[iana]

Zdravo,

Imam problem sa Trojanski Konj.
Upozorenje je poruka
'C: \ windows \ system32 \ crypt32n.dll trojanski konj BHO.CVX

Imam AVG pokrenuti i ovaj identificira datoteku potezima ga tam u podrum ali na re-boot je opet tu.
Pokušao sam brisanjem datoteka u sustavu Windows koja nije uspjela.
JA pokušao to preimenovanje u Windowsima (s ciljem da se obriše) koja nije uspjela.
Ive 'pokušao da se vrati i ponovno postaviti moj PC, ali ne mogu se vratiti onu početku mjeseca, a ja sam imao taj od prije Božića.
Moje računalo, kako se čini ok, ali ja sam još uvijek zabrinuti da imam virus!

Ima li išta mogu učiniti?
Pomoć mnogo poštovati

pozdravi

Ian A

[evilfantasy]

Dobrodošli na CJ.

Preuzmite i preimenovanje HijackThis (HJT)

• Dvaput kliknite na HJTInstall.
• Kliknite na Instalacija gumb.
• Bit će automatski HJT mjesto u C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
• Nakon instaliranja, HijackThis trebali otvoriti za vas.
  • Zatvoriti HijackThis i preimenovati ga.
  • Idi na C: \ Program Files \ Trend Micro \HijackThis.exe
  • Desnom tipkom miša kliknite na HijackThis.exe i odaberite Preimenovanje.
  • Upišite sniper.exe i pritisnite Enter.
  • Desnom tipkom miša kliknite na sniper.exe i odaberite Pošalji na > Desktop (stvoriti prečac)
• Iz otvorenih Hiajckthis desktop.
• Ako koristite Windows Vista, Desni klik i Pokreni kao administrator.
• Kliknite na Da li je sustav skenirati i spremanje log datoteku button
• Hijackthis će skenirati a zatim i prijava će se otvoriti u Notepad.
• Kopirajte i zalijepite onda cijeli sadržaj se prijaviti u vaš post.
  • Ne Hijackthis su riješili ništa još. Većina onoga što će se pronađe bezopasni ili čak obavezna.

Iako smo Preimenovali Hijackthis da snajper, mi ćemo i dalje se odnosi na to kako je Hijackthis ili HJT.

[iana]

Hi Fantansy Evil

JA pokušao ovaj na početku mjeseca ovdje je dnevnik.

Hope to znači nešto za vas

Moji prsti su prešli

Ta Ian A

StartupList izvješće, 05/03/2008, 14:49:42
StartupList Version: 1.52.2
Started from: C: \ Documents and Settings \ Iana \ Desktop \ HijackThis.EXE
Otkrili: Windows XP SP2 (Winnt 5.01.2600)
Otkrili: Internet Explorer v7.00 (7.00.6000.16608)
* Korištenje zadane opcije
* Uključujući prazna nezanimljiv i dijelovi
* Rijetko prikazivanju važnih poglavlja
==========================================\u0
Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ brsvc01a.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ Toshiba \ ConfigFree \ CFSvcs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe
C: \ WINDOWS \ system32 \ TPSMain.exe
C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe
C: \ Program Files \ Toshiba \ ConfigFree \ NDSTray.exe
C: \ WINDOWS \ system32 \ TPSBattM.exe
C: \ Program Files \ Toshiba \ Toshiba Zooming Utility \ SmoothView.exe
C: \ Program Files \ Toshiba \ Touch i pokrenite \ PadExe.exe
C: \ WINDOWS \ System32 \ dla \ DLACTRLW.EXE
C: \ Program Files \ Toshiba \ ConfigFree \ CFSServ.exe
C: \ Program Files \ Atheros \ ACU.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Toshiba \ ConfigFree \ CFXFER.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe
C: \ Program Files \ Toshiba \ TOSCDSPD \ toscdspd.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ FinePixViewer \ QuickDCF.exe
C: \ Documents and Settings \ Iana \ Desktop \ HijackThis.exe
--------------------------------------------------
Popis za pokretanje mape:
Ljusci mape Startup:
[C: \ Documents and Settings \ Iana \ Start Menu \ Programs \ Startup]
* Br. slika *
Ljusci mape AltStartup:
* Folder not found *
Korisničko ljusci mape Startup:
* Folder not found *
Korisničko ljusci mape AltStartup:
* Folder not found *
Ljusci mape Common Startup:
[C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup]
Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe
Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
Ljuske i mape Zajedničko AltStartup:
* Folder not found *
Korisničko ljusci mape Common Startup:
* Folder not found *
Korisničko ljusci mape Alternate Common Startup:
* Folder not found *
--------------------------------------------------
Provjera Windows NT UserInit:
[HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
UserInit = C: \ WINDOWS \ system32 \ userinit.exe,
[HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Win prijava]
* Registry ključ nije pronađena *
[HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
* Registry value not found *
[HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Win prijava]
* Registry ključ nije pronađena *
--------------------------------------------------
Autorun entries from Registry:
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
SynTPEnh = C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
Toshiba Utility brza tipka = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang en
TPSMain = TPSMain.exe
NDSTray.exe = NDSTray.exe
SmoothView = C: \ Program Files \ Toshiba \ Toshiba Zooming Utility \ SmoothView.exe
PadTouch = C: \ Program Files \ Toshiba \ Touch i pokrenite \ PadExe.exe
Dla = C: \ WINDOWS \ System32 \ dla \ DLACTRLW.EXE
CFSServ.exe = CFSServ.exe-NoClient
REGSHAVE = C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / Autorun
ACU = "C: \ Program Files \ Atheros \ ACU.exe"-nogui
TkBellExe = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
QuickTime Task = "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
! AVG Anti-Spyware = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimizirane
AVG7_CC = C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
SunJavaUpdateSched = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
Salestart = "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; oglasa = http://avsystemcare.com
Adobe Reader Speed Launcher = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
OpwareSE2 = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe"
OPSE podsjetnik = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg.ini"
--------------------------------------------------
Autorun entries from Registry:
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Jednom
* Ne vrijednosti pronađen *
--------------------------------------------------
Autorun entries from Registry:
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx
* Ne vrijednosti pronađen *
--------------------------------------------------
Autorun entries from Registry:
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services
* Ne vrijednosti pronađen *
--------------------------------------------------
Autorun entries from Registry:
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce
* Ne vrijednosti pronađen *
--------------------------------------------------
Autorun entries from Registry:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
TOSCDSPD = C: \ Program Files \ Toshiba \ TOSCDSPD \ toscdspd.exe
Ctfmon.exe = C: \ WINDOWS \ system32 \ Ctfmon.exe
PnPUI Registrator = C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s
MSMSGS = "C: \ Program Files \ Messenger \ msmsgs.exe" / background
--------------------------------------------------
Autorun entries from Registry:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Jednom
* Ne vrijednosti pronađen *
--------------------------------------------------
Autorun entries from Registry:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx
* Ne vrijednosti pronađen *
--------------------------------------------------
Autorun entries from Registry:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services
* Ne vrijednosti pronađen *
--------------------------------------------------
Autorun entries from Registry:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce
* Ne vrijednosti pronađen *
--------------------------------------------------
Autorun entries from Registry:
HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run
* Registry ključ nije pronađena *
--------------------------------------------------
Autorun entries from Registry:
HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run
* Registry ključ nije pronađena *
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
[OptionalComponents]
=
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Jednom
[Setup]
* Ne vrijednosti pronađen *
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx
* Ne potključeve pronašao *
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services
* Ne potključeve pronašao *
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce
* Ne potključeve pronašao *
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
* Ne potključeve pronašao *
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Jednom
[Setup]
* Ne vrijednosti pronađen *
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx
* Ne potključeve pronašao *
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services
* Ne potključeve pronašao *
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce
* Ne potključeve pronašao *
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run
* Registry ključ nije pronađena *
--------------------------------------------------
Autorun entries in Registry potključeve od:
HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run
* Registry ključ nije pronađena *
--------------------------------------------------
Udruga za ulaznu datoteku. Exe:
HKEY_CLASSES_ROOT \ exefile \ shell \ otvoriti \ naredba
(Default) = "% 1"% *
--------------------------------------------------
Udruga za ulaznu datoteku. COM:
HKEY_CLASSES_ROOT \ comfile \ shell \ otvoriti \ naredba
(Default) = "% 1"% *
--------------------------------------------------
Udruga za ulaznu datoteku. BAT:
HKEY_CLASSES_ROOT \ batfile \ shell \ otvoriti \ naredba
(Default) = "% 1"% *
--------------------------------------------------
Udruga za ulaznu datoteku. PIF:
HKEY_CLASSES_ROOT \ piffile \ shell \ otvoriti \ naredba
(Default) = "% 1"% *
--------------------------------------------------
Udruga za ulaznu datoteku. SCR:
HKEY_CLASSES_ROOT \ scrfile \ shell \ otvoriti \ naredba
(Default) = "% 1" / S
--------------------------------------------------
Udruga za ulaznu datoteku. Hta:
HKEY_CLASSES_ROOT \ htafile \ shell \ otvoriti \ naredba
(Default) = C: \ WINDOWS \ system32 \ mshta.exe "% 1"% *
--------------------------------------------------
Udruga za ulaznu datoteku. TXT:
HKEY_CLASSES_ROOT \ NetLog.Document \ shell \ otvoriti \ zarez nd
(Default) = C: \ EPICOM ~ 1,02 \ EPICom2.02 \ EPICOM ~ 1.EXE / DDE
--------------------------------------------------
Enumerating Active Setup pikavac staze:
HKLM \ Software \ Microsoft \ Active Setup \ Installed Components
(* = Onemogućio je HKCU twin)
[<(12d0ed0d-0ee0-4f90-8827-78cefb8f4988)] *
StubPath = C: \ WINDOWS \ system32 \ ieudinit.exe
[> (22d6f312-b0f6-11d0-94ab-0080c74c7e95)]
StubPath = c: \ windows \ inf \ unregmp2.exe / ShowWMP
[> (26923b43-4d38-484f-9b9e-de460746276c)] *
StubPath = C: \ WINDOWS \ system32 \ ie4uinit.exe-UserIconConfig
[> (881dd1c5-3dcf-431b-b061-f3f88e8be88a)] *
StubPath =% systemroot% \ system32 \ shmgrate.exe OCInstallUserConfigOE
[(2C7339CF-2B09-4501-B3F3-F3508C9228ED)] *
StubPath =% SystemRoot% \ system32 \ Regsvr32.exe / s / n / i: / UserInstall% SystemRoot% \ system32 \ themeui.dll
[(44BBA840-CC51-11CF-AAFA-00AA00B6015C)] *
StubPath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: OE / pozivatelja: WINNT / user / install
[(7790769C-0471-11D2-AF11-00C04FA35D02)] *
StubPath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: WAB / pozivatelja: WINNT / user / install
[(89820200-ECBD-11cf-8B85-00AA005B4340)] *
StubPath = Regsvr32.exe / s / n / i: U shell32.dll
[(89820200-ECBD-11cf-8B85-00AA005B4383)] *
StubPath = C: \ WINDOWS \ system32 \ ie4uinit.exe-BaseSettings
--------------------------------------------------
Enumerating ICQ Autostart Apps Agent:
HKCU \ Software \ Mirabilis \ ICQ \ Agent \ Apps
* Registry ključ nije pronađena *
--------------------------------------------------
Load / Run ključevi iz C: \ WINDOWS \ Win.ini:
load =* INI section not found *
izvoditi =* INI section not found *
Load / Run ključevi iz Registra:
HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry value not found *
HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: trčanje =* Registry value not found *
HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: load =* Registry ključ nije pronađena *
HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: trčanje =* Registry ključ nije pronađena *
HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry value not found *
HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: trčanje =* Registry value not found *
HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: load =* Registry ključ nije pronađena *
HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: trčanje =* Registry ključ nije pronađena *
HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: load =
HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: trčanje =* Registry value not found *
HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: load =* Registry value not found *
HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: trčanje =* Registry value not found *
HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: AppInit_DLLs =
--------------------------------------------------
Shell i screensaver ključ iz C: \ WINDOWS \ SYSTEM.INI:
Shell =* INI section not found *
SCRNSAVE.EXE =* INI section not found *
vozači =* INI section not found *
Shell i screensaver from Registry ključ:
Shell = Explorer.exe
SCRNSAVE.EXE = C: \ WINDOWS \ system32 \ logon.scr
vozači =* Registry value not found *
Načela Shell ključ:
HKCU \ .. \ Policies: Shell =* Registry value not found *
HKLM \ .. \ Policies: Shell =* Registry value not found *
--------------------------------------------------
Provjera za Explorer.exe slučajevima:
C: \ WINDOWS \ Explorer.exe: DANAS!
C: \ Explorer.exe: nije prisutan
C: \ WINDOWS \ Explorer \ Explorer.exe: nije prisutan
C: \ Windows \ System \ Explorer.exe: nije prisutan
C: \ WINDOWS \ System32 \ Explorer.exe: nije prisutan
C: \ Windows \ Command \ Explorer.exe: nije prisutan
C: \ WINDOWS \ Fontovi \ Explorer.exe: nije prisutan
--------------------------------------------------
Provjera za superhidden ekstenzije:
. lnk: HIDDEN! (arrow overlay: yes)
. PIF: HIDDEN! (arrow overlay: yes)
. exe: nije skriven
. com: nije skriven
. šišmiš: nije skriven
. hta: nije skriven
. SCR: nije skriven
. SHS: HIDDEN!
. shb: HIDDEN!
. vbs: nije skriven
. vbe: nije skriven
. wsh: nije skriven
. scf: HIDDEN! (arrow overlay: NO!)
. URL: HIDDEN! (arrow overlay: yes)
. js: nije skriven
. jse: nije skriven
--------------------------------------------------
Regedit.exe Provjera integriteta:
- Regedit.exe pronaći u C: \ WINDOWS
-. Reg otvoren naredba je normalna (regedit.exe% 1)
- Naziv tvrtke redu: "Microsoft Corporation"
- Original filename redu: 'Regedit.exe'
- File description: "Registry Editor"
Ček Registry prošao
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C: \ Windows \ system32 \ athcfg11c.dll (file missing) - (51610169-4F36-C280-84AB-82D92ED1F68B)
(no name) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43)
(no name) - C: \ Program Files \ Google \ googletoolbar1.dll - (AA58ED58-01DD-4d91-8333-CF10577473F7)
(no name) - C: \ WINDOWS \ system32 \ crypt32n.dll - (EA389261-1100-451F-8582-815CAB488AE6)
--------------------------------------------------
Planer zadataka Enumerating radnih mjesta:
AppleSoftwareUpdate.job
At1.job
Norton Security Scan.job
RegCure Program Check.job
RegCure.job
--------------------------------------------------
Enumerating Download Program Files:
[Microsoft XML parser za Java]
CODEBASE = file: / / / C: / Windows / Java / classes / xmldso.cab
OSD = C: \ WINDOWS \ Downloaded Program Files \ Microsoft XML parser za Java.osd
[iPIX ActiveX Control]
InprocServer32 = C: \ WINDOWS \ DOWNLO ~ 1 \ ipixx.ocx
CODEBASE = http://www.ipix.com/download/ipixx.cab
[Shockwave ActiveX Control]
InprocServer32 = C: \ WINDOWS \ system32 \ macromed \ direktor \ SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/get...irector/sw.cab
[MUWebControl Class]
InprocServer32 = C: \ WINDOWS \ system32 \ muweb.dll
CODEBASE = http://www.update.microsoft.com/micr...?1197453622703
[Java Plug-in 1.6.0_05]
InprocServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
CODEBASE = http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
[(8FFBE65D-2C9C-4669-84BD-5829DC0B603C)]
CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab
[A-kvadratna Scanner]
InprocServer32 = C: \ WINDOWS \ DOWNLO ~ 1 \ asquared.ocx
CODEBASE = http://ax.emsisoft.com/asquared.cab
[Java Plug-in 1.5.0_06]
InprocServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
[Java Plug-in 1.5.0_11]
InprocServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
[Java Plug-in 1.6.0_03]
InprocServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
[Java Plug-in 1.6.0_05]
InprocServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
[Java Plug-in 1.6.0_05]
InprocServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ npjpi160_05.dll
CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
[Shockwave Flash Object]
InprocServer32 = C: \ WINDOWS \ system32 \ Macromed \ flash \ Flash9e.ocx
CODEBASE = http://fpdownload2.macromedia.com/ge...sh/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP datoteke:
Namespace # 1: C: \ WINDOWS \ System32 \ mswsock.dll
Namespace # 2: C: \ WINDOWS \ System32 \ winrnr.dll
Namespace # 3: C: \ WINDOWS \ System32 \ mswsock.dll
Namespace # 4: C: \ WINDOWS \ System32 \ nwprovau.dll
Protokola broj 1: C: \ WINDOWS \ system32 \ mswsock.dll
Protokol # 2: C: \ WINDOWS \ system32 \ mswsock.dll
Protokol # 3: C: \ WINDOWS \ system32 \ mswsock.dll
Protokol # 4: C: \ WINDOWS \ system32 \ rsvpsp.dll
Protokol # 5: C: \ WINDOWS \ system32 \ rsvpsp.dll
Protokol # 6: C: \ WINDOWS \ system32 \ mswsock.dll
Protokol # 7: C: \ WINDOWS \ system32 \ mswsock.dll
Protokol # 8: C: \ WINDOWS \ system32 \ mswsock.dll
Protokol # 9: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 10: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 11: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 12: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 13: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 14: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 15: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 16: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 17: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 18: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 19: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 20: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 21: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 22: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 23: C: \ WINDOWS \ system32 \ mswsock.dll
Protocol # 24: C: \ WINDOWS \ system32 \ mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP usluge
Microsoft ACPI Driver: System32 \ Drivers \ ACPI.sys (sustav)
Microsoft Embedded Controller Driver: System32 \ Drivers \ ACPIEC.sys (sustav)
Atheros Configuration Service: C: \ WINDOWS \ system32 \ acs.exe (autostart)
Microsoft Kernel akustičnim poništavač jeke: system32 \ drivers \ aec.sys (ručno pokretanje)
AFD: \ SystemRoot \ System32 \ Drivers \ afd.sys (sustav)
Alerter:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (onemogućeno)
Application Layer Gateway Service:% SystemRoot% \ System32 \ alg.exe (ručno pokretanje)
Application Management:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (ručno pokretanje)
Atheros Wireless Network Adapter Usluga: System32 \ Drivers \ ar5211.sys (ručno pokretanje)
ASP.NET State Service:% SystemRoot% \ Microsoft.NET \ Framework \ v1.1.4322 \ asp net_state.exe (ručno pokretanje)
RAS Asinkroni Media Driver: System32 \ Drivers \ asyncmac.sys (ručno pokretanje)
Standard IDE / ESDI Hard Disk Controller: System32 \ Drivers \ Atapi.sys (sustav)
ATI brza tipka Poller:% SystemRoot% \ system32 \ Ati2evxx.exe (autostart)
ati2mtag: System32 \ Drivers \ ati2mtag.sys (ručno pokretanje)
ATM ARP Client Protocol: System32 \ Drivers \ atmarpc.sys (ručno pokretanje)
Windows Audio:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
Audio Stub Driver: System32 \ Drivers \ audstub.sys (ručno pokretanje)
AVG Anti-Spyware Driver: \? \ C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.sys (sustav)
AVG Anti-Spyware Guard: C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe (autostart)
AVG7 Alert Manager Server: C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe (autostart)
AVG7 Kernel: \ SystemRoot \ System32 \ Drivers \ avg7core.sys (sustav)
Zamotajte AVG7 Driver: \ SystemRoot \ System32 \ Drivers \ avg7rsw.sys (sustav)
Resident AVG7 Driver XP: \ SystemRoot \ System32 \ Drivers \ avg7rsxp.sys (sustav)
AVG7 Update Service: C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe (autostart)
AVG Anti-Spyware Čist Driver: System32 \ Drivers \ AvgAsCln.sys (sustav)
Čisto AVG7 Driver: \ SystemRoot \ System32 \ Drivers \ avgclean.sys (sustav)
Background Intelligent Transfer Service:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart)
Pristup 32bits INT15 rutinu: system32 \ drivers \ BoiHwSetup.sys (ručno pokretanje)
BrSplService: C: \ WINDOWS \ system32 \ brsvc01a.exe (autostart)
Computer Browser:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart)
Logical Disk Manager Monitor:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
Conexant AMC 3D Environmental Audio: system32 \ drivers \ camc6aud.sys (ručno pokretanje)
CAMCHALA: system32 \ drivers \ camc6hal.sys (ručno pokretanje)
CD-ROM Driver: System32 \ Drivers \ cdrom.sys (sustav)
ConfigFree Service: C: \ Program Files \ Toshiba \ ConfigFree \ CFSvcs.exe (autostart)
Indeksiranje Service:% SystemRoot% \ system32 \ cisvc.exe (ručno pokretanje)
ClipBook:% SystemRoot% \ system32 \ clipsrv.exe (onemogućeno)
Microsoft ACPI Control Method Battery Driver: System32 \ Drivers \ CmBatt.sys (ručno pokretanje)
Microsoft Kompozitni Baterija Driver: System32 \ Drivers \ compbatt.sys (sustav)
COM + System Application: C: \ WINDOWS \ system32 \ dllhost.exe / Processid: (02D4B3F1-FD88-11D1-960D-00805FC79235) (ručno pokretanje)
Cryptographic Services:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart)
DCOM Server Process Launcher:% SystemRoot% \ system32 \ Svchost-k DcomLaunch (autostart)
DHCP Client:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart)
Disk Driver: System32 \ Drivers \ disk.sys (sustav)
DLABOIOM: System32 \ dla \ DLABOIOM.SYS (autostart)
DLACDBHM: System32 \ Drivers \ DLACDBHM.SYS (sustav)
DLADResN: System32 \ dla \ DLADResN.SYS (autostart)
DLAIFS_M: System32 \ dla \ DLAIFS_M.SYS (autostart)
DLAOPIOM: System32 \ dla \ DLAOPIOM.SYS (autostart)
DLAPoolM: System32 \ dla \ DLAPoolM.SYS (autostart)
DLARTL_N: System32 \ Drivers \ DLARTL_N.SYS (sustav)
DLAUDFAM: System32 \ dla \ DLAUDFAM.SYS (autostart)
DLAUDF_M: System32 \ dla \ DLAUDF_M.SYS (autostart)
Logical Disk Manager Administrative Service:% SystemRoot% \ System32 \ dmadmin.exe / com (ručno pokretanje)
dmboot: System32 \ Drivers \ dmboot.sys (onemogućeno)
Logical Disk Manager Driver: System32 \ Drivers \ dmio.sys (sustav)
dmload: System32 \ Drivers \ dmload.sys (sustav)
Logical Disk Manager:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32 \ drivers \ DMusic.sys (ručno pokretanje)
Protokol DNINDIS5 NDIS Driver: \? \ C: \ programa ~ 1 \ Belkin \ BELKIN ~ 1.11G \ DNINDIS5.SYS (ručno pokretanje)
DNS Client:% SystemRoot% \ system32 \ Svchost.exe-k NetworkService (autostart)
Microsoft Kernel DRM Audio deskrembler: system32 \ drivers \ drmkaud.sys (ručno pokretanje)
DRVMCDB: System32 \ Drivers \ DRVMCDB.SYS (sustav)
DRVNDDM: System32 \ Drivers \ DRVNDDM.SYS (autostart)
Error Reporting Service:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
Event Log:% SystemRoot% \ system32 \ services.exe (autostart)
COM + Event System: C: \ WINDOWS \ system32 \ Svchost.exe-k netsvcs (ručno pokretanje)
Fast User Switching Compatibility:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (ručno pokretanje)
FltMgr: System32 \ Drivers \ fltMgr.sys (sustav)
Volume Manager Driver: System32 \ Drivers \ ftdisk.sys (sustav)
Generic Packet Classifier: System32 \ Drivers \ msgpc.sys (ručno pokretanje)
Protokol GTNDIS5 NDIS Driver: \? \ C: \ WINDOWS \ system32 \ GTNDIS5.SYS (ručno pokretanje)
Google Updater Service: "C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe" (ručno pokretanje)
Pomoć i podrška:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
Human Interface Device Access:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (onemogućeno)
Microsoft HID Class Driver: System32 \ Drivers \ hidusb.sys (ručno pokretanje)
hlkvythd: system32 \ drivers \ vzrpdamf.dat (sustav)
HSFHWATI: System32 \ Drivers \ HSFHWATI.sys (ručno pokretanje)
HSF_DPV: System32 \ Drivers \ HSF_DPV.sys (ručno pokretanje)
HTTP: System32 \ Drivers \ Http.sys (ručno pokretanje)
SSL HTTP-:% SystemRoot% \ System32 \ Svchost.exe-k HTTPFilter (ručno pokretanje)
i8042 Keyboard i PS / 2 Mouse Port Driver: System32 \ Drivers \ i8042prt.sys (sustav)
Tablica InstallDriver Manager: "C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe" (ručno pokretanje)
CD-Burning Filter Driver: System32 \ Drivers \ imapi.sys (sustav)
IMAPI CD-Burning COM Service: C: \ WINDOWS \ system32 \ imapi.exe (ručno pokretanje)
Intel Processor Driver: System32 \ Drivers \ intelppm.sys (sustav)
Vatrozid za Windows IPv6 Driver: System32 \ Drivers \ Ip6Fw.sys (ručno pokretanje)
IP Traffic Filter Driver: System32 \ Drivers \ ipfltdrv.sys (ručno pokretanje)
IP in IP Tunnel Driver: System32 \ Drivers \ ipinip.sys (ručno pokretanje)
IP Network Address Translator: System32 \ Drivers \ ipnat.sys (ručno pokretanje)
IPSEC driver: System32 \ Drivers \ ipsec.sys (sustav)
IR Enumerator Usluga: System32 \ Drivers \ irenum.sys (ručno pokretanje)
PnP ISA / EISA Bus Driver: System32 \ Drivers \ isapnp.sys (sustav)
Ivi ASPI Shell: system32 \ drivers \ iviaspi.sys (ručno pokretanje)
Keyboard Class Driver: System32 \ Drivers \ kbdclass.sys (sustav)
Microsoft Kernel Valna Audio mixer: system32 \ drivers \ kmixer.sys (ručno pokretanje)
Server:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart)
Workstation:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart)
TCP / IP NetBIOS Helper:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (autostart)
mdmxsdk: System32 \ Drivers \ mdmxsdk.sys (autostart)
Messenger:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (onemogućeno)
NetMeeting Remote Desktop Sharing: C: \ WINDOWS \ system32 \ mnmsrvc.exe (ručno pokretanje)
Miš Class Driver: System32 \ Drivers \ mouclass.sys (sustav)
Miš HID Driver: System32 \ Drivers \ mouhid.sys (ručno pokretanje)
WebDav Client preusmjerivač: System32 \ Drivers \ mrxdav.sys (ručno pokretanje)
MRxSmb: System32 \ Drivers \ mrxsmb.sys (sustav)
Raspodijeljena transakcija Koordinator: C: \ WINDOWS \ system32 \ msdtc.exe (ručno pokretanje)
Windows Installer: C: \ Windows \ System32 \ Msiexec.exe / V (ručno pokretanje)
Microsoft Streaming Service Proxy: system32 \ drivers \ MSKSSRV.sys (ručno pokretanje)
Microsoft Streaming Clock Proxy: system32 \ drivers \ MSPCLOCK.sys (ručno pokretanje)
Microsoft Streaming Quality Manager Proxy: system32 \ drivers \ MSPQM.sys (ručno pokretanje)
Microsoft System Management BIOS Driver: System32 \ Drivers \ mssmbios.sys (ručno pokretanje)
Remote Access NDIS TAPI Driver: System32 \ Drivers \ ndistapi.sys (ručno pokretanje)
NDIS Usermode I / O Protocol: System32 \ Drivers \ ndisuio.sys (ručno pokretanje)
Remote Access NDIS WAN Driver: System32 \ Drivers \ ndiswan.sys (ručno pokretanje)
NetBIOS Interface: System32 \ Drivers \ netbios.sys (sustav)
NetBIOS putem tcpip: System32 \ Drivers \ netbt.sys (sustav)
Network DDE:% SystemRoot% \ system32 \ netdde.exe (onemogućeno)
Network DDE DSDM:% SystemRoot% \ system32 \ netdde.exe (onemogućeno)
Toshiba Network Device Usermode I / O Protocol: System32 \ Drivers \ netdevio.sys (autostart)
Net Logon:% SystemRoot% \ system32 \ lsass.exe (autostart)
Network Connections:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (ručno pokretanje)
Network Location Awareness (NLA):% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (ručno pokretanje)
NT LM Security Support Provider:% SystemRoot% \ system32 \ lsass.exe (ručno pokretanje)
Removable Storage:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (ručno pokretanje)
Mrežni operacijski sustav za klijente Service:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart)
IPX Traffic Filter Driver: System32 \ Drivers \ nwlnkflt.sys (ručno pokretanje)
IPX Traffic špediter Driver: System32 \ Drivers \ nwlnkfwd.sys (ručno pokretanje)
NWLink IPX / SPX / NetBIOS Compatible Transport Protocol: System32 \ Drivers \ nwlnkipx.sys (autostart)
NWLink NetBIOS: System32 \ Drivers \ nwlnknb.sys (autostart)
NWLink SPX / SPXII Protocol: System32 \ Drivers \ nwlnkspx.sys (autostart)
Mrežni operacijski sustav Rdr: System32 \ Drivers \ nwrdr.sys (ručno pokretanje)
Office Source Engine: "C: \ Program Files \ Common Files \ Microsoft Shared \ Source Engine \ OSE.EXE" (ručno pokretanje)
PCI Bus Driver: System32 \ Drivers \ pci.sys (sustav)
PCIIde: System32 \ Drivers \ pciide.sys (sustav)
PCMCIA: System32 \ Drivers \ pcmcia.sys (sustav)
Padus ASPI Shell: system32 \ drivers \ pfc.sys (ručno pokretanje)
Plug and Play:% SystemRoot% \ system32 \ services.exe (autostart)
IPSEC Services:% SystemRoot% \ system32 \ lsass.exe (autostart)
WAN Miniport (PPTP): System32 \ Drivers \ raspptp.sys (ručno pokretanje)
Zaątićene Storage:% SystemRoot% \ system32 \ lsass.exe (autostart)
QoS Packet Planer: System32 \ Drivers \ psched.sys (ručno pokretanje)
Direct Parallel Link Driver: System32 \ Drivers \ ptilink.sys (ručno pokretanje)
PxHelp20: System32 \ Drivers \ PxHelp20.sys (sustav)
Quanta brza tipka Keyboard Filter Driver: System32 \ Drivers \ qkbfiltr.sys (ručno pokretanje)
Quanta brza tipka Mouse Filter Driver: System32 \ Drivers \ qmofiltr.sys (ručno pokretanje)
Remote Access Auto Connection Driver: System32 \ Drivers \ rasacd.sys (sustav)
Remote Access Auto Connection Manager:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (ručno pokretanje)
WAN Miniport (L2TP): System32 \ Drivers \ rasl2tp.sys (ručno pokretanje)
Remote Access Connection Manager:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (ručno pokretanje)
Remote Access PPPOE Driver: System32 \ Drivers \ raspppoe.sys (ručno pokretanje)
Direct Parallel: System32 \ Drivers \ raspti.sys (ručno pokretanje)
Rdbss: System32 \ Drivers \ rdbss.sys (sustav)
RDPCDD: System32 \ Drivers \ RDPCDD.sys (sustav)
Terminal Server Device preusmjerivač Driver: System32 \ Drivers \ rdpdr.sys (ručno pokretanje)
Remote Desktop Help Session Manager: C: \ WINDOWS \ system32 \ sessmgr.exe (ručno pokretanje)
CD Digital Audio reprodukcija Filter Driver: System32 \ Drivers \ redbook.sys (sustav)
Routing i Remote Access:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (onemogućeno)
Remote Registry:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (autostart)
Remote Procedure Call (RPC) mjesta:% SystemRoot% \ system32 \ locator.exe (ručno pokretanje)
Remote Procedure Call (RPC):% SystemRoot% \ system32 \ Svchost-k rpcss (autostart)
QoS RSVP:% SystemRoot% \ system32 \ rsvp.exe (ručno pokretanje)
Belkin RT2500 Wireless Driver: System32 \ Drivers \ RT61.sys (ručno pokretanje)
Realtek 10/100/1000 NIC Obitelj all in one NDIS XP Driver: System32 \ Drivers \ Rtlnicxp.sys (ručno pokretanje)
Realtek RTL8139 (A / B / C)-based PCI Fast Ethernet adapter NT Driver: System32 \ Drivers \ RTL8139.SYS (ručno pokretanje)
Security Accounts Manager:% SystemRoot% \ system32 \ lsass.exe (autostart)
Smart Card:% SystemRoot% \ System32 \ SCardSvr.exe (ručno pokretanje)
Zadatak Planer:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
Secdrv: System32 \ Drivers \ secdrv.sys (ručno pokretanje)
Secondary Logon:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
System Event Notification:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart)
Sitecom Serijski port driver: System32 \ Drivers \ ser2pl.sys (ručno pokretanje)
Serenum Filter Driver: System32 \ Drivers \ serenum.sys (ručno pokretanje)
High-Capacity disketni pogon: System32 \ Drivers \ sfloppy.sys (ručno pokretanje)
Windows Firewall / Internet Connection Sharing (ICS):% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart)
Shell Hardware Detection:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
Microsoft Kernel Audio razdvajač: system32 \ drivers \ Splitter.sys (ručno pokretanje)
Ispiši red čekanja:% SystemRoot% \ system32 \ spoolsv.exe (autostart)
System Restore Filter Driver: System32 \ Drivers \ sr.sys (sustav)
System Restore Service:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart)
Srv: System32 \ Drivers \ srv.sys (ručno pokretanje)
SSDP Discovery Service:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (ručno pokretanje)
Mrtva Serial Digital Camera Driver: System32 \ Drivers \ serscan.sys (ručno pokretanje)
Windows Image Acquisition (WIA):% SystemRoot% \ system32 \ Svchost.exe-k imgsvc (autostart)
Autobusni Software Driver: System32 \ Drivers \ swenum.sys (ručno pokretanje)
Microsoft Kernel GS Wavetable sintesajzer: system32 \ drivers \ swmidi.sys (ručno pokretanje)
MS Software Shadow Copy Provider: C: \ WINDOWS \ system32 \ dllhost.exe / Processid: (6C222AAE-7AD3-43BE-AC4B-02239FF8DEC6) (ručno pokretanje)
Synaptics TouchPad Driver: System32 \ Drivers \ SynTP.sys (ručno pokretanje)
Microsoft Kernel System Audio Device: system32 \ drivers \ sysaudio.sys (ručno pokretanje)
Izvedba Evidencije i upozorenja:% SystemRoot% \ system32 \ smlogsvc.exe (ručno pokretanje)
Telefonija:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (ručno pokretanje)
TCP / IP Protocol Driver: System32 \ Drivers \ Tcpip.sys (sustav)
Terminal Device Driver: System32 \ Drivers \ termdd.sys (sustav)
Terminal Services:% SystemRoot% \ System32 \ Svchost-k DComLaunch (ručno pokretanje)
Teme:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
Telnet: C: \ WINDOWS \ system32 \ tlntsvr.exe (onemogućeno)
tmcomm: \? \ C: \ Windows \ System32 \ Drivers \ tmcomm.sys (autostart)
Distribuirani Link Tracking Client:% SystemRoot% \ system32 \ Svchost.exe-k netsvcs (autostart)
Mikrokod Update Driver: System32 \ Drivers \ update.sys (ručno pokretanje)
Universal Plug and Play Device Host:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (ručno pokretanje)
Neprekidni izvor napajanja:% SystemRoot% \ System32 \ ups.exe (ručno pokretanje)
Microsoft USB Generic Parent Driver: System32 \ Drivers \ usbccgp.sys (ručno pokretanje)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32 \ Drivers \ usbehci.sys (ručno pokretanje)
USB2 Omogućene Hub: System32 \ Drivers \ usbhub.sys (ručno pokretanje)
Microsoft USB Open Host Controller Miniport Driver: System32 \ Drivers \ usbohci.sys (ručno pokretanje)
Microsoft USB Printer Klasa: System32 \ Drivers \ usbprint.sys (ručno pokretanje)
Scanner USB Driver: System32 \ Drivers \ usbscan.sys (ručno pokretanje)
USB Mass Storage Driver: System32 \ Drivers \ USBSTOR.SYS (ručno pokretanje)
Linksys Wireless-G Network adapter sa USB SpeedBooster Driver v2: System32 \ Drivers \ usb8023.sys (ručno pokretanje)
VgaSave: \ SystemRoot \ System32 \ Drivers \ vga.sys (sustav)
Volume Shadow Copy:% SystemRoot% \ System32 \ vssvc.exe (ručno pokretanje)
Windows Time:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
Remote Access IP ARP Driver: System32 \ Drivers \ wanarp.sys (ručno pokretanje)
Windows CE serijske USB Host Driver: System32 \ Drivers \ wceusbsh.sys (ručno pokretanje)
Microsoft WINMM WDM Audio Kompatibilnost Driver: System32 \ Drivers \ wdmaud.sys (ručno pokretanje)
WebClient:% SystemRoot% \ system32 \ Svchost.exe-k LocalService (autostart)
winachsf: System32 \ Drivers \ HSF_CNXT.sys (ručno pokretanje)
Windows Management Instrumentation:% systemroot% \ system32 \ Svchost.exe-k netsvcs (autostart)
Portable Media Serial Broj Service:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (ručno pokretanje)
Windows Management Instrumentation Driver Extensions:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (ručno pokretanje)
WMI Performance Adapter: C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe (ručno pokretanje)
Windows Media Player Network Sharing Service: "C: \ Program Files \ Windows Media Player \ WMPNetwk.exe" (ručno pokretanje)
Windows Socket 2,0 Non-IFS Service Provider Support Environment: \ SystemRoot \ System32 \ Drivers \ ws2ifsl.sys (onemogućeno)
Security Center:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
Automatska ažuriranja:% systemroot% \ system32 \ Svchost.exe-k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platforma Driver: System32 \ Drivers \ WudfPf.sys (ručno pokretanje)
Windows Driver Foundation - User-mode Driver Framework Reflektor: System32 \ Drivers \ wudfrd.sys (ručno pokretanje)
Windows Driver Foundation - User-mode Driver Framework:% SystemRoot% \ system32 \ Svchost.exe-k WudfServiceGroup (ručno pokretanje)
Wireless Zero Configuration:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (autostart)
Rezerviranja Network Service:% SystemRoot% \ System32 \ Svchost.exe-k netsvcs (ručno pokretanje)

--------------------------------------------------
Windows NT Enumerating prijava / odjava skripte:
* Ne postavite pokretanje skripti *
Windows NT checkdisk naredbu:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: * Registry value not found *
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad predmeta:
PostBootReminder: C: \ WINDOWS \ system32 \ SHELL32.dll
CDBurn: C: \ WINDOWS \ system32 \ SHELL32.dll
WebCheck: C: \ WINDOWS \ system32 \ webcheck.dll
SysTray: C: \ WINDOWS \ system32 \ stobject.dll
UPnPMonitor: C: \ WINDOWS \ system32 \ upnpui.dll
WPDShServiceObj: C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run
* Ne vrijednosti pronađen *
--------------------------------------------------
Autorun entries from Registry:
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run
* Ne vrijednosti pronađen *
--------------------------------------------------
End of report, 38242 bytes
Izvješće je generirana za 0,266 sekundi
Command line options:
/ verbose - za dodavanje dodatne informacije o svakoj sekciji
/ kompletna - uključiti praznih odjeljaka i nesumnjiv podataka
/ puni - da uključuje nekoliko važnih poglavlja rijetko -
/ force9x - za Win9x uključuju samo startups čak i ako se izvodi na Winnt
/ forcent - uključiti Winnt samo startups čak i ako se izvodi na Win9x
/ forceall - da uključuje sve Win9x i Winnt startups, bez obzira na platformu
/ history - za popis verziju povijesti samo

[evilfantasy]

Taj početni popis od HJT koja je korisna, ali mi je potreban glavni scan.

Otvori HJT i odaberite Da li je sustav skenirati i spremanje log datoteku gumb.

Post molimo da se prijavite.

[iana]

Bok,

Oprostite ako sam se činiti sporim odgovaranjem u ali Im 'vlasništvo teškoća u spremanja scan!

Ja sam bio u vožnji HJT 'Da li je sustav skenirati i spremanje log datoteku, no kada se pokuša otvoriti log datoteku se ne uspije.

Jedini način Vidim pružanja ove informacije je li spremiti kopiju ekranu nego da post da će biti veliki file Mislite da je ovo dobra ideja ili je tu nešto drugo mogu probati?

Pozdravi
Ian A

[evilfantasy]

Isprobajte ovo umjesto i poslati logove od nje.

Preuzimanje Deckard's Scanner System (DSS) na svoj Desktop.
Napomena: Morate biti prijavljeni na svoj račun s administratorskim privilegijama.

• Zatvoriti sve programe i prozore.
• Dvokliknite na dss.exe da ga vode, a zatim slijedite upute.
• Kada se skeniranje završi, dva tekstualna datoteka će se otvoriti
  • main.txt <-- ovo će biti maximized
  • extra.txt <-- ovo će biti minimiziran
• Dodaj sadržaj main.txt u svom postu.
• Također dodaj extra.txt na vaš post.

• Tekst iz te datoteke svibanj premašiti maksimalnu duljinu post za ovaj forum, i svibanj trebate biti poslana preko 2 ili više postova. Molimo Vas da provjerite sve tekstualne objavi.

Što će učiniti DSS:

• Napravi novu točku za vraćanje sustava u sustavu Windows XP i Vidik.
• Očistiti privremene datoteke, Downloaded Program Files i Internet Files Cache, i ispraznili koš za smeće na svi Pogoni.
• Provjera nekih važnih područja vašeg sustava i izradu izvješća za svoju analitičar za pregled. DSS automatski pokreće HijackThis za vas, ali će se također instalirati i staviti da HijackThis prečac na radnoj površini ako već nemate instaliran HijackThis.

[iana]

Bok

I mora se misliti!

Pokušao sam odlaska na vrućem link Deckards skener ali ne mogu naći dss.exe.

Deckards, pita me da se registrirate na neku drugu web stranicu forum sličan jedan sam već na

Molim objasnite

Ian

[evilfantasy]

Koristite ovaj link. http://www.techsupportforum.com/sect...eckard/dss.exe

[iana]

Zdravo,
Žao mi je ako je neko od sam leđa, ali mi je daleko

Ja sam sada uspjela napraviti skeniranje i ovdje su rezultati
System Restore ------------------------------------------------ --------------
Uspješno izradili Deckard's Scanner System Restore Point.

- Posljednjih 5 Restore Point (s) --
49: 2008-04-07 07:50:49 UTC - RP160 - Deckard's System Restore Point Scanner
48: 2008-04-07 06:07:59 UTC - RP159 - Sistem prijelaz
47: 2008-04-01 17:50:42 UTC - RP158 - Sistem prijelaz
46: 2008-03-28 20:48:03 UTC - RP157 - Instalirana SUPERAntiSpyware Free Edition
45: 2008-03-28 19:02:25 UTC - RP156 - Sistem prijelaz

- Prva Restore Point --
1: 2008-01-04 07:54:54 UTC - RP112 - Sistem prijelaz

Sigurnosne kopije registra ospe.
Izvodi Disk Cleanup.
Postotak Memorija u uporabi: 76% (više od 75%).
Total Physical Memory: 447 baze informacija za upravljanje (512 baze informacija za upravljanje preporučeno).

- HijackThis (trčanje kao iana.exe) ---------------------------------------- --------
Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 08:52:30, dana 07/04/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ brsvc01a.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ system32 \ brss01a.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ Toshiba \ ConfigFree \ CFSvcs.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe
C: \ WINDOWS \ system32 \ TPSMain.exe
C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe
C: \ Program Files \ Toshiba \ ConfigFree \ NDSTray.exe
C: \ Program Files \ Toshiba \ Toshiba Zooming Utility \ SmoothView.exe
C: \ Program Files \ Toshiba \ Touch i pokrenite \ PadExe.exe
C: \ WINDOWS \ System32 \ dla \ DLACTRLW.EXE
C: \ Program Files \ Toshiba \ ConfigFree \ CFSServ.exe
C: \ Program Files \ Atheros \ ACU.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe
C: \ Program Files \ Toshiba \ TOSCDSPD \ toscdspd.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ TPSBattM.exe
C: \ Program Files \ FinePixViewer \ QuickDCF.exe
C: \ Program Files \ Toshiba \ ConfigFree \ CFXFER.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Adobe \ Acrobat 6,0 \ Reader \ AcroRd32.exe
C: \ WINDOWS \ system32 \ WISPTIS.EXE
C: \ Documents and Settings \ Iana \ Local Settings \ Temporary Internet Files \ Content.IE5 \ EL9EICW6 \ DSS [1]. Exe
C: \ programa ~ 1 \ TRENDM ~ 1 \ Hijack ~ 1 \ iana.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyServer = flotechsvr: 8080
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6,0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (51610169-4F36-C280-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (file missing)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll
O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Toshiba brza tipka Utility] "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang en
O4 - HKLM \ .. \ Run: [TPSMain] TPSMain.exe
O4 - HKLM \ .. \ Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM \ .. \ Run: [SmoothView] C: \ Program Files \ Toshiba \ Toshiba Zooming Utility \ SmoothView.exe
O4 - HKLM \ .. \ Run: [PadTouch] C: \ Program Files \ Toshiba \ Touch i pokrenite \ PadExe.exe
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ System32 \ dla \ DLACTRLW.EXE
O4 - HKLM \ .. \ Run: [CFSServ.exe] CFSServ.exe-NoClient
O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / Autorun
O4 - HKLM \ .. \ Run: [ACU] "C: \ Program Files \ Atheros \ ACU.exe"-nogui
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimizirane
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [OpwareSE2] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe"
O4 - HKLM \ .. \ Run: [OPSE podsjetnik] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg . INI "
O4 - HKCU \ .. \ Run: [TOSCDSPD] C: \ Program Files \ Toshiba \ TOSCDSPD \ toscdspd.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [PnPUI Registrator] C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MI05E6 ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL = http://Companyweb
O16 - DPF: (11260943-421B-11D0-8EAC-0000C07D88CF) (iPIX ActiveX Control) -- http://www.ipix.com/download/ipixx.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1197453622703
O16 - DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) (Java Runtime Environment 1.6.0) -- http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: (BB21F850-63F4-4EC9-BF9D-565BD30C9AE9) (A-kvadratna Scanner) -- http://ax.emsisoft.com/asquared.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ Parameters: Domain = flotech.local
O17 - HKLM \ Software \ .. \ telefonija: domene = flotech.local
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM \ System \ CS1 \ Services \ TCPIP \ Parameters: Domain = flotech.local
O17 - HKLM \ System \ CS1 \ Services \ TCPIP \ Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM \ System \ CS1 \ Services \ TCPIP \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM \ System \ CS3 \ Services \ TCPIP \ Parameters: Domain = flotech.local
O17 - HKLM \ System \ CS3 \ Services \ TCPIP \ Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM \ System \ CS3 \ Services \ TCPIP \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Obavijesti: detcdzqc - athcfg11c.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown vlasnika - C: \ WINDOWS \ system32 \ acs.exe
O23 - Service: ati brza tipka Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: BrSplService (SPL Brother XP Service) - brat Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe
O23 - Service: ConfigFree Service (CFSvcs) - Toshiba CORPORATION - C: \ Program Files \ Toshiba \ ConfigFree \ CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
--
End of file - 9862 bytes
- Fixed HijackThis Entries (C: \ programa ~ 1 \ TRENDM ~ 1 \ Hijack ~ 1 \ sigurnosne kopije \) -----------
backup-20071217-070814-188 O4 - HKLM \ .. \ Run: [\ \ WKS-216 \ EPSON gramofonska igla C46 Series] C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_S4I0T 1.EXE / P33 "\ \ WKS-216 \ EPSON Gramofonska igla C46 Series "/ O6" USB002 "/ M" gramofon igla C46 "
backup-20071217-071110-763 O16 - DPF: (935F9B04-0C7B-4454-A391-348C54AD7ADD) (Jolly Bear Igre Player) -- http://games.bigfishgames.com/en_big...GamePlayer.cab
backup-20071219-071455-100 O20 - Winlogon Obavijesti: detcdzqc - C: \ Windows \ System32 \ athcfg11c.dll
backup-20071219-071455-320 O4 - Global Startup: EPSON Status Monitor 3 Okoliš Check (3). lnk = C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ E_SRCV0 3.EXE
backup-20071219-071455-780 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll
backup-20080327-194111-931 O2 - BHO: (no name) - (51610169-4F36-C280-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (file missing)
backup-20080327-194139-797 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll
backup-20080327-194247-663 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll
- File Associations ---------------------------------------------- -------------
. txt - NetLog.Document - DefaultIcon - C: \ EPICOM ~ 1,02 \ EPICom2.02 \ EPICOM ~ 1.EXE, 8
. txt - NetLog.Document - shell \ otvoriti \ naredbu - C: \ EPICOM ~ 1,02 \ EPICom2.02 \ EPICOM ~ 1.EXE / DDE

- Vozači: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Onemogućene ---------------------
R0 hlkvythd - C: \ Windows \ System32 \ Drivers \ vzrpdamf.dat
R1 SASDIFSV - C: \ Program Files \ superantispyware \ sasdifsv.sys
R1 SASKUTIL - C: \ Program Files \ superantispyware \ saskutil.sys
R2 MASPINT - C: \ Windows \ System32 \ Drivers \ maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver za WinNT>
R2 mdmxsdk - C: \ Windows \ System32 \ Drivers \ mdmxsdk.sys <Not Verified; Conexant; dijagnostiku Interface>
R2 Netdevio (Toshiba Network Device Usermode I / O Protocol) - C: \ Windows \ System32 \ Drivers \ netdevio.sys <Not Verified; Toshiba Corporation.; Toshiba Network Device Usermode I/O protocol>
R3 AR5211 (Atheros Wireless Network Adapter Service) - c: \ windows \ system32 \ drivers \ ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 BoiHwsetup (Access 32bits INT15 rutinu) - c: \ windows \ system32 \ drivers \ boihwsetup.sys <Not Verified; Quanta Computer Corp; Toshiba HwSetup Driver>
R3 CAMCAUD (Conexant AMC 3D Environmental Audio) - c: \ windows \ system32 \ drivers \ camc6aud.sys <Not Verified; Conexant Systems Inc.; Conexant Audio Driver>
R3 CAMCHALA - C: \ Windows \ System32 \ Drivers \ camc6hal.sys <Not Verified; Conexant Systems Inc.; Conexant AmcHal Driver>
R3 HSF_DPV - C: \ Windows \ System32 \ Drivers \ hsf_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWATI - C: \ Windows \ System32 \ Drivers \ hsfhwati.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 Iviaspi (ivi ASPI Shell) - c: \ windows \ system32 \ drivers \ iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c: \ windows \ system32 \ drivers \ pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 qkbfiltr (Quanta brza tipka Keyboard Filter Driver) - c: \ windows \ system32 \ drivers \ qkbfiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta brza tipka na tipkovnici Filter Driver>
R3 qmofiltr (Quanta brza tipka Mouse Filter Driver) - c: \ windows \ system32 \ drivers \ qmofiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Mouse Filter Device Driver>
R3 SASENUM - C: \ Program Files \ superantispyware \ sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 winachsf - C: \ Windows \ System32 \ Drivers \ hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
S3 DNINDIS5 (DNINDIS5 NDIS Driver Protocol) - c: \ programa ~ 1 \ belkin \ belkin ~ 1.11g \ dnindis5.sys (file missing)
S3 GTNDIS5 (GTNDIS5 NDIS Driver Protocol) - c: \ windows \ system32 \ gtndis5.sys (file missing)
S3 RT61 (Belkin RT2500 Wireless Driver) - c: \ windows \ system32 \ drivers \ rt61.sys (file missing)
S3 Ser2pl (Sitecom Serijski port driver) - c: \ windows \ system32 \ drivers \ ser2pl.sys <Not Verified; plodan Tehnologija Inc.; plodan USB-to-Serial Most Cable>
S3 wceusbsh (Windows CE serijske Host USB Driver) - c: \ windows \ system32 \ drivers \ wceusbsh.sys <Not Verified; Microsoft Windows CE Corporation; USB Serial Host Driver>

- Usluge: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Onemogućene --------------------
R2 CFSvcs (ConfigFree Service) - C: \ Program Files \ Toshiba \ configfree \ cfsvcs.exe <Not Verified; Toshiba CORPORATION; ConfigFree(TM)>
S2 ACS (Atheros Configuration Service) - c: \ windows \ system32 \ acs.exe

- Device Manager: Disabled -------------------------------------------- --------
Ne onemogućen uređaji found.

- Scheduled Tasks ---------------------------------------------- ---------------
2008-04-07 06:48:40 436 - a ------ C: \ WINDOWS \ Tasks \ RegCure Program Check.job
2008-04-04 12:33:04 438 - a ------ C: \ WINDOWS \ Tasks \ At1.job
2008-03-15 17:25:00 284 - a ------ C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job
2008-01-31 16:37:13 370 - a ------ C: \ WINDOWS \ Tasks \ RegCure.job

- Kreirana datoteka između 2008/03/07 a ----------------------------- 2008/04/07
2008-03-28 21:48:16 0 d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-03-28 21:48:05 0 d -------- C: \ Program Files \ SUPERAntiSpyware
2008-03-28 21:48:05 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ SUPERAntiSpyware.com
2008-03-28 21:47:28 0 d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard

- Izvještaj Find3M ---------------------------------------------- -----------------
2008-04-07 06:51:23 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ AVG7
2008-04-04 16:30:58 0 d -------- C: \ Program Files \ Hansa52Client
2008-04-04 15:41:49 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ AdobeUM
2008-03-28 21:47:28 0 d -------- C: \ Program Files \ Common Files
2008-03-25 10:03:27 0 d -------- C: \ Program Files \ Common Files \ Adobe
2008-03-25 09:31:28 0 d -------- C: \ Program Files \ Common Files \ Symantec Shared
2008-03-05 15:04:08 0 d -------- C: \ Program Files \ Canon
2008-03-05 11:57:28 0 d -------- C: \ Program Files \ Java
2008-02-25 09:26:29 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ ScanSoft
2008-02-25 09:26:26 0 d -------- C: \ Program Files \ Common Files \ ScanSoft Dijeljeno
2008-02-25 09:25:40 0 d -------- C: \ Program Files \ ScanSoft
2008-02-25 08:32:09 0 d -------- C: \ Program Files \ Google
2008-02-21 18:33:48 0 d -------- C: \ Program Files \ MumbleJumble
2008-02-21 18:10:04 0 d -------- C: \ Program Files \ Mahjong Deluxe
2008-02-21 12:06:28 0 d -------- C: \ Program Files \ RogueRemover FREE
2008-02-21 12:04:40 0 d -------- C: \ Program Files \ zidinama Jerihona
2008-02-21 12:04:31 0 d -------- C: \ Program Files \ HP Creative Idea CD
2008-02-21 12:04:11 0 d -------- C: \ Program Files \ XviD
2008-02-21 12:03:54 0 d -------- C: \ Program Files \ RegCure
2008-02-21 12:02:55 0 d -------- C: \ Program Files \ Uklanjanje Man
2008-02-21 12:02:55 0 d -------- C: \ Program Files \ Polarkubes
2008-02-21 12:01:40 0 d -------- C: \ Program Files \ PopCap Games
2008-02-18 19:38:17 16 - a ------ C: \ WINDOWS \ popcinfot.dat
2008-02-18 19:19:59 0 - a ------ C: \ WINDOWS \ popcreg.dat
2008-02-11 17:53:24 0 d -------- C: \ Program Files \ IDIGICON Limited
2008-01-21 18:36:58 1024 - a ------ C: \ WINDOWS \ jericho_game_ra.dat

- Matični Smetište ---------------------------------------------- -----------------
* Note * empty entries & čitljiv default unose se ne prikazuju

[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (51610169-4F36-C280-84AB-82D92ED1F68B)]
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (EA389261-1100-451F-8582-815CAB488AE6)]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe" [17/12/2005 00:32]
"Toshiba Utility brza tipka" = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" [28/01/2006 05:13]
"TPSMain" = "TPSMain.exe" [08/02/2006 16:02 C: \ WINDOWS \ system32 \ TPSMain.exe]
"NDSTray.exe" = "NDSTray.exe" []
"SmoothView" = "C: \ Program Files \ Toshiba \ Toshiba Zooming Utility \ SmoothView.exe" [12/05/2005 11:31]
"PadTouch" = "C: \ Program Files \ Toshiba \ Touch i pokrenite \ PadExe.exe" [21/12/2005 14:52]
"Dla" = "C: \ WINDOWS \ System32 \ dla \ DLACTRLW.EXE" [06/10/2005 06:20]
"CFSServ.exe" = "CFSServ.exe" []
"REGSHAVE" = "C: \ Program Files \ REGSHAVE \ REGSHAVE.exe" [04/02/2002 23:32]
"ACU" = "C: \ Program Files \ Atheros \ ACU.exe" [11/07/2005 16:04]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [04/03/2007 17:39]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [01/09/2006 16:57]
"! AVG Anti-Spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" [11/06/2007 10:25]
"AVG7_CC" = "C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [02/01/2008 12:20]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" [22/02/2008 05:25]
"OpwareSE2" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" [08/05/2003 12:00]
"OPSE podsjetnik" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe" [07/07/2003 10:29]
"RegistryMechanic" = "" []
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"TOSCDSPD" = "C: \ Program Files \ Toshiba \ TOSCDSPD \ toscdspd.exe" [11/04/2005 12:26]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [04/08/2004 14:00]
"PnPUI Registrator" = "C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe" [22/11/2004 21:04]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [13/10/2004 17:24]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [27/02/2007 12:39]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Exif Launcher.lnk - C: \ Program Files \ FinePixViewer \ QuickDCF.exe [09/01/2002 22:53:14]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [21/01/2000 09:15:54]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system]
"DisableRegistryTools" = 0 (0x0)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ Explorer]
"NoWelcomeScreen" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [20/12/2006 13:55 77824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 27/02/2007 12:39 282624 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \ detcdzqc]
athcfg11c.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA]
"Authentication Packages" = msv1_0 nwprovau
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs
buznlwxw

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (a2fd87dd-a192-11dc-b600-0016e375ed46)]
Autorun \ naredbenog E: \ LaunchU3.exe


- Kraj Deckard sustav Scanner: završio na 2008-04-07 08:53:08 ------------


Nadam se sve ovo ima smisla za vas

Pozdravi
IanA

[evilfantasy]

Morat ćete napraviti korake OVDJE.