Klik, beeping iexplore.exe i skrivenih procesa

adhoc · #1 6. listopad 2008, 23:30

Bok,

Bilo koji pomoć sa ovaj problem mnogo apprecated. SAS, SSD i protiv zlonamjernih programa ne može se činiti da biste pronašli ono što sam ikada. Evo što se događa:

1) Ako nije spojen na moj modem, konstanta kliknete dolazi iz moje računalo (pretpostavljam jer je nešto pokušava otvoriti iexplorer.exe
2) povremeno beebing (jedna za razliku od bilo koje sam ikada čuo) će se oglasiti tri ili četiri puta
3) Ako je spojen na modem, iexplorer.exe je pokrenut (mada JA nikada iskoristiti Internet Explorer) i kad sam ugasiti proces je otvoren pravo back up.

Mnogobrojan hvala za bilo koje i sve pomoć, ovdje je HJT zapisnik:

Logfile of HijackThis v1.99.1
Skenirajte spremljena u 11:15:50, dana 10/6/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program ~ 1 \ ESRI \ Dozvola \ arcgis9x \ lmgrd.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
C: \ Program Files \ Toshiba \ ConfigFree \ CFSvcs.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
C: \ WINDOWS \ System32 \ DVDRAMSV.exe
C: \ Program ~ 1 \ ESRI \ Dozvola \ arcgis9x \ ARCGIS.exe
C: \ Program Files \ Hotspot Štit \ bin \ openvpnas.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Zaštita Server \ WINNT \ spnsrvnt.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
C: \ Program Files \ Toshiba \ TouchPad \ TPTray.exe
C: \ programa ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe
C: \ WINDOWS \ HCWemMON.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ SpyNoMore \ SNM.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ initio \ Button Manager v1.836 \ inihid.exe
C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Program Files \ Toshiba \ TouchPad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ programa ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe / autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Program Files \ SpyNoMore \ SNM.exe / pokretanja
O4 - HKLM \ .. \ Run: [Free Download Manager] "C: \ Program Files \ Free Download Manager \ fdm.exe-auto
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe" ponovno podizanje sustava AcRdB7_0_9-1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Button Manager v1.836.lnk =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ Linksys EasyLink Advisor.exe
O4 - Global Startup: Reci Time.lnk = C: \ Program Files \ Recite Vrijeme \ SayTime.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø15 - Pouzdani Raspon IP adresa: 206.161.125.149
Ø15 - ProtocolDefaults: 'http' protokol je u My Computer zoni, trebalo Internet Zone (HKLM)
O16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: (04E214E5-63AF-4236-83C6-A7ADCBF9BD02) (HouseCall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ Dijelovi \ hidinputmonitorx.ocx
O16 - DPF: (4F63D44B-6274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ Dijelovi \ A9.ocx
O16 - DPF: (74D05D43-3236-11D4-BDCD-00C04F9A3B61) (HouseCall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: (BAC01377-73DD-4796-854D-2A8997E3D68A) (Yahoo! Slikama Lako Upload Alat Class) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O16 - DPF: (E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Notify: NavLogon - C: \ WINDOWS \ System32 \ NavLogon.dll
O20 - Winlogon Obavijesti: WgaLogon - C: \ WINDOWS \
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown vlasnika - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C: \ Program ~ 1 \ ESRI \ Dozvola \ arcgis9x \ lmgrd.exe
O23 - Service: ati brza tipka Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown vlasnika - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC DD - C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - Toshiba CORPORATION - C: \ Program Files \ Toshiba \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc - C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co, Ltd - C: \ WINDOWS \ System32 \ DVDRAMSV.exe
O23 - Service: Hotspot štit Service (HotspotShieldService) - Unknown vlasnika - C: \ Program Files \ Hotspot štit \ bin \ openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec Antivirusni Klijent (Norton AntiVirus Poslužitelj) - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Sentinel Zaštita Server (SentinelProtectionServer) - SafeNet, Inc - C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Zaštita Server \ WINNT \ spnsrvnt.exe

**evilfantasy** · #2 7 listopada 2008, 00:28

Pokrenuli ste zastarjelu verziju HijackThis. Molimo instalirajte novu verziju, ali HijackThis ne trčanje do nakon SDFix ima završen je proces.

Preuzimanje TrendMicro HijackThis.exe (HJT) na radnoj površini.

Dvaput kliknite na HJTInstall.
Kliknite na Instalacija gumb.
Bit će automatski HJT mjesto u C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Nakon instaliranja, HijackThis trebali otvoriti za vas.
Kliknite na Da li je sustav skenirati i spremanje log datoteku button
HijackThis ce skenirati a zatim i prijava će se otvoriti u Notepad.
Kopirajte i zalijepite onda cijeli sadržaj se prijaviti u vaš post.
Ne HijackThis su riješili ništa još. Većina onoga što će se pronađe bezopasni ili čak obavezna.

----------

Molimo print ove upute, jer će biti potrebno kasnije kada Internet pristup nije dostupan.

Preuzimanje SDFix by AndyManchesta i spremite ju na radnu površinu.

Kada koristite ovaj alat, morate koristiti Administrator račun ili račun s Administrativna prava

Dvaput kliknite na SDFix.exe i ona će ekstrakt datoteke u% systemdrive%
(ovo je pogon koji sadrži Windows Directory, obično C: \ SDFix).
Ne koristite ga samo još.

Ponovno pokrenuti računalo u Safe Mode koristeći F8 metoda. Da biste to učinili, pokrenite računalo, a nakon rasprave vaše računalo bip jednom tijekom pokretanja (ali prije nego se pojavi ikona Windows) pritisnite tipku F8 uzastopno. A pojavit će se izbornik s nekoliko opcija. Pomoću tipki sa strelicama za navigaciju i odaberite opciju za pokrenuti Windows u "Safe Mode".

Otvorite mapu SDFix i dvostruki klik RunThis.bat za pokretanje skripte.

Vrsta Y da biste započeli proces čišćenje.
To će ukloniti sve Trojanski službe ili stavke registra pronašao onda vas zatražiti da pritisnete bilo koju tipku da biste ponovno podizanje sustava.
Pritisnite bilo koju tipku i ona će se ponovno pokrenuti računalo.
Kada se računalo ponovo pokrene, Fixtool će se ponovno pokrenuti i dovršili postupak uklanjanja, zatim prikaz Završeno, Pritisnite bilo koju tipku da biste prekinuli učitavanje skripte i vaš desktop ikona.
Jednom desktopu ikone učitati SDFix izvještaj na ekranu će se otvoriti i spremiti u mapu SDFix kao Report.txt.
Kopirajte i zalijepite sadržaj rezultate datoteku Report.txt u sljedećem odgovoru uz novu HijackThis log.

adhoc · #3 7 listopada 2008, 02:15

Thanks for your help,

Ovo je gadan jedan! Problem je još uvijek u tijeku, iako moje računalo je dobio oko 20 min olakšanja nakon trčanje SDFix.

SDFix i HiJackThis logove slijedi:

I još jednom puno, puno hvala

SD Fix:

SDFix: 1,230 Version
Trčanje po Vlasnik on Mon 10/06/2008 u 11:59 PM

Microsoft Windows XP [Version 5/1/2600]
Running From: C: \ SDFix

Provjera Usluge :

Ime :
tdssserv

Put :
\ SystemRoot \ system32 \ drivers \ TDSSserv.sys

tdssserv - Obrisane

Vraćanjem Default Security Vrijednosti
Vraćanjem Default Hosts File

Postupak ponovne inicijalizacije operacijskog sust

Provjera Files :

Trojanski Files Pronađeno:

C: \ WINDOWS \ system32 \ CQVJNG.EXE - Obrisane
C: \ WINDOWS \ system32 \ FTPUPD.EXE - Obrisane
C: \ WINDOWS \ system32 \ NTBLTF.EXE - Obrisane
C: \ WINDOWS \ system32 \ PUOGNR.EXE - Obrisane

Uklanjanje Temp Files

Provjerite REKLAME :

Završna Provjeri :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-10-07 00:20:58
5/1/2600 Windows Service Pack 2 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih i usluge Grozd sustava ...

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ d346prt \ cfg \ 0Jf40]

skeniranja skrivenih stavki registra ...

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ (56CA5D3B-3002-4E7B-90FE-071D8FDF3814)]
"DisplayName" = "DAEMON Tools"

skeniranja skrivenih datoteka ...

scan uspješno završena
skriveni procesi: 0
skriven usluge: 0
skrivenih datoteka: 0

Preostali Usluge :

Ovlašteni Aplikacija Ključ Izvoz:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ standardnih profila \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"C: \ Program Files \ \ Internet Explorer \ iexplore.exe" = "C: \ Program Files \ \ Internet Explorer \ iexplore.exe: *: Disabled: Internet Explorer"
"C: \ Program Files \ BitTornado \ \ btdownloadgui.exe" = "C: \ Program Files \ BitTornado \ \ btdownloadgui.exe: *: Omogućen: BTD ownloadgui"
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Omogućen: LimeWire»
"C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe: *: Omogućen: MSN Messenger 6,2"
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe: *: Omogućen: Windows Messenger"
"C: \ Program Files \ \ GameHouse \ \ TextTwist \ \ TextTwist.exe" = "C: \ \ P ROGRAM Files \ GameHouse \ \ TextTwist \ \ TextTwist.exe: *: Enabl izd.: Super TextTwist"
"C: \ Program Files \ \ Hexacto Games \ \ Limunada Tycoon \ \ Lemonade.exe" = "C: \ Program Files \ \ Hexacto Games \ \ Limunada Tycoon \ \ Lemonade.exe: *: Disabled: Limunada"
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe: *: Omogućen: Firefox"
"C: \ Program Files \ \ Global Star \ \ Age of Sail II \ \ privateer.exe" = "C: \ Program Files \ \ Global Star \ \ Age of Sail II \ \ privateer.exe: *: Omogućeno : gusar "
"C: \ Program Files \ \ Media Player \ \ wmplayer.exe" = "C: \ Program Files \ \ Media Player \ \ wmplayer.exe: *: Disabled: Windows Media Player"
"C: \ \ Program Files \ \ Real \ \ RealPlayer \ \ realplay.exe" = "C: \ \ programa m Files \ \ Real \ \ RealPlayer \ \ realplay.exe: *: Omogućen: Re alPlayer"
"C: \ Program Files \ \ Atari-Infogrames \ \ Civilization III Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe" = "C: \ Program Files \ \ Atari-Infogrames \ \ Civilization III Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe: *: Omogućen: CIV ilization3X "
"C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe" = "C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe: *: Omogućen: BitTor najam"
"C: \ Program Files \ Kerio \ Personal Firewall \ \ PERSFW.exe" = "C: \ Program Files \ Kerio \ Personal Firewall \ \ PERSFW.exe: *: Omogućen: Kerio Personal Firewall motora"
"C: \ Program Files \ \ TVUPlayer \ \ TVUPlayer.exe" = "C: \ Program Files \ \ TVUPlayer \ \ TVUPlayer.exe: *: Omogućen: TVU Igrač komponenta"
"C: \ Program Files \ \ SopCast \ \ SopCast.exe" = "C: \ Program Files \ \ SopCast \ \ SopCast.exe: *: Omogućen: SopCast"
"C: \ Documents and Settings \ \ Owner \ \ Application Data \ \ SopCast \ \ adv \ \ SopAdver.exe" = "C: \ Documents and Settings \ \ Owner \ \ Application Data \ \ SopCast \ \ adv \ \ SopAdver.exe: *: Omogućen: SopAdve r "
"C: \ Program Files \ QuickTime \ \ QuickTimePlayer.exe" = "C: \ Program m Files \ QuickTime \ \ QuickTimePlayer.exe: *: Omogućen: Qu ickTime Player"
"C: \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "C: \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe: *: Omogućen: YouTube Client"
"C: \ Documents and Settings \ \ Owner \ \ Local Settings \ Temp \ \ Charon.exe" = "C: \ Documents and Settings \ \ Owner \ \ Local Settings \ Temp \ Charon.exe: * : Enabled: Haron - proksiji ček / skeniranje programa. "
"C: \ \ rubin \ bin \ \ ruby.exe" = "C: \ \ rubin \ bin \ \ ruby.exe: *: Omogućen: Ruby tumač"
"C: \ Program Files \ \ Azureus \ \ Azureus.exe" = "C: \ Program Files \ \ Azureus \ \ Azureus.exe: *: Omogućen: Azureus (2)"
"C: \ Program Files \ VideoLAN \ VLC \ \ vlc.exe" = "C: \ Program Files \ VideoLAN \ VLC \ \ vlc.exe: *: Omogućen: VLC media player"
"C: \ Program Files \ Google \ Google Talk \ \ googletalk.exe" = "C: \ Program Files \ Google \ Google Talk \ \ googletalk.exe: *: Omogućen: Google Talk"
"C: \ Program Files \ \ SopCast \ \ adv \ \ SopAdver.exe" = "C: \ Program Files \ \ SopCast \ \ adv \ \ SopAdver.exe: *: Omogućen: SopCas t Adver"
"C: \ Documents and Settings \ \ Owner \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ Documents and Settings \ \ Owner \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Omogućen: PowerSoccer "
"C: \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Omogućen: PowerSoccer "
"C: \ Program Files \ Common Files \ SafeNet Sentinel \ \ Sentinel zaštitu Server \ \ WINNT \ \ spnsrvnt.exe" = "C: \ Program Files \ Common Files \ SafeNet Sentinel \ \ Sentinel zaštitu Pomoćnik \ \ WINNT \ \ spnsrvnt.exe: *: Disabled: Sentinel zaštitu server "
"C: \ Program Files \ \ NHL 2008 \ nhl2008.exe" = "C: \ Program Files \ \ NHL 2008 \ nhl2008.exe: *: Omogućen: nhl2008"
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe: *: Omogućen: iTunes"
"C: \ Program Files \ KONAMI \ Pro Evolution Soccer 2008 US \ \ PES2008.exe" = "C: \ Program Files \ KONAMI \ Pro Evolution Soccer 2008 US \ \ PES2008.exe: *: Omogućeno : Pro Evolution Soccer 2008 "
"C: \ WINDOWS \ \ system32 \ drivers \ \ svchost.exe" = "C: \ WINDOWS \ \ system32 \ drivers \ \ svchost.exe: *: Onemogući d: svchost"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe: *: Omogućen: MSN Messenger 6,2"

Preostali Files :

Datoteke sigurnosne kopije: - C: \ SDFix \ sigurnosne kopije \ backups.zip

Skrivene datoteke s Svojstva :

Srijeda 13. listopad 2004 1694208 .. SH. --- "C: \ Program Files \ Messenger \ msmsgs.exe"
Pon 15. rujna 2008 1.562.960 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll"
Pon 7 srpanj 2008 1.429.840 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe"
Pon 7 srpanj 2008 4.891.472 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe"
Tue 16 rujan 2008 1.833.296 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe"
Fri 27 siječanj 2006 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Sub 14. lipnja 2008 50.688 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ ~ WRL0001.tmp"
Sub 14. lipnja 2008 50.176 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ ~ WRL1778.tmp"
Mon 3. ožujka 2008 176.128 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ Interop.NetworkCore.dll"
Mon 3. ožujka 2008 36.864 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ LelaAccount.dll"
Mon 3. ožujka 2008 200.704 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ LelaNetwork.dll"
Mon 3. ožujka 2008 143.360 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ LelaNetworkLib.dll"
Mon 3. ožujka 2008 20.480 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ LelaPrint.dll"
Mon 3. ožujka 2008 176.128 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ LelaResource.dll"
Mon 3. ožujka 2008 151.552 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ LelaServices.dll"
Mon 3. ožujka 2008 110.592 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ Linksys EasyLink Advisor.exe"
Mon 3. ožujka 2008 18.879.808 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ LinksysUpdaterSetup.exe"
Mon 3. ožujka 2008 270.336 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ log4net.dll"
Mon 3. ožujka 2008 8.353.080 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ PlatformSetup.exe"
Pon 23. travnja 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Thu 16 kolovoz 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv02.tmp"
Thu 16 kolovoz 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv03.tmp"
Sub 20. listopada 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv04.tmp"
Ned 21. listopada 2007 87.552 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitičar oct2007 \ ~ WRL0029.tmp"
Ned 21. listopada 2007 85.504 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitičar oct2007 \ ~ WRL0207.tmp"
Ned 21. listopada 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitičar oct2007 \ ~ WRL0362.tmp"
Ned 21. listopada 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitičar oct2007 \ ~ WRL1369.tmp"
Ned 21. listopada 2007 81.920 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitičar oct2007 \ ~ WRL1945.tmp"
Ned 21. listopada 2007 84.992 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitičar oct2007 \ ~ WRL2108.tmp"
Ned 21. listopada 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitičar oct2007 \ ~ WRL2659.tmp"
Ned 21. listopada 2007 87.552 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitičar oct2007 \ ~ WRL2779.tmp"
Ned 21. listopada 2007 86.016 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitičar oct2007 \ ~ WRL2918.tmp"
Sub 9 lipnja 2007 33.280 ... H. --- "C: \ Documents and Settings \ jen \ Local Settings \ Temp \ ~ WRL1284.tmp"
Uto 27. prosinca 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0003.tmp"
Uto 27. prosinca 2005 33.792 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0774.tmp"
Uto 27. prosinca 2005 34.816 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0804.tmp"
Uto 27. prosinca 2005 33.792 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL1393.tmp"
Uto 27. prosinca 2005 36.864 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL1707.tmp"
Uto 27. prosinca 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL2134.tmp"
Uto 27. prosinca 2005 35.840 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL2768.tmp"
Uto 27. prosinca 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL3330.tmp"
Uto 27. prosinca 2005 36.352 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL3500.tmp"
Pon 3 siječnja 2005 25.088 ... H. --- "C: \ Documents and Settings \ \ Owner \ Moji dokumenti \ Moji Scans \ ~ WRL2003.tmp"
Pon 3 siječnja 2005 25.088 ... H. --- "C: \ Documents and Settings \ \ Owner \ Moji dokumenti \ Moji Scans \ ~ WRL3264.tmp"
Pon 17. travnja 2006 40.960 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ~ WRL2617.tmp"
Pon 25. rujna 2006 38.400 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ~ WRL2726.tmp"
Ned 24. rujna 2006 30.720 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ~ WRL3228.tmp"
Ned 16. travnja 2006 38.912 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ~ WRL3396.tmp"
Mon 3. ožujka 2008 81.920 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ ar \ LelaResource.resources.dll"
Mon 3. ožujka 2008 69.632 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ da \ LelaResource.resources.dll"
Mon 3. ožujka 2008 73.728 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ de \ LelaResource.resources.dll"
Mon 3. ožujka 2008 94.208 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ el \ LelaResource.resources.dll"
Mon 3. ožujka 2008 77.824 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ en-US \ LelaAccount.resources.dll"
Mon 3. ožujka 2008 446.464 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ en-US \ LelaNetwork.resources.dll"
Mon 3. ožujka 2008 11.407.360 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ en-US \ LelaResource.resources.dll"
Mon 3. ožujka 2008 1.916.928 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ en-US \ Linksys EasyLink Advisor.resources.dll"
Tue 25 ožujka 2008 26.112 ... H. --- "C: \ Documents and Settings \ All Users \ Documents \ Sretna Kuća Info \ 2008 \ ~ WRL0454.tmp"
Thu 27 ožujka 2008 22.016 ... H. --- "C: \ Documents and Settings \ All Users \ Documents \ Sretna Kuća Info \ 2008 \ ~ WRL1118.tmp"
Pet 7. travnja 2006 3.595.264 H. ... --- "C: \ Documents and Settings \ \ Owner \ Application Data \ Microsoft \ Word \ ~ WRL2168.tmp"
Pet 7. travnja 2006 3.593.728 H. ... --- "C: \ Documents and Settings \ \ Owner \ Application Data \ Microsoft \ Word \ ~ WRL2962.tmp"
Wed 5. travnja 2006 4.252.160 H. ... --- "C: \ Documents and Settings \ \ Owner \ Application Data \ Microsoft \ Word \ ~ WRL3217.tmp"
Fri 27 siječanj 2006 4.348 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ My Music \ Backup Licenca \ drmv1key.bak"
Sub 30. rujna 2006 20 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ My Music \ Backup Licenca \ drmv1lic.bak"
Fri 27 siječanj 2006 400 A.SH. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ My Music \ Backup Licenca \ drmv2key.bak"
Pon 18. rujna 2006 32.256 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Biotech 206B \ ~ WRL0004.tmp"
Uto 31. listopada 2006 114.688 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Biotech 206B \ ~ WRL1340.tmp"
Ned 17. rujna 2006 30.720 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Biotech 206B \ ~ WRL2439.tmp"
Pon 18. rujna 2006 32.256 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Biotech 206B \ ~ WRL3767.tmp"
Wed 21 rujan 2005 26.624 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Chem 120 laboratorija \ ~ WRL0005.tmp"
Sub 26. studenoga 2005 27.136 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Chem 120 laboratorija \ ~ WRL3662.tmp"
Pon 13. lipnja 2005 30.208 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Eng 150 \ ~ WRL0386.tmp"
Sun 5 lipnja 2005 25.088 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Eng 150 \ ~ WRL0788.tmp"
Sun 5 lipnja 2005 25.600 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Eng 150 \ ~ WRL0794.tmp"
Pon 13. lipnja 2005 30.208 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Eng 150 \ ~ WRL1533.tmp"
Wed 1. lipnja 2005 24.064 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Eng 150 \ ~ WRL1817.tmp"
Pon 13. lipnja 2005 31.232 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Eng 150 \ ~ WRL2720.tmp"
Uto 14. lipnja 2005 35.840 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Eng 150 \ ~ WRL2966.tmp"
Uto 14. lipnja 2005 36.864 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Eng 150 \ ~ WRL3073.tmp"
Thu 9 lipnja 2005 28.160 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Eng 150 \ ~ WRL3453.tmp"
Thu 2. veljače 2006 382.464 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL0003.tmp"
Pet 7. travnja 2006 3.594.240 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL0004.tmp"
Wed 5. travnja 2006 4.243.968 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL0010.tmp"
Wed 5. travnja 2006 4.254.720 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL0303.tmp"
Sat 4. veljače 2006 928.256 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL0501.tmp"
Sun 5 veljače 2006 591.360 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL0928.tmp"
Wed 5. travnja 2006 4.254.720 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL1029.tmp"
Wed 5. travnja 2006 24.064 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL1104.tmp"
Sat 4. veljače 2006 384,000 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL1259.tmp"
Wed 5. travnja 2006 4.243.456 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL1375.tmp"
Wed 5. travnja 2006 4.244.992 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL1969.tmp"
Thu 6 travnja 2006 710.656 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL2066.tmp"
Fri 31 ožujka 2006 35.840 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL2175.tmp"
Tue 28 ožujka 2006 185.856 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL2368.tmp"
Fri 31 ožujka 2006 65.024 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL2573.tmp"
Uto 4. travnja 2006 4.242.944 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL2686.tmp"
Sun 5 veljače 2006 891.904 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL2700.tmp"
Sat 4. veljače 2006 507.392 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL2881.tmp"
Wed 5. travnja 2006 4.244.480 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL2992.tmp"
Wed 5. travnja 2006 24.576 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL3160.tmp"
Wed 5. travnja 2006 4.242.432 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL3277.tmp"
Sat 4. veljače 2006 928.768 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL3387.tmp"
Wed 5. travnja 2006 4.251.648 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL3591.tmp"
Sat 4. veljače 2006 383.488 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL3770.tmp"
Wed 5. travnja 2006 4.243.456 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL3900.tmp"
Wed 5. travnja 2006 4.243.456 H. ... --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL3905.tmp"
Sat 4. veljače 2006 382.976 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ ENVR 253 \ ~ WRL4065.tmp"
Thu 23 ožujka 2006 27.648 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Envrionmental \ ~ WRL3569.tmp"
Sub 25. studenoga 2006 20.480 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Geog 220 \ ~ WRL1016.tmp"
Pon 4. prosinca 2006 27.648 ... H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Geog 220 \ ~ WRL2705.tmp"
Sun 6. ožujka 2005 56.832 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ fizike 11 \ ~ WRL3235.tmp"
Ned 20. veljače 2005 36.864 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ fizike 11 \ ~ WRL3307.tmp"
Ned 13. studenoga 2005 27.648 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Chem 120 laboratorija \ Chem teorije \ ~ WRL0952.tmp"
Ned 13. studenoga 2005 27.648 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Chem 120 laboratorija \ Chem teorije \ ~ WRL1162.tmp"
Ned 13. studenoga 2005 26.112 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Chem 120 laboratorija \ Chem teorije \ ~ WRL1539.tmp"
Ned 13. studenoga 2005 24.576 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Chem 120 laboratorija \ Chem teorije \ ~ WRL1964.tmp"
Ned 13. studenoga 2005 27.136 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Chem 120 laboratorija \ Chem teorije \ ~ WRL2068.tmp"
Ned 13. studenoga 2005 28.672 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Chem 120 laboratorija \ Chem teorije \ ~ WRL3230.tmp"
Ned 13. studenoga 2005 27.648 A.. H. --- "C: \ Documents and Settings \ \ Owner \ \ My Documents \ škola \ Chem 120 laboratorija \ Chem teorije \ ~ WRL3512.tmp"

Završeno!

Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Skenirajte spremljena u 2:12:20, on 10/7/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program ~ 1 \ ESRI \ Dozvola \ arcgis9x \ lmgrd.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
C: \ Program Files \ Toshiba \ ConfigFree \ CFSvcs.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
C: \ Program ~ 1 \ ESRI \ Dozvola \ arcgis9x \ ARCGIS.exe
C: \ WINDOWS \ System32 \ DVDRAMSV.exe
C: \ Program Files \ Hotspot Štit \ bin \ openvpnas.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Zaštita Server \ WINNT \ spnsrvnt.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
C: \ Program Files \ Toshiba \ TouchPad \ TPTray.exe
C: \ programa ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe
C: \ WINDOWS \ HCWemMON.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ SpyNoMore \ SNM.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ initio \ Button Manager v1.836 \ inihid.exe
C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ programa ~ 1 \ WinZip \ winzip32.exe
C: \ Documents and Settings \ \ Owner \ Local Settings \ Temp \ HijackThis.exe
C: \ Program Files \ Windows NT \ Accessories \ WORDPAD.EXE

R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Program Files \ Toshiba \ TouchPad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ programa ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe / autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Program Files \ SpyNoMore \ SNM.exe / pokretanja
O4 - HKLM \ .. \ Run: [Free Download Manager] "C: \ Program Files \ Free Download Manager \ fdm.exe-auto
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe" ponovno podizanje sustava AcRdB7_0_9-1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Button Manager v1.836.lnk =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Program Files \ Linksys \ Linksys EasyLink Savjetnik \ Linksys EasyLink Advisor.exe
O4 - Global Startup: Reci Time.lnk = C: \ Program Files \ Recite Vrijeme \ SayTime.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nwprovau.dll
Ø15 - Pouzdani Raspon IP adresa: 206.161.125.149
Ø15 - ProtocolDefaults: 'http' protokol je u My Computer zoni, trebalo Internet Zone (HKLM)
O16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: (04E214E5-63AF-4236-83C6-A7ADCBF9BD02) (HouseCall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ Dijelovi \ hidinputmonitorx.ocx
O16 - DPF: (4F63D44B-6274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ Dijelovi \ A9.ocx
O16 - DPF: (74D05D43-3236-11D4-BDCD-00C04F9A3B61) (HouseCall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: (BAC01377-73DD-4796-854D-2A8997E3D68A) (Yahoo! Slikama Lako Upload Alat Class) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O16 - DPF: (E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown vlasnika - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C: \ Program ~ 1 \ ESRI \ Dozvola \ arcgis9x \ lmgrd.exe
O23 - Service: ati brza tipka Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown vlasnika - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC DD - C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - Toshiba CORPORATION - C: \ Program Files \ Toshiba \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc - C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co, Ltd - C: \ WINDOWS \ System32 \ DVDRAMSV.exe
O23 - Service: Hotspot štit Service (HotspotShieldService) - Unknown vlasnika - C: \ Program Files \ Hotspot štit \ bin \ openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec Antivirusni Klijent (Norton AntiVirus Poslužitelj) - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Sentinel Zaštita Server (SentinelProtectionServer) - SafeNet, Inc - C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Zaštita Server \ WINNT \ spnsrvnt.exe

--
End of file - 9148 bytes

**evilfantasy** · #4 7. listopad 2008, 09:48

Onemogući Spybot-a TeaTimer

Dok TeaTimer je odličan alat za sprečavanje spywarea, može interferirati s ispravci HijackThis. Molimo vas onemogućiti TeaTimer za sada dok ne budete čisti.

1. Desnom tipkom miša kliknite Spybot u programskoj traci (izgleda kao s kalendarom katanac simbol). Izabrati Zatvorite Spybot S & D Resident
2. Pokrenuti Spybot S & D
3. Idite na Moda izbornikI uvjerite se Advanced Mode nije odabrano.
4. Na lijevoj strani, odaberite Alati > Resident
isključite Resident TeaTimer i U redu bilo koji redak i Restart vašem računalu.

Napomena: Ako TeaTimer vam daje upozorenje nakon što su neke promjene, omogućuju blokiranje ovog umjesto njega.

Ako TeaTimer neće isključiti zatim uninstall Spybot dok smo učinili čišćenje.

----------

Otvori HijackThis i odaberite Da li je sustav skenirati samo.

Stavite oznaku uz sljedeće stavke: (ako postoji)

Ø15 - Pouzdani Raspon IP adresa: 206.161.125.149
Ø15 - ProtocolDefaults: 'http' protokol je u My Computer zoni, trebalo Internet Zone (HKLM)

Važno: Zatvorite sve otvorene prozore osim HijackThis, a zatim kliknite Fix checked.

Nakon završene izađite HijackThis.

----------

Download ComboFix by sUBs jedan od linkova ispod. Budite sigurni da ste na vrhu u Desktop.

Link # 1
Link # 2

** Napomena: Važno je da se sprema izravno na svoj Desktop

Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka ComboFix.

Privremeno onemogućiti tvoj AntiVirus, A svaka protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan. Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih.

Dvaput kliknite combofix.exe i slijedite upute.
Kada završite ComboFix će proizvesti prijava za vas.
Objaviti ComboFix log u sljedećem odgovoru.

Važno: Ne mouseclick ComboFix's prozor dok je pokrenut. Svibanj uzrokovati da ga zatajiti.

Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski ComboFix zaštita kada je završeno.

adhoc · #5 7 listopada 2008, 18:34

Hvala EF you rock,

Combofix log je ogroman tako da je priložen kao zip datoteku:
combofixlog.zip

**evilfantasy** · #6 7 listopada 2008, 18:44

[*] Kliknite START tada Pokrenuti[*] Sada upišite Combofix / u u runbox [*] Pobrinite postoji razmak između te Combofix / u [*] A pogodak Enter.

----------

Preuzimanje OTMoveIt2 la Oldtimer i spremite je na svoje Desktop.

Napomena: Ako radite na Vista, desnom tipkom miša kliknite na OTMoveIt2.exe i odabrati Pokreni kao administrator.

1. Dvokliknite OTMoveIt2.exe da ga vode.
2. Kopirajte linije u codebox ispod.

Code:

[ubiti istraživač] C: \ WINDOWS \ system32 \ xVB47F7a.exe C: \ DOCUME ~ 1 \ Owner \ LOCALS ~ 1 \ Temp \ RGI5.tmp EmptyTemp [start istraživač]

3. Povratak na OTMoveIt2, desni klik na Zalijepite popis datoteka / mapa na Premjesti prozor (pod žutim bar) i odabrati Zalijepi
4. Kliknite na crvenu Moveit! gumb.
5. Kopiraj sve u prozor Stranice (u zelenoj traci) i zalijepite ga u svoj sljedeći odgovor.
6. Zatvoriti OTMoveIt2

Napomena: Ako je datoteka ili mapa se ne mogu premjestiti odmah vam svibanj biti zatraženo da ponovno pokrenuti računalo kako bi završili proces potez. Ako zamoljeni da ponovno podizanje sustava, odaberite Da. Ako ne, ponovno podizanje sustava anyway.

----------

Nakon objavljivanja u OTMoveIt2 log.

1. Dvaput kliknite na OTMoveIt2.exe pokrenuti ga.
Vista korisnike kliknite desnom tipkom i odaberite Pokreni kao administrator
2. Kliknite na Cleanup! gumb.
3. OTMoveIt2 će preuzeti s Interneta lista, ako je vaš vatrozid ili drugi obrambeni programi upozorenja vas, dopustiti pristup.
4. Kliknite DA Na sljedećem retku (popis preuzetih, Želite li početi čišćenje postupak?)

Kada završite izlaz iz OTMoveIt2

----------

Pokreni CCleaner.

----------

Pokreni ovaj online scan.

Taj skener zahtjeva Internet Explorer

Koristite ESET NOD32 Online Scanner

1. Potvrdite okvir pored Da, prihvaćam Uvjete korištenja.
2. Kliknite Početak
3. Na pitanje, omogućiti ActiveX kontrole za instalaciju
4. Kliknite Početak
5. Provjerite je li mogućnost Uklonite pronađene prijetnje i mogućnost Scan neželjenih aplikacija provjerite je označen.
6. Kliknite Scan
7. Pričekajte za skeniranje do kraja
8. Koristite notesa za otvaranje logfile se nalaze na C: \ Program Files \ EsetOnlineScanner \ log.txt
9. Dodati taj C: \ Program Files \ EsetOnlineScanner \ log.txt Prijavite se na svoj sljedeći odgovor.

Slične teme
Nit	Temu Započeo	Forum	Odgovori	Zadnji Post
Virus: IEXPLORE.EXE sustav kao proces	mkjuan	Virus, Spyware i sigurnost	14	7. studeni 2008 00:14
Računalo ne radi-to je beeping!	PyroTails	General Hardware Chat	8	15. Ruj 2008 13:08
Čudne beeping buke	sam182666	General Hardware Chat	6	26. travanj 2008 12:23
Problemi s' popups iexplore i izvodi postupak	1carly1	Virus, Spyware i sigurnost	3	15. veljača 2008 10:36
Beeping na Čizma Gore	nuteck	CPU, Matične ploče i RAM	11	21 siječanj 2008 05:55