
    Domaćin Dupont (avatar)
    Učlanjen
    01.07.2007.
    Pol
    muški
    Poruke
    4.593
    Reputaciona moć
    84

    Podrazumevano Re: HiJackThis

    Citat Original postavio mitch Pogledaj poruku
    Da li neko zna kako funkcionise ovaj program. Pustim odradi svoje izbaci mi u notepadu sledece:
    E sada kako ja da postupim sta da radim sta da obrisem, kako? Help...[/B][/COLOR]
    Ne treba nista da obrises-pc ti je cist(osim sto imas jedan nepoznati program- O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MILADI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg )
    Ne volim mitinge, tu najbolja mesta uvek zauzme policija

  4. #4
    Obećava
    Učlanjen
    21.01.2006.
    Pol
    muški
    Lokacija
    Pancevo
    Poruke
    56
    Reputaciona moć
    44

    Podrazumevano Re: HiJackThis

    Probaj ovo.............

    http://hijackthis.de/

    Pozdrav!

  5. #5
    Početnik
    Učlanjen
    11.06.2008.
    Pol
    muški
    Lokacija
    Despotovac
    Poruke
    15
    Reputaciona moć
    0

    Podrazumevano Re: HiJackThis

    hvala puno

  6. #6
    Početnik
    Učlanjen
    07.12.2008.
    Pol
    muški
    Poruke
    3
    Reputaciona moć
    0

    Podrazumevano Re: HiJackThis

    Molio bih pomoć prci puta sam skenirao komp sa Trend Micro HijackThis i šaljem Vam Logfile of Trend Micro HijackThis, ako netko može ukratko da mi kaže što je viška i što obrisati.
    Puno hvala!
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:26:50, on 7.12.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\totalcmd\TOTALCMD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RemoteControl.lnk = C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm022YYHR
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Stavi na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Stavi na blog u Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 7383 bytes

  7. #7
    Zainteresovan član baskijar (avatar)
    Učlanjen
    17.04.2008.
    Pol
    muški
    Lokacija
    Aleksinac
    Poruke
    154
    Reputaciona moć
    43

    Podrazumevano Re: HiJackThis

    pa cisto je osim:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

  8. #8
    Ističe se
    Učlanjen
    09.06.2007.
    Pol
    muški
    Poruke
    2.540
    Reputaciona moć
    0

    Podrazumevano Re: HiJackThis

    I eventualno...
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm022YYHR

  9. #9
    Početnik
    Učlanjen
    11.01.2009.
    Pol
    ženski
    Poruke
    3
    Reputaciona moć
    0

    Podrazumevano Re: HiJackThis

    ok, uradila sam hijackthis scan, i evo sta mi se pojavi:

    Logfile of HijackThis v1.99.1
    Scan saved at 23:41:35, on 11.1.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\wmplayer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    C:\Program Files\Winamp Remote\bin\Orb.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\SlimBrowser\sbrowser.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\HJT\HijackThis.exe

  10. #10
    Početnik
    Učlanjen
    11.01.2009.
    Pol
    ženski
    Poruke
    3
    Reputaciona moć
    0

    Podrazumevano Re: HiJackThis

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program files (web design)\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program files (web design)\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

  11. #11
    Početnik
    Učlanjen
    11.01.2009.
    Pol
    ženski
    Poruke
    3
    Reputaciona moć
    0

    Podrazumevano Re: HiJackThis

    O4 - HKLM\..\RunServices: [Windows Media Player] wmplayer.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [Windows Media Player] wmplayer.exe
    O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Solid PdfService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: UPnPService - Unknown owner - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (file missing)


    molim pomoc! sto posto sam sigurna da neke stvarcice fale, pa bih volela da sredim to....
    hvala unapred!

  12. #12
    Elita
    Učlanjen
    04.04.2005.
    Pol
    muški
    Lokacija
    iza sedam brda i dolina u 3pm
    Poruke
    15.324
    Reputaciona moć
    380

    Podrazumevano Re: HiJackThis

    Barbie_90 otkuda tebi ideja da ti fali nešto , po meni imaš i previše programa pokrenutih odjednom. Pretpostavljam da si ovaj log pravila u momentu kada je tvoj računar radio sve i svašta .
    Aj ti lepo restartuj računar , i pre nego što bilo šta pokreneš na računaru napraviš novi log. I naravno pre pravljenja loga preimenuj Hijckthis.exe recimo u blabla.exe

  13. #13
    Poznat daXer (avatar)
    Učlanjen
    09.01.2008.
    Pol
    muški
    Lokacija
    Čačak
    Poruke
    7.066
    Reputaciona moć
    107

    Podrazumevano Re: HiJackThis

    ljudi ima li ovde sta sumljivo posto me komp samo tako ka*a ovih dana....a mrzi me da reinst. winows????
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:44:51, on 15.1.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Darko\Blabla\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\INSTAL~1\FLASHGET\jccatch.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\INSTAL~1\FLASHGET\fgiebar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Download All by FlashGet - D:\instalacije programa\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - D:\instalacije programa\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\INSTAL~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\INSTAL~1\FLASHGET\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226882917591
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F8F89A9-8C12-44CE-80BB-14369991A5C2}: NameServer = 194.247.192.33 194.247.192.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1F8F89A9-8C12-44CE-80BB-14369991A5C2}: NameServer = 194.247.192.33 194.247.192.1
    O21 - SSODL: UpdateCheck - {816645A6-8AC3-4F7D-AEAA-D3CE73ADD8E2} - C:\WINDOWS\system32\avmetey.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 7325 bytes
    Poslednji put ažurirao/la daXer : 15.01.2009. u 04:45
    I'm gonna make him an offer he can't refuse.

  14. #14
    Aktivan član
    Učlanjen
    16.02.2006.
    Pol
    muški
    Lokacija
    NS
    Poruke
    1.553
    Tekstova u blogu
    6
    Reputaciona moć
    59

    Podrazumevano Re: HiJackThis

    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe

    Vrlo verovatno Hidrag ili Jeefo, pa vidi temu nešto niže!!

  15. #15
    Aktivan član
    Učlanjen
    16.02.2006.
    Pol
    muški
    Lokacija
    NS
    Poruke
    1.553
    Tekstova u blogu
    6
    Reputaciona moć
    59

    Podrazumevano Re: HiJackThis

    Citat Original postavio daXer Pogledaj poruku
    ljudi ima li ovde sta sumljivo posto me komp samo tako ka*a ovih dana....a mrzi me da reinst. winows????
    Ovo...C:\Darko\Blabla\HijackThis.exe...preimenuj u ovo...C:\Darko\Blabla\Blabla.exe

    Na VirusTotal-u proveri ovaj fajl...
    C:\WINDOWS\system32\avmetey.dll
    ...pa ako ti pokaže da je gamad, a trebalo bi, ondaK ovo dole.

    Restartuj kantu u Safe Mod-u (kad krene ispis, tuci po F8 tipki dok ti ne ponudi kako da unidŽeš).

    Pronađi i obriši sledeČe fajlove:

    C:\WINDOWS\system32\avmetey.dll - ako ti je VirusTotal detektovao njesra.
    C:\WINDOWS\svchost.exe - vodi računa da NE bude pod C:\WINDOWS\system32\svchost.exe jer je ovo legitiman fajl.

    (ako budeš imao problema sa brisanjem ovih fajlova, skini KillBox i u njemu to uradi)

    Restart u Normal Mod.

    Idi na Start, pa Run i čukaj komandu:
    net stop PowerManager

    Opet na Start, pa Run i čukaj komandu:
    Regedit

    Obriši sledeČe unose:
    • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Enum\ Root\ LEGACY_POWERMANAGER
    • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Services\ PowerManager
    • HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Enum\ Root\ LEGACY_POWERMANAGER
    • HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ PowerManager


    Opet restart u Normal Mod, pa poteraj preimenovani HJT, te daj log.


    p.s. zameni IE s nečim drugim, npr. Mozillom!!

  16. #16
    Poznat daXer (avatar)
    Učlanjen
    09.01.2008.
    Pol
    muški
    Lokacija
    Čačak
    Poruke
    7.066
    Reputaciona moć
    107

    Cool Re: HiJackThis

    Citat Original postavio Baba??? Pogledaj poruku
    Ovo...C:\Darko\Blabla\HijackThis.exe...preimenuj u ovo...C:\Darko\Blabla\Blabla.exe

    Na VirusTotal-u proveri ovaj fajl...
    C:\WINDOWS\system32\avmetey.dll
    ...pa ako ti pokaže da je gamad, a trebalo bi, ondaK ovo dole.

    Restartuj kantu u Safe Mod-u (kad krene ispis, tuci po F8 tipki dok ti ne ponudi kako da unidŽeš).

    Pronađi i obriši sledeČe fajlove:

    C:\WINDOWS\system32\avmetey.dll - ako ti je VirusTotal detektovao njesra.
    C:\WINDOWS\svchost.exe - vodi računa da NE bude pod C:\WINDOWS\system32\svchost.exe jer je ovo legitiman fajl.

    (ako budeš imao problema sa brisanjem ovih fajlova, skini KillBox i u njemu to uradi)

    Restart u Normal Mod.

    Idi na Start, pa Run i čukaj komandu:
    net stop PowerManager

    Opet na Start, pa Run i čukaj komandu:
    Regedit

    Obriši sledeČe unose:
    • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Enum\ Root\ LEGACY_POWERMANAGER
    • HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Services\ PowerManager
    • HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Enum\ Root\ LEGACY_POWERMANAGER
    • HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ PowerManager

    Opet restart u Normal Mod, pa poteraj preimenovani HJT, te daj log.


    p.s. zameni IE s nečim drugim, npr. Mozillom!!
    e sad ovako, sve sam lepo odradio dok nisam stigao do ovoga od svih ovih fajlova samo jedan mogu da obrisem a ostali kad stisnem delete samo izbaci neki eror
    I'm gonna make him an offer he can't refuse.

  17. #17
    Aktivan član
    Učlanjen
    16.02.2006.
    Pol
    muški
    Lokacija
    NS
    Poruke
    1.553
    Tekstova u blogu
    6
    Reputaciona moć
    59

    Podrazumevano Re: HiJackThis

    Citat Original postavio daXer Pogledaj poruku
    e sad ovako, sve sam lepo odradio dok nisam stigao do ovoga od svih ovih fajlova samo jedan mogu da obrisem a ostali kad stisnem delete samo izbaci neki eror
    Prvo mi reci, jesi li usp'o ona dva fajla (avmetey.dll i svchost.exe) da obrišeš??

    Pretpostavljam da nisi mogao da obrišeš, sem jednog, ove crvene??
    1. HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Enum\ Root\ LEGACY_POWERMANAGER
    2. HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Services\ PowerManager
    3. HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Enum\ Root\ LEGACY_POWERMANAGER
    4. HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ PowerManager


    Ajd ovako ondaK, dok si u noramal mod-u!!

    Korak I
    1. Start
    2. Run
    3. čukni de mu services.msc pa Enter
    4. pronadŽi u desnom prozoru Power Manager (PowerManager)
    5. desni klik na NJ i izaberi Properties.
    6. u kartici General, pod Startup type izaberi Disabled.
    7. zatvori Services.

    Korak II
    1. pokreni HijackThis ili ti Blabla.exe
    2. klikni na Open the misc tools section.
    3. klik na Delete an NT service.
    4. kopiraj u box PowerManager i klikni na OK.
    5. kad zatraži restart, klik OK.


    Kad se podigne kanta, proveri u registry-u ona 4 unosa, i daj novi BlaBla log fajl

  18. #18
    Poznat daXer (avatar)
    Učlanjen
    09.01.2008.
    Pol
    muški
    Lokacija
    Čačak
    Poruke
    7.066
    Reputaciona moć
    107

    Podrazumevano Re: HiJackThis

    4 fajla obrisana, avmetey.dll i svchost.exe obrisani, 2 koraka zavrsena....sta sad treba da mu radim???
    p.s. evo log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:13:49, on 15.1.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    D:\darko\blabla\blabla.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\INSTAL~1\FLASHGET\jccatch.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\INSTAL~1\FLASHGET\fgiebar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Download All by FlashGet - D:\instalacije programa\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - D:\instalacije programa\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\INSTAL~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\INSTAL~1\FLASHGET\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226882917591
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F8F89A9-8C12-44CE-80BB-14369991A5C2}: NameServer = 194.247.192.33 194.247.192.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1F8F89A9-8C12-44CE-80BB-14369991A5C2}: NameServer = 194.247.192.33 194.247.192.1
    O21 - SSODL: UpdateCheck - {816645A6-8AC3-4F7D-AEAA-D3CE73ADD8E2} - C:\WINDOWS\system32\avmetey.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6957 bytes
    I'm gonna make him an offer he can't refuse.

  19. #19
    Poznat daXer (avatar)
    Učlanjen
    09.01.2008.
    Pol
    muški
    Lokacija
    Čačak
    Poruke
    7.066
    Reputaciona moć
    107

    Podrazumevano Re: HiJackThis

    i posle ovoga sam pustio ciscenje sa sophos-om....ocistilo je preko 500 fajlova...
    I'm gonna make him an offer he can't refuse.

  20. #20
    Aktivan član
    Učlanjen
    16.02.2006.
    Pol
    muški
    Lokacija
    NS
    Poruke
    1.553
    Tekstova u blogu
    6
    Reputaciona moć
    59

    Podrazumevano Re: HiJackThis

    Poteraj BlaBla i čekiraj ovu liniju
    • O21 - SSODL: UpdateCheck - {816645A6-8AC3-4F7D-AEAA-D3CE73ADD8E2} - C:\WINDOWS\system32\avmetey.dll (file missing)


    Pozatvaraj sve otvorene aplikacije i klikni gumb Fix checked...!!

    Restart.
    • Uradi UpDate svog AVG-a i poteraj ga, te vidi oČe li nešto detektovati??
    • Skini Malwarebytes i s njim skeniraj, pa stavi njegov log.
    • Skini CCleaner i sa njim počisti ostatke.


    Ako ti kanta posle ovoga ne bude bolje radila, Ja se više ne javljam !!

    p.s. zameni IE.
    p.s.2 jeste, Sophos je pronašao VEĆ zaražene fajlove, bitno je bilo da se njesra zaustavi!!

  21. #21
    Poznat daXer (avatar)
    Učlanjen
    09.01.2008.
    Pol
    muški
    Lokacija
    Čačak
    Poruke
    7.066
    Reputaciona moć
    107

    Podrazumevano Re: HiJackThis

    e uradio sam ono sa blabla...i posle toga sam skenirao sa avastom i ne prepoznaje mi nikakve viruse, log od Malwarebytes kacim posle kad dodjem kuci....

    p.s. moram li da menjam IE, najlakse mi rukovati sa njim a imam ja i mozilu....
    I'm gonna make him an offer he can't refuse.

  22. #22
    Aktivan član
    Učlanjen
    16.02.2006.
    Pol
    muški
    Lokacija
    NS
    Poruke
    1.553
    Tekstova u blogu
    6
    Reputaciona moć
    59

    Podrazumevano Re: HiJackThis

    Vidi, ni'š se ne mora, pa čak ni umreti !!

    Preporuka je da IE zameniš s Mozillom ili Operom, jerBo se veČina gamadi pravi
    da preko IE-a unidŽe u kantu i aka Њиндоњс kao najrasprostranjeniji OS.
    Isto tako je i preporuka, bar što se mene tiče, napolje sas FlashGet i MSN kao
    i drugih sličnih programa, ali kažem, kako ko hoČe.

    Elem!!

    Uradi čišćenje sa CCleaner-om, jednostavan je, snaćićeš se već.
    Okači nov Malware-ov i BlaBin .log, pa ako je čist, a ne vidim razloga da nije,
    obriši sve System Restore tačke na sledeČi način:

    1. klik na My Computer
    2. izaberi Properties
    3. karticu System Restore
    4. čekiraj boksić pored Turn off System Restore
    5. Apply
    6. OK
    7. dečekiraj boksić pored Turn off System Restore
    8. Apply
    9. OK


    U principu ti System Restore tačka treba samo na particiji na kojoj ti je OS,
    a to je C:/ pa komotno sa ostalih particija skini te tačke tako što Češ posle
    tačke 7. kliknuti na particiju po particiju, i dugme Settings te čekiraj
    Turn off System Restore. Ne samo što nije potrebno na drugim particijama,
    već ćeš imati i 10-tak% više prostora na disku za upotrebu, ako veČ nije prčkano
    po System Restore (po default-u, svakoj particiji se uzima 12% prostora za ove tačke).

    Prepravi System Restore da ti tačke pravi na svakih pet dana, ne treba više
    ako ne preteruješ sa razno raznim instalacijama, tako što ćeš:

    1. klik na Start
    2. Run
    3. učukaj mu regedit
    4. pronadŽi ključ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\
    5. u desnom prozoru desnim mišem klikni na RPGlobalInterval
    6. izaberi Modify
    7. u polje Value data: prepravi vrednost 15180 u 75900
    8. zatvori Registry Editor


    Za kraj...
    Skini SpywareBlaster i aktiviraj ga i za IE i za Mozillu, on radi u pozadini
    i čuva od upada, ne smeta radu kante, i komotno ti ni ikona ne treba.

  23. #23
    Poznat daXer (avatar)
    Učlanjen
    09.01.2008.
    Pol
    muški
    Lokacija
    Čačak
    Poruke
    7.066
    Reputaciona moć
    107

    Podrazumevano Re: HiJackThis

    ewo HijacThis loga
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:02:52, on 16.1.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    D:\darko\blabla\blabla.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226882917591
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1F8F89A9-8C12-44CE-80BB-14369991A5C2}: NameServer = 194.247.192.33 194.247.192.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1F8F89A9-8C12-44CE-80BB-14369991A5C2}: NameServer = 194.247.192.33 194.247.192.1
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6260 bytes


    Malewarbyte kaze '' Maliciozne stavke nisu detektovane." (da ti ne kacim ceo log, jer samo ide Maliciozne stavke nisu detektovane)

    skinuo sam SpywareBlaster

    p.s. hvala na ulozenom trudu, imas jednu kahvu od mene....xD
    Poslednji put ažurirao/la daXer : 16.01.2009. u 13:18
    I'm gonna make him an offer he can't refuse.

  24. #24
    Aktivan član
    Učlanjen
    16.02.2006.
    Pol
    muški
    Lokacija
    NS
    Poruke
    1.553
    Tekstova u blogu
    6
    Reputaciona moć
    59

    Podrazumevano Re: HiJackThis

    Ma nek' je i komšijina krava živa i zdrava !!

    Dva pitanja!
    Počisti li ostatke sa CCleaner-om i kako ti se kanta sad ponaša?

  25. #25
    Poznat daXer (avatar)
    Učlanjen
    09.01.2008.
    Pol
    muški
    Lokacija
    Čačak
    Poruke
    7.066
    Reputaciona moć
    107

    Podrazumevano Re: HiJackThis

    ocistio i sa CCleaner-om i sada radi savrseno....

    ne koci, ne zaebava, sve je ok za sada...
    I'm gonna make him an offer he can't refuse.

Slične teme

  1. HijackThis Log
    Autor Southwind u forumu Sigurnost i zaštita
    Odgovora: 10
    Poslednja poruka: 03.09.2009., 16:26
  2. HijackThis
    Autor EpOx_ u forumu Sigurnost i zaštita
    Odgovora: 1
    Poslednja poruka: 20.02.2008., 17:39
  3. Za dr Boru - hijackthis log
    Autor CVIJA94 u forumu Sigurnost i zaštita
    Odgovora: 56
    Poslednja poruka: 09.01.2008., 19:52
  4. Hijackthis
    Autor kissitj u forumu Sigurnost i zaštita
    Odgovora: 1
    Poslednja poruka: 27.04.2004., 01:55

Pravila za slanje poruka

  • Ne možete kreirati novu temu
  • Ne možete poslati odgovor
  • Ne možete dodati priloge
  • Ne možete prepraviti svoju poruku
  •