|
| |||||||
| Registracija | Mapa Spy | Member List | Donacije | Pretraživanje | Today's Posts | Označi Sve Forume Kao Pročitane | Forum Rules |
 |
 |
| | Thread Tools |
|
#1
16. listopad 2008, 09:51
| |||
| |||
| Što god da učinim ne mogu odstraniti TROJAN.VUNDO.H Pokušao sam nekoliko puta sa Malwarebytes za brisanje VUNDO.H virus. Kako bi to ponovno podizanje sustava i trčanje Malwarebytes ja opet samo da pronađete još uvijek je na sustavu. JA isto tako imati isključen vraćanja sustava prije početka ove. Thanks for your help! |
|
#2
16. listopad 2008, 11:27
| |||
| |||
| Što god da učinim ne mogu odstraniti TROJAN.VUNDO.H Otvori HijackThis i odaberite Da li je sustav skenirati samo. Stavite oznaku uz sljedeće stavke: (ako postoji)
Izlaz HijackThis. ---------- Preuzimanje OTMoveIt2 la Oldtimer i spremite je na svoje Desktop. Napomena: Ako radite na Vista, desnom tipkom miša kliknite na OTMoveIt2.exe i odabrati Pokreni kao administrator. 1. Dvokliknite OTMoveIt2.exe da ga vode. 2. Kopirajte linije u codebox ispod. Code: [ubiti Explorer] C: \ Windows \ System32 \ digestp.dll EmptyTemp [start Explorer] 4. Kliknite na crvenu Moveit! gumb. 5. Kopiraj sve u prozor Stranice (u zelenoj traci) i zalijepite ga u svoj sljedeći odgovor. 6. Zatvoriti OTMoveIt2 Napomena: Ako je datoteka ili mapa se ne mogu premjestiti odmah vam svibanj biti zatraženo da ponovno pokrenuti računalo kako bi završili proces potez. Ako zamoljeni da ponovno podizanje sustava, odaberite Da. Ako ne, ponovno podizanje sustava anyway.
__________________  |
|
#3
16. listopad 2008, 12:39
| |||
| |||
| Što god da učinim ne mogu odstraniti TROJAN.VUNDO.H Pa sam išla sve postavljene. The Hijack ode fini i 2 slika bit će izbrisani. The OTMOVEIT2 program - JA kopiran u 4 retka [ubiti Explorer] C: \ Windows \ System32 \ digestp.dll EmptyTemp [start Explorer pod žutom traku i odabrali MOVEIT. Pod zelenom okviru programa istražuju ubijeno, rekao je uspješno međutim dobio sam pogrešku dijaloški okvir. Said OTMOVEIT2 OTMOVEIT2.EXE - Bad image Primjena ili DLL C: \ Windows \ rakxhfy.dll nije valjana windows image. Provjerite ovu installtion protiv vašeg diska. JA je to ponovno podizanje sustava i OTMOVEIT došao opet i sam došao s istom greška dijalog kao gore. Kako mogu otarasiti ovog OTMOVEIT2 kada ga ponovno podizanje sustava. Ima li još nešto što treba uraditi? |
|
#4
16. listopad 2008, 12:45
| |||
| |||
| Što god da učinim ne mogu odstraniti TROJAN.VUNDO.H Da li je više učiniti. Ne brinite se poruka o pogrešci ... Preuzimanje slučajni sustav informacija alat (RSIT) by random / od slučajnih i spremite je na svoj Desktop.
__________________ |
|
#5
16. listopad 2008, 13:26
| |||
| |||
| Što god da učinim ne mogu odstraniti TROJAN.VUNDO.H log.txt: Vaša datoteka od 28,7 KB bytes foruma prelazi granicu od 19,5 KB za ovu vrstu datoteke. Morao sam WinZip log datoteku da biste dobili Internet to vam je činiti da cdonstraints RAČUNALA Sok privitak datoteka. |
|
#6
16. listopad 2008, 13:34
| |||
| |||
| Što god da učinim ne mogu odstraniti TROJAN.VUNDO.H Log datoteku Logfile slučajnih sustav informacija alat 1,04 (napisao nasumično / nasumično) Run by Vlasnik at 2008-10-16 15:56:08 Microsoft Windows XP Home Edition Service Pack 3 Sustav disku C: ima 136 GB (92%) bez 149 GB Ukupno RAM: 382 MB (30% besplatno) Logfile of Trend Micro HijackThis v2.0.2 Scan spremljena u 3:56:33, na 10/16/2008 Platforma: Windows XP SP3 (Winnt 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Pokretanje procesa: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ Winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ WINDOWS \ System32 \ Svchost.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ explorer.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe C: \ Program Files \ ispred \ InCD \ InCDsrv.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ Program Files \ Common Files \ Novi granični \ PrismXL \ PRISMXL.SYS C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe C: \ WINDOWS \ system32 \ Svchost.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Documents and Settings \ Owner \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 6QBVSP54 \ RSIT [1]. Exe C: \ Program Files \ Common Files \ Symantec Shared \ COH \ coh32.exe C: \ Program Files \ Trend Micro \ HijackThis \ Owner.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.emachines.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer Download i Record Plugin za Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: NCO 2,0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ coIEPlg.dll O2 - BHO: Symantec prevenciju upada - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \ windows \ system32 \ digestp.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll O3 - Toolbar: Norton Show Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ CoIEPlg.dll O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" O4 - HKLM \ .. \ Run: [osCheck] "C: \ Program Files \ Norton 360 \ osCheck.exe" O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - Global Startup: Uređaj Detektor 3.lnk = C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe O4 - Global Startup: Google Updater.lnk = C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000 O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (ActiveScan 2,0 Installer Class) -- http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1211623928390 O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1211630845500 O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Obavijesti: paubftzz - C: \ Windows \ System32 \ digestp.dll O23 - Service: ati brza tipka Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: Automatic LiveUpdate Planer - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: Symantec Lic NetConnect usluga (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: Host COM (comHost) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - ispred Software - C: \ Program Files \ ispred \ InCD \ InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE O23 - Service: LiveUpdate Obavijest - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: PrismXL - Novi granični Technologies, Inc - C: \ Program Files \ Common Files \ Novi granični \ PrismXL \ PRISMXL.SYS O23 - Service: Symantec Core LC - Unknown vlasnika - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe -- End of file - 7993 bytes ====== Zakazani zadaci mapu ====== C: \ WINDOWS \ zadaci \ Automatski Full Backup.job C: \ WINDOWS \ zadaci \ Dnevne Changed Files.job C: \ WINDOWS \ zadaci \ PEACTREE TJEDNI BACK UP.job ====== Registrara izvatkom ====== [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)] Adobe PDF Reader Link Helper - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3049C3E9-B461-4BC5-8870-4C09146192CA)] Preuzmi RealPlayer i Record Plugin za Internet Explorer - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll [2008-04-19 308856] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)] C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ coIEPlg.dll [2008-06-30 349552] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (6D53EC84-6AAE-4787-AEEE-F4628F01010C)] Symantec prevenciju upada - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll [2008-10-16 116088] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AA58ED58-01DD-4d91-8333-CF10577473F7)] Google Toolbar Helper - c: \ program files \ google \ googletoolbar1.dll [2007-06-04 2554944] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AF69DE43-7D58-4638-B6FA-CE66B5AD205D)] Google Toolbar Notifier BHO - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll [2008-09-26 737776] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] c: \ windows \ system32 \ digestp.dll [2004-08-04 105984] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar] (EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ yt.dll [2005-08-04 343112] (2318C2B1-4965-11d4-9B18-009027A5CD4F) - & Google - C: \ Program Files \ Google \ googletoolbar1.dll [2007-06-04 2554944] ID (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - Show Norton Toolbar - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ CoIEPlg.dll [2008-06-30 349552] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run] "QuickTime Task" = C: \ Program Files \ QuickTime \ qttask.exe [2005-01-28 98304] "Adobe Photo Downloader" = C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe [2005-06-06 57344] "Adobe Reader Speed Launcher" = C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe [2008-01-11 39792] "TkBellExe" = C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe [2008-04-19 185896] "ccApp" = C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048] "osCheck" = C: \ Program Files \ Norton 360 \ osCheck.exe [2008-02-26 988512] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "MSMSGS" = C: \ Program Files \ Messenger \ msmsgs.exe [2008-04-13 1695232] "Ctfmon.exe" = C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360] "SUPERAntiSpyware" = C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe [2008-05-28 1506544] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [2004-11-12 344064] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ccApp] C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CHotkey] C: \ WINDOWS \ zHotkey.exe [2004-05-17 543232] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ InCD] C: \ Program Files \ ispred \ InCD \ InCD.exe [2003-09-01 1200178] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ MSMSGS] C: \ Program Files \ Messenger \ msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE [2002-09-13 212992] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl] C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [2003-10-31 32768] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ShowWnd] C: \ WINDOWS \ ShowWnd.exe [2003-09-19 36864] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SoundMan] C: \ WINDOWS \ SOUNDMAN.EXE [2004-11-15 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SunKistEM] C: \ Program Files \ Digital Media Reader \ shwiconem.exe [2004-11-15 135168] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ UpdateManager] C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe [2003-08-19 110592] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ BigFix.lnk] C: \ programa ~ 1 \ BigFix \ BigFix.exe [2002-07-31 1742384] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] C: \ programa ~ 1 \ MICROS ~ 2 \ Office \ OSA9.EXE [2000-01-21 65588] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup Uređaj Detektor 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Obavijesti \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [2007-04-19 294912] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Obavijesti \ AtiExtEvent] C: \ WINDOWS \ system32 \ Ati2evxx.dll [2006-02-21 61440] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Obavijesti \ paubftzz] C: \ WINDOWS \ system32 \ digestp.dll [2004-08-04 105984] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad] UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008-04-13 239616] WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Policies \ Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ standardnih profila \ authorizedapplications \ list] "% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Omogućen: AOL" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Omogućen: AOL" "C: \ Program Files \ America Online 9,0 \ waol.exe" = "C: \ Program Files \ America Online 9,0 \ waol.exe: *: Omogućen: America Online 9,0" "% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Omogućen: @ xpsp3res.dll, -20000" "C: \ Program Files \ Internet Explorer \ iexplore.exe" = "C: \ Program Files \ Internet Explorer \ iexplore.exe: *: Onemogućene: Internet Explorer" "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe" = "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe: *: Omogućen: LogMeIn Rescue" [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list] "% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Omogućen: AOL" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Omogućen: AOL" "C: \ Program Files \ America Online 9,0 \ waol.exe" = "C: \ Program Files \ America Online 9,0 \ waol.exe: *: Omogućen: America Online 9,0" "% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Omogućen: @ xpsp3res.dll, -20000" [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)] shell \ autorun \ naredbu - C: \ WINDOWS \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-b301-806d6172696f)] shell \ autorun \ naredbu - C: \ WINDOWS \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Info.exe folder.htt 480 480 ====== Popis datoteka / mapa kreirana u zadnjih 1 mjesec ====== 2008-10-16 15:56:08 ---- D ---- C: \ rsit 2008-10-16 15:19:05 ---- D ---- C: \ _OTMoveIt 2008-10-16 14:07:16 ---- D ---- C: \ Program Files \ Sigurnost Panda 2008-10-16 13:48:04 ---- A ---- C: \ WINDOWS \ system32 \ CF23987.exe 2008-10-16 13:47:57 ---- A ---- C: \ Bug.txt 2008-10-16 13:20:06 ---- D ---- C: \ VundoFix sigurnosne kopije 2008-10-16 13:20:06 ---- A ---- C: \ VundoFix.txt 2008-10-16 12:26:25 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-10-16 12:25:40 ---- D ---- C: \ Program Files \ SUPERAntiSpyware 2008-10-16 12:25:39 ---- D ---- C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com 2008-10-16 12:25:12 ---- D ---- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008-10-16 11:20:45 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallKB956803 2008-10-16 11:20:36 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallKB956391 2008-10-16 11:20:27 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallKB957095 2008-10-16 11:17:11 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallKB954211 2008-10-16 11:16:54 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallKB956841 2008-10-16 11:08:22 ---- D ---- C: \ WINDOWS \ system32 \ N360_BACKUP 2008-10-16 10:48:03 DC ---- ---- C: \ WINDOWS \ system32 \ DRVSTORE 2008-10-16 10:47:42 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008-10-16 10:24:37 ---- D ---- C: \ Program Files \ Windows Sidebar 2008-10-16 10:24:06 ---- D ---- C: \ Program Files \ Norton 360 2008-10-16 10:22:49 ---- A ---- C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008-10-15 17:26:20 ---- D ---- C: \ Program Files \ NoNAV 2008-10-15 16:41:28 ---- D ---- C: \ SymNoNav 2008-10-15 16:22:38 ---- D ---- C: \ WINDOWS \ LMI42.tmp 2008-10-15 15:10:33 ---- D ---- C: \ Program Files \ Trend Micro 2008-10-11 12:25:41 ---- D ---- C: \ WINDOWS \ nedjelja 2008-10-11 12:25:41 ---- D ---- C: \ Documents and Settings \ Owner \ Application Data \ nedjelja 2008-10-11 12:00:57 ---- D ---- C: \ Program Files \ CCleaner 2008-10-11 11:38:42 ---- D ---- C: \ Documents and Settings \ Owner \ Application Data \ Malwarebytes 2008-10-11 11:38:37 ---- D ---- C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa 2008-10-11 11:38:37 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes ====== Popis datoteka / mapa modificirana u zadnjih 1 mjesec ====== 2008-10-16 15:44:12 ---- D ---- C: \ Program Files \ Common Files \ Symantec Shared 2008-10-16 15:43:38 ---- D ---- C: \ WINDOWS \ Temp 2008-10-16 15:27:24 ---- D ---- C: \ WINDOWS \ system32 \ Catroot2 2008-10-16 15:25:42 ---- A ---- C: \ WINDOWS \ SchedLgU.Txt 2008-10-16 15:12:27 ---- A ---- C: \ WINDOWS \ hpbafd.ini 2008-10-16 15:12:19 ---- A ---- C: \ WINDOWS \ system32 \ NTS5CSET.INI 2008-10-16 15:05:13 ---- D ---- C: \ WINDOWS 2008-10-16 14:13:35 ---- D ---- C: \ Windows \ System32 \ Drivers 2008-10-16 14:07:16 RD ---- ---- C: \ Program Files 2008-10-16 14:07:16 HD ---- ---- C: \ WINDOWS \ inf 2008-10-16 14:06:35 SD ---- ---- C: \ WINDOWS \ Downloaded Program Files 2008-10-16 13:49:56 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Google Updater 2008-10-16 13:48:11 ---- D ---- C: \ WINDOWS \ system32 2008-10-16 12:26:10 ---- SHD ---- C: \ Windows \ Installer 2008-10-16 12:25:12 ---- D ---- C: \ Program Files \ Common Files 2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Minidump 2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Debug 2008-10-16 11:20:47 ---- RSHDC ---- C: \ WINDOWS \ system32 \ dllcache 2008-10-16 11:20:43 HD ---- ---- C: \ WINDOWS \ $ $ hf_mig 2008-10-16 11:20:07 ---- D ---- C: \ Program Files \ Internet Explorer 2008-10-16 11:19:54 ---- D ---- C: \ WINDOWS \ ie7updates 2008-10-16 11:19:07 ---- A ---- C: \ WINDOWS \ win.ini 2008-10-16 11:08:11 ---- D ---- C: \ Documents and Settings \ Owner \ Application Data \ Symantec 2008-10-16 11:04:17 ---- D ---- C: \ Program Files \ Symantec 2008-10-16 11:01:12 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008-10-16 10:46:55 ---- D ---- C: \ WINDOWS \ prefekt 2008-10-15 17:42:01 ---- D ---- C: \ Documents and Settings 2008-10-15 15:38:45 ---- D ---- C: \ WINDOWS \ WinSxS 2008-10-15 15:38:45 ---- D ---- C: \ Program Files \ Common Files \ Microsoft Shared 2008-10-15 14:55:27 ---- D ---- C: \ WINDOWS \ system32 \ restore 2008-10-15 13:23:32 ---- A ---- C: \ WINDOWS \ PCW120.ini 2008-10-15 13:23:22 ---- D ---- C: \ SHAREDAT 2008-10-14 14:58:10 ---- D ---- C: \ Shardata 2008-10-11 11:30:23 ---- SHD ---- C: \ System Volume Information 2008-10-07 15:19:40 ---- A ---- C: \ WINDOWS \ system32 \ MRT.exe 2008-10-03 13:41:15 ---- A ---- C: \ WINDOWS \ system32 \ ieframe.dll 2008-09-24 08:36:56 ---- D ---- C: \ Program Files \ Common Files \ Breskve ====== Popis vozača (R = Trčanje, S = zaustavljen, 0 = Boot, 1 = System, Auto-2 =, 3 = Demand, 4 = Disabled )====== R1 AmdPPM; AMD Processor Driver HwPState; C: \ Windows \ System32 \ Drivers \ AmdPPM.sys [2007-04-16 33792] R1 eeCtrl; Symantecovu gumicu za kontrolu vozača; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ eeCtrl.sys [] R1 InCDPass; InCDPass; C: \ Windows \ System32 \ Drivers \ InCDPass.sys [2003-09-01 28528] R1 incdrm; InCD Reader EasyWrite; C: \ Windows \ System32 \ Drivers \ incdrm.sys [2003-08-21 25520] R1 SASDIFSV; SASDIFSV; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [] R1 SASKUTIL; SASKUTIL; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.sys [] R1 SPBBCDrv; SPBBCDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCDrv.sys [] R1 SRTSPX; SRTSPX; C: \ WINDOWS \ System32 \ Drivers \ SRTSPX.SYS [2008-01-31 43696] R1 SYMTDI; SYMTDI; C: \ WINDOWS \ System32 \ Drivers \ SYMTDI.SYS [2008-06-13 184240] R2 CO_Mon; CO_Mon; \? \ C: \ Windows \ System32 \ Drivers \ CO_Mon.sys [] R2 mdmxsdk; mdmxsdk; C: \ Windows \ System32 \ Drivers \ mdmxsdk.sys [2004-03-17 13059] R2 tmcomm; tmcomm; \? \ C: \ Windows \ System32 \ Drivers \ tmcomm.sys [] R3 ALCXWDM; Servis za Realtek AC97 Audio (WDM); C: \ Windows \ System32 \ Drivers \ ALCXWDM.SYS [2004-11-18 2297664] R3 Arp1394; 1394 ARP Client Protocol; C: \ Windows \ System32 \ Drivers \ arp1394.sys [2008-04-13 60800] R3 ati2mtag; ati2mtag; C: \ Windows \ System32 \ Drivers \ ati2mtag.sys [2006-02-21 1505792] R3 COH_Mon; COH_Mon; \? \ C: \ Windows \ System32 \ Drivers \ COH_Mon.sys [] R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ EraserUtilRebootDrv.sys [] R3 GEARAspiWDM; OPREMA ASPI Filter Driver; C: \ WINDOWS \ System32 \ Drivers \ GEARAspiWDM.sys [2008-04-17 15464] R3 HSF_DP; HSF_DP; C: \ Windows \ System32 \ Drivers \ HSF_DP.sys [2004-06-17 1041536] R3 HSFHWBS2; HSFHWBS2; C: \ Windows \ System32 \ Drivers \ HSFHWBS2.sys [2004-06-17 220032] R3 NAVENG; NAVENG; \? \ C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVENG.SYS [] R3 NAVEX15; NAVEX15; \? \ C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVEX15.SYS [] R3 NIC1394; 1394 Neto Vozač, C: \ Windows \ System32 \ Drivers \ nic1394.sys [2008-04-13 61824] R3 rtl8139; Realtek RTL8139 (A / B / C)-based PCI Fast Ethernet adapter NT Vozač, C: \ Windows \ System32 \ Drivers \ RTL8139.SYS [2004-08-04 20992] R3 SASENUM; SASENUM; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [] R3 SRTSP; SRTSP; C: \ WINDOWS \ System32 \ Drivers \ SRTSP.SYS [2008-01-31 279088] R3 SunkFilt; Alcor Corp Micro Reader; \? \ C: \ WINDOWS \ System32 \ Drivers \ sunkfilt.sys [] R3 SYMDNS; SYMDNS; C: \ WINDOWS \ System32 \ Drivers \ SYMDNS.SYS [2008-06-13 13616] R3 SymEvent; SymEvent; \? \ C: \ Windows \ System32 \ Drivers \ SYMEVENT.SYS [] R3 SYMFW; SYMFW; C: \ WINDOWS \ System32 \ Drivers \ SYMFW.SYS [2008-06-13 96432] R3 SYMIDS; SYMIDS; C: \ WINDOWS \ System32 \ Drivers \ SYMIDS.SYS [2008-06-13 38576] R3 SYMIDSCO; SYMIDSCO; \? \ C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ SYMANT ~ 1 \ SymcData \ ipsdefs \ 20081014.001 \ SymIDSCo.sys [] R3 SymIMMP; SymIMMP; C: \ Windows \ System32 \ Drivers \ SymIM.sys [2008-06-13 31280] R3 SYMNDIS; SYMNDIS; C: \ WINDOWS \ System32 \ Drivers \ SYMNDIS.SYS [2008-06-13 37424] R3 SYMREDRV; SYMREDRV; C: \ WINDOWS \ System32 \ Drivers \ SYMREDRV.SYS [2008-06-13 22320] R3 usbehci; Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C: \ Windows \ System32 \ Drivers \ usbehci.sys [2008-04-13 30208] R3 usbhub; USB2 Omogućene Hub; C: \ Windows \ System32 \ Drivers \ usbhub.sys [2008-04-13 59520] R3 usbohci; Microsoft USB Open Host Controller Miniport Driver; C: \ Windows \ System32 \ Drivers \ usbohci.sys [2008-04-13 17152] R3 USBSTOR; USB Mass Storage Driver; C: \ Windows \ System32 \ Drivers \ USBSTOR.SYS [2008-04-13 26368] R3 winachsf; winachsf; C: \ Windows \ System32 \ Drivers \ HSF_CNXT.sys [2004-06-17 685056] R4 InCDfs; InCD File System; C: \ Windows \ System32 \ Drivers \ InCDfs.sys [2003-09-01 88800] S1 P3; Intel Processor Driver PentiumIII; C: \ Windows \ System32 \ Drivers \ p3.sys [2008-04-13 42752] S3 Bridge; MAC Bridge; C: \ Windows \ System32 \ Drivers \ bridge.sys [2008-04-13 71552] S3 BridgeMP; MAC Bridge Miniport; C: \ Windows \ System32 \ Drivers \ bridge.sys [2008-04-13 71552] S3 mxnic; Macronix MX987xx Family Fast Ethernet Driver NT; C: \ Windows \ System32 \ Drivers \ mxnic.sys [2001-08-17 19968] S3 NV; NV; C: \ Windows \ System32 \ Drivers \ nv4_mini.sys [2004-08-04 1897408] S3 SRTSPL; SRTSPL; C: \ WINDOWS \ System32 \ Drivers \ SRTSPL.SYS [2008-01-31 317616] S3 SymIM; Symantec Network Security Intermediate Filter Service; C: \ Windows \ System32 \ Drivers \ SymIM.sys [2008-06-13 31280] S3 usbuhci; Microsoft USB Universal Host Controller Miniport Driver; C: \ Windows \ System32 \ Drivers \ usbuhci.sys [2008-04-13 20608] S3 VNUSB; VN serije uređaja; C: \ Windows \ System32 \ Drivers \ VNUSB.sys [2003-12-15 38448] S3 wanatw; WAN Miniport (ATW); C: \ Windows \ System32 \ Drivers \ wanatw4.sys [] S3 WudfPf; Windows Driver Foundation - User-mode Driver Framework Platforma Driver; C: \ Windows \ System32 \ Drivers \ WudfPf.sys [2006-09-28 77568] S3 WudfRd; Windows Driver Foundation - User-mode Driver Framework Reflektor; C: \ Windows \ System32 \ Drivers \ wudfrd.sys [2006-09-28 82944] S4 sr; System Restore Filter Driver; C: \ Windows \ System32 \ Drivers \ sr.sys [2008-04-13 73472] ====== Popis usluga (R = Trčanje, S = zaustavljen, 0 = Boot, 1 = System, Auto-2 =, 3 = Demand, 4 = Disabled )====== R2 ati brza tipka Poller; ati brza tipka Poller; C: \ WINDOWS \ system32 \ Ati2evxx.exe [2006-02-21 405504] R2 Automatski LiveUpdate Planer; Automatski LiveUpdate Planer; C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe [2008-02-21 238968] R2 ccEvtMgr; Symantec Event Manager; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 ccSetMgr; Symantec Settings Manager; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 CLTNetCnService; Symantecovu Lic NetConnect usluge; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 gusvc; Google Updater Service; C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe [2007-06-04 138680] R2 InCDsrv; InCD File System Service; C: \ Program Files \ ispred \ InCD \ InCDsrv.exe [2003-09-01 798772] R2 LiveUpdate nota; LiveUpdate nota; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 MDM; Machine Debug Manager; C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE [2003-06-19 322120] R2 PrismXL; PrismXL; C: \ Program Files \ Common Files \ Novi granični \ PrismXL \ PRISMXL.SYS [2005-01-28 172032] S3 aspnet_state; ASP.NET State Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v1.1.4322 \ aspne t_state.exe [2004-07-15 32768] S3 comHost; COM Host; C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe [2007-08-22 55640] S3 LiveUpdate; LiveUpdate; C: \ Program Files \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE [2008-09-05 3220856] S3 ose; Office Source Engine; C: \ Program Files \ Common Files \ Microsoft Shared \ Source Engine \ OSE.EXE [2003-07-28 89136] S3 Symantec Core LC; Symantec Core LC, C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe [2008-10-16 1245064] S3 WMPNetworkSvc; Windows Media Player Network Sharing Service; C: \ Program Files \ Windows Media Player \ WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc; Windows Driver Foundation - User-mode Driver Framework, C: \ WINDOWS \ system32 \ Svchost.exe [2008-04-13 14336] ----------------- ----------------- EOF |
|
#7
16. listopad 2008, 13:50
| |||
| |||
| Što god da učinim ne mogu odstraniti TROJAN.VUNDO.H Taj digestp.dll još uvijek nije otišao. Prvo: Preuzimanje Onemogući / Remove Windows Messenger na radnu površinu da uklonite Windows Messenger. Nemojte brkati Windows Messenger s MSN Messenger jer nisu isti. Windows Messenger jedan je od čestih uzroka popups. Otvoriti rajsfešlus datoteku na radnu površinu. Otvori MessengerDisable.exe dno, te odaberite okvir -- Deinstalirajte Windows Messenger i kliknite Primijeniti. Izlaz iz MessengerDisable zatim izbrišite dvije datoteke koje su stavili na radnoj površini. ---------- Napomena: se upute u nastavku su izrađene specijalno za ovog korisnika. Ukoliko niste u ovom, NE slijedite ove smjerove, jer bi mogao oštetiti djelovanju vašeg sustava Idi na Start> Run i tip notepad.exe zatim pritisnite U redu Kopirajte i zalijepite niže u Notepad i spremite kao fixme.reg da svoju Desktop Code: REGEDIT4 [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ MSMSGS] [-- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Obavijesti \ paubftzz] Pobrinite se da ćete mi reći ako primite poruku o uspjehu dodavši gore u registar. Ako ne dobijete poruku uspjeh, on nije 'funkcionirati. Brisanje fixme.reg iz Desktop. ---------- Vaš Java je zastarjela. Starije verzije imaju propusta koji zlonamjernim web stranice možete koristiti za zaraziti sustav. Prvo instalirajte novi Nedjelja Java Runtime Environment Budite sigurni da zatvorite sve prozore preglednika prije nego počnu instalirati. Izvadite staru verziju (s) Preuzimanje JavaRa
Sumnjive datoteke za skeniranje Molimo otiđite na VirSCAN.org SLOBODNA on-line uslugu skeniranja (Ako više od jedne datoteke treba skenirati moraju biti gotovi i odvojeno za svaku logove posted jedan) 1. Kopirajte i zalijepite sljedeći put u datoteku Sumnjive datoteke za skeniranje okvir na vrhu stranice. Code: C: \ WINDOWS \ system32 \ CF23987.exe 3. Press Ctrl + V na tipkovnici (oba u isto vrijeme) za lijepljenje put datoteke u prozoru. 4. Kliknite na Upload gumb. Time će se izvesti na više različitih scan virus skeniranje motora. Vaša datoteka će možda biti unesen u red čekanja na koji normalno traje manje od minute za brisanje. Važno: Pričekajte za sve od motora do skeniranje završi. 5. Nakon što je završio Scan pomaknite se dolje i kliknite na Kopiraj u međuspremnik gumb. To će kopirati link u izvješću u međuspremnik. 6. Lijepljenje sadržaja međuspremnika u sljedeći odgovor. ---------- Nakon objavljivanja u VirSCAN.org rezultata. Preuzimanje ATF čistiju by Atribune na svoj Desktop. Alternate download link Napomena: Vista korisnici moraju koristiti Pokreni kao administrator
Važno: Ponovo pokrenite računalo prije nego što nastavite.
__________________ |
|
#8
16. listopad 2008, 14:39
| |||
| |||
| Što god da učinim ne mogu odstraniti TROJAN.VUNDO.H 1. Uspjeh u Fixme.reg 2. Zatim tu su 2 log datoteka koje me htjeli poslati A. JavaRa 1,11 Uklanjanje Log. Izvješće slijedi nakon liniju. ------------------------------------ The removal JavaRa proces je započeo čet listopad 16 17:23:09 2008 Pronađeno i uklonjeno: C: \ Windows \ System32 \ jpicpl32.cpl Pronađeno i uklonjeno: C: \ Windows \ Installer \ (7148F0A8-6813-11D6-A77B-00B0D0142000) Pronađeno i uklonjeno: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1,4 Pronađeno i uklonjeno: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstal l \ (7148F0A8-6813-11D6-A77B-00B0D0142000) Pronađeno i uklonjeno: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA) Pronađeno i uklonjeno: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB) Pronađeno i uklonjeno: SOFTWARE \ Classes \ Installer \ Products \ 8A0F841731866D 117AB7000B0D410200 Pronađeno i uklonjeno: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installe r \ userdata \ S-1-5-18 \ Products \ 8A0F841731866D117AB7000B0D410200 Pronađeno i uklonjeno: SOFTWARE \ Classes \ JavaPlugin.142 Pronađeno i uklonjeno: SOFTWARE \ JavaSoft \ Java Plug-in \ 1.4.2 Pronađeno i uklonjeno: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1.4.2 Pronađeno i uklonjeno: SOFTWARE \ JavaSoft \ Java Web Start \ 1.4.2 Pronađeno i uklonjeno: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1 Pronađeno i uklonjeno: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_02 Pronađeno i uklonjeno: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_03 Pronađeno i uklonjeno: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_04 Pronađeno i uklonjeno: SOFTWARE \ JavaSoft \ Java Web Start \ 1,2 Pronađeno i uklonjeno: SOFTWARE \ JavaSoft \ Java Web Start \ 1.2.0_01 ------------------------------------ Gotovi izvješćivanje. Uklanjanje JavaRa 1,11 log. Izvješće slijedi nakon liniju. ------------------------------------ The removal JavaRa proces je započeo čet listopad 16 17:23:18 2008 ------------------------------------ Gotovi izvješćivanje. B. VirSCAN. Org skenirane izvješće: Skenirane vrijeme: 2008/10/16 17:27:59 (EDT) Scanner rezultate: Svi Skeneri prijavljen zlonamjernih programa ne nađe! Naziv datoteke: CF23987.exe File Size: 389120 bajtova File Type: PE32 izvršnu za MS Windows (konzola) 80386 Intel 32-bitni MD5: b65faf059812f22a1058ecfcb520e47b SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f Online izvješća: http://virscan.org/report/36cd3be0f2...66947033e.html Scanner Engine Ver Ver Sig Sig Datum Vrijeme Scan rezultat A-kvadratna 4.0.0.16 2008.10.15 2008-10-15 1,54 -- AhnLab V3 ... .. - 0,18 -- AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 -- Antiy 2.0.18 20081016,1488960 2008-10-16 0,12 -- Arcavir 1.0.5 200810161244 2008-10-16 1,23 -- Authentium 5.1.1 200810150216 2008-10-15 1,17 -- AVAST! 3.0.1 081015-0 2008-10-15 0,72 -- AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 -- BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 -- CA (VET) 9.0.0.143 31.6.6151 2008-10-16 5,37 -- Clamav 0,94 8435 2008 -10-17 0,13 -- COMODO 2,11 2.0.0.678 2008-10-16 0,44 -- CP Secure 1.1.0.715 2008.10.17 2008-10-17 6,26 -- Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3,41 -- ewido 4.0.0.2 2008.10.16 2008-10-16 2,90 -- F-Prot 4.4.4.56 20081016 2008-10-16 1,19 -- F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 -- Fortinet 2.81-3.113 9,647 2008-10-15 0,23 -- GData 19.1058/19.65 20081016 2008-10-16 2,65 -- ViRobot 20081016 2008.10.16 2008-10-16 0,40 -- Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 -- JiangMin 11.0.706 2008.10.16 2008-10-16 1,26 -- Kaspersky 5.5.10 2008.10.16 2008-10-16 0,04 -- KingSoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 -- McAfee 5.3.00 5406 2008-10-15 2,13 -- Microsoft 1,4005 2008.10.16 2008-10-16 3,93 -- mks_vir 2,01 2008.10.16 2008-10-16 2,75 -- Norman 5.93.01 5.93.00 2008-10-16 5,21 -- Panda 9.05.01 2008.10.16 2008-10-16 2,28 -- Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 -- Quick Iscijeli 9,50 2008.10.16 2008-10-16 1,99 -- Pjenje 20,0 20.66.32.00 2008-10-16 0,77 -- Sophos 2.79.0 4,34 2008-10-17 1,86 -- Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 -- Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 -- nProtect 2008-10-16.00 2247055 2008-10-16 4,22 -- The Hacker 6.3.1.0 v00116 2008-10-16 0,45 -- VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 -- VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 -- |
|
#9
16. listopad 2008, 14:41
| |||
| |||
| Što god da učinim ne mogu odstraniti TROJAN.VUNDO.H Download ComboFix by sUBs jedan od linkova ispod. Budite sigurni da ste na vrhu u Desktop. Link # 1 Link # 2 ** Napomena: Važno je da se sprema izravno na svoj Desktop Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka ComboFix. Privremeno onemogućiti tvoj AntiVirus, A svaka protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan. Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih. Dvaput kliknite combofix.exe i slijedite upute. Kada završite ComboFix će proizvesti prijava za vas. Objaviti ComboFix log u sljedećem odgovoru. Važno: Ne mouseclick ComboFix's prozor dok je pokrenut. Svibanj uzrokovati da ga zatajiti. Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski ComboFix zaštita kada je završeno.
__________________ |
|
#10
16. listopad 2008, 15:11
| |||
| |||
| Što god da učinim ne mogu odstraniti TROJAN.VUNDO.H ComboFix 08-10-16.01 - Vlasnik 2008-10-16 17:52:25.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00] Running from: C: \ Documents and Settings \ Owner \ Desktop \ ComboFix.exe * Created novu točku vraćanja . Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ jestertb.dll D: \ Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008/09/16 da 2008/10/16 ))))))))))) )))))))))))))))))))) . 2008-10-16 16:16. 2008-10-16 16:17 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ WinZip 2008-10-16 15:56. 2008-10-16 16:23 <DIR> d -------- C: \ rsit 2008-10-16 15:19. 2008-10-16 15:19 <DIR> d -------- C: \ _OTMoveIt 2008-10-16 14:07. 2008-10-16 14:07 <DIR> d -------- C: \ Program Files \ Sigurnost Panda 2008-10-16 14:07. 2008-06-19 17:24 28.544 - a ------ C: \ Windows \ System32 \ Drivers \ pavboot.sys 2008-10-16 13:20. 2008-10-16 13:20 <DIR> d -------- C: \ VundoFix sigurnosne kopije 2008-10-16 12:26. 2008-10-16 12:26 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-10-16 12:25. 2008-10-16 13:40 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware 2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com 2008-10-16 11:08. 2008-10-16 11:08 <DIR> d -------- C: \ WINDOWS \ system32 \ N360_BACKUP 2008-10-16 10:48. 2008-10-16 10:48 <DIR> d c --- ---- C: \ WINDOWS \ system32 \ DRVSTORE 2008-10-16 10:47. 2008-10-16 10:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008-10-16 10:24. 2008-10-16 10:24 <DIR> d -------- C: \ Program Files \ Windows Sidebar 2008-10-16 10:24. 2008-10-16 11:44 <DIR> d -------- C: \ Program Files \ Norton 360 2008-10-16 10:22. 2008-10-16 11:04 123.952 - a ------ C: \ Windows \ System32 \ Drivers \ SYMEVENT.SYS 2008-10-16 10:22. 2008-10-16 11:04 60.800 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008-10-16 10:22. 2008-10-16 11:04 10.671 - a ------ C: \ Windows \ System32 \ Drivers \ SYMEVENT.CAT 2008-10-16 10:22. 2008-10-16 11:04 805 - a ------ C: \ Windows \ System32 \ Drivers \ SYMEVENT.INF 2008-10-16 10:16. 2008-09-08 06:41 333.824 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ srv.sys 2008-10-16 10:15. 2008-08-14 06:11 2.189.184 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe 2008-10-16 10:15. 2008-08-14 06:09 2.145.280 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe 2008-10-16 10:15. 2008-08-14 05:33 2.066.048 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe 2008-10-16 10:15. 2008-08-14 05:33 2.023.936 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe 2008-10-16 10:15. 2008-09-15 08:12 1.846.400 --- C ----- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys 2008-10-16 10:09. 2008-10-16 10:10 <DIR> d -------- C: \ Documents and Settings \ Administrator \. Housecall6.6 2008-10-15 17:42. 2004-08-27 05:54 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS 2008-10-15 17:42. 2005-01-28 05:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SampleView 2008-10-15 17:42. 2005-01-28 05:26 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ McAfee 2008-10-15 17:42. 2008-10-15 17:42 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes 2008-10-15 17:42. 2008-10-16 10:09 <DIR> d -------- C: \ Documents and Settings \ Administrator 2008-10-15 17:26. 2008-10-15 17:26 <DIR> d -------- C: \ Program Files \ NoNAV 2008-10-15 16:41. 2008-10-15 17:26 <DIR> d -------- C: \ SymNoNav 2008-10-15 16:22. 2008-10-15 17:27 <DIR> d -------- C: \ WINDOWS \ LMI42.tmp 2008-10-15 15:10. 2008-10-15 15:10 <DIR> d -------- C: \ Program Files \ Trend Micro 2008-10-11 13:05. 2008-10-11 12:33 102.664 - a ------ C: \ Windows \ System32 \ Drivers \ tmcomm.sys 2008-10-11 12:33. 2008-10-15 15:21 <DIR> d -------- C: \ Documents and Settings \ Owner \. Housecall6.6 2008-10-11 12:25. 2008-10-11 12:25 <DIR> d -------- C: \ WINDOWS \ nedjelja 2008-10-11 12:00. 2008-10-11 12:01 <DIR> d -------- C: \ Program Files \ CCleaner 2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa 2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ Owner \ Application Data \ Malwarebytes 2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-10-11 11:38. 2008-09-10 00:04 38.528 - a ------ C: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys 2008-10-11 11:38. 2008-09-10 00:03 17.200 - a ------ C: \ Windows \ System32 \ Drivers \ mbam.sys 2008-09-23 13:17. 2008-09-23 13:17 133 - a ------ C: \ Documents and Settings \ All Users \ Application Data \ ustore.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-16 21:53 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared 2008-10-16 17:49 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Google Updater 2008-10-16 15:08 --------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ Symantec 2008-10-16 15:04 --------- d ----- w C: \ Program Files \ Symantec 2008-10-16 15:01 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008-09-24 12:36 --------- d ----- w C: \ Program Files \ Common Files \ Breskve 2008-09-08 10:41 333.824 AW ---- C: \ Windows \ System32 \ Drivers \ srv.sys 2008-08-19 10:32 --------- d ----- w C: \ Program Files \ Microsoft Silverlight 2005-10-20 18:06 76-c ---- w C: \ Documents and Settings \ Owner \ Application Data \ wklnhst.dat 2005-05-27 00:43 0-csha-w C: \ WINDOWS \ SMINST \ HPCD.sys 2008-05-24 13:39 32.768-csha-w C: \ Windows \ System32 \ Config \ systemprofile \ Local Settings \ Povijest \ History.IE5 \ MSHist012008052420080 525 \ Index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & čitljiv default unose se ne prikazuju REGEDIT4 [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] 2004-08-04 15:00 105984 - a ------ C: \ Windows \ system32 \ digestp.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shelliconoverlayidentifiers \ ov erlayExcluded] @ = "(4433A54A-1AC8-432F-90FC-85F045CF383C)" [HKEY_CLASSES_ROOT \ CLSID \ (4433A54A-1AC8-432F-90FC-85F045CF383C)] 2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shelliconoverlayidentifiers \ ov erlayPending] @ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)" [HKEY_CLASSES_ROOT \ CLSID \ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)] 2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shelliconoverlayidentifiers \ ov erlayProtected] @ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)" [HKEY_CLASSES_ROOT \ CLSID \ (476D0EA3-80F9-48B5-B70B-05E677C9C148)] 2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-13 15360] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2008-05-28 1506544] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2005-01-28 98304] "Adobe Photo Downloader" = "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2008-01-11 39792] "TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-04-19 185896] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2008-02-18 51048] "osCheck" = "C: \ Program Files \ Norton 360 \ osCheck.exe" [2008-02-26 988512] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Uređaj Detektor 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe [2007-06-27 114688] Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe [2007-06-04 125624] Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [2000-01-21 65588] WinZip Quick Pick.lnk - C: \ Program Files \ WinZip \ WZQKPICK.EXE [2008-09-11 525664] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon] 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \ paubftzz] 2004-08-04 15:00 105984 C: \ WINDOWS \ system32 \ digestp.dll [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ BigFix.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ BigFix.lnk backup = C: \ WINDOWS \ PSS \ Startup BigFix.lnkCommon [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings All Users ^ ^ Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = C: \ WINDOWS \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ATIPTA] - A - C --- 2004-11-12 01:10 344064 C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ccApp] - a ------ 2008-02-18 15:37 51048 C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Ctfmon.exe] - a ------ 2008-04-13 20:12 15360 C: \ WINDOWS \ system32 \ Ctfmon.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ InCD] - a ------ 2003-09-01 09:32 1200178 C: \ Program Files \ ispred \ InCD \ InCD.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroCheck] - a ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroFilterCheck] - a ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Recguard] - A - C --- 2002-09-13 16:42 212992 C: \ WINDOWS \ SMINST \ Recguard.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl] - A - C --- 2003-10-31 23:42 32768 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SunKistEM] - A - C --- 2004-11-15 19:04 135168 C: \ Program Files \ Digital Media Reader \ shwiconEM.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ UpdateManager] - A - C --- 2003-08-19 01:01 110592 C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CHotkey] - A - C --- 2004-05-17 22:30 543232 C: \ WINDOWS \ zHotkey.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ShowWnd] - A - C --- 2003-09-19 13:09 36864 C: \ WINDOWS \ ShowWnd.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SoundMan] - A - C --- 2004-11-15 23:20 77824 C: \ WINDOWS \ SOUNDMAN.EXE [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = R0 pavboot; pavboot; C: \ Windows \ System32 \ Drivers \ pavboo t.sys [2008-06-19 28544] R0 shsizubv; shsizubv; C: \ Windows \ System32 \ Drivers \ shsi zubv.sys [2004-08-04 23424] S3 COH_Mon; COH_Mon; C: \ Windows \ System32 \ Drivers \ COH_Mo n.sys [2008-07-30 23888] S3 VNUSB; VN serije uređaja; C: \ Windows \ System32 \ Drivers \ VNUSB.sys [2003-12-15 38448] HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs qfbydciq [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)] \ Shell \ autorun \ naredbu - C: \ WINDOWS \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-b301-806d6172696f)] \ Shell \ autorun \ naredbu - C: \ WINDOWS \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Info.exe folder.htt 480 480 * Nedavno Created Service * - COMHOST * Nedavno Created Service * - PROCEXP90 . Sadržaj je 'Scheduled Tasks' folder 2008/10/12 C: \ WINDOWS \ Tasks \ Automatski Full Backup.job - C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10] 2008/10/15 C: \ WINDOWS \ Tasks \ Dnevne Changed Files.job - C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10] 2008/10/11 C: \ WINDOWS \ Tasks \ PEACTREE TJEDNI BACK UP.job - C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10] . - - - - Orphans Odstranjena - - - -- Toolbar-ID - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main, Start Page = hxxp: / / www.emachines.com/ R0 -: HKCU-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q = () searchTerms & sourceid = IE7 & rls = com.micros čest: en-US & ie = UTF8 & OE = UTF8 R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s O8 -: I & zvezi u Microsoft Excel - C: \ programa ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000 . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net Rootkit scan 2008-10-16 17:54:24 5/1/2600 Windows Service Pack 3 NTFS skeniranja skrivenih procesa ... skeniranja skrivenih autostart entries ... skeniranja skrivenih datoteka ... scan uspješno završena skrivenih datoteka: 0 ************************************************** ************************ . Completion time: 2008-10-16 17:56:31 ComboFix-u karanteni-files.txt 2008-10-16 21:56:27 Pre-Run: 142914838528 bytes free Post-Run: 142911078400 bytes free WindowsXP-KB310994-SP2-Home-Bootdisk-enu.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S [operating systems] C: \ CMDCONS \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = OptIn / fastdetect 208 --- EOF --- 2008-10-16 15:20:49 |
|
| |
| Bookmarks |
Slične teme | ||||
| Nit | Temu Započeo | Forum | Odgovori | Zadnji Post |
| Trojanski Vundo.H neće otići. | jbrac25 | Virus, Spyware i sigurnost | 6 | 15. svibanj 2009 13:12 |
| Need Help ... Ne može se odstraniti TROJAN.VUNDO.H. | sukun | Virus, Spyware i sigurnost | 1 | 2. svibanj 2009 16:27 |
| Ne mogu se odstraniti iz moj PC TROJAN.VUNDO.H | theprodigycmb | Virus, Spyware i sigurnost | 13 | 16. ožujak 2009 16:40 |
| Need Help w / Trojan.Vundo H! | Nicholas02 | Virus, Spyware i sigurnost | 22 | 22. prosinac 2008 17:59 |
| Trojan.vundo.h, trojan.agent, adware.mirar + više! : ( | sillyarfer | Virus, Spyware i sigurnost | 1 | 14. prosinac 2008 09:59 |
| Thread Tools | |
| |
