Hijackthis

Potrebujem pomoč, kaj lahko zbrišem? Imam polno enega “sranja”, kot npr. na namizuju ne morem spremeniti ozadja,…

Hvala, Tanja

Logfile of HijackThis v1.99.1
Scan saved at 11:38:34, on 2.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\efsdfgxg.exe
C:\windows\antyvirk.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\winstall.exe
C:\winstall.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Igor\Local Settings\Temp\Začasen imenik 1 za hijackthis.zip\HijackThis.exe

O4 – HKLM\..\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE” /s
O4 – HKLM\..\Run: [lrlplk] c:\windows\system32\vrwevrt.exe
O4 – HKLM\..\Run: [TorontoMail] DCC_send.exe
O4 – HKLM\..\Run: [xsetup] MSTCPDLL.exe
O4 – HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 – HKLM\..\Run: [Explorer32] C:\WINDOWS\System32\efsdfgxg.exe
O4 – HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 – HKLM\..\Run: [AntyVirK] c:\windows\antyvirk.exe ukrt
O4 – HKLM\..\RunServices: [Explorer64] C:\WINDOWS\System32\efsdfgxg.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [WareOut] “C:\Program Files\WareOut\WareOut.exe”
O4 – HKCU\..\Run: [___] syspanel.exe
O4 – HKCU\..\Run: [AppMasterCenter] ATLIEHELPER.exe
O4 – HKCU\..\Run: [UserSp1] XTermInit.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 – HKCU\..\Run: [SNInstall] C:\winstall.exe
O8 – Extra context menu item: Add to AD Black List – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Block All Images from the Same Server – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Blokiraj vse slike s tega strežnika – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj na seznam reklam za blokiranje – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Highlight – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: I&zvoz v Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Išči – C:\Program Files\Avant Browser\Search.htm
O8 – Extra context menu item: Open All Links in This Page… – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Opri vse povezave na tej strani… – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Poudari – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Search – C:\Program Files\Avant Browser\Search.htm
O9 – Extra button: Raziskovanje – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 – DPF: {11311111-1551-1661-1771-000000000000} – ms-its:mhtml:file://c:\nosuch.mht!http://www.find-to-you.com/pics/winhelp.chm::/web.exe
O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 – DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) – http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 – DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) – http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 – DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) – http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{EFEF9559-6A71-4245-ACF8-A4D3E756CD23}: NameServer = 69.50.168.138,85.255.112.19
O20 – Winlogon Notify: style32 – C:\WINDOWS\
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Panda anti-virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe (file missing)

Ja res imaš kar nekaj sranja.

Sicer vidim, da imaš Pando in AVG7. Ali si posodobila definicije in pregledala računalo?

Drugače pa poglej tale post od Maxa , preglej najprej z TrndMicro online antivirusnim skenerjem (), nato si namesti SpyBot in Adware in preglej računalo še s tem.

Na koncu naredi še enkrat log in ga pripopaj, pa bomo pogledali.

Pa ne imej več kot enega protivirusnega na računalu.

Vsaj tole pa lahko komot zbrišeš:
O16 – DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 – DPF: {11311111-1551-1661-1771-000000000000} – ms-its:mhtml:file://c:\nosuch.mht!http://www.find-to-you.com/pics/winhelp.chm::/web.exe
O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll

Naredila vse kot si mi napisal, zdaj je takle izpis

Logfile of HijackThis v1.99.1
Scan saved at 15:17:35, on 2.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\efsdfgxg.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\winstall.exe
C:\winstall.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Igor\Local Settings\Temp\Začasen imenik 2 za hijackthis.zip\HijackThis.exe

O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\Spybot – Search & Destroy\SDHelper.dll
O4 – HKLM\..\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE” /s
O4 – HKLM\..\Run: [lrlplk] c:\windows\system32\vrwevrt.exe
O4 – HKLM\..\Run: [TorontoMail] DCC_send.exe
O4 – HKLM\..\Run: [xsetup] MSTCPDLL.exe
O4 – HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 – HKLM\..\Run: [Explorer32] C:\WINDOWS\System32\efsdfgxg.exe
O4 – HKLM\..\RunServices: [Explorer64] C:\WINDOWS\System32\efsdfgxg.exe
O4 – HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [WareOut] “C:\Program Files\WareOut\WareOut.exe”
O4 – HKCU\..\Run: [___] syspanel.exe
O4 – HKCU\..\Run: [AppMasterCenter] ATLIEHELPER.exe
O4 – HKCU\..\Run: [UserSp1] XTermInit.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\winstall.exe
O8 – Extra context menu item: Add to AD Black List – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Block All Images from the Same Server – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Blokiraj vse slike s tega strežnika – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj na seznam reklam za blokiranje – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Highlight – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: I&zvoz v Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Išči – C:\Program Files\Avant Browser\Search.htm
O8 – Extra context menu item: Open All Links in This Page… – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Opri vse povezave na tej strani… – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Poudari – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Search – C:\Program Files\Avant Browser\Search.htm
O9 – Extra button: Raziskovanje – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 – DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) – http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 – DPF: {11311111-1551-1661-1771-000000000000} – ms-its:mhtml:file://c:\nosuch.mht!http://www.find-to-you.com/pics/winhelp.chm::/web.exe
O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 – DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) – http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 – DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) – http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 – DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) – http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{EFEF9559-6A71-4245-ACF8-A4D3E756CD23}: NameServer = 69.50.168.138,85.255.112.19
O20 – Winlogon Notify: style32 – C:\WINDOWS\
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Panda anti-virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe (file missing)

Ni videt kaj dosti bolje 🙂

Najprej si naredi Restore point, če imaš XPje, potem pa pomeči ven tole, pa pripopaj še en log.

O4 – HKLM\..\Run: [lrlplk] c:\windows\system32\vrwevrt.exe
O4 – HKLM\..\Run: [TorontoMail] DCC_send.exe
O4 – HKLM\..\Run: [xsetup] MSTCPDLL.exe
O4 – HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 – HKLM\..\Run: [Explorer32] C:\WINDOWS\System32\efsdfgxg.exe
O4 – HKLM\..\RunServices: [Explorer64] C:\WINDOWS\System32\efsdfgxg.exe
O4 – HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -3
O4 – HKCU\..\Run: [WareOut] “C:\Program Files\WareOut\WareOut.exe”
O4 – HKCU\..\Run: [___] syspanel.exe
O4 – HKCU\..\Run: [AppMasterCenter] ATLIEHELPER.exe
O4 – HKCU\..\Run: [UserSp1] XTermInit.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\winstall.exe
O16 – DPF: {11311111-1551-1661-1771-000000000000} – ms-its:mhtml:file://c:\nosuch.mht!http://www.find-to-you.com/pics/winhelp.chm::/web.exe
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{EFEF9559-6A71-4245-ACF8-A4D3E756CD23}: NameServer = 69.50.168.138,85.255.112.19
O20 – Winlogon Notify: style32 – C:\WINDOWS\
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe (file missing)

sem blond Restore point????

Ne vem, si? 🙂

Drugače pa Start –> All Programs –> Accessories –> System Tools –> System Restore in namalaj pikico pri Create a restore point.

To najdeš le, če imaš Windowse XP in mislim da je tudi v tistemu pogrebu od Win ME.

Sem, sem orgn blond.

Sem naredila, pa mi je obnovitvena točka prav prišla, tisto sem pometala ven, pa mi potem Avant ni delal.

Še vedno se mi na namizju piše your sistem is infected, ozadja ne morem spremeniti in spysheriff se mi skoz nalaga….m.j.

hmmm hmmm, očitno nekaj ne delaš prav.

Že antivirus in antispy bi morala odstranit večino te nadloge, pa je v tvojem primeru nista. A Pando si kupila, al jo imaš kar tako gor?

Sicer pa poskusiva še enkrat.
Najprej odsurfaj na to stran in poskeniraj računalo.

SpyBot In Adware moraš imeti zadnje verzije in posodobljene definicije. Lahko si namestiš tudi Microsoftov AntySpyware , ki je tudi zelo uredu stvar.

Ko narediš vse skupej pa povej kako je s Pandi in pripopaj še en log.

Zivjo,
za prijatelja bi prosila, ce kdo pogleda kaj je treba zbrisat.
Hvala.

Scan saved at 22:26:32, on 16.1.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SiOL\ADSL\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\cidaemon.exe
C:\Documents and Settings\rok\Desktop\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.najdi.si/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.najdi.si/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 – URLSearchHook: AOLTBSearch Class – {EA756889-2338-43DB-8F07-D1CA6FB9C90D} – C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O4 – HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 – HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKLM\..\Run: [Corel Graphics Suite 1117] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe /title=”Corel Graphics Suite 11″ /date=012806 serial=DR11CRD-0012082-DGW
O4 – HKLM\..\Run: [XTNDConnect PC – ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 – HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 – HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 – HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 – HKLM\..\Run: [MessengerPlus3] “C:\Program Files\Messenger Plus! 3\MsgPlus.exe”
O4 – HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 – HKLM\..\Run: [zjqhxaj] c:\winnt\system32\zjqhxaj.exe
O4 – HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [AVGCtrl] “C:\Program Files\AVPersonal\AVGNT.EXE” /min
O4 – HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 – HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 – HKCU\..\Run: [LDM] \Program\
O4 – HKCU\..\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 – HKCU\..\Run: [Kwfowxk] C:\WINNT\system32\m?hta.exe
O4 – HKCU\..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 – HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 – Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 – Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 – Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: &AOL Toolbar Search – res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\WINNT\system32\msjava.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\WINNT\system32\msjava.dll
O9 – Extra button: AOL Toolbar – {3369AF0D-62E9-4bda-8103-B4C75499B578} – C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: AIM – {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} – C:\Program Files\AIM\aim.exe
O9 – Extra button: WeatherBug – {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} – C:\WINNT\System32\shdocvw.dll (HKCU)
O16 – DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) – http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 – DPF: {2AABC39C-B188-4E90-A343-966AFF556544} (FileSharingCtrl Class) – http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/sl/filesharingctrl.cab
O16 – DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) – http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 – DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) – http://by22fd.bay22.hotmail.msn.com/resources/MsnPUpld.cab
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131446752265
O16 – DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) – http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 – DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) – http://www.rubikon.si/scan/Msie/bitdefender.cab
O16 – DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) – http://213.157.224.17/activex/AxisCamControl.cab
O16 – DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) – http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 – DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) – http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 – DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) – http://www.ravantivirus.com/scan/ravonline.cab
O16 – DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) – http://www.worldwinner.com/games/shared/uninstall.cab
O16 – DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} (IERPCtl Class) – http://activex.microsoft.com/objects/ocget.dll
O18 – Protocol: bw+0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw+0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw-0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw-0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw00 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw00s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw10 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw10s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw20 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw20s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw30 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw30s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw40 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw40s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw50 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw50s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw60 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw60s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw70 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw70s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw80 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw80s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw90 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bw90s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwa0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwa0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwb0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwb0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwc0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwc0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwd0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwd0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwe0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwe0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwf0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwf0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwfile-8876480 – {9462A756-7B47-47BC-8C80-C34B9B80B32B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 – Protocol: bwg0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwg0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwh0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwh0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwi0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwi0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwj0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwj0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwk0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwk0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwl0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwl0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwm0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwm0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwn0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwn0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwo0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwo0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwp0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwp0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwq0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwq0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwr0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwr0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bws0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bws0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwt0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwt0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwu0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwu0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwv0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwv0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bww0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bww0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwx0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwx0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwy0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwy0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwz0 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: bwz0s – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 – Protocol: offline-8876480 – {296747EA-829F-4D2D-B002-B30A1448A575} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 – Service: Adobe LM Service – Unknown owner – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: AdobeVersionCue – Adobe Sytems – C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINNT\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINNT\system32\ati2sgag.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Logical Disk Manager Administrative Service (dmadmin) – VERITAS Software Corp. – C:\WINNT\System32\dmadmin.exe
O23 – Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) – SEIKO EPSON CORPORATION – C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 – Service: Evemsswt – SEIKO EPSON CORPORATION – (no file)
O23 – Service: PPPoE Service (PPPoEService) – Unknown owner – C:\PROGRA~1\SiOL\ADSL\app\pppoeservice.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINNT\system32\ZoneLabs\vsmon.exe

Najprej je najbolje, da si namesti kakšen antispyware program in preveri s tistim.

Od tega je ven za pometat :

O4 – HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 – HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 – HKLM\..\Run: [zjqhxaj] c:\winnt\system32\zjqhxaj.exe
O4 – HKCU\..\Run: [Kwfowxk] C:\WINNT\system32\m?hta.exe

Tole pa ni nič hudga, vendar če ne ve zakaj sploh ima, lahko komot ven pomeče :

O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 – Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\WINNT\system32\msjava.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\WINNT\system32\msjava.dll
O9 – Extra button: AIM – {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} – C:\Program Files\AIM\aim.exe
Vse kar je O16
O23 – Service: AdobeVersionCue – Adobe Sytems – C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe

Naj preveri pc s antispy programom, pomeče naj ven kar ostane, nato pa še enkrat pripopaj log.

Hvala ti hmm. tale log sva naredila vceraj po “sesanju z anti ” zadevicami. mu bom sporocila in ti posljem se en log.
lep pozdrav

Pestpatrol bi znal večino tega počistit 😉