Skoči na vsebino

Antivirus , Antispyware


Nature

Recommended Posts

CoolWebSearch malware nesnaga [profesionalci "zlobne kode"]

http://en.wikipedia.org/wiki/CoolWebSearch

http://slo-tech.com/forum/t174791#neprebrano

[nekateri komentarji za prebrat]

 

En ruski programer pred časom predstavil zlobno kodo. Žal ne najdem povezave do članka.

Koda naredila "svoje" b.p. AV, požarni zid... niso odreagirali...”

 

"Rootkit je tehnika, kako skriješ datoteke, registry vnose, ipd pred anti(virus/spy) programi. V bistvu gre pa za to, da ko recimo antivirusni program zahteva vsebino direktorija, dobi vse datoteke razen tistih ki so zlonamerne.

To pa je možno zato, poenostavljeno rečeno, ker je nek program prevzel nadzor nad sistemskimi funkcijami. Obstajalo tudi legalni, nenevarni programi, ki to počnejo, recimo taki za navidezne cd rome (npr. Daemon Tools)."

Link to comment
Deli na socialnih omrežjih

Trend Micro™ HijackThis™:

Download

http://www.trendsecure.com/portal/en-US/to...ckthis/download

Home - More Info

http://www.trendsecure.com/portal/en-US/to...ools/hijackthis

HijackThis - You can paste a logfile in this textbox - HijackThis log file analysis:

http://hijackthis.de/

 

HijackThis:

"... kateri vnosi so grdi, kateri sumljivi in kateri so varni. Na tak način lahko hitro, enostavno in dokaj varno preverite log svojega računalnika brez da bi čakali na pravo osebo, ki bi preverila zapiske.

 

Če pa vam kljub vsem poskusom čiščenja še vedno ni uspelo eliminirati golazni, pa vprašajte v tej temi. Pri poizvedbi pa OBVEZNO navedite sledeče podatke:

 

- HiJack This log

- podatke o tem če je sistem updejtan

- kateri antivirus in firewall uporabljate ter če sta oba posodobljena

- screenshoti napak oz čudnih stvari, ki se pojavljajo

- čim več informacij o napakah oz. čudnih/sumljivih stvareh

 

Tako, to so nekako osnovna navodila kako si lahko sami pomagate.

Upam da vam bo vsaj malo v pomoč ..."

http://www.joker.si/mn3njalnik/index.php?showtopic=54078

 

! Log file of HijackThis - Primer;

Podganar, 20.03.2007, 11:04:

http://www.joker.si/mn3njalnik/lofiversion...php/t54078.html

Link to comment
Deli na socialnih omrežjih

A task manager: ctr+alt+del

dela ?

[pokaže, keri procesi laufajo]

 

SUPERAntiSpyware Free Edition - download

http://www.superantispyware.com/download.html

Home - more info

http://www.superantispyware.com/

"SUPERAntiSpyware Free Edition is 100% Free and will detect and remove thousands of Spyware, Adware, Malware, Trojans, KeyLoggers, Dialers, Hi-Jackers, and Worms. SUPERAntiSpyware features many unique and powerful technologies and removes spyware threats that other applications fail to remove.

SUPERAntiSpyware Free Edition does not include real-time blocking or scheduled scanning."

Link to comment
Deli na socialnih omrežjih

A task manager: ctr+alt+del

dela ?

[pokaže, keri procesi laufajo]

 

SUPERAntiSpyware Free Edition - download

http://www.superantispyware.com/download.html

Home - more info

http://www.superantispyware.com/

"SUPERAntiSpyware Free Edition is 100% Free and will detect and remove thousands of Spyware, Adware, Malware, Trojans, KeyLoggers, Dialers, Hi-Jackers, and Worms. SUPERAntiSpyware features many unique and powerful technologies and removes spyware threats that other applications fail to remove.

SUPERAntiSpyware Free Edition does not include real-time blocking or scheduled scanning."

Ne mi ne dela!

Ko bi vsaj vedla kaj je narobe sam res nevem....

Link to comment
Deli na socialnih omrežjih

Ne morem odpret Task Managerja oz Regedit [by RejZoR - joker.si]:

Infiltration Recovery Tool 1.0 [za Windows XP]

http://freeweb.siol.net/razor256/downloads...ecoveryTool.zip

More Info - Ne morem odpret Task Managerja oz Regedit [by RejZoR - joker.si]:

http://www.joker.si/mn3njalnik/lofiversion...php/t56106.html

"Infiltration Recovery Tool description

Infiltration Recovery Tool gives you ability to recover some key system features when facing malware infiltration.

Infiltration Recovery Tool lets you recover some key system features when facing malware infiltration.

Many trojans, worms and backdoors disable Task Manager,Registry Editor and some even Explorer's Right-click context menu.

You can restore these features with Infiltration Recovery Tool in just few clicks.

There is no guarantee that it will work in all cases though..."

 

! Izkljuci windows restore.

Link to comment
Deli na socialnih omrežjih

Trend Micro™ HijackThis™

Dela zgleda samo z Microsoft Internet Explorer 6.0 or 7.0,

Mozilla Firefox 1.5 or 2.0. -(

Probaš lahko z Internet Explorer 7:

http://www.microsoft.com/slovenija/windows...ie/default.mspx

[Microsoft has issued an updated Internet Explorer (IE) 7 release that no longer requires Windows Genuine Advantage (WGA) validation in order to download].

ma nič ne gre.....

kot prvo vsako stvar,ki sem probala dat skozi mi piše da moj broswer tega ne podpira....

kot drugo pojma nimam kaj je narobe...

kot tretje na forum menjalnik se ne da registrirat tako,da...eh....

nič ne gre prav.....

Trend Micro™ HijackThis™:

Download

http://www.trendsecure.com/portal/en-US/to...ckthis/download

Home - More Info

http://www.trendsecure.com/portal/en-US/to...ools/hijackthis

HijackThis - You can paste a logfile in this textbox - HijackThis log file analysis:

http://hijackthis.de/

 

HijackThis:

"... kateri vnosi so grdi, kateri sumljivi in kateri so varni. Na tak način lahko hitro, enostavno in dokaj varno preverite log svojega računalnika brez da bi čakali na pravo osebo, ki bi preverila zapiske.

 

Če pa vam kljub vsem poskusom čiščenja še vedno ni uspelo eliminirati golazni, pa vprašajte v tej temi. Pri poizvedbi pa OBVEZNO navedite sledeče podatke:

 

- HiJack This log

- podatke o tem če je sistem updejtan

- kateri antivirus in firewall uporabljate ter če sta oba posodobljena

- screenshoti napak oz čudnih stvari, ki se pojavljajo

- čim več informacij o napakah oz. čudnih/sumljivih stvareh

 

Tako, to so nekako osnovna navodila kako si lahko sami pomagate.

Upam da vam bo vsaj malo v pomoč ..."

http://www.joker.si/mn3njalnik/index.php?showtopic=54078

 

! Log file of HijackThis - Primer;

Podganar, 20.03.2007, 11:04:

http://www.joker.si/mn3njalnik/lofiversion...php/t54078.html

Link to comment
Deli na socialnih omrežjih

jaz o comp nimam pojma in boljše,da sploh ne poskušam kaj preveč delat na njemu,ker bom samo še bolj zajebala stvar....

je pa dejstvo,da avast nikol več...

! Napiš konkretno, kateri fajl imaš okužen, ki naj bi ga je avast spustu?

Avast nima pri tvojih težavah verjeten nič.

Tut Kaspersky ne najde na tvojem compu nič, kot praviš sama.

 

To sta antivirusnika - AV primarno. Noben od antivirusnikov ni 100%.

 

V kolker maš kj, maš verjeten trojanca/trojance, spyware.

 

! To se pa čisti večinoma na roke.

 

Inštaliraj si Internet Explorer 7. Z njim dela Trend Micro™ HijackThis™

Glej: Objava #85

Trend Micro™ HijackThis™[dela z Internet Explorer 7, ... only]

http://www.lunin.net/forum/index.php?showt...mp;p=1055483915

 

In nared analizo od: ! Log file of HijackThis na: http://hijackthis.de/

 

 

Pa prilep sem gor ... V kolker ne bomo kj vedl, povprašam na joker.si, ali slo-tech.com, ...

 

! Izklop restore funkcijo v Windowsih.

 

! V kolker se Trend Micro™ HijackThis™ zarad trojanca eventuelnega slučajno ne zažene,

ga zažen v safe modu [varnem načinu].

Pri zagonu PCja pri sebi na moji konfiguraciji/matični plošči stisnem: F8

in izberem safe mode ...

 

! Preber si še enkrat: Objava #84

Ne morem odpret Task Managerja oz Regedit [by RejZoR - joker.si]:

http://www.lunin.net/forum/index.php?showt...mp;p=1055483913

 

Aktualno, v kolker ti ne dela:

Task Manager: Ctrl+Alt+Delete

 

oz.

regedit, cmd, taskmgr, msconfig, gpedit.msc, ...

Link to comment
Deli na socialnih omrežjih

avast je difinitiuno kriv ker očitno sem na tak virus nabasala,ki ga niti kaspersky ni v stanju najdet sam,ko se ti virus orenk zagazi v sistem pol je jeba....

če bi imela kaspersky najbrž bi mi ga zaznal in bi mi ga blokiral tko da sploh ne bi prišlo do tega.....

 

sicer pa bom probala tko ko si reku.....

 

drugače pa ni to,da jaz nimam volje itd....

stvar je taka,da sem že marsikaj probala sama delat in popravit in s takim početjem sem samo še bolj stvar zjebala in je bilo še slabše tako sem si rekla,da tega ne bom več delala ker so me izkušnje izučile....

Link to comment
Deli na socialnih omrežjih

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:58:24, on 14.2.2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\COMODO\SafeSurf\cssurf.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\WebCam\M1000\M1000Mnt.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files\Softonic_Italia\tbSof1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files\Softonic_Italia\tbSof1.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files\Softonic_Italia\tbSof1.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt

O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE2F7AC3-8438-4F95-9082-52E94F1BB8B7}: NameServer = 195.29.149.197 195.29.149.196

O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

 

--

End of file - 9469 bytes

Link to comment
Deli na socialnih omrežjih

čebelica01, zdaj pa bo malce za počakat,

več ljudi več ve:

HijackThis logfile, kaj pobrisat? [vprašanje izpostavil na joker.si/mn3njalnik]:

"Trenutno so registracije na joker.si/mn3njalnik onemogočene.

Pa sprašujem za bodočo uporabnico joker.si/mn3njalnik,

kaj tule v njenem HijackThis logfile pobrisat.

Najlepša Hvala za pomoč ... -)"

http://www.joker.si/mn3njalnik/index.php?s...entry1065378262

Link to comment
Deli na socialnih omrežjih

"Skopiraj text/Logfile of Trend Micro HijackThis v povezavo spodaj in ti bo samodejno označilo kako pa kaj:

http://hjt.networktechs.com/

[bad - Remove almost always [rdeča]

OK Most of the time - don't need to touch [zelena]

Probably not needed - Safe to remove [oranžna]

Generally harmless - third party applications [modra]

Bad if you don't know what it is [vijolčna]

Unknown Item - Investigate further [črna]"

Sporočilo #2

http://www.joker.si/mn3njalnik/index.php?s...53200&st=0#

 

Skopiraj text v povezavo spodaj in ti bo samodejno označilo kako pa kaj;

[Please paste your HJT log into this form]:

http://hjt.networktechs.com/

 

Pol pa nared screen shot/posnetek pa uploadaj na rapidshare.com ali shrani.si, ...

Pa link od screen shota/posnetka sm prilep.

Link to comment
Deli na socialnih omrežjih

Kako naredit screenshot

http://wiki.partis.si/index.php/Kako_narediti_screenshot

http://www.wikihow.com/Take-a-Screenshot-i...crosoft-Windows

_________

! Z brisanjem še mal počak, sledijo še navodila: kaj, kako, ... :

 

"Nared screenshot raje na/za http://hijackthis.de/

Ki je uradna stran in prikaže še utemeljitev vsake vrstice.

 

Skanker, sporočilo 3, pravi takole:

"Softonic Italia Toolbar, Ask toolbar - verjetno spyware, izbris:

[?] - R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files\Softonic_Italia\tbSof1.dll

[?] - O2 - BHO: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files\Softonic_Italia\tbSof1.dll

[?] - O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files\Softonic_Italia\tbSof1.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

 

neuporabljeno

[N] - O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

[N] - O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

 

če serverja/računalnika ne poznaš, izbris

[?] - O17 - HKLM\System\CCS\Services\Tcpip\..\{DE2F7AC3-8438-4F95-9082-52E94F1BB8B7}: NameServer = 195.29.149.197 195.29.149.196"

http://www.joker.si/mn3njalnik/index.php?s...53200&st=0#

Link to comment
Deli na socialnih omrežjih

"T-com Croatia - DNS Server:

195.29.149.196,

195.29.149.197

sta DNS-ja od T-Coma, Croatia.

A si na netu preko T-Com - DNS Serverja?

[oz. komu plačuješ dostop na net]

 

Softonic Italia Toolbar, Ask toolbar?

Si to sama inštalirala, oz. dobila s kakim/katerim programom in kje to?

Link to comment
Deli na socialnih omrežjih

Pred brisanjem lahko še nalepiš na shrani.si, ali rapidshare.com, ... še screenshot od

skopiranega text/Logfile of Trend Micro HijackThis v povezavo spodaj, kjer ti samodejno označi kako pa kaj: http://hijackthis.de/

Linkaš sem. Itak vse piše zraven za kaj okvirno bi lahko šlo.

 

V kolker pa screenshota ni/ne bo,

lahko začneš s čiščenjem, v skladu s tem kar ti pokaže na zgornjem linku:

 

! Odklopiš komp iz neta;

 

! Izklopiš/Izključiš funkcijo: windows restore.

 

Greš v varen zagon compa - t.i. safe mode:

Ob zagonu compa pritiskaj: tipko F8,

ko se prikaže meni, izberi varni način oz. safe mode.

 

Odinštaliraš: Softonic Italia Toolbar, Ask toolbar preko nadzorne plošče, ...

Oz. "greš v kontrolo do tehle fajlov" in jih ročno pobrišeš:

 

"Softonic Italia Toolbar, Ask toolbar - verjetno spyware, izbrišeš:

[?] - R3 - URLSearchHook: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files\Softonic_Italia\tbSof1.dll

 

[?] - O2 - BHO: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files\Softonic_Italia\tbSof1.dll

 

[?] - O3 - Toolbar: Softonic Italia Toolbar - {4edd5c14-2d22-4d7a-9748-c975a7fd933b} - C:\Program Files\Softonic_Italia\tbSof1.dll

 

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll

 

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

 

_________

Pucanje vnosov v register:

start > run > vpišeš v vrstico: regedit:

! v kolker si na netu preko: T-com Croatia - DNS Serverja:

195.29.149.196, 195.29.149.197, NE brišeš v registru tegale,

v kolker uporabljaš druge DNSje, lahko komod pobrišeš ročno:

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{DE2F7AC3-8438-4F95-9082-52E94F1BB8B7}: NameServer = 195.29.149.197 195.29.149.196"

 

Tudi to lahko komod pobrišeš [oz. poženeš CCleaner, ...]:

Je neuporabljeno:

[N] - O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

[N] - O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

 

Po brisanju fajlov, zaženeš CCleaner, priklopiš comp na net.

 

Gre za spyware, ... s katerim je križ tako in tako.

Programi za antispyware, drug malware,

so še manj učinkoviti kot so protivirusni programi za viruse razne...

Spyware, trojance, drug malware nepoznan/manj znan je treba največkrat spucat kr na roke.

 

Virusa na compu verjeten nimaš. Prej spyware, drugo nesnago/malware.

 

Total Commander

http://www.totalcmd.net/plugring/totalcmd.html

Download

http://www.totalcmd.net/download.php?id=totalcmd

V meniju poiščeš: search,

vpišeš ime zbrisanega programa, ... In počistiš njegove ostanke iz compa.

Uporabnih funkcij ima Total Commander še veliko drugih.

Link to comment
Deli na socialnih omrežjih

jaoooooooooooooooooo.................jaz tega nisem v stanju naredit,ker pojma nimam kaj kej pomeni in je čist preveč komplicirano....

sam,če se lotim tega bom 100% kaj zjebala kot vedno in nočem reskirat ker za to delat se moraš vsaj malo spoznat in tukaj je moje znanje nula...

Link to comment
Deli na socialnih omrežjih

Pritisni istočasno, za kako sekundo zadrži - istočasno: Ctrl+Alt+Delete

V kolker se ti zažene Task Manager,

pod procesi poglej, kateri ti požrejo največ CPUja [procesorja],

kot tudi RAMa [spomina].

Kateri ti/če spljoh maximalno - v %, MB bremenijo CPU, Memory [RAM].

Link to comment
Deli na socialnih omrežjih

Poglej, kateri procesi ti v % najbolj bremenijo CPU [procesor],

Pol ti pa še nekje piše, kolk K, Memory/spomina porabi kak proces.

[image Name, CPU, Mem Usage]

 

Bod pozorna na tiste procese nad 80% in visoko porabo spomina ...

 

Prečekiraj vse tole [vse ti piše]:

http://www.techarp.com/editorials/img/task...er_explorer.gif

Processes [CPU Mem Usage VM Size]

Applications [so kake sumljive aplikacije - nepotrebne]

Performance

Networking

Users

Link to comment
Deli na socialnih omrežjih

Pridruži se debati

Objaviš lahko takoj in se registriraš kasneje. Če si član, se prijavi in objavi pod svojim računom.
Note: Your post will require moderator approval before it will be visible.

Guest
Dodaj komentar...

×   Prilepil/a si oblikovano vsebino..   Odstrani oblikovanje

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Tvoja prejšnja vsebina je povrnjena.   Izprazni urejevalnik

×   You cannot paste images directly. Upload or insert images from URL.

Nalagam...
×
×
  • Objavi novo...