Trojanski Generic Heur

**kathymer** · #1 21. studenog 2008, 07:18

Pozdrav momci,

Pišem, jer za par dana, ja sam vlasništvo problematika sa ovaj poziv, tako trojanskih.

Imam info o Hijack Ovaj rezultata, može netko pomoć mene ugoditi?

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 10:16:57, dana 21/11/2008
Platforma: Windows XP SP3 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ System32 \ WLTRYSVC.EXE
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de programa \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Archivos de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Archivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4,0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe
C: \ Archivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Archivos de programa \ Java \ jre6 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Archivos de programa \ Windows Desktop Search \ WindowsSearch.exe
C: \ Archivos de programi \ Microsoft Office \ Office12 \ ONENOTEM.EXE
c: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ Archivos de programa \ Uniblue \ RegistryBooster \ RegistryBooster.e Xe
C: \ Archivos de programa \ Windows Live \ Messenger \ msnmsgr.exe
C: \ WINDOWS \ explorer.exe
C: \ Archivos de programa \ Windows Live \ Messenger \ usnsvc.exe
C: \ Archivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Archivos de programa \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ HPBPRO.EXE

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de programa \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de programa \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / ukvariti / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / Sync
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless UI Manager] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Archivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Archivos de programa \ Adobe \ Reader 9,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Archivos de programa \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [StatusClient] C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4,0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe / auto
O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe
O4 - HKLM \ .. \ Run: [HPLJ Config] c: \ Archivos de programa \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe Direct-c-p-DOT4_001 pn "HP LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120000
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Archivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Archivos de programa \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [AVP] "C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe"
O4 - HKLM \ .. \ Run: [f411a9e3] rundll32.exe "C: \ WINDOWS \ system32 \ knqyluad.dll", b
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Archivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICIO')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de crveno')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Recorte de pantalla Poèetna rapido e de OneNote 2007.lnk = C: \ Archivos de programi \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C: \ Archivos de programa \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra kontekst meni stavka: E & xportar Microsoft Excel - res: / / C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra 'Tools' MENUITEM: nedjelja Consola de Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra button: Web statistika prometa zaštita - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll
O9 - Extra button: Enviar jedan OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: Enviar & jedan OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra button: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Archivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: HP Smart Odaberite - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Archivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Archivos de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Archivos de programa \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Archivos de programa \ Messenger \ msmsgs.exe
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM \ System \ CS1 \ Services \ TCPIP \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CS2 \ Services \ TCPIP \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveSystemServices.dll
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ Archiv ~ 1 \ Archiv ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc - C: \ Archivos de programa \ Canon \ CAL \ CALMAIN.exe
O23 - Service: Quick Početničko Java (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Archivos de programa \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc - C: \ Archivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Trake Service (wltrysvc) - Unknown vlasnika - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE

--
End of file - 9813 bytes

Čekanje za vaš brz odgovor,

Kathy

**evilfantasy** · #2 21. studenog 2008, 12:56

Dobrodošli na CJ.

Otvori HijackThis i odaberite Da li je sustav skenirati samo.

Stavite oznaku uz sljedeće stavke: (ako postoji)

O4 - HKLM \ .. \ Run: [f411a9e3] rundll32.exe "C: \ WINDOWS \ system32 \ knqyluad.dll", b

Važno: Zatvorite sve otvorene prozore osim HijackThis, a zatim kliknite Fix checked.

Nakon završene izađite HijackThis.

----------

Napomena: se upute u nastavku su izrađene specijalno za ovog korisnika. Ukoliko niste u ovom, NE slijedite ove smjerove, jer bi mogao oštetiti djelovanju vašeg sustava

Idi na Start> Run i tip notepad.exe zatim pritisnite U redu

Kopirajte i zalijepite niže u Notepad i spremite kao fixme.reg da svoju Desktop

Code:

REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] "f411a9e3" =-

Pronađite fixme.reg na desktopu i dvokliknite ga. Odgovor Da kada upitani za spajanje sa Registry.

Pobrinite se da ćete mi reći ako primite poruku o uspjehu dodavši gore u registar. Ako ne dobijete poruku uspjeh, on nije 'funkcionirati.

Brisanje fixme.reg iz Desktop.

----------

Molimo print ove upute, jer će biti potrebno kasnije kada Internet pristup nije dostupan.

Preuzimanje SDFix by AndyManchesta i spremite ju na radnu površinu.

Kada koristite ovaj alat, morate koristiti Administrator račun ili račun s Administrativna prava

Dvaput kliknite na SDFix.exe i ona će ekstrakt datoteke u% systemdrive%
(ovo je pogon koji sadrži Windows Directory, obično C: \ SDFix).
Ne koristite ga samo još.

Ponovno pokrenuti računalo u Safe Mode koristeći F8 metoda. Da biste to učinili, pokrenite računalo, a nakon rasprave vaše računalo bip jednom tijekom pokretanja (ali prije nego se pojavi ikona Windows) pritisnite tipku F8 uzastopno. A pojavit će se izbornik s nekoliko opcija. Pomoću tipki sa strelicama za navigaciju i odaberite opciju za pokrenuti Windows u "Safe Mode".

Otvorite mapu SDFix i dvostruki klik RunThis.bat za pokretanje skripte.

Vrsta Y da biste započeli proces čišćenje.
To će ukloniti sve Trojanski službe ili stavke registra pronašao onda vas zatražiti da pritisnete bilo koju tipku da biste ponovno podizanje sustava.
Pritisnite bilo koju tipku i ona će se ponovno pokrenuti računalo.
Kada se računalo ponovo pokrene, Fixtool će se ponovno pokrenuti i dovršili postupak uklanjanja, zatim prikaz Završeno, Pritisnite bilo koju tipku da biste prekinuli učitavanje skripte i vaš desktop ikona.
Jednom desktopu ikone učitati SDFix izvještaj na ekranu će se otvoriti i spremiti u mapu SDFix kao Report.txt.
Kopirajte i zalijepite sadržaj rezultate datoteku Report.txt u sljedećem odgovoru uz novu HijackThis log (iz normalnog boot modu).

**kathymer** · #3 24. studenog 2008, 06:18

Pozdrav Evil,

Nažalost ne za pisanje i prije, morao sam izaći u Hong Kongu za poslovanje. Zbog toga nisam imala vremena da slijedite upute koje dnevno, a danas sam našao da je hijackthis klada već promijeniti.

Ako ste mogli pogledati i reci mi što da sad ću stvarno poštovati ga i ja još jednom se ispričavam za kašnjenje.

Evo ga:

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 09:17:07, dana 24/11/2008
Platforma: Windows XP SP3 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ System32 \ WLTRYSVC.EXE
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de programa \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Archivos de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
C: \ Archivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Archivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4,0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe
C: \ Archivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Archivos de programa \ Java \ jre6 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Archivos de programa \ Windows Desktop Search \ WindowsSearch.exe
C: \ Archivos de programi \ Microsoft Office \ Office12 \ ONENOTEM.EXE
c: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Archivos de programa \ Canon \ CAL \ CALMAIN.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ Archivos de programa \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe
C: \ Archivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Archivos de programa \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de programa \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de programa \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / ukvariti / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / Sync
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless UI Manager] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Archivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Archivos de programa \ Adobe \ Reader 9,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Archivos de programa \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [StatusClient] C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4,0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe / auto
O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe
O4 - HKLM \ .. \ Run: [HPLJ Config] c: \ Archivos de programa \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe Direct-c-p-DOT4_001 pn "HP LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120000
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Archivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Archivos de programa \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [AVP] "C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Archivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICIO')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de crveno')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Recorte de pantalla Poèetna rapido e de OneNote 2007.lnk = C: \ Archivos de programi \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C: \ Archivos de programa \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra kontekst meni stavka: E & xportar Microsoft Excel - res: / / C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra 'Tools' MENUITEM: nedjelja Consola de Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra button: Web statistika prometa zaštita - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll
O9 - Extra button: Enviar jedan OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: Enviar & jedan OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra button: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Archivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: HP Smart Odaberite - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Archivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Archivos de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Archivos de programa \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Archivos de programa \ Messenger \ msmsgs.exe
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM \ System \ CS1 \ Services \ TCPIP \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CS2 \ Services \ TCPIP \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveSystemServices.dll
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ Archiv ~ 1 \ Archiv ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc - C: \ Archivos de programa \ Canon \ CAL \ CALMAIN.exe
O23 - Service: Quick Početničko Java (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Archivos de programa \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc - C: \ Archivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Trake Service (wltrysvc) - Unknown vlasnika - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE

--
End of file - 9627 bytes

Hvala opet i čeka za vaš odgovor,

Kathy

**evilfantasy** · #4 24. studenog 2008, 10:24

Mi i dalje trebate učiniti je SDFix scan.

Molimo print ove upute, jer će biti potrebno kasnije kada Internet pristup nije dostupan.

Preuzimanje SDFix by AndyManchesta i spremite ju na radnu površinu.

Kada koristite ovaj alat, morate koristiti Administrator račun ili račun s Administrativna prava

Dvaput kliknite na SDFix.exe i ona će ekstrakt datoteke u% systemdrive%
(ovo je pogon koji sadrži Windows Directory, obično C: \ SDFix).
Ne koristite ga samo još.

Ponovno pokrenuti računalo u Safe Mode koristeći F8 metoda. Da biste to učinili, pokrenite računalo, a nakon rasprave vaše računalo bip jednom tijekom pokretanja (ali prije nego se pojavi ikona Windows) pritisnite tipku F8 uzastopno. A pojavit će se izbornik s nekoliko opcija. Pomoću tipki sa strelicama za navigaciju i odaberite opciju za pokrenuti Windows u "Safe Mode".

Otvorite mapu SDFix i dvostruki klik RunThis.bat za pokretanje skripte.

Vrsta Y da biste započeli proces čišćenje.
To će ukloniti sve Trojanski službe ili stavke registra pronašao onda vas zatražiti da pritisnete bilo koju tipku da biste ponovno podizanje sustava.
Pritisnite bilo koju tipku i ona će se ponovno pokrenuti računalo.
Kada se računalo ponovo pokrene, Fixtool će se ponovno pokrenuti i dovršili postupak uklanjanja, zatim prikaz Završeno, Pritisnite bilo koju tipku da biste prekinuli učitavanje skripte i vaš desktop ikona.
Jednom desktopu ikone učitati SDFix izvještaj na ekranu će se otvoriti i spremiti u mapu SDFix kao Report.txt.
Kopirajte i zalijepite sadržaj rezultate datoteku Report.txt u sljedećem odgovoru.

**kathymer** · #5 25. studenog 2008, 05:14

Zlo Pozdrav, evo rezultata. Do sada su se u računalu radi super. Thanks a lot. Pustiti mene znati ako ništa drugo treba da se uradi.

SDFix: 1,240 Version
Trčanje po Administrador na 25/11/2008 at 19:47

Microsoft Windows XP [Versi ¢ n 5/1/2600]
Running From: C: \ SDFix

Provjera Usluge :

Vraćanjem Default Security Vrijednosti
Vraćanjem Default Hosts File

Postupak ponovne inicijalizacije operacijskog sust

Provjera Files :

Trojanski Files Pronađeno:

C: \ WINDOWS \ system32 \ ssqPihiH.dll - Obrisana
C: \ Documents and Settings \ All Users \ Muškarci £ Poèetna \ programi \ Poèetna \. Zaštićena - Obrisana
C: \ Documents and Settings \ TrackerVsrGroup \ Muškarci £ Poèetna \ programi \ Poèetna \. Zaštićena - Obrisana
C: \ Archivos de programa \ iSecurity \ antivirusxp.bmp - Obrisana
C: \ Archivos de programa \ iSecurity \ antivirusxp.ico - Obrisana
C: \ Archivos de programa \ iSecurity \ antivirusxpi.bmp - Obrisana
C: \ Archivos de programa \ iSecurity \ iSecurity.dat - Obrisana
C: \ Archivos de programa \ iSecurity \ iSecurity.html - Obrisana
C: \ Archivos de programa \ iSecurity \ systemdefender.bmp - Obrisana
C: \ Archivos de programa \ iSecurity \ systemdefender.ico - Obrisana
C: \ Archivos de programa \ iSecurity \ systemdefenderi.bmp - Obrisana

Mapu C: \ Archivos de programa \ IE Extensions - Odstranjena
Mapu C: \ Archivos de programa \ iSecurity - Odstranjena
Mapu C: \ Archivos de programa \ RichVideoCodec - Odstranjena
Mapu C: \ Windows \ System32 \ 734914 - Odstranjena
Mapu C: \ Windows \ System32 \ 931928 - Odstranjena

Uklanjanje Temp Files

Provjerite REKLAME :

Završna Provjeri :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-11-25 20:01:58
5/1/2600 Windows Service Pack 3 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih i usluge Grozd sustava ...

skeniranja skrivenih stavki registra ...

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows Traži \ Skupi \ Windows \ SystemIndex]
"LogName" = "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programi \ Microsoft \ Traži \ Data \ Applications \ Window s \ Projekti \ SystemIndex \ SystemIndex.Ntfy10.gthr"
"SecondaryLogName" = "C: \ Documents and Settings \ All Users.WINDOWS \ Datos de programi \ Microsoft \ Traži \ Data \ Applications \ Window s \ Projekti \ SystemIndex \ SystemIndex.Ntfy11.gthr"

skeniranja skrivenih datoteka ...

scan uspješno završena
skriveni procesi: 0
skriven usluge: 0
skrivenih datoteka: 0

Preostali Usluge :

Ovlašteni Aplikacija Ključ Izvoz:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ standardnih profila \ authorizedapplications \ list]
"C: \ \ WINDOWS \ \ system32 \ \ sessmgr.exe" = "C: \ \ WINDOWS \ \ system32 \ \ sessmgr.exe: *: Onemogućene: @ xpsp2res.dll, -22019"
"C: \ \ Archivos de programa \ \ Ares \ \ Ares.exe" = "C: \ \ Archivos de programa \ \ Ares \ \ Ares.exe: *: Onemogućene: Ares P2P for Windows"
"C: \ \ WINDOWS \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ WINDOWS \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Onemogućene: @ xpsp3res.dll, -20000"
"C: \ \ Archivos de programa \ \ Hewlett-Packard \ \ Toolbox2.0 \ \ Javasoft \ \ JRE \ \ 1.3.1 \ \ bin \ \ ja vaw.exe" = "C: \ \ Archivos de programa \ \ Hewlett-Packard \ \ Toolbox2.0 \ \ Javasoft \ \ JRE \ \ 1.3.1 \ \ bin \ \ vaw.exe ja: *: Onemogućene: javaw "
"C: \ \ WINDOWS \ \ system32 \ \ mmc.exe" = "C: \ \ WINDOWS \ \ sys tem32 \ \ mmc.exe: *: Onemogućene: Microsoftove konzole za upravljanje"
"C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE: *: Onemogućene: Microsoft Office Groove "
"C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" = "C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE: *: Onemogućene: Microsoft Office OneNote "
"C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ OUTLOOK.EXE" = "C: \ \ Archivos de programa \ \ Microsoft Office \ \ Office12 \ \ OUTLOOK.EXE: *: Onemogućene: Microsoft Office Outlook "
"C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe: *: Onemogućene: Windows Live Messenger "
"C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ livecall.exe: *: Onemogućene: Windows Live Messenger (Telefon) "
"C: \ \ Archivos de programa \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Archivos de programa \ \ Messenger \ \ msmsgs.exe: *: Onemogućene: Windows Messenger"
"C: \ \ Documents and Settings \ \ All Users.WINDOWS \ \ de Datos programa \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Croatian \ \ setup.exe" = "C: \ \ Documents and Settings \ \ All Users.WINDOWS \ \ de Datos programa \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Engleski \ \ setup.exe: *: Onemogućene: Kaspersky Internet Sigurnost 2009 Setup "
"C: \ \ Archivos de programa \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Archivos de programa \ \ Skype \ \ Phone \ \ Skype.exe: *: Onemogućene: Skype"
"C: \ \ Archivos de programa \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" = "C: \ \ Archivos de programa \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe: *: Onemogućene: Yahoo Messenger "
"C: \ \ Archivos de programa \ \ AVG \ \ AVG8 \ \ avgupd.exe" = "C: \ \ Archivos de programa \ \ AVG \ \ AVG8 \ \ avgupd.exe: *: Omogućen: avgupd.e Xe"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Omogućen: @ xpsp3res.dll, -20000"
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe: *: Omogućen: Windows Live Messenger "
"C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Archivos de programa \ \ Windows Live \ \ Messenger \ \ livecall.exe: *: Omogućen: Windows Live Messenger (Telefon) "

Preostali Files :

Datoteke sigurnosne kopije: - C: \ SDFix \ sigurnosne kopije \ backups.zip

Skrivene datoteke s Svojstva :

Nedjelja 12. ožujak 2006 10311680 .. SH. --- "C: \ Archivos de programa \ AVIConverter \ mencoder.exe"
Ponedjeljak 14. travanj 2008 60416 A.SH. --- "C: \ Archivos de programa \ Outlook Express \ msimn.exe"
Subota 11. studeni 2006 4348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Utorak 13 studeni 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Utorak 13 veljača 2007 3096576 A.. H. --- "C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ U3 \ temp \ Launchpad Removal.exe"
Petak 21. studeni 2008 18922 H. ... --- "C: \ Documents and Settings \ Mauricio \ Mis documentos \ Erika \ Private \ Knjige \ ~ WRL3517.tmp"

Završeno!

Hvala,

Kathy

**evilfantasy** · #6 25. studeni 2008, 11:56

Preuzimanje Malwarebytes' Anti-zaštita od zlonamjernih programa (MBAM)

Dvokliknite mbam-setup.exe i slijedite upute za instaliranje programa.
Na kraju, svakako jedan je postavljena kvačica pored sljedeće:
- Update Malwarebytes' Anti-zaštita od zlonamjernih programa
- Launch Malwarebytes' Anti-zaštita od zlonamjernih programa
Zatim kliknite na Završi.
Ako se ažuriranje je pronađen, on će preuzeti i instalirati najnoviju verziju.
Nakon što program učita, odaberite Obavi brzo pretraživanje, A zatim kliknite Scan.
Kada se skeniranje završi, kliknite na U redu, Zatim Prikaži rezultate za prikaz rezultata.
Budite sigurni da je sve provjeriti, a zatim kliknite Ukloni odabrano.
Kad je završio dezinfekcija, a zapisnik će se otvoriti u Notepad i vi svibanj biti zatraženo da Restart. (Vidi Extra bilješka)
U zapisnik se automatski sprema po MBAM i mogu biti pregledani klikom na tab Evidencije u MBAM.
Kopirajte i zalijepite cijeli izvještaj u vašem sljedeći odgovor.

Extra Napomena: Ako MBAM susrete datoteku koja je teško ukloniti, bit će predstavljen sa 1 of 2 upitom, kliknite U redu da biste bilo i nek MBAM nastaviti s procesom dezinfekcije, ako je zatraženo da ponovo pokrenete računalo, učinite to odmah.

----------

Preuzimanje slučajni sustav informacija alat (RSIT) by random / od slučajnih i spremite je na svoj Desktop.

Dvaput kliknite na RSIT.exe izvoditi.
Kliknite Nastavi disclaimer na zaslonu.
Nakon što je završio, dva logove će se otvoriti.
log.txt «bit će maximized i info.txt «će biti minimiziran
Molimo post sadržaj oboje logove u sljedećem odgovoru.

----------

Next post dodajte:
MBAM log
Prijava & RSIT info logove

Napomena: On svibanj potrajati dva dobiti sve postove od trupaca posted.

**kathymer** · #7 29. studenog 2008, 08:10

Pozdrav Evil,

ovdje se nalaze logs:
Logfile slučajnih sustav informacija alat 1,04 (napisao nasumično / nasumično)
Trčanje po Mauricio at 2008-11-29 23:03:34
Microsoft Windows XP Professional Service Pack 3
Sustav disku C: ima 50 GB (68%) slobodan od 73 GB
Ukupno RAM: 1015 MB (53% besplatno)

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 11:03:42, dana 29/11/2008
Platforma: Windows XP SP3 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ System32 \ WLTRYSVC.EXE
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de programa \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Archivos de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Archivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Archivos de programa \ Adobe \ Reader 9,0 \ Reader \ Reader_sl.exe
C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4,0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe
C: \ Archivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Archivos de programa \ Java \ jre6 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Archivos de programa \ Windows Desktop Search \ WindowsSearch.exe
C: \ Archivos de programi \ Microsoft Office \ Office12 \ ONENOTEM.EXE
c: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e
C: \ Archivos de programa \ Canon \ CAL \ CALMAIN.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe
C: \ Archivos de programa \ Yahoo! \ Messenger \ ymsgr_tray.exe
C: \ Archivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Documents and Settings \ Mauricio \ Escritorio \ RSIT.exe
C: \ Archivos de programa \ Trend Micro \ HijackThis \ Mauricio.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de programa \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Archivos de programa \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O2 - BHO: HP Print Enhancer - (0347C33E-8762-4905-BF09-768834316C61) - C: \ Archivos de programa \ HP \ Smart Web Printing \ hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - (053F9267-DC04-4294-A72C-58F732D338C0) - C: \ Archivos de programa \ HP \ Smart Web Printing \ hpswp_framework.dll
O2 - BHO: Adobe PDF Link Helper - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Archivos de programa \ Archivos comunes \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Skype dodati-na (kapacitet) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - C: \ Archivos de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: AVG Safe Search - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - (no file)
O2 - BHO: IEVkbdBHO - (59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C) - C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Archivos de programa \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de sesión de Poèetna - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Archivos de programa \ Archivos comunes \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: (no name) - (C08DF07A-3E49-4E25-9AB0-D3882835F153) - (no file)
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Archivos de programa \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Archivos de programa \ Java \ jre6 \ lib \ rasporediti \ jqs \ ie \ jqs_plugin.dl l
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Archivos de programa \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / ukvariti / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / Sync
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp]% ProgramFiles% \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless UI Manager] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Archivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Archivos de programa \ Adobe \ Reader 9,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Archivos de programa \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [StatusClient] C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4,0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe / auto
O4 - HKLM \ .. \ Run: [TomcatStartup] C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe
O4 - HKLM \ .. \ Run: [HPLJ Config] c: \ Archivos de programa \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe Direct-c-p-DOT4_001 pn "HP LaserJet 1150 PCL 5e"-n 0 -- l 1033-sl 120000
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Archivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Archivos de programa \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [AVP] "C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Messenger (Yahoo!)] "C: \ Archivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICIO')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de crveno')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Recorte de pantalla Poèetna rapido e de OneNote 2007.lnk = C: \ Archivos de programi \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Búsqueda en el escritorio de Windows.lnk = C: \ Archivos de programa \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra kontekst meni stavka: E & xportar Microsoft Excel - res: / / C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra 'Tools' MENUITEM: nedjelja Consola de Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre6 \ bin \ jp2iexp.dll
O9 - Extra button: Web statistika prometa zaštita - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ SCIEPlgn.dll
O9 - Extra button: Enviar jedan OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: Enviar & jedan OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra button: HP Clipbook - (58ECB495-38F0-49cb-A538-10282ABF65E7) - C: \ Archivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: HP Smart Odaberite - (700259D7-1666-479a-93B1-3250410481E8) - C: \ Archivos de programa \ HP \ Smart Web Printing \ hpswp_extensions.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Archivos de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archiv ~ 1 \ MICROS ~ 3 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Archivos de programa \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Archivos de programa \ Messenger \ msmsgs.exe
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ .. \ (0BB9B244-504D-4515-AD0C-7D3102F43CEE): NameServer = 202.96.128.86 202.96.134.133
O17 - HKLM \ System \ CS1 \ Services \ TCPIP \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O17 - HKLM \ System \ CS2 \ Services \ TCPIP \ .. \ (07376171-B8C5-429A-AEAD-0D95181A8685): NameServer = 210.132.31.2,221.5.88.88
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveSystemServices.dll
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ Archiv ~ 1 \ Archiv ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc - C: \ Archivos de programa \ Canon \ CAL \ CALMAIN.exe
O23 - Service: Quick Početničko Java (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Archivos de programa \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc - C: \ Archivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe
O23 - Service: Dell Wireless WLAN Trake Service (wltrysvc) - Unknown vlasnika - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE

--
End of file - 11628 bytes

====== Zakazani zadaci mapu ======

C: \ WINDOWS \ zadaci \ AppleSoftwareUpdate.job
C: \ WINDOWS \ zadaci \ enlgfqlf.job

====== Registrara izvatkom ======

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (02478D38-C3F9-4EFB-9B51-7695ECA05670)]
Yahoo! Toolbar Helper - C: \ Archivos de programa \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (0347C33E-8762-4905-BF09-768834316C61)]
HP Print Enhancer - C: \ Archivos de programa \ HP \ Smart Web Printing \ hpswp_printenhancer.dll [2007-03-03 1298024]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (053F9267-DC04-4294-A72C-58F732D338C0)]
HP Print Clips - C: \ Archivos de programa \ HP \ Smart Web Printing \ hpswp_framework.dll [2007-03-03 177768]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (18DF081C-E8AD-4283-A596-FA578C2EBDC3)]
Adobe PDF Link Helper - C: \ Archivos de programa \ Archivos comunes \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (22BF413B-C6D2-4d91-82A9-A0F997BA588C)]
Skype dodati-na (kapacitet) - C: \ Archivos de programa \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll [2008-06-04 1404928]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0)]
AVG Safe Search

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C)]
IEVkbdBHO Klasa - C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (72853161-30C5-4D22-B7F9-0BBC1D38A37E)]
Groove GFS Browser Helper - C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (761497BB-D6F0-462C-B6EB-D4DAF1D92D43)]
SSVHelper Klasa - C: \ Archivos de programa \ Java \ jre6 \ bin \ ssv.dll [2008-10-28 320920]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (7E853D72-626A-48EC-A868-BA8D5E23E045)]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (9030D464-4C02-4ABF-8ECC-5164760863C6)]
Windows Live Aplicación auxiliar de sesión de Poèetna - C: \ Archivos de programa \ Archivos comunes \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (C08DF07A-3E49-4E25-9AB0-D3882835F153)]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (DBC80044-A445-435b-BC74-9C25C1C588A9)]
Java (tm) Plug-in 2 SSV Helper - C: \ Archivos de programa \ Java \ jre6 \ bin \ jp2ssv.dll [2008-10-28 34816]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (E7E6F031-17CE-4C07-BC86-EABFE594F69C)]
JQSIEStartDetectorImpl Klasa - C: \ Archivos de programa \ Java \ jre6 \ lib \ rasporediti \ jqs \ ie \ jqs_plugin.dl l [2008-10-28 73728]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Archivos de programa \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run]
"IMJPMIG8.1" = C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EX E [2008-04-14 208952]
"PHIME2002ASync" = C: \ Windows \ System32 \ IME \ TINTLGNT \ TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A" = C: \ Windows \ System32 \ IME \ TINTLGNT \ nijansa SETP.EXE [2008-04-14 455168]
"GrooveMonitor" = C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveMonitor.exe [2007-08-24 33648]
"SigmatelSysTrayApp" = C: \ Archivos de programa \ SigmaTel \ C-Major Audio \ WDM \ stsystra.exe [2007-05-10 405504]
"Broadcom Wireless Manager UI" = C: \ WINDOWS \ system32 \ WLTRAY.exe [2006-11-01 1392640]
"HP Software Update" = C: \ Archivos de programa \ HP \ HP Software Update \ HPWuSchd2.exe [2006-12-11 49152]
"Adobe Reader Speed Launcher" = C: \ Archivos de programa \ Adobe \ Reader 9,0 \ Reader \ Reader_sl.exe [2008-06-12 34672]
"QuickTime Task" = C: \ Archivos de programa \ QuickTime \ QTTask.exe [2008-05-27 413696]
"StatusClient" = C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Apache Tomcat 4,0 \ webapps \ Toolbox \ StatusClient \ StatusClient.exe [2002-12-17 36864]
"TomcatStartup" = C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ hpbpsttp.exe [2003-04-01 155648]
"HPLJ Config" = C: \ Archivos de programa \ Hewlett-Packard \ HP LaserJet 1150_1300 \ SetConfig.exe Direct-c-p-DOT4_001 pn HP LaserJet 1150 PCL 5e-n 0-l 1033-sl 120000 []
"SynTPEnh" = C: \ Archivos de programa \ Synaptics \ SynTP \ SynTPEnh.exe [2007-12-07 1024000]
"SunJavaUpdateSched" = C: \ Archivos de programa \ Java \ jre6 \ bin \ jusched.exe [2008-10-28 136600]
"igfxtray" = C: \ WINDOWS \ system32 \ igfxtray.exe [2006-09-15 94208]
"igfxhkcmd" = C: \ WINDOWS \ system32 \ hkcmd.exe [2006-09-15 77824]
"igfxpers" = C: \ WINDOWS \ system32 \ igfxpers.exe [2006-09-15 118784]
"AVP" = C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe [2008-07-29 206088]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-14 15360]
"Glasnik (Yahoo!)" = C: \ Archivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe [2008-11-05 4347120]

C: \ Documents and Settings \ All Users.WINDOWS \ Izbornik Poèetna \ programi \ Poèetna
Búsqueda en el escritorio de Windows.lnk - C: \ Archivos de programa \ Windows Desktop Search \ WindowsSearch.exe

C: \ Documents and Settings \ Mauricio \ Izbornik Poèetna \ programi \ Poèetna
Recorte de pantalla Poèetna rapido e de OneNote 2007.lnk - C: \ Archivos de programi \ Microsoft Office \ Office12 \ ONENOTEM.EXE

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLS" = "C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd.dll, C: \ Archiv ~ 1 \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ mzvkbd3.dll"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Obavijesti \ igfxcui]
C: \ WINDOWS \ system32 \ igfxdev.dll [2006-09-15 139264]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Obavijesti \ klogon]
C: \ WINDOWS \ system32 \ klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad]
UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008-04-14 240128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks]
"(B5A7F190-DDA6-4420-B3BA-52453494E6CD)" = C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll [2007-08-24 2212224]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = C: \ Archivos de programa \ Windows Desktop Search \ MSNLNamespaceMgr.dll [2007-02-06 294400]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Policies \ Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ standardnih profila \ authorizedapplications \ list]
"C: \ WINDOWS \ system32 \ sessmgr.exe" = "C: \ WINDOWS \ syst em32 \ sessmgr.exe: *: Onemogućene: @ xpsp2res.dll, -22019"
"C: \ Archivos de programa \ Ares \ Ares.exe" = "C: \ Archivos de programa \ Ares \ Ares.exe: *: Onemogućene: Ares P2P for Windows"
"C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe" = "C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe: *: Onemogućene: @ xpsp3res.dll, -20000"
"C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e" = "C: \ Archivos de programa \ Hewlett-Packard \ Toolbox2.0 \ Javasoft \ JRE \ 1.3.1 \ bin \ javaw.ex e: *: Onemogućene: javaw "
"C: \ WINDOWS \ system32 \ mmc.exe" = "C: \ WINDOWS \ system32 \ mmc.exe: *: Onemogućene: Microsoftove konzole za upravljanje"
"C: \ Archivos de programi \ Microsoft Office \ Office12 \ GROOVE.EXE" = "C: \ Archivos de programi \ Microsoft Office \ Office12 \ GROOVE.EXE: *: Onemogućene: Microsoft Office Groove"
"C: \ Archivos de programi \ Microsoft Office \ Office12 \ ONENOTE.EXE" = "C: \ Archivos de programi \ Microsoft Office \ Office12 \ ONENOTE.EXE: *: Onemogućene: Microsoft Office OneNote"
"C: \ Archivos de programi \ Microsoft Office \ Office12 \ OUTLOOK.EXE" = "C: \ Archivos de programi \ Microsoft Office \ Office12 \ OUTLOOK.EXE: *: Onemogućene: Microsoft Office Outlook"
"C: \ Archivos de programa \ Windows Live \ Messenger \ msnmsgr.exe" = "C: \ Archivos de programa \ Windows Live \ Messenger \ msnmsgr.exe: *: Onemogućene: Windows Live Messenger"
"C: \ Archivos de programa \ Windows Live \ Messenger \ livecall.exe" = "C: \ Archivos de programa \ Windows Live \ Messenger \ livecall.exe: *: Onemogućene: Windows Live Messenger (Phone)"
"C: \ Archivos de programa \ Messenger \ msmsgs.exe" = "C: \ Archivos de programa \ Messenger \ msmsgs.exe: *: Onemogućene: Windows Messenger"
"C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ Kaspersky Lab Setup Files \ Kaspersky Internet Security 2009 \ Croatian \ setup.exe" = "C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ Kaspersky Lab Setup Files \ Kaspersky Internet Security 2009 \ Croatian \ setup.exe: *: Onemogućene: Kaspersky Internet Sigurnost 2009 Setup "
"C: \ Archivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe" = "C: \ Archivos de programa \ Yahoo! \ Messenger \ YahooMessenger.exe: *: Dis abled: Yahoo Messenger"
"C: \ Archivos de programa \ AVG \ AVG8 \ avgupd.exe" = "C: \ Archivos de programa \ AVG \ AVG8 \ avgupd.exe: *: Omogućen: avgupd.exe"
"C: \ Archivos de programa \ Skype \ Phone \ Skype.exe" = "C: \ Archivos de programa \ Skype \ Phone \ Skype.exe: *: Omogućen: Skype"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Omogućen: @ xpsp3res.dll, -20000"
"% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"C: \ Archivos de programa \ Windows Live \ Messenger \ msnmsgr.exe" = "C: \ Archivos de programa \ Windows Live \ Messenger \ msnmsgr.exe: *: Omogućen: Windows Live Messenger"
"C: \ Archivos de programa \ Windows Live \ Messenger \ livecall.exe" = "C: \ Archivos de programa \ Windows Live \ Messenger \ livecall.exe: *: Omogućen: Windows Live Messenger (Phone)"

====== Popis datoteka / mapa kreirana u zadnjih 1 mjesec ======

2008-11-29 23:03:33 ---- D ---- C: \ rsit
2008-11-29 22:41:40 ---- D ---- C: \ Documents and Settings \ Mauricio \ de Datos programa \ Malwarebytes
2008-11-29 22:41:23 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ Malwarebytes
2008-11-29 22:41:23 ---- D ---- C: \ Archivos de programa \ Malwarebytes' Anti-zaštita od zlonamjernih programa
2008-11-29 09:19:41 SH ---- ---- C: \ WINDOWS \ system32 \ dhtngaxu.ini
2008-11-27 22:05:52 SH ---- ---- C: \ WINDOWS \ system32 \ pugslxae.ini
2008-11-26 22:03:57 SH ---- ---- C: \ WINDOWS \ system32 \ eukkiphh.ini
2008-11-25 19:41:04 ---- D ---- C: \ WINDOWS \ ERUNT
2008-11-25 11:01:26 SH ---- ---- C: \ WINDOWS \ system32 \ lulxsfxo.ini
2008-11-24 21:19:15 ---- D ---- C: \ SDFix
2008-11-24 07:58:30 SH ---- ---- C: \ WINDOWS \ system32 \ xgvvibbj.ini
2008-11-22 08:27:10 SH ---- ---- C: \ WINDOWS \ system32 \ pqukverl.ini
2008-11-21 21:52:02 ---- D ---- C: \ Archivos de programa \ Trend Micro
2008-11-21 08:24:21 SH ---- ---- C: \ WINDOWS \ system32 \ daulyqnk.ini
2008-11-21 07:57:32 ---- D ---- C: \ Documents and Settings \ Mauricio \ de Datos programa \ Desktopicon
2008-11-21 07:57:23 ---- D ---- C: \ Archivos de programa \ Unlocker
2008-11-20 08:08:07 ---- A ---- C: \ WINDOWS \ ntbtlog.txt
2008-11-19 23:33:53 SH ---- ---- C: \ WINDOWS \ system32 \ hhgdaqoj.ini
2008-11-19 20:40:38 ---- D ---- C: \ WINDOWS \ system32 \ NtmsData
2008-11-19 00:35:14 ---- D ---- C: \ WINDOWS \ RegisteredPackages
2008-11-19 00:18:12 ---- N ---- C: \ WINDOWS \ system32 \ pxcpya64.exe
2008-11-19 00:17:54 ---- N ---- C: \ WINDOWS \ system32 \ pxinsa64.exe
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ vxblock.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxwave.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxsfs.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxmas.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxhpinst.exe
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxdrv.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ pxafs.dll
2008-11-19 00:17:50 ---- N ---- C: \ WINDOWS \ system32 \ px.dll
2008-11-19 00:16:06 ---- D ---- C: \ Documents and Settings \ Mauricio \ de Datos programa \ Winamp
2008-11-19 00:16:06 ---- D ---- C: \ Archivos de programa \ Winamp
2008-11-18 23:18:58 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ Kaspersky Lab
2008-11-18 23:18:58 ---- D ---- C: \ Archivos de programa \ Kaspersky Lab
2008-11-18 22:53:33 SH ---- ---- C: \ WINDOWS \ system32 \ gpifbath.ini
2008-11-18 22:53:08 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ Yahoo! Companion
2008-11-18 22:52:54 ---- A ---- C: \ WINDOWS \ system32 \ ff326d9d-.txt
2008-11-18 22:49:38 Ash ---- ---- C: \ WINDOWS \ system32 \ OrBIOqss.ini
2008-11-18 21:50:39 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ Kaspersky Lab Setup Files
2008-11-18 21:50:11 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ Avg8
2008-11-18 21:01:02 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ Yahoo!
2008-11-18 21:00:55 ---- D ---- C: \ Archivos de programa \ Yahoo!
2008-11-16 18:22:11 ---- A ---- C: \ WINDOWS \ system32 \ igfxres.dll
2008-11-16 18:14:28 ---- A ---- C: \ WINDOWS \ system32 \ iAlmCoIn_v4693.dll
2008-11-16 18:14:04 ---- D ---- C: \ Archivos de programa \ Lenovo
2008-11-16 18:13:02 ---- D ---- C: \ Documents and Settings \ Mauricio \ de Datos programa \ InstallShield
2008-11-16 17:07:04 ---- D ---- C: \ Archivos de programa \ Ares
2008-11-16 07:56:56 HDC ---- ---- C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ (51019853-129C-4EDE-9030-D5FD7BBD9AD0)
2008-11-16 07:50:56 ---- N ---- C: \ WINDOWS \ system32 \ spmsg2.dll
2008-11-16 07:50:46 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallXPSEPSCLP
2008-11-16 07:45:41 ---- D ---- C: \ WINDOWS \ system32 \ XPSViewer
2008-11-16 07:45:33 ---- D ---- C: \ WINDOWS \ system32 \ en-US
2008-11-16 07:45:22 ---- D ---- C: \ Archivos de programa \ Reference Skupštinama
2008-11-16 07:43:37 ---- N ---- C: \ WINDOWS \ system32 \ prntvpt.dll
2008-11-16 07:43:36 ---- N ---- C: \ WINDOWS \ system32 \ xpssvcs.dll
2008-11-16 07:43:36 ---- N ---- C: \ WINDOWS \ system32 \ xpsshhdr.dll
2008-11-16 07:43:35 ---- D ---- C: \ 5f1fa5494e63fddfbdfa29aa67bcdc5a
2008-11-16 07:32:05 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ DriverScanner
2008-11-16 07:30:14 HDC ---- ---- C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ (D5ABFFAD-D592-4F98-B02B-587125B4801F)
2008-11-16 07:27:18 ---- D ---- C: \ Documents and Settings \ Mauricio \ de Datos programa \ Uniblue
2008-11-16 07:26:25 ---- D ---- C: \ Archivos de programa \ Uniblue
2008-11-16 07:25:46 HDC ---- ---- C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185)
2008-10-31 20:38:38 ---- A ---- C: \ WINDOWS \ system32 \ vfwwdm32.dll
2008-10-30 19:39:53 ---- D ---- C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ QuickTime
2008-10-30 19:39:05 ---- D ---- C: \ Archivos de programa \ Archivos comunes \ Ulead Systems
2008-10-30 19:38:30 ---- D ---- C: \ Archivos de programa \ InterVideo Information Service
2008-10-30 19:38:30 ---- D ---- C: \ Archivos de programa \ Archivos comunes \ Ulead
2008-10-30 19:37:27 ---- D ---- C: \ Archivos de programa \ Archivos comunes \ InterVideo
2008-10-30 19:37:22 ---- D ---- C: \ Archivos de programa \ InterVideo
2008-10-30 19:37:22 ---- A ---- C: \ WINDOWS \ mws.exe
2008-10-30 19:37:13 ---- D ---- C: \ Documents and Settings \ Mauricio \ de Datos programa \ InterVideo
2008-10-30 19:36:31 ---- D ---- C: \ Archivos de programa \ Digitalne kamere

====== Popis datoteka / mapa modificirana u zadnjih 1 mjesec ======

2008-11-29 23:02:55 ---- D ---- C: \ WINDOWS \ Temp
2008-11-29 23:01:22 ---- D ---- C: \ Archivos de programa \ Mozilla Firefox
2008-11-29 22:59:43 ---- D ---- C: \ WINDOWS
2008-11-29 22:58:13 ---- D ---- C: \ Windows \ System32 \ Drivers
2008-11-29 22:58:13 ---- D ---- C: \ WINDOWS \ system32
2008-11-29 22:57:31 ---- A ---- C: \ WINDOWS \ SchedLgU.Txt
2008-11-29 22:41:23 RD ---- ---- C: \ Archivos de programa
2008-11-29 09:39:51 ---- D ---- C: \ Archivos de programa \ Mozilla Thunderbird
2008-11-28 20:28:20 ---- D ---- C: \ WINDOWS \ system32 \ Catroot2
2008-11-26 00:42:28 ---- D ---- C: \ Documents and Settings \ Mauricio \ de Datos programa \ Skype
2008-11-25 22:39:44 ---- D ---- C: \ Documents and Settings \ Mauricio \ de Datos programa \ skypePM
2008-11-21 09:46:32 ---- A ---- C: \ WINDOWS \ system32 \ PerfStringBackup.INI
2008-11-21 08:20:19 ---- A ---- C: \ WINDOWS \ OEWABLog.txt
2008-11-21 01:29:03 ---- SHD ---- C: \ System Volume Information
2008-11-21 01:29:03 ---- D ---- C: \ WINDOWS \ system32 \ restore
2008-11-21 00:01:59 ---- D ---- C: \ Program Files
2008-11-20 12:39:56 ---- D ---- C: \ WINDOWS \ prefekt
2008-11-20 08:14:06 ---- SHD ---- C: \ čistač
2008-11-20 08:09:06 ---- D ---- C: \ Documents and Settings
2008-11-19 20:08:01 ---- D ---- C: \ WINDOWS \ Help
2008-11-19 20:00:27 ---- D ---- C: \ WINDOWS \ system32 \ config
2008-11-19 07:15:53 ---- D ---- C: \ WINDOWS \ sigurnost
2008-11-19 00:45:38 ---- D ---- C: \ WINDOWS \ Debug
2008-11-19 00:45:24 HD ---- ---- C: \ WINDOWS \ inf
2008-11-19 00:42:49 ---- RSHDC ---- C: \ WINDOWS \ system32 \ dllcache
2008-11-18 23:26:21 ---- SHD ---- C: \ Windows \ Installer
2008-11-18 23:26:18 HD ---- ---- C: \ Config.Msi
2008-11-18 22:54:46 ---- D ---- C: \ WINDOWS \ mreže dijagnostički
2008-11-18 22:39:38 SD ---- ---- C: \ WINDOWS \ Tasks
2008-11-18 22:05:01 ---- RSD ---- C: \ WINDOWS \ Fontovi
2008-11-18 20:27:00 osip ---- ---- C: \ boot.ini
2008-11-16 21:31:33 ---- D ---- C: \ WINDOWS \ Microsoft.NET
2008-11-16 21:31:31 ---- RSD ---- C: \ WINDOWS \ zbor
2008-11-16 19:29:33 ---- D ---- C: \ Documents and Settings \ Mauricio \ de Datos programa \ ZoomBrowser EX
2008-11-16 19:12:02 ---- D ---- C: \ Documents and Settings \ Mauricio \ de Datos programa \ CameraWindowDC
2008-11-16 18:19:17 DC ---- ---- C: \ WINDOWS \ system32 \ DRVSTORE
2008-11-16 18:18:59 ---- D ---- C: \ Archivos de programa \ Broadcom
2008-11-16 18:15:38 ---- D ---- C: \ WINDOWS \ system32 \ ReinstallBackups
2008-11-16 18:14:04 HD ---- ---- C: \ Archivos de programa \ InstallShield Installation Information
2008-11-16 18:12:53 ---- D ---- C: \ Drivers
2008-11-16 18:00:33 ---- D ---- C: \ Archivos de programa \ VideoLAN
2008-11-16 17:49:54 ---- D ---- C: \ i386
2008-11-16 07:51:08 ---- A ---- C: \ WINDOWS \ imsins.BAK
2008-11-16 07:50:04 ---- D ---- C: \ WINDOWS \ system32 \ es-es
2008-11-16 07:45:35 ---- D ---- C: \ Archivos de programa \ MSBuild
2008-11-16 07:41:29 ---- D ---- C: \ WINDOWS \ WinSxS
2008-10-30 19:40:39 ---- D ---- C: \ Archivos de programa \ Google
2008-10-30 19:39:05 ---- D ---- C: \ Archivos de programa \ Archivos comunes
2008-10-30 19:36:32 ---- D ---- C: \ Windows \ System

====== Popis vozača (R = Trčanje, S = zaustavljen, 0 = Boot, 1 = System, Auto-2 =, 3 = Demand, 4 = Disabled )======

R1 intelppm; Controlador de procesador Intel, C: \ Windows \ System32 \ Drivers \ intelppm.sys [2008-04-14 40576]
R1 KLIF; Kaspersky Lab Vozač, C: \ Windows \ System32 \ Drivers \ klif.sys [2008-11-18 213008]
R3 BCM43XX; Controlador de la tarjeta de crvena inalámbrica WLAN de Dell; C: \ Windows \ System32 \ Drivers \ bcmwl5.sys [2006-10-12 604928]
R3 bcm4sbxp; Broadcom 440x 10/100 Integrated Controller Driver XP; C: \ Windows \ System32 \ Drivers \ bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt; Controlador de batería de método de control de Microsoft ACPI; C: \ Windows \ System32 \ Drivers \ CmBatt.sys [2008-04-14 13952]
R3 HDAudBus; Controlador de bus para de Microsoft UAA High Definition Audio, C: \ Windows \ System32 \ Drivers \ Hdaudbus.sys [2008-04-14 144384]
R3 ialm; ialm; C: \ Windows \ System32 \ Drivers \ ialmnt5.sys [2006-09-15 1173468]
R3 Iviaspi; ivi ASPI Shell; C: \ Windows \ System32 \ Drivers \ iviaspi.sys [2006-11-22 16024]
R3 klim5; Kaspersky Anti-Virus NDIS Filter; C: \ Windows \ System32 \ Drivers \ klim5.sys [2008-04-30 24592]
R3 NWADI; NWADI Autobusni Enumerator; C: \ Windows \ System32 \ Drivers \ NWADIenum.sys [2006-03-27 74752]
R3 STHDA; SigmaTel High Definition Audio Codec; C: \ Windows \ System32 \ Drivers \ sthda.sys [2007-05-10 1222840]
R3 SynTP; Synaptics TouchPad Vozač, C: \ Windows \ System32 \ Drivers \ SynTP.sys [2007-12-07 220032]
R3 usbehci; Controlador minipuerto de la controladora mejorada USB 2.0 de Microsoft; C: \ Windows \ System32 \ Drivers \ usbehci.sys [2008-04-14 30208]
R3 usbhub; Concentrador habilitado USB2; C: \ Windows \ System32 \ Drivers \ usbhub.sys [2008-04-14 59520]
R3 usbuhci; Controlador minipuerto de la de controladora domaćin univerzalna USB de Microsoft; C: \ Windows \ System32 \ Drivers \ usbuhci.sys [2008-04-14 20608]
S3 catchme; catchme; \? \ C: \ DOCUME ~ 1 \ Mauricio \ CONFIG ~ 1 \ Temp \ catchme.sys []
S3 CCDECODE; Descodificador de título cerrado; C: \ Windows \ System32 \ Drivers \ CCDECODE.sys [2008-04-14 17024]
S3 Dot4; Controlador MS IEEE-1284,4; C: \ Windows \ System32 \ Drivers \ Dot4.sys [2008-04-14 206976]
S3 Dot4Print; Controlador de clase de impresión para IEEE-1284,4; C: \ Windows \ System32 \ Drivers \ Dot4Prt.sys [2001-08-18 12928]
S3 dot4usb; MS Dot4USB Filter Filter Dot4USB; C: \ Windows \ System32 \ Drivers \ dot4usb.sys [2001-08-23 24064]
S3 hidusb; Controlador de clases de Microsoft HID; C: \ Windows \ System32 \ Drivers \ hidusb.sys [2008-04-14 10368]
S3 HPZid412; IEEE-1284,4 Driver HPZid412; C: \ Windows \ System32 \ Drivers \ HPZid412.sys [2006-12-03 49920]
S3 HPZipr12; Ispiši Class Driver za IEEE-1284,4 HPZipr12; C: \ Windows \ System32 \ Drivers \ HPZipr12.sys [2006-12-03 16496]
S3 HPZius12; USB za IEEE-1284,4 Translation Driver HPZius12; C: \ Windows \ System32 \ Drivers \ HPZius12.sys [2006-12-03 21568]
S3 mouhid; Controlador HID de mouse; C: \ Windows \ System32 \ Drivers \ mouhid.sys [2001-08-24 12416]
S3 MSTEE; Convertidor trojnik / Sink-to-Sink de de Microsoft transferencia; C: \ Windows \ System32 \ Drivers \ MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC; kodek NABTS / FEC VBI; C: \ Windows \ System32 \ Drivers \ NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP; Conexión de TV / video de Microsoft; C: \ Windows \ System32 \ Drivers \ NdisIP.sys [2008-04-14 10880]
S3 PCASp50; PCASp50 NDIS Driver Protocol; C: \ WINDOWS \ System32 \ Drivers \ PCASp50.sys [2006-04-10 18560]
S3 Listić; BDA Listić De-Framer; C: \ Windows \ System32 \ Drivers \ SLIP.sys [2008-04-14 11136]
S3 streamip; receptor BDA IP; C: \ Windows \ System32 \ Drivers \ StreamIP.sys [2008-04-14 15232]
S3 usbccgp; Controlador primario genérico USB de Microsoft; C: \ Windows \ System32 \ Drivers \ usbccgp.sys [2008-04-14 32128]
S3 usbprint; Clase de impresora USB de Microsoft; C: \ Windows \ System32 \ Drivers \ usbprint.sys [2008-04-14 25856]
S3 usbscan; Controlador de escáner USB; C: \ Windows \ System32 \ Drivers \ usbscan.sys [2008-04-14 15104]
S3 USBSTOR; Dispositivo de datos de almacenamiento masivo USB; C: \ Windows \ System32 \ Drivers \ USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo; Dispositivo de vídeo USB (WDM); C: \ WINDOWS \ System32 \ Drivers \ usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC; kodek estándar mundial de teletexto; C: \ Windows \ System32 \ Drivers \ WSTCODEC.SYS [2008-04-14 19200]
S4 WS2IFSL; Entorno de compatibilidad con proveedores IFS nema de servicios de Windows Socket 2,0; C: \ Windows \ System32 \ Drivers \ ws2ifsl.sys [2001-08-24 12032]

====== Popis usluga (R = Trčanje, S = zaustavljen, 0 = Boot, 1 = System, Auto-2 =, 3 = Demand, 4 = Disabled )======

R2 AVP; Kaspersky Anti-Virus; C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe [2008-07-29 206088]
R2 CCALib8; Canon Camera Access Library 8; C: \ Archivos de programa \ Canon \ CAL \ CALMAIN.exe [2007-01-31 96370]
R2 hpqddsvc; Servicio HP šlagvort DeviceDiscovery; C: \ WINDOWS \ system32 \ Svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService; Java Quick Početničko; C: \ Archivos de programa \ Java \ jre6 \ bin \ jqs.exe [2008-10-28 152984]
R2 Neto Driver HPZ12; Neto Driver HPZ12; C: \ WINDOWS \ System32 \ Svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12; Pml Driver HPZ12; C: \ WINDOWS \ System32 \ Svchost.exe [2008-04-14 14336]
R2 UleadBurningHelper; Ulead Burning Helper; C: \ Archivos de programa \ Archivos comunes \ Ulead Systems \ DVD \ ULCDRSvr.exe [2004-12-13 49152]
R2 UMWdf; Windows User Mode Driver Framework, C: \ WINDOWS \ system32 \ wdfmgr.exe [2005-01-28 38912]
R2 wltrysvc; Dell Wireless WLAN Trake Service; C: \ WINDOWS \ System32 \ WLTRYSVC.EXE [2006-11-01 20480]
R2 WSearch; Búsqueda de Windows C: \ WINDOWS \ system32 \ SearchIndexer.exe [2007-02-06 300032]
R3 hpqcxs08; hpqcxs08; C: \ WINDOWS \ system32 \ Svchost.exe [2008-04-14 14336]
S3 aspnet_state; ASP.NET State Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ aspn et_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;. NET Runtime Service Optimizacija v2.0.50727_X86; C: \ WINDOWS \ Microsoft.NET \ Framework \ v2.0.50727 \ msco rsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0; Windows Presentation Foundation Font Cache 3.0.0.0, C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ WPF \ Presen tationFontCache.exe [2008-07-29 46104]
S3 idsvc; Windows CardSpace; C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ Windows Communication Foundation \ infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove reviziju Service; Microsoft Office Groove reviziju Service; C: \ Archivos de programi \ Microsoft Office \ Office12 \ GrooveAuditService.exe [2007-08-24 68464]
S3 odserv; Microsoft Office Diagnostics Service; C: \ Archivos de programa \ Archivos comunes \ Microsoft Shared \ OFFICE12 \ ODSERV.EXE [2007-08-24 443776]
S3 ose; Office Source Engine; C: \ Archivos de programa \ Archivos comunes \ Microsoft Shared \ Source Engine \ OSE.EXE [2006-10-26 145184]
S3 usnjsvc; lektor Servicio del diario USN de Carpetas para compartir de Messenger; C: \ Archivos de programa \ Windows Live \ Messenger \ usnsvc.exe [2007-10-19 98328]
S3 WLSetupSvc; Windows Live Setup Service; C: \ Archivos de programa \ Windows Live \ Installer \ WLSetupSvc.exe [2007-10-26 266240]
S4 NetTcpPortSharing; Net.Tcp Port Sharing Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.0 \ Windows Communication Foundation \ SMSvcHost.exe [2008-07-29 132096]
S4 Zumie Search Service; Zumie Search Service; C: \ Archivos de programa \ Zumie \ zumie.exe C: \ Archivos de programa \ Zumie \ zumie.dll Service []

----------------- ----------------- EOF

**kathymer** · #8 29. studenog 2008, 08:11

info.txt logfile slučajnih sustav informacija alat 1,04 2008-11-29 23:03:46

====== Deinstaliraj liste ======

-> "C: \ Archivos de programa \ InstallShield Installation Information \ (F37167DD-4436-4641-90B6-329D60632DDA) \ Setup.exe" REMOVEALL - u: F37167DD (-4436-4641-90B6-329D60632DDA)
-> Rundll32 C: \ Archiv ~ 1 \ Archiv ~ 1 \ instaliranjem ~ 1 \ PROFES ~ 1 \ Runtime \ 070 1 \ Intel32 \ Ctor.dll, LaunchSetup "C: \ Archivos de programa \ InstallShield Installation Information \ (FA7621DC - 7144-4A24-973C-B9BC0E945628) \ setup.exe "-l0x9
-> rundll32.exe setupapi.dll, InstallHinfSection DefaultUninstall 132 C: \ WINDOWS \ INF \ PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-0015-0C0A-0000-0000000FF1CE) / deinstalirati (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-0016-0C0A-0000-0000000FF1CE) / deinstalirati (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-0018-0C0A-0000-0000000FF1CE) / deinstalirati (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-0019-0C0A-0000-0000000FF1CE) / deinstalirati (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-001A-0C0A-0000-0000000FF1CE) / deinstalirati (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-001B-0C0A-0000-0000000FF1CE) / deinstalirati (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-001F-0403-0000-0000000FF1CE) / deinstalirati (A5B6B786-2D6F-4B75-940F-42B32D01D146)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-001F-0409-0000-0000000FF1CE) / deinstalirati (3EC77D26-799B-4CD8-914F-C1565E796173)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-001F-040C-0000-0000000FF1CE) / deinstalirati (430971B1-C31E-45DA-81E0-72C095BAB72C)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-001F-0416-0000-0000000FF1CE) / deinstalirati (669EB263-0AFE-4FCB-A068-DB082CA6273C)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-001F-0C0A-0000-0000000FF1CE) / deinstalirati (F7A31780-33C4-4E39-951A-5EC9B91D7BF1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-0030-0000-0000-0000000FF1CE) / deinstalirati (BEE75E01-DD3F-4D5F-B96C-609E6538D419)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-006E-0C0A-0000-0000000FF1CE) / deinstalirati 35B14BD6 (-6042-4A55-B326-58309DC8C72A)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-00A1-0C0A-0000-0000000FF1CE) / deinstalirati (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
2007 Microsoft Office Suite Service Pack 1 (SP1) -> msiexec / paket (90120000-00BA-0C0A-0000-0000000FF1CE) / deinstalirati (2CC8520D-6A74-4CCA-9539-8E774E2B50D1)
32-bitna HP CIO Komponente Installer -> Msiexec.exe / I (F1E63043-54FC-429B-AB2C-31AF9FBA4BC7)
Acrobat.com--> C: \ Archivos de programa \ Archivos comunes \ Adobe AIR \ verzije \ 1.0 \ Application Adobe AIR Installer.exe-uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com--> Msiexec.exe / I (77DCDCE3-2DED-62F3-8154-05E745472D07)
Actualización de seguridad para Windows XP (KB923789) -> C: \ WINDOWS \ system32 \ MacroMed \ flash \ genuinst.exe C: \ WINDOWS \ system32 \ MacroMed \ flash \ KB923789.inf
Actualización de seguridad para Windows XP (KB950759 )-->" C: \ WINDOWS \ $ NtUninstallKB950759 $ \ spuninst \ spunin st.exe "
Actualización de seguridad para Windows XP (KB950760 )-->" C: \ WINDOWS \ $ NtUninstallKB950760 $ \ spuninst \ spunin st.exe "
Actualización de seguridad para Windows XP (KB950762 )-->" C: \ WINDOWS \ $ NtUninstallKB950762 $ \ spuninst \ spunin st.exe "
Actualización de seguridad para Windows XP (KB951376-v2 )-->" C: \ WINDOWS \ $ NtUninstallKB951376-v2 $ \ spuninst \ Spuninst.exe "
Actualización de seguridad para Windows XP (KB951698 )-->" C: \ WINDOWS \ $ NtUninstallKB951698 $ \ spuninst \ spunin st.exe "
Actualización de seguridad para Windows XP (KB951748 )-->" C: \ WINDOWS \ $ NtUninstallKB951748 $ \ spuninst \ spunin st.exe "
Actualización para Windows XP (KB898461 )-->" C: \ WINDOWS \ $ NtUninstallKB898461 $ \ spuninst \ spunin st.exe "
Actualización para Windows XP (KB942763 )-->" C: \ WINDOWS \ $ NtUninstallKB942763 $ \ spuninst \ spunin st.exe "
Actualización para Windows XP (KB951072-v2 )-->" C: \ WINDOWS \ $ NtUninstallKB951072-v2 $ \ spuninst \ Spuninst.exe "
Actualización para Windows XP (KB951978 )-->" C: \ WINDOWS \ $ NtUninstallKB951978 $ \ spuninst \ spunin st.exe "
Adobe AIR -> Msiexec.exe / I (197A3012-8C85-4FD3-AB66-9EC7E13DB92E)
Adobe Flash Player 10 ActiveX -> C: \ WINDOWS \ system32 \ Macromed \ flash \ uninstall_acti veX.exe
Adobe Flash Player Plugin -> C: \ WINDOWS \ system32 \ Macromed \ flash \ uninstall_plug in.exe
Adobe Reader 9 -> Msiexec.exe / I (AC76BA86-7AD7-1033-7B44-A90000000001)
Apple Software Update -> Msiexec.exe / I (02DFF6B1-1654-411C-8D7B-FD6052EF016F)
Ares 2.0.9 -> "C: \ Archivos de programa \ Ares \ uninstall.exe"
AVIConverter 3,0 -> C: \ Archivos de programa \ AVIConverter \ uninst.exe
Barra Yahoo! con bloqueador de ventanas emergentes -> C: \ Archiv ~ 1 \ Yahoo! \ Common \ unyt.exe
Broadcom 440x 10/100 Integrated Controller -> Msiexec.exe / X (612B9183-67A9-4B44-9877-2F059E35B86A)
Broadcom WLAN -> C: \ Archivos de programa \ InstallShield Installation Information \ (13191B3F-D711-4906-81B3-5C47E031B235) \ setup.exe-runfromtemp-l0x000a-removeonly
Búsqueda en el escritorio de Windows 3,01 -> "C: \ WINDOWS \ $ NtUninstallKB917013 $ \ spuninst \ spunin st.exe"
Canon Camera Access Library -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ CAL \ Uninst.ini"
Fotoaparat Canon Podrška Core knjižnica -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ CSCLIB \ Uninst.ini"
Canon G.726 wmp-dekoder -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ G726Decoder \ G726DecUnInstall.ini"
Canon MovieEdit Zadatak za ZoomBrowser EX -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ ZoomBrowser EX \ Program \ MVWUninst.ini "
Canon RAW Image Task za ZoomBrowser ex -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ RAW Image Task \ Uninst.ini "
Canon Utilities CameraWindow DC_DV 5 za ZoomBrowser EX -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ CameraWindow \ CameraWindowDVC \ Uninst. ini "
Canon Utilities CameraWindow DC_DV 6 za ZoomBrowser EX -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ CameraWindow \ CameraWindowDVC6 \ Unins t . INI "
Canon Utilities CameraWindow DC -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ CameraWindow \ CameraWindowDC \ Uninst. INI"
Canon Utilities CameraWindow -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ CameraWindow \ CameraWindowLauncher \ U ninst.ini"
Canon EOS Utility komunalije -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ EOS Utility \ Uninst.ini"
Canon Utilities MyCamera DC -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ CameraWindow \ MyCameraDC \ Uninst.ini"
Canon Utilities MyCamera -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ CameraWindow \ MyCamera \ Uninst.ini"
Canon Utilities PhotoStitch -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ PhotoStitch \ Uninst.ini"
Canon Utilities RemoteCapture Zadatak za ZoomBrowser EX -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ CameraWindow \ RemoteCaptureTask DC \ Uninst. ini "
Canon Utilities ZoomBrowser EX -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ ZoomBrowser EX \ Program \ Uninst.ini"
Canon EX ZoomBrowser Memory Card Utility -> "C: \ Archivos de programa \ Archivos comunes \ Canon \ UIW \ 1.4.0.0 \ Uninst.exe" "C: \ Archivos de programa \ Canon \ ZoomBrowser EX MCU \ Uninst.ini"
Chinese Simplified Fontovi Podrška za Adobe Reader 9 -> Msiexec.exe / I (AC76BA86-7AD7-2447-0000-900000000003)
Dell Mobile Broadband Card Utility -> Msiexec.exe / X (DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28)
Dell Wireless WLAN Card -> "C: \ Archivos de programa \ Dell \ Dell Wireless WLAN Card \ bcmwlu00.exe" verbose / rootkey = "Software \ Broadcom \ 802,11 \ UninstallInfo" / rootdir = "C: \ Archivos de programa \ Dell \ Dell Wireless WLAN kartica "
Diccionario Cambridge Klett Compact -> C: \ WINDOWS \ IsUn040a.exe-f "C: \ Archivos de programa \ Cambridge \ ENS001CP \ Uninst.isu"
Digital Camera Driver -> C: \ Archiv ~ 1 \ DIGITA ~ 2 \ UNWISE.EXE C: \ Archiv ~ 1 \ DIGITA ~ 2 \ INSTALL.LOG
HijackThis 2.0.2 -> "C: \ Archivos de programa \ Trend Micro \ HijackThis \ HijackThis.exe" / deinstalirati
Hotfix za Microsoft. NET Framework 3,5 SP1 (KB953595) -> C: \ Windows \ System32 \ Msiexec.exe / paket CE2CDD62 (-0124-84D3-36CA-9F4DCF5C5BD9) / deinstalirati / qb + REBOOTPROMPT = ""
HP LaserJet 1150 / 1300 -> Msiexec.exe / x (1485B7CD-4CBD-4039-8EAE-5A22993D7F54)
HP Officejet J3500 Series -> C: \ Archivos de programa \ HP \ Digital Imaging \ (B1D1B548-BD7D-40f9-80A4-A247E44BFCF4) \ Setup \ hpzscr01.exe-datfile hpwscr15.dat
HP Smart Web Printing -> Msiexec.exe / X 415CDA53 (-9100-476F-A7B2-476691E117C7)
HP Update -> Msiexec.exe / X (8C6027FD-446D-53DC-BB75-CACD7028A134)
Intel (R) Graphics Media Accelerator Driver za mobilni -> RUNDLL32.EXE C: \ WINDOWS \ system32 \ ialmrem.dll, UninstallW2KIGfx2I D PCI \ VEN_8086 & DEV_2792 PCI \ VEN_8086 & DEV_2592
InterVideo MediaOne Gallery -> rundll32 C: \ Archiv ~ 1 \ Archiv ~ 1 \ instaliranjem ~ 1 \ motor \ 6 \ INTEL3 ~ 1 \ CT or.dll, LaunchSetup "C: \ Archivos de programa \ InstallShield Installation Information \ (34F0D55F -C386-4195-9A5B-961D3F6ACD46) \ setup.exe "REMOVEALL
Java (tm) 6 Update 10 -> Msiexec.exe / X (26A24AE4-039D-4CA4-87B4-2F83216010FF)
Java (tm) 6 Update 7 -> Msiexec.exe / I (3248F0A8-6813-11D6-A77B-00B0D0160070)
Kaspersky Anti-Virus 2009 -> Msiexec.exe / I 6580C5A3 (-2336-4EC5-85F1-3448C5F6208A)
Kaspersky Anti-Virus 2009 -> Msiexec.exe / I 6580C5A3 (-2336-4EC5-85F1-3448C5F6208A)
Malwarebytes' Anti-zaštita od zlonamjernih programa -> "C: \ Archivos de programa \ Malwarebytes' Anti-zaštita od zlonamjernih programa \ unins000.exe"
Microsoft. NET Framework 2.0 Service Pack 2 Language Pack - ESN -> Msiexec.exe / I (85AC0FFA-643D-3103-9310-7086ECB0C36C)
Microsoft. NET Framework 2.0 Service Pack 2 -> Msiexec.exe / I (C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F)
Microsoft. NET Framework 3.0 Service Pack 2 Language Pack - ESN -> Msiexec.exe / I (BDEDB104-4067-3D5E-81F0-DBEBFE856B45)
Microsoft. NET Framework 3.0 Service Pack 2 -> Msiexec.exe / I (A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7)
Microsoft. NET Framework 3,5 Language Pack SP1 - esn -> Msiexec.exe / I (92E4A65F-7007-3357-A69A-167F71A337BD)
Microsoft. NET Framework 3,5 SP1 -> C: \ WINDOWS \ Microsoft.NET \ Framework \ v3.5 \ Microso ft. NET Framework 3,5 SP1 \ setup.exe
Microsoft. NET Framework 3,5 SP1 -> Msiexec.exe / I (CE2CDD62-36CA-0124-84D3-9F4DCF5C5BD9)
Microsoft Internationalized Domain Names ublažavanja API -> "C: \ WINDOWS \ $ NtServicePackUninstallIDNMitigationA PIS $ \ spuninst \ Spuninst.exe"
Microsoftov National Language Support Downlevel API -> "C: \ WINDOWS \ $ NtServicePackUninstallNLSDownlevelMa pping $ \ spuninst \ Spuninst.exe"
Microsoft Office Access MUI (španjolski) 2007 -> Msiexec.exe / X (90120000-0015-0C0A-0000-0000000FF1CE)
Microsoft Office Enterprise 2007 -> "C: \ Archivos de programa \ Archivos comunes \ Microsoft Shared \ OFFICE12 \ Office Controller Setup \ setup.exe / uninstall PODUZEĆA / dll OSETUP.DLL
Microsoft Office Enterprise 2007 -> Msiexec.exe / X (90120000-0030-0000-0000-0000000FF1CE)
Microsoft Office Excel MUI (španjolski) 2007 -> Msiexec.exe / X (90120000-0016-0C0A-0000-0000000FF1CE)
Microsoft Office Groove MUI (španjolski) 2007 -> Msiexec.exe / X (90120000-00BA-0C0A-0000-0000000FF1CE)
Microsoft Office InfoPath MUI (španjolski) 2007 (Beta) -> Msiexec.exe / X (30120000-0044-0C0A-0000-0000000FF1CE)
Microsoft Office OneNote MUI (španjolski) 2007 -> Msiexec.exe / X (90120000-00A1-0C0A-0000-0000000FF1CE)
Microsoft Office Outlook MUI (španjolski) 2007 -> Msiexec.exe / X (90120000-001A-0C0A-0000-0000000FF1CE)
Microsoft Office PowerPoint MUI (španjolski) 2007 -> Msiexec.exe / X (90120000-0018-0C0A-0000-0000000FF1CE)
Microsoft Office Proof (baskijski) 2007 -> Msiexec.exe / X-001F (90120000-042D-0000-0000000FF1CE)
Microsoft Office Proof (Catalan) 2007 -> Msiexec.exe / X (90120000-001F-0403-0000-0000000FF1CE)
Microsoft Office Proof (Engleski) 2007 -> Msiexec.exe / X (90120000-001F-0409-0000-0000000FF1CE)
Microsoft Office Proof (francuski) 2007 -> Msiexec.exe / X (90120000-001F-040C-0000-0000000FF1CE)
Microsoft Office Proof (galicijski) 2007 -> Msiexec.exe / X (90120000-001F-0456-0000-0000000FF1CE)
Microsoft Office Proof (portugalski (Brazil)) 2007 -> Msiexec.exe / X (90120000-001F-0416-0000-0000000FF1CE)
Microsoft Office Proof (španjolski) 2007 -> Msiexec.exe / X (90120000-001F-0C0A-0000-0000000FF1CE)
Microsoft Office Proofing (španjolski) 2007 -> Msiexec.exe / X (90120000-002C-0C0A-0000-0000000FF1CE)
Microsoft Office Izdavač MUI (španjolski) 2007 -> Msiexec.exe / X (90120000-0019-0C0A-0000-0000000FF1CE)
Microsoft Office Shared MUI (španjolski) 2007 -> Msiexec.exe / X (90120000-006E-0C0A-0000-0000000FF1CE)
Microsoft Office Word MUI (španjolski) 2007 -> Msiexec.exe / X (90120000-001B-0C0A-0000-0000000FF1CE)
Microsoft Visual C + + 2005 Redistributable -> Msiexec.exe / X (7299052b-02a4-4627-81f2-1818da5d550d)
Mozilla Firefox (2.0.0.18) -> C: \ Archivos de programa \ Mozilla Firefox \ deinstalirali \ helper.exe
Mozilla Thunderbird (2.0.0.18) -> C: \ Archivos de programa \ Mozilla Thunderbird \ uninstall \ helper.exe
MSN -> C: \ Archivos de programa \ MSN \ MsnInstaller \ msninst.exe / Akcija: ARP
MSXML 4.0 SP2 (KB936181) -> Msiexec.exe / I (C04E32E0-0416-434D-AFB9-6969D703A9EF)
OpenOffice.org 3,0 -> Msiexec.exe / I (F44DA61E-720D-4E79-871F-F6E628B33242)
Paquete de Idioma de Microsoft. NET Framework 3,5 SP1 - esn -> c: \ WINDOWS \ Microsoft.NET \ Framework \ v3.5 \ Microso ft. NET Framework 3,5 Language Pack SP1 - esn \ setup.exe
QuickTime -> Msiexec.exe / I (08CA9554-B5FE-4313-938F-D4A417B81175)
Revizija para Windows XP (KB952287 )-->" C: \ WINDOWS \ $ NtUninstallKB952287 $ \ spuninst \ spunin st.exe "
Sigurnosno ažuriranje za Excel 2007 (KB946974) -> msiexec / paket (90120000-0030-0000-0000-0000000FF1CE) / deinstalirati (85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E)
Sigurnosno ažuriranje za Microsoft Office Izdavač 2007 (KB950114) -> msiexec / paket (90120000-0030-0000-0000-0000000FF1CE) / deinstalirati (F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85)
Sigurnosno ažuriranje za Microsoft Office sustava 2007 (KB951808) -> msiexec / paket (90120000-0030-0000-0000-0000000FF1CE) / deinstalirati (8F375E11-4FD6-4B89-9E2B-A76D48B51E00)
Sigurnosno ažuriranje za Microsoft Office Worda 2007 (KB950113) -> msiexec / paket (90120000-0030-0000-0000-0000000FF1CE) / deinstalirati (AD72BABE-C733-4FCF-9674-4314466191B9)
Sigurnosno ažuriranje za Office 2007 (KB947801) -> msiexec / paket (90120000-0030-0000-0000-0000000FF1CE) / deinstalirati (02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E)
SigmaTel Audio -> rundll32 C: \ Archiv ~ 1 \ Archiv ~ 1 \ instaliranjem ~ 1 \ PROFES ~ 1 \ Runtime \ 10 \ 01 \ Intel32 \ Ctor.dll, LaunchSetup "C: \ Archivos de programa \ InstallShield Installation Information \ (A462213D-EED4-42C2-9A60-7BDD4D4B0B17) \ setup.exe "-l0xa-uklanjanje-removeonly
Skype ™ 3,8 -> Msiexec.exe / X (5C82DAE5-6EB0-4374-9254-BE3319BA4E82)
Synaptics šiljenje driver -> rundll32.exe "C: \ Archivos de programa \ Synaptics \ SynTP \ SynISDLL.dll", standAloneU ninstall
Uniblue DriverScanner 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ (D5ABFFAD-D592-4F98-B02B-587125B4801F) \ DriverScanner_Setup.exe" Remove = true modificirati = false
Uniblue DriverScanner 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ (D5ABFFAD-D592-4F98-B02B-587125B4801F) \ DriverScanner_Setup.exe
Uniblue RegistryBooster 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185) \ Uniblue RegistryBooster.exe" Remove = true modificirati = false
Uniblue RegistryBooster 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ (B46E1EF5-0B37-4DB4-A4E2-9F2B41036185) \ Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009 -> "C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ (51019853-129C-4EDE-9030-D5FD7BBD9AD0) \ SpeedUpMyPC.exe" Remove = true modificirati = false
Uniblue SpeedUpMyPC 2009 -> C: \ Documents and Settings \ All Users.WINDOWS \ de Datos programa \ (51019853-129C-4EDE-9030-D5FD7BBD9AD0) \ SpeedUpMyPC.exe
Unlocker 1.8.7 -> C: \ Archivos de programa \ Unlocker \ uninst.exe
Ažuriranje za Microsoft Office Outlook 2007 (KB952142) -> msiexec / paket (90120000-0030-0000-0000-0000000FF1CE) / deinstalirati (4AD3A076-427C-491F-A5B7-7D1DE788A756)
Ažuriranje za Office 2007 (KB946691) -> msiexec / paket (90120000-0030-0000-0000-0000000FF1CE) / deinstalirati A420F522 (-7395-4872-9882-C591B4B92278)
Ažuriranje za Outlook 2007 Junk Email Filter (kb953463) -> msiexec / paket (90120000-0030-0000-0000-0000000FF1CE) / deinstalirati (1B78D541-9FF1-4330-ADD8-CED14F0C1E8E)
Winamp -> "C: \ Archivos de programa \ Winamp \ UninstWA.exe"
Windows Live Asistente para el de sesión Početna -> Msiexec.exe / I-AFA4E5FD (ED70-99D0-4D92-162FD56DC986)
Windows Live Installer -> Msiexec.exe / X (9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1)
Windows Live Messenger -> Msiexec.exe / X (FC411B47-30BF-428C-9C1E-F6C54A94EA7E)
Windows Media Format Runtime -> "C: \ Archivos de programa \ Windows Media Player \ wmsetsdk.exe" / UninstallAll
WinRAR archiver -> C: \ Archivos de programa \ WinRAR \ uninstall.exe
XML Paper Specification Shared Components Language Pack 1,0 -> "C: \ WINDOWS \ $ NtUninstallXPSEPSCLP $ \ spuninst \ spuni nst.exe"
Yahoo! Messenger -> C: \ Archiv ~ 1 \ Yahoo! \ Messenger \ UNWISE.EXE / UC: \ Archiv ~ 1 \ Yahoo! \ Messenger \ INSTALL.LOG

===== HijackThis sigurnosne kopije =====

O23 - Service: Zumie Search Service - Unknown vlasnika - C: \ Archivos de programa \ Zumie \ zumie.exe (file missing)

====== Hosts File ======

127.0.0.1 localhost

====== Sigurnosni centar informacije ======

AV: Kaspersky Anti-Virus (zastarjeli)

====== Varijable okruženja ======

"ComSpec" =% SystemRoot% \ system32 \ cmd.exe
"Path" =% SystemRoot% \ system32;% SystemRoot%;% SystemR oot% \ System32 \ Wbem; C: \ Archivos de programa \ QuickTime \ QTSystem \
"windir" =% SystemRoot%
"FP_NO_HOST_CHECK" = NO
"OS" = Windows_NT
"PROCESSOR_ARCHITECTURE" = x86
"PROCESSOR_LEVEL" = 6
"PROCESSOR_IDENTIFIER" = x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION" = 0d08
"NUMBER_OF_PROCESSORS" = 1
"PATHEXT" =. COM;. Exe;. BAT;. Cmd;. VBS;. VBE;. JS;. JSE;. WSF;. WSH
"Temp" =% SystemRoot% \ Temp
"TMP" =% SystemRoot% \ Temp
"CLASSPATH" =.; C: \ Archivos de programa \ QuickTime \ QTSystem \ QTJava.zip
"QTJAVA" = C: \ Archivos de programa \ QuickTime \ QTSystem \ QTJava.zip

----------------- ----------------- EOF

**kathymer** · #9 29. studenog 2008, 08:12

Malwarebytes' Anti-zaštita od zlonamjernih programa 1,30
Database Version: 1433
5/1/2600 Windows Service Pack 3

29/11/2008 10:55:13 am
mbam-log-2008-11-29 (22-55-13). txt

Scan type: Quick Scan
Objekti skenirane: 68095
Vrijeme proteklo: 10 minute (s), 45 Drugi (a / e)

Memory Processes zaraženih: 0
Memorijske module zaraženih: 1
Ključevi registra zaraženih: 11
Registry Values zaraženih: 0
Registry Data Items zaraženih: 2
Mape zaraženih: 11
Zaražene datoteke: 28

Memory Processes zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Memorijske module zaraženih:
C: \ WINDOWS \ system32 \ ljJyVnom.dll (Trojan.Vundo.H) -> Delete na ponovno podizanje sustava.

Ključevi registra zaraženih:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (459f140e-1635-41de-8061-8de0ab740e28) (Trojan.Vundo.H) -> Delete na ponovno podizanje sustava.
HKEY_CLASSES_ROOT \ CLSID \ (459f140e-1635-41de-8061-8de0ab740e28) (Trojan.Vundo.H) -> Delete na ponovno podizanje sustava.
HKEY_CLASSES_ROOT \ Interface \ (48e92754-2daf-4de4-8385-34f631580e9b) (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ Interface \ (a1c23ba2-8f20-4c01-b663-7ff2b3421194) (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ CLSID \ (d37d6c1a-7ba4-47f4-9bf2-75031e257df6) (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ Typelib \ (84562fca-ee8b-4585-a1d1-eae97b23370e) (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (098716a9-0310-4cbe-bd64-b790a9761158) (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> karanteni i uspješno izbrisan.

Registry Values zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Data Items zaraženih:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Notification Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ljjyvnom -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Authentication Packages (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ljjyvnom -> Delete na ponovno podizanje sustava.

Mape zaraženih:
C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ rhcvllj0e32r (Rogue.Multiple) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ rhcvllj0e32r \ Quarantine (Rogue.Multiple) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ rhcvllj0e32r \ Karantena \ Autorun (Rogue.Multiple) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ rhcvllj0e32r \ Karantena \ Autorun \ HKCU (Rogue.Multiple) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ rhcvllj0e32r \ Karantena \ Autorun \ HKCU \ RunO NCE (Rogue.Multiple) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ rhcvllj0e32r \ Karantena \ Autorun \ HKLM (Rogue.Multiple) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ rhcvllj0e32r \ Karantena \ Autorun \ HKLM \ RunO NCE (Rogue.Multiple) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ rhcvllj0e32r \ Karantena \ Autorun \ StartMenu AllUsers (Rogue.Multiple) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ rhcvllj0e32r \ Karantena \ Autorun \ StartMenu CurrentUser (Rogue.Multiple) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ rhcvllj0e32r \ Karantena \ BrowserObjects (Rogue.Multiple) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ de Datos programa \ rhcvllj0e32r \ Karantena \ Paketi (Rogue.Multiple) -> karanteni i uspješno izbrisan.

Zaražene datoteke:
C: \ WINDOWS \ system32 \ ljJyVnom.dll (Trojan.Vundo.H) -> Delete na ponovno podizanje sustava.
C: \ WINDOWS \ system32 \ monVyJjl.ini (Trojan.Vundo.H) -> Delete na ponovno podizanje sustava.
C: \ WINDOWS \ system32 \ monVyJjl.ini2 (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ egurvpxu.dll (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ uxpvruge.ini (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ ioodgsis.dll (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ sisgdooi.ini (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ olcxvcls.dll (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ slcvxclo.ini (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ qxxiopls.dll (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ slpoixxq.ini (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ tlpvqfqf.dll (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ fqfqvplt.ini (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ yqbfrwpg.dll (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ gpwrfbqy.ini (Trojan.Vundo.H) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ geBqRhEv.dll (Trojan.Vundo) -> karanteni i uspješno izbrisan.
C: \ WINDOWS \ system32 \ jkkKbxWp.dll (Trojan.Vundo) -> karanteni i uspješno izbrisan.
C: \ čistač \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc339.exe (Adware.Seekmo) -> karanteni i uspješno izbrisan.
C: \ čistač \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc340.exe (Adware.Seekmo) -> karanteni i uspješno izbrisan.
C: \ čistač \ S-1-5-21-230849927-757894242-3647583486-1006 \ Dc343.exe (Adware.Seekmo) -> karanteni i uspješno izbrisan.
C: \ Archivos de programa \ Mozilla Firefox \ regxpcom.exe (Trojan.FBrowsingAdvisor) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ Configuración local \ Temp \ nsp116.tmp \ blowfish.dll (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ Escritorio \ Antivirus XP 2008.lnk (Rogue.Antivirus) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ All Users \ Escritorio \ Antivirus XP 2008.lnk (Rogue.Antivirus) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programi \ Microsoft \ Internet Explorer \ Quick Launch \ Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ Datos de programi \ Microsoft \ Internet Explorer \ Quick Launch \ Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ Mauricio \ Configuración local \ Temp \ lwpwer.exe (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
C: \ Documents and Settings \ TrackerVsrGroup \ Escritorio \ SystemDefender. Lnk (Rogue.SystemDefender) -> karanteni i uspješno izbrisan.

**kathymer** · #10 29. studenog 2008, 08:14

Pa, postoje 3 logove kako ste tražili, pustiti mene znati ako ništa drugo treba da se uradi.
I puno hvala, na pomoći i vremenu.

JA stvarno poštovati Internet.

Kathy.

Slične teme
Nit	Temu Započeo	Forum	Odgovori	Zadnji Post
Problem s Trojanski konj Downloader Generic 9	ÖGB	Virus, Spyware i sigurnost	7	21 studeni 2009 13:06
Zaraženo MultiPacked.Multi.Generic štetni sadržaj!	ruffryder2k7	Virus, Spyware i sigurnost	12	26. lipnja 2009 19:26
Trojan.vundo.h, trojan.agent, adware.mirar + više! : (	sillyarfer	Virus, Spyware i sigurnost	1	14. prosinac 2008 09:59
Zaraženo Heur.trojan.generic Molimo Pomoć	ruffryder2k7	Virus, Spyware i sigurnost	17	6. studeni 2008 10:39
Jeste li u mogućnosti to sync generički mp3 player [ne iPod] sa iTunes?	reyrey_angulo	Zvuk, Speakers & MP3 Playeri	1	18. ožujak 2007 15:39