Instalacija Windowsa na obe particije !?

8

Instalacija Windowsa na obe particije !?

offline
  • pixxel  Male
  • Legendarni građanin
  • Pridružio: 21 Jun 2005
  • Poruke: 9091
  • Gde živiš: Tu i tamo...

1. Upravo tako.
2. Pa vrati ga onda, sta da ti kazem, on ti se brine za otvaranje ladice...
3. probaj taj NMBgMonitor.exe da izbrises iz start liste sa autoruns programom, ubij ga u task manageru, pa ga obrisi iz C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (posto kazes da nemas nera, mozes da obrises i ceo C:\Program Files\Common Files\Ahead\ direktorijum...
4. pre nego sto uradis disable ili brisanje, moras da ih ubijes iz liste proces u task manageru, da se ne bi vratili opet...Ako se i pored toga vrate, onda su k'o vampiri... Moracemo kasnije detaljnije da se pozabavimo time...
5. Na internetu nadjoh ovo: probaj da izbrises (napravi pre toga bekap naravno) direktorijum C:\Documents and Settings\<Login Name>\Application Data\Adobe\Photoshop Album\3.0 ili je 3.2 ako nema 3.0, a <Login Name> je u tvom slucaju PB. Ako to ne uspe, stvarno ne znam sta da uradis, osim da odes na adobeov sajt i trazis neku pomoc...



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • Pridružio: 31 Okt 2007
  • Poruke: 115
  • Gde živiš: Black Hole

OK!
Cini m ise da jedno po jedno polako rjesavamo!Hvala!

1. SrvCDEject - Ocigledno da ga ne mogu ukinuti jer obavlja i tu radnju oko otvaranja i zatvaranja ladice,ali postoji l imogucnost da se otkloni taj bug ili kak ose vec zove,kad poslije odredjenog vremena kao blokira i pokazuje koristenbje CPU a i pokazuje zvucnu aktivnost hard diska koja prestane samo kad ga kill-ujem iz Task Managera,ali u slucaj ukill-a ne mogu otvoriti ladicu od CD-a Very Happy

2. NMBgMonitor.exe - uradio sam sve kako si rekao,al iposliej restarta kompa,opet se nalazi aktivan uStartup Control Panelu 2.8 iak osam obrisao kompletan folder Ahead gdje se nalazio:
evo i slika da vidis u Manageru kako stoji:



3. Sto se tice uninstaliranog CounterSpy-a,izgleda da sam ga uspio ukloniti sa startupa!

4. Adobe Photoshop Album Starter Edition 3.2 sam za sada odradio kako si rekao i pokusacu ga veceras ponovo instalirati da vidim kako ce se ponasati pa javim za to!

5. Kad uninstaliram neke programe,primjetio sam da ih ne izbrise sa liste Programa na Start-u,pa moram rucno brisati,je li i to nesto povezano ili je nesto drugo i sta s tim?

Hvala jos jednom puno zaista na strpljenju Very Happy

Dopuna: 12 Dec 2007 18:49

Da,zaboravio sam:

6. realsched.exe nisam uspio zavrsiti i dalje ostaje aktivan u Task Manageru nakon restarta kompa?!



offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Ja sam kod druga imao slican problem ali sa kasperskim kao ti sa Nerovim startupom i isto kada bi obrisali registry unos u start up-u bi se pojavio novi..Na kraju smo ponovo instalirali kaspersky a zatim ubili taj problematicni start up unos pre nego sto smo ga deinstalirali.Nazalost neki programi imaju uzasan uninstall pa ostaje sve i svasta za njima,pa cak i servisi.Uglavnom sustina ove price je da smo uspeli i bilo je sve u redu..to jest nije se vise dizao sa sistemom servis{ne mogu da se setim kako se zvao} i mogli smo drugi antivirus da instliramo.

Sto se tice real playera ukoliko si ga pustao onda ce se definitivno javiti realsched i u tasku,i moras svaki put posle njegovog koriscenja da ga ubijas iz taska...zato ja ne koristim visse real,ima toliko alternativa...

offline
  • Pridružio: 31 Okt 2007
  • Poruke: 115
  • Gde živiš: Black Hole

Nakupilo se ovako nekih sitnica,ko zna mozda i nakon uninstala Windowsa sa druge particije,ali nekako sve bi da pokusam da rijesim ovim putem,samo ne reinstal kompletnog Windowsa i na C: particiji,nostalgican sam i ne volim velike promjene Very Happy osim sto pravi problem ili je neophodno a od reinstala Windowsa me hvata panika!Srecom problem nije toliko opasan da bi se tome moralo pribjeci,ali evo polako ali sigurno jedno po jedno rjesavamo,nadam se!

Ovo je samo bila mala digresija,kao vapaj Very Happy Very Happy Very Happy

U svakom slucaju hvala Diarno i tebi takodjer

offline
  • pixxel  Male
  • Legendarni građanin
  • Pridružio: 21 Jun 2005
  • Poruke: 9091
  • Gde živiš: Tu i tamo...

Ovako:
1. Probaj da ga UGASIS iz Startup control panela ili autorunsa, pa restartuj komp i vidi hoce li onda bez njega da se otvara/zatvara tray (malo mi je to cudno da otvaranje cd-a zavisi od drajvera...)
2. Jel' se vratio ahead folder??? To jos moze samo da znaci da ipak imas nero i da nije uninstaliran... 'Ajmo ovako: skini ovaj clean tool, raspakuj ga na desktop. On ce naci sve instalacije nera i pobrisace ih (posto kazes da ga ne koristis. To bi trebalo da resi problem, a ako ga ne resi, nesto se tu zbiva sto se nikako ne slaze...
https://www.mycity.rs/must-login.png
3. To je odlicno
4. Proveri pa javljaj, da vidimo sta da se radi...
5. To je normalna pojava, pogotovo ako ih pomeras po start meniju (sortiras, prebacujes u podmenije, i slicno). Zahvalimo se jos jednom odlicnim uninstalerima koji rade ocajan posao Wink
6. Za sad nek ostane, ionako nicemu ne sluzi, samo jede memoriju, dok ne skontam kako da ga se ratosiljamo...

offline
  • Pridružio: 31 Okt 2007
  • Poruke: 115
  • Gde živiš: Black Hole

1. SrvCDEject - Nema ga uopste u Startup control panelu,a skinuo sam mu kvacicu (ugasio) ga u Autoruns-u i nakon sto sam restartovao komp,nisam mogao otvoriti ladicu od CD-a!
I meni je cudno to da to obavlja on ili neki driver,a jos mi je cudnije sto cesto zablokira i pokazuje bespotrebnu aktivnost!
Inace on se nalazi u: C:Program files\Pacard Bell\srvcdeject
ako ti to mozda nesto govori?!

2. Nije se vratio Ahead folder,a odradio sam i ovo sa General-CleanTool-om ali evo opet ga prikazuje:


Ako ti slika mozda vise govori!?

3. sunserver.exe se ne pokazuje u procesima u Task Manageru ali ipak se vratio opet u start-up:


Obiljezio sam ti i ove sto ne mogu da uklonim sa start-up-a!
Takodjer tu se jos uvije kaktivan pokazuje i onaj IMJPMIG8.1 - IMJPMIG.EXE - ... Migration32,iako sm oga odradili iznad!

4. Za Adobe Starter Photoshop Album,probao sam ponovo instal,ali nista isti Fatal error,kao na slici gore!

5. realsched.exe znaci ostaje jos uvijek takodjer prisutan i nerijesen!

offline
  • pixxel  Male
  • Legendarni građanin
  • Pridružio: 21 Jun 2005
  • Poruke: 9091
  • Gde živiš: Tu i tamo...

1. Znaci da je ipak on neophodan. Dobro, udjes u autoruns, i vratis ga (ako ga ugasis u autorunsu, u startup control panelu ga logicno nece ni biti...)
2. Prvo skini program unlocker (http://ccollomb.free.fr/unlocker/unlocker1.8.5.exe), instaliraj, restartuj komp. Ubij taj proces bgmonitor iz task managera. Posle toga, u exploreru dodji do C:\Program Files\Common Files\, Desni klik na ahead folder, klikni na unlocker (ima kao neki carobni stapic...)
Trebao bi da ti se prikaze prozor:

Dakle, selektuj delete na prvoj, pa ok. Ako ti kaze da mora da restartuje, pusti ga da restartuje. (Moze se desiti i ova situacija:

Tu ides po ovom redosledu,samo u tacki 2 kazes isto delete.) Time bi trebali definitivno da se resimo bgmonitora, a posle restarta ga izbrisi iz startupa. Ako se i posle toga pojavi, onda imamo posla sa nekom gamadi, posto ja stvarno vise ne znam sta da mu uradim...
3. ovde se nesto zbiva sto se nikako ne slaze... Uradi sa unlockerom isto kao i u prethodnom koraku, samo idi na c:\program files, i obelezi desnim dugmetom Sunbelt Software direktorijum, pa idi na unlocker...
4. Ocigledno je jos neki problem u pitanju... Pogledacu jos malo po netu, pa cu da vidim sta i kako...
5. Ako ne koristis real player, idi u control panel, add/remove i uninstaliraj ga... (mozda se zove i real one player, bitno je ono real...)

E sta jos da uradis: posle svega ovoga po uputstvu iz ambulante postavi hijackthis log, ali ga postavi OVDE, pa cu da ga pregledam, i da ti kazem sta da uklonis. takodje, udji u onaj autoruns program,sacekaj da poucitava sve, pa idi na file, save as, pa snimi taj fajl na desktop i posalji ga ovde takodje...

offline
  • Pridružio: 31 Okt 2007
  • Poruke: 115
  • Gde živiš: Black Hole

Ovako:

1. SrvCDEject - On mi je cudan iz razloga sto cesto zablokira i pocne bespotrebno koristiti CPU i pokazivati zvucnu aktivnost na hard disku!To je ono sto bi ja volio da rijesim ak oje moguce?

2. BgMonitor.exe - Instalirao sam Unlocker i pokusao da odradim kak osi rekao,medjutim:
prvo - BgMonitor.exe se ne nalazi u Task manageru uopste
drugo - u Exploreru uopste nema foldera Ahead,tak oda nisam nista mogao uraditi sa Unlockerom kako si napisao!
trece - i dalje se nalazi u Startup Control Panelu?!

3. sunserver.exe i ovaj IMJPMIG8.1 - IMJPMIG.EXE - ... Migration32 jos uvijek se nalaze u Startup Control Panelu,a Unlocker opet nisam mogao upotrijebiti jer uopste ne postoji folder Sunbelt Software ni u Program files a ni na C: nigdje?!

4. Ja sam isto na njihovoj stranici pokusao pregledavati probleme ali nista nije uspjel orijesiti ovaj Fatal error na Adobe Starter Photo albumu?!

5. Koristim Real Player!

Jedno pitanje,sto mi je palo na pamet,da potrazim i da pokusam:
Posto ja koristim ovaj Startup Control panel 2.8 by Mike Lin i posto to nije izvorni Startup masine,neg onaknadno instaliran Panel,da li mozda moze biti do toga da se izvorni Startup Control Panel Windowsa XP kolje s ovim Control Panelom?
Gdje se nalazi,u kojem direktorijumu,izvorni XP-ov startup-podesavanja?

Evo file iz Autoruna:

mycity.rs/must-login.png

i evo HT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:01, on 14.12.2007
Platform: Windows XP SP2 (WinNT X.XX.XXXX)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = radiovalter.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: zlclient.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\beuk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....9303579359
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9121 bytes

Hvala unaprijed jos jednom!

offline
  • pixxel  Male
  • Legendarni građanin
  • Pridružio: 21 Jun 2005
  • Poruke: 9091
  • Gde živiš: Tu i tamo...

Ovako, pre svega,Iz ovog hijack loga na keca vidim da ti ad-watch nije ugasen, pa je on jedan od mogucih uzroka zasto ne mozemo da se resimo tih startup unosa. Dakle, odes u ad-aware, nadjes gde se ucitava ad-watch, ugasis ga, kazes da se ne startuje sa sistemom (ne koristim ga pa ne znam ni napamet kako se zove opcija). Restartujes komp, uveris se da ad-watch nije medju aktivnim procesima, pa idemo dalje.

(opciono: U add/remove nadji logitech desktop messenger i ratosiljaj ga se. Takodje je potpuno nepotreban program, koji isto kao realsched samo gleda kad je nova verzija softvera dostupna, a na par mesta sam se sretao sa problemima vezanim za isti.)

Dalje, Mislim da sam konacno shvatio u cemu je problem sa listama - to sto koristimo vise programa - autoruns, startup control panel, advanced task manager, ad-watch i druge koji imaju iste opcije, pa se verovatno medjusobno kolju. Od sada, dogovora radi, drzacemo se SAMO autoruns za sredjivanje startupa, i hijackthis za ispomoc pri uklanjanju.
E znajuci to, idemo ovako:
U onom logu od autorunsa pise ovako:
+ SunServer File not found: C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
+ BgMonitor_ File not found: C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
Sto znaci da oni samo zvrje prazni u startup listi, a da smo koriscenjem 2-3 programa samo zbunili sistem koji postoji a koji ne. Sa njima cemo se obracunati putem hijackthisa kasnije. U principu, oni tu samo tako stoje, nit' disu, nit' mirisu, tako da mogu i da ostanu, ali necemo tako...

Vratimo se na tacku 1 - nek za sada ostane, taj srvcdeject, ocigledno mora tako, dok ne smislimo nesto bolje. Jedina ideja koju imam je da komplet uninstaliras packard bell softver (probas da li tastatura radi bez njega), pa vidis da li tako radi cd fioka...

E sad, ovako: Startujes ponovo hijackthis po onom uputstvu, i stikliras sledece linije (mozda se malo razlikuju, bitno je ime fajla na kraju, ne slovo i broj na pocetku):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

Posle toga klikni na fix checked, sacekaj da odradi, restartuj, I nadam se da je to kraj nasim nezgodama sa nepostojecim procesima Smile
Opet napominjem da je JAKO bitno da pogasis sve programe koji cackaju po startup listi,a pogotovo ad-watch. On NI U JEDNOM momentu ne sme biti tu dok mi rucno prckamo, jer ce sve vratiti na staro...
Posle restarta ces opet postaviti na isti nacin autoruns i hijackthis logove, pa cemo da vidimo sta jos ostaje da se sredi, i da li je ovaj uopste sredio, ili nam jos nesto zagorcava zivot...

offline
  • Pridružio: 31 Okt 2007
  • Poruke: 115
  • Gde živiš: Black Hole

Odlicno uputstvo!
Taman sam bio pomislio da je uspjelo,kad sam sve odradio!
Medjutim,
Odradio sam ono za AD Wach i obrisao iz HT-a sto si napisao i odradio po redoslijedu sve i restart odradio i nakon disabe-ovanja Ad Wacha i nakon brisanja svega i kad sam poggledao HT nije ih bilo u logu HT-a!
Nakon toga sam vratio AD Wach zastitu i kad sam pogledao HT opet,ponovo su se pojavili na HT-u!

Da li ih je AD Wach vratio ili sta,nemam pojma,ali ocigledno da jeste!

Ostaje pitanje da li treba da odradim uninstal programa:
startup control panel, advanced task manager, ad-watch
totalno?
Posto nemam niti jedan anti spy osim Ad Wach a nemam njegov instalacioni program tu nastaje pitanje zastite od Spy-a i ostalog?

Dopuna: 14 Dec 2007 23:48

Jedino sto se vise ne pojavljuje u HT-u i sto je cini mi se uspijesno obrisano je:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

Dopuna: 15 Dec 2007 1:01

Znaci,evo log Autorun-a kada AD Wach nije ukljucen i nije aktivan na masini:

mycity.rs/must-login.png

A evo HT log,takodjer kada AD Wach nije ukljucen i nije aktivan na masini:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:53:41, on 15.12.2007
Platform: Windows XP SP2 (WinNT X.XX.XXXX)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe
C:\WINDOWS\mHotkey.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = radiovalter.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: zlclient.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\beuk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....9303579359
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7988 bytes

Dakle,nesto vraca izbrisano,po ponovnom aktiviranju AD Wach-a,ocigledno?!

Ko je trenutno na forumu
 

Ukupno su 1362 korisnika na forumu :: 29 registrovanih, 4 sakrivenih i 1329 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, amaterSRB, antonije64, Asparagus, Batinas, Boris90, BSD, cenejac111, Dimitrije Paunovic, Fabius, Georgius, gorval, JimmyNapoli, kihot, Leonov, Lieutenant, Mcdado, milenko crazy north, mrvica78, novator, Regrut Boskica, sasa87, shadower78, Srky Boy, stegonosa, Toper, Trpe Grozni, vasa.93, vathra