Endless traži krijesnica ... i glupo ...

**Nikronius** · #1 5 siječnja 2008, 10:26

dobro, ja nikada pp od SEE ovaj prije, ali kad god sam kliknite na gumb traži od prozora i nešto traži da se čuva "u potrazi" za datoteke, čak i ako ja kliknite na gumb stop, Ja sam ne siguran ako je virus, ali stvarno mi smeta izazvati ako želim potrazi za drugu datoteku tada sam da zatvorite ovaj prozor i otvoriti ga opet ...

još jedna stvar koja čuva gnjavi me je da kad sam u Firefox za primjer, ako im gledate na youtube video full screen on ide na mali ekran u određeno vrijeme više ponovo ili ako sam tipkati nešto, za nekih misterioznih razloga JA licemjerje više vrsta, kao npr. ako sam odabrao drugi prozor ili nešto ... onda moram opet u Firefox kliknite za nastavak moje tipkati

(to se dogodilo više od 10 puta u samo ovaj mali poruka ... vozeći mene ispucan, Im telling you!)

moj pc djeluje čudno i kaže karpersky AntiVirus ja nemam ništa krivo ...

Sam raditi sa kompjuterima za dugo vremena sada, ali to je nešto što luka luka vidio i čuo još ... svibanj će im postaje paranoidan

**evilfantasy** · #2 5 siječnja 2008, 10:44

Omogućava se bliže izgled.

Preuzmite i preimenovanje HijackThis (HJT)

Dvaput kliknite na HJTInstall.
Kliknite na Instalacija gumb.
Bit će automatski HJT mjesto u C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Nakon instaliranja, HijackThis trebali otvoriti za vas.
- Zatvori HijackThis i preimenujte ga.
- Idi na C: \ Program Files \ Trend Micro \HijackThis.exe
- Desnom tipkom miša kliknite na HijackThis.exe i odaberite Preimenovanje.
- Upišite sniper.exe i pritisnite Enter.
- Desnom tipkom miša kliknite na sniper.exe i odaberite Pošalji na > Desktop (stvoriti prečac)
Iz otvorenih HiackThis desktop.
Ako koristite sustav Windows Vista, svakako Pokreni kao administrator
Kliknite na Da li je sustav skenirati i spremanje log datoteku button
HijackThis ce skenirati a zatim i prijava će se otvoriti u Notepad.
Kopirajte i zalijepite zatim se prijavite u vaš post.
- Nemate Hijackthis popraviti ništa još. Većina onoga što će se pronađe bezopasni ili čak zahtijeva.

Iako smo na Preimenovali HijackThis snajper, mi ćemo i dalje se odnosi na to kao HijackThis ili HJT.

**Nikronius** · #3 5 siječnja 2008, 11:08

To je ono što ja dobiti:

**************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 02:08:32, dana 05/01/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Archivos de programa \ ABBYY FineReader 9,0 \ NetworkLicenseServer.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe
C: \ Archivos de programa \ Archivos comunes \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ dllhost.exe
C: \ WINDOWS \ explorer.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe
C: \ WINDOWS \ system32 \ SVOHOST.exe
C: \ Archivos de programa \ demon Tools \ daemon.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Archivos de programi \ Microsoft Office \ OFFICE11 \ WINWORD.EXE
C: \ Archivos de programa \ Skype \ Phone \ Skype.exe
C: \ Archivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Archivos de programa \ Trend Micro \ HijackThis \ asdf.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = o: blank
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
F2 - REG: SYSTEM.INI: UserInit = C: \ WINDOWS \ system32 \ userinit.exe C: \ WINDO JE \ system32 \ ODBCJET.exe,
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Archivos de programa \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe"
O4 - HKLM \ .. \ Run: [SoundMam] C: \ WINDOWS \ system32 \ SVOHOST.exe
O4 - HKCU \ .. \ Run: [demon Tools] "C: \ Archivos de programa \ demon Tools \ daemon.exe"-lang 1033
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Archivos de programa \ Windows Live \ Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [Comrade.exe] C: \ Archivos de programa \ GameSpy \ drug \ Comrade.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICIO')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C, 4, N (User 'LOCAL SERVICIO')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide1] cmd.exe / C premjestiti / Y "% SystemRoot% \ System32 \ syssetub.dll" "% SystemRoot% \ System32 \ syssetup.dll" (User 'LOCAL SERVICIO')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de crveno')
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C, 4, N (User 'Servicio de crveno')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C, 4, N (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C, 4, N (User 'Default user')
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Ograničenja prisutan
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel prisutan
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Toolbars \ Ograničenja prisutan
O8 - Extra kontekst meni stavka: E & xportar Microsoft Excel - res: / / C: \ Archiv ~ 1 \ MICROS ~ 1 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: nedjelja Consola de Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: Referencia - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archiv ~ 1 \ MICROS ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/ES-LA/.../GAME_UNO1.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ .. \ (BAA62A6B-DD15-4E55-A719-401AF676E3A9): NameServer = 10.0.0.1,10.0.0.2
O20 - Winlogon Obavijesti: usbmon - C: \ WINDOWS \ system32 \ usbmons.dll
O23 - Service: ABBYY FineReader 9,0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C: \ Archivos de programa \ ABBYY FineReader 9,0 \ NetworkLicenseServer.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C: \ Archivos de programa \ Ares \ chatServer.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown vlasnika - C: \ Archivos de programa \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc - C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc - C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Spyware Doktor Pomoćne službe (sdAuxService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ svcntaux.exe
O23 - Service: Spyware Doktor Service (sdCoreService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ swdsvc.exe

--
End of file - 5942 bytes

**evilfantasy** · #4 5 siječnja 2008, 11:24

Yep, imate neke neugodne na one tamo.

1. To je onemogućio vaš antivirusni.
2. To je masa-mailing crv s potajan keylogging i sposobnosti.
3. On je postavio ograničenja na upravljačkoj ploči.

---------------

Molimo, preuzmite Combofix by sUBs od bilo ovdje ili ovdje

VAŽNO - Spremi Combofix.exe na svoj vaš Desktop.

Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc)
Dvaput kliknite combofix.exe i slijedite upute.
Iz tipkovnice odaberite 1 i pritisnite Enter
Kada završite, on će proizvesti prijava za vas.
Pošta da se prijavite u vaš sljedeći odgovor.

Ne mouseclick combofix's prozor dok je pokrenut. To svibanj nanijeti tvoj računalo to zatajiti

Next post molimo dodaj
combofix log
novi hijackthis log

**Nikronius** · #5 5 siječnja 2008, 12:33

ComboFix 08-01-06.3 - Administrador 2008-01-05 14:48:48.1 - NTFSx86
Se ejecuta desde: C: \ Documents and Settings \ Administrador \ Escritorio \ ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))) )))))))))))))))))))))))))))))))))))))
.

C: \ WINDOWS \ install.exe
C: \ WINDOWS \ system32 \ svohost.exe
C: \ WINDOWS \ system32 \ winscok.dll

.

(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))) )))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 18:49 --------- d ----- w C: \ Documents and Settings \ Administrador \ de Datos programa \ Skype
2008-01-05 15:21 --------- d --- AW C: \ Documents and Settings \ All Users \ de Datos programa \ Temp
2008-01-05 13:00 --------- d ----- w C: \ Documents and Settings \ Administrador \ de Datos programa \ Azureus
2007-12-26 22:39 --------- d ----- w C: \ Documents and Settings \ Administrador \ de Datos programa \ U3
2007-12-24 14:38 --------- d - h - w C: \ Archivos de programa \ InstallShield Installation Information
2007-12-23 04:15 --------- d ----- w C: \ Archivos de programa \ Azureus
2007-12-13 14:40 11.973 AW ---- C: \ Windows \ System32 \ Drivers \ secdrv.sys
2007-12-11 15:46 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ InstallShield
2007-12-05 20:12 --------- d ----- w C: \ Documents and Settings \ Administrador \ de Datos programa \ Software Jam
2007-12-05 20:09 --------- d ----- w C: \ Archivos de programa \ Software Jam
2007-12-04 19:25 --------- d ----- w C: \ Documents and Settings \ All Users \ de Datos programa \ Office Genuine Advantage
2007-12-03 15:32 --------- d ----- w C: \ Archivos de programa \ FinalData
2007-12-02 17:05 --------- d ----- w C: \ Documents and Settings \ Administrador \ de Datos programa \ Media Player Classic
2007-12-02 16:43 --------- d ----- w C: \ Documents and Settings \ All Users \ de Datos programa \ WM
2007-12-02 14:42 --------- d ----- w C: \ Documents and Settings \ Administrador \ de Datos programa \ WM
2007-12-02 14:39 --------- d ----- w C: \ Archivos de programa \ Word Magic Software
2007-12-02 00:44 --------- d ----- w C: \ Documents and Settings \ Administrador \ de Datos programa \ BSplayer Pro
2007-12-02 00:19 70.656 AW ---- C: \ WINDOWS \ ScUnin.exe
2007-11-30 22:17 --------- d ----- w C: \ Archivos de programa \ DivX
2007-11-30 22:01 --------- d ----- w C: \ Archivos de programa \ Microsoft Works
2007-11-30 21:45 --------- d ----- w C: \ Documents and Settings \ Dimart \ de Datos programa \ Talkback
2007-11-30 21:19 --------- d ----- w C: \ Archivos de programa \ demon Alati
2007-11-30 21:13 685.816 AW ---- C: \ Windows \ System32 \ Drivers \ sptd.sys
2007-11-30 20:28 --------- d ----- w C: \ Documents and Settings \ All Users \ de Datos programa \ Azureus
2007-11-30 13:42 --------- d ----- w C: \ Documents and Settings \ Administrador \ de Datos programa \ Talkback
2007-11-30 12:38 220.160 AW ---- C: \ WINDOWS \ system32 \ uxtheme.dll
2007-11-30 12:38 --------- d ----- w C: \ Archivos de programa \ Skype
2007-11-30 12:37 --------- d ----- w C: \ Documents and Settings \ All Users \ de Datos programa \ Apple Computer
2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ Windows Media Connect 2
2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ Real Alternative
2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ QuickTime Alternative
2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ Media Player Classic
2007-11-30 12:35 --------- d ----- w C: \ Archivos de programa \ K-Lite Codec Pack
2007-11-30 12:35 --------- d ----- w C: \ Archivos de programa \ Java
2007-11-30 12:35 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ Java
2007-11-30 12:34 --------- d ----- w C: \ Archivos de programa \ Webteh
2007-11-30 12:34 --------- d ----- w C: \ Archivos de programa \ Lavalys
2007-11-30 12:34 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ Adobe
2007-11-30 12:23 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ MSSoap
2007-11-30 12:15 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ SpeechEngines
2007-11-30 12:15 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ ODBC
2007-11-15 22:46 23.736 AW ---- C: \ WINDOWS \ system32 \ lmimirr.dll
2007-11-15 22:46 10.040 AW ---- C: \ WINDOWS \ system32 \ lmimirr2.dll
2007-11-14 07:28 450.560 w ------ C: \ WINDOWS \ system32 \ dllcache \ jscript.dll
2007-10-30 10:17 3.079.680 AW ---- C: \ WINDOWS \ system32 \ dllcache \ Mshtml.dll
2007-10-29 22:43 1.293.824 AW ---- C: \ WINDOWS \ system32 \ quartz.dll
2007-10-29 22:43 1.293.824 w ------ C: \ WINDOWS \ system32 \ dllcache \ quartz.dll
2007-10-25 16:56 8.496.640 w ------ C: \ WINDOWS \ system32 \ dllcache \ shell32.dll
2007-10-25 13:28 222.720 AW ---- C: \ WINDOWS \ system32 \ wmasf.dll
2007-10-25 13:28 222.720 w ------ C: \ WINDOWS \ system32 \ dllcache \ wmasf.dll
2007-10-20 00:56 200.704 AW ---- C: \ WINDOWS \ system32 \ ssldivx.dll
2007-10-20 00:56 1.044.480 AW ---- C: \ WINDOWS \ system32 \ libdivx.dll
2007-10-18 15:31 51.224 AW ---- C: \ WINDOWS \ system32 \ sirenacm.dll
2007-10-11 06:12 96.768 w ------ C: \ WINDOWS \ system32 \ dllcache \ inseng.dll
2007-10-11 06:12 662.016 w ------ C: \ WINDOWS \ system32 \ dllcache \ Wininet.dll
2007-10-11 06:12 616.448 AW ---- C: \ WINDOWS \ system32 \ dllcache \ urlmon.dll
2007-10-11 06:12 55.808 w ------ C: \ WINDOWS \ system32 \ dllcache \ extmgr.dll
2007-10-11 06:12 532.480 w ------ C: \ WINDOWS \ system32 \ dllcache \ mstime.dll
2007-10-11 06:12 474.624 AW ---- C: \ WINDOWS \ system32 \ dllcache \ shlwapi.dll
2007-10-11 06:12 449.024 w ------ C: \ WINDOWS \ system32 \ dllcache \ mshtmled.dll
2007-10-11 06:12 39.424 w ------ C: \ WINDOWS \ system32 \ dllcache \ pngfilt.dll
2007-10-11 06:12 357.888 w ------ C: \ WINDOWS \ system32 \ dllcache \ dxtmsft.dll
2007-10-11 06:12 251.392 w ------ C: \ WINDOWS \ system32 \ dllcache \ iepeers.dll
2007-10-11 06:12 205.312 w ------ C: \ WINDOWS \ system32 \ dllcache \ dxtrans.dll
2007-10-11 06:12 16.384 w ------ C: \ WINDOWS \ system32 \ dllcache \ jsproxy.dll
2007-10-11 06:12 151.552 AW ---- C: \ WINDOWS \ system32 \ dllcache \ cdfview.dll
2007-10-11 06:12 146.432 w ------ C: \ WINDOWS \ system32 \ dllcache \ msrating.dll
2007-10-11 06:12 1.495.040 AW ---- C: \ WINDOWS \ system32 \ dllcache \ Shdocvw.dll
2007-10-11 06:12 1.056.256 w ------ C: \ WINDOWS \ system32 \ dllcache \ danim.dll
2007-10-11 06:12 1.023.488 AW ---- C: \ WINDOWS \ system32 \ dllcache \ browseui.dll
2007-10-10 11:16 18.432 w ------ C: \ WINDOWS \ system32 \ dllcache \ iedw.exe
2006-11-07 14:29 145.920 AW ---- C: \ WINDOWS \ inf \ hdaudio.sys
2006-09-05 08:18 20.992 - SHA-r C: \ WINDOWS \ system32 \ usbmons.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))) ))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
* * Nota entradas vacías & entradas legítimas predeterminadas nema sina mostradas

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Demon Tools" = "C: \ Archivos de programa \ demon Tools \ daemon.exe" [2007-09-18 10:16 171464]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-19 08:42 30208]
"MsnMsgr" = "C: \ Archivos de programa \ Windows Live \ Messenger \ MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Comrade.exe" = "C: \ Archivos de programa \ GameSpy \ drug \ Comrade.exe" [2007-12-20 13:47 36864]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"LogMeIn GUI" = "C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe" [2007-08-03 15:09 63048]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-19 08:42 30208]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"DisableStatusMessages" = 0 (0x0)
"HideShutdownScripts" = 0 (0x0)
"RunLogonScriptSync" = 0 (0x0)
"RunStartupScriptSync" = 0 (0x0)
"HideStartupScripts" = 0 (0x0)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system]
"DisableLockWorkstation" = 0 (0x0)
"DisableChangePassword" = 0 (0x0)
"HideLogonScripts" = 0 (0x0)
"HideLogoffScripts" = 0 (0x0)
"HideLegacyLogonScripts" = 0 (0x0)

[HKEY_USERS \. Default \ Software \ Microsoft \ Windows \ sad rentversion \ policies \ system]
"NoDispCPL" = 0 (0x0)
"NoDispAppearancePage" = 0 (0x0)
"NoDispScrSavPage" = 0 (0x0)
"NoDispSettingsPage" = 0 (0x0)
"NoVisualStyleChoice" = 0 (0x0)
"NoColorChoice" = 0 (0x0)
"NoSizeChoice" = 0 (0x0)
"DisableLockWorkstation" = 0 (0x0)
"DisableChangePassword" = 0 (0x0)
"HideLogonScripts" = 0 (0x0)
"HideLogoffScripts" = 0 (0x0)
"HideLegacyLogonScripts" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ Explorer]
"NoDesktopCleanupWizard" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoWelcomeScreen" = 0 (0x0)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoChangeKeyboardNavigationIndicators" = 0 (0x0)
"NoChangeAnimation" = 0 (0x0)
"NoAddPrinter" = 0 (0x0)
"NoDeletePrinter" = 0 (0x0)
"RestrictCpl" = 0 (0x0)
"DisallowCpl" = 0 (0x0)
"NoViewOnDrive" = 0 (0x0)
"RestrictRun" = 0 (0x0)
"DisallowRun" = 0 (0x0)
"NoRecycleFiles" = 0 (0x0)
"ForceRecycleBinSize" = 0 (0x0)
"NoCustomizeWebView" = 0 (0x0)
"NoWinKeys" = 0 (0x0)
"NoFileAssociate" = 0 (0x0)
"NoDFSTab" = 0 (0x0)
"NoInstrumentation" = 0 (0x0)
"NoCustomizeThisFolder" = 0 (0x0)
"NoWebView" = 0 (0x0)
"DontShowSuperHidden" = 0 (0x0)
"NoOnlinePrintsWizard" = 0 (0x0)
"NoPublishingWizard" = 0 (0x0)
"NoSMConfigurePrograms" = 0 (0x0)
"NoSMMyPictures" = 0 (0x0)
"NoStartMenuMyMusic" = 0 (0x0)
"NoFavoritesMenu" = 0 (0x0)
"NoHelp" = 0 (0x0)
"NoCommonGroups" = 0 (0x0)
"NoStartMenuMFUprogramsList" = 0 (0x0)
"NoStartMenuPinnedList" = 0 (0x0)
"NoUserNameInStartMenu" = 0 (0x0)
"NoStartMenuMorePrograms" = 0 (0x0)
"NoStartMenuEjectPC" = 0 (0x0)
"NoSimpleStartMenu" = 0 (0x0)
"ForceStartMenuLogoff" = 0 (0x0)
"NoStartMenuSubFolders" = 0 (0x0)
"NoDisconnect" = 0 (0x0)
"NoNtSecurity" = 0 (0x0)
"NoSetFolders" = 0 (0x0)
"GreyMSIAds" = 0 (0x0)
"ForceMaxRecentDocs" = 0 (0x0)
"NoSMBalloonTip" = 0 (0x0)
"NoSMBalloonTips" = 0 (0x0)
"NoTrayContextMenu" = 0 (0x0)
"LockTaskbar" = 0 (0x0)
"NoTaskGrouping" = 0 (0x0)
"NoWebServices" = 0 (0x0)
"NoFileUrl" = 0 (0x0)
"NoBandCustomize" = 0 (0x0)
"NoToolbarCustomize" = 0 (0x0)
"NoExpandedNewMenu" = 0 (0x0)
"SpecifyDefaultButtons" = 0 (0x0)
"NoRecentDocsNetHood" = 0 (0x0)
"EnforceShellExtensionSecurity" = 0 (0x0)
"NoLogOff" = 0 (0x0)
"NoRunasInstallPrompt" = 0 (0x0)
"PromptRunasInstallNetPath" = 1 (0x1)
"NoResolveTrack" = 0 (0x0)
"NoResolveSearch" = 0 (0x0)
"NoDevMgrUpdate" = 0 (0x0)
"NoThumbnailCache" = 0 (0x0)
"ForceCopyAclwithFile" = 0 (0x0)
"StartRunNoHOMEPATH" = 0 (0x0)

[HKEY_USERS \. Default \ Software \ Microsoft \ Windows \ sad rentversion \ Policies \ Explorer]
"NoThemesTab" = 0 (0x0)
"NoChangeKeyboardNavigationIndicators" = 0 (0x0)
"NoChangeAnimation" = 0 (0x0)
"NoAddPrinter" = 0 (0x0)
"NoDeletePrinter" = 0 (0x0)
"RestrictCpl" = 0 (0x0)
"DisallowCpl" = 0 (0x0)
"NoViewOnDrive" = 0 (0x0)
"RestrictRun" = 0 (0x0)
"DisallowRun" = 0 (0x0)
"NoRecycleFiles" = 0 (0x0)
"ForceRecycleBinSize" = 0 (0x0)
"NoCustomizeWebView" = 0 (0x0)
"NoViewContextMenu" = 0 (0x0)
"NoWinKeys" = 0 (0x0)
"NoFileAssociate" = 0 (0x0)
"NoDFSTab" = 0 (0x0)
"NoInstrumentation" = 0 (0x0)
"NoCustomizeThisFolder" = 0 (0x0)
"NoWebView" = 0 (0x0)
"DontShowSuperHidden" = 0 (0x0)
"NoOnlinePrintsWizard" = 0 (0x0)
"NoPublishingWizard" = 0 (0x0)
"NoRun" = 0 (0x0)
"NoSMConfigurePrograms" = 0 (0x0)
"NoSMMyPictures" = 0 (0x0)
"NoStartMenuMyMusic" = 0 (0x0)
"NoFavoritesMenu" = 0 (0x0)
"NoHelp" = 0 (0x0)
"NoCommonGroups" = 0 (0x0)
"NoFind" = 0 (0x0)
"NoFolderOptions" = 0 (0x0)
"NoStartMenuMFUprogramsList" = 0 (0x0)
"NoStartMenuPinnedList" = 0 (0x0)
"NoUserNameInStartMenu" = 0 (0x0)
"NoStartMenuMorePrograms" = 0 (0x0)
"NoStartMenuEjectPC" = 0 (0x0)
"NoSimpleStartMenu" = 0 (0x0)
"ForceStartMenuLogoff" = 0 (0x0)
"StartMenuLogoff" = 0 (0x0)
"NoStartMenuSubFolders" = 0 (0x0)
"NoDisconnect" = 0 (0x0)
"NoNtSecurity" = 0 (0x0)
"NoSetFolders" = 0 (0x0)
"GreyMSIAds" = 0 (0x0)
"ForceMaxRecentDocs" = 0 (0x0)
"NoSMBalloonTip" = 0 (0x0)
"NoSMBalloonTips" = 0 (0x0)
"NoTrayContextMenu" = 0 (0x0)
"LockTaskbar" = 0 (0x0)
"HideClock" = 0 (0x0)
"NoTaskGrouping" = 0 (0x0)
"NoActiveDesktopChanges" = 0 (0x0)
"NoWebServices" = 0 (0x0)
"NoFileUrl" = 0 (0x0)
"NoBandCustomize" = 0 (0x0)
"NoToolbarCustomize" = 0 (0x0)
"NoExpandedNewMenu" = 0 (0x0)
"SpecifyDefaultButtons" = 0 (0x0)
"NoRecentDocsNetHood" = 0 (0x0)
"EnforceShellExtensionSecurity" = 0 (0x0)
"NoClose" = 0 (0x0)
"NoLogOff" = 0 (0x0)
"NoRunasInstallPrompt" = 0 (0x0)
"PromptRunasInstallNetPath" = 1 (0x1)
"NoResolveTrack" = 0 (0x0)
"NoResolveSearch" = 0 (0x0)
"NoDevMgrUpdate" = 0 (0x0)
"NoThumbnailCache" = 0 (0x0)
"ForceCopyAclwithFile" = 0 (0x0)
"StartRunNoHOMEPATH" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \ LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C: \ WINDOWS \ system32 \ LMIinit.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Caffe-Server]
- a ------ 2006-07-09 15:27 4803072 C: \ Program Files \ Caffe \ Server.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Cmaudio]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Ctfmon.exe]
- a ------ 2004-08-19 08:42 30208 C: \ WINDOWS \ system32 \ Ctfmon.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ igfxhkcmd]
- a ------ 2005-09-20 10:32 77824 C: \ WINDOWS \ system32 \ hkcmd.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ igfxpers]
- a ------ 2005-09-20 10:36 114688 C: \ WINDOWS \ system32 \ igfxpers.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ igfxtray]
- a ------ 2005-09-20 10:35 94208 C: \ WINDOWS \ system32 \ igfxtray.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Kiš]
C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Internet Security 6,0 \ avp.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ msnmsgr]
C: \ Archivos de programa \ MSN Messenger \ msnmsgr.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ TaskSwitchXP]
C: \ Archivos de programa \ TaskSwitchXP \ TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ WinampAgent]
C: \ Archivos de programa \ Winamp \ winampa.exe

R1 NtFsLdf20; NtFsLdf20; C: \ Windows \ System32 \ Drivers \ NT FsLdf20.sys [2002-07-04 13:52]
R2 LMIInfo; LogMeIn Kernel Information Provider; C: \ Archivos de programa \ LogMeIn \ x86 \ RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver; LogMeIn Remote File System Driver; C: \ Windows \ System32 \ Drivers \ LMIRfsDriver.sy s [2007-08-03 15:09]
R3 usbscan; Controlador de escáner USB; C: \ Windows \ System32 \ Drivers \ usbscan.sys [2006-08-17 21:32]
S2 ABBYY.Licensing.FineReader.Professional.9.0; ABBYY FineReader 9,0 Licensing Service; "C: \ Archivos de programa \ ABBYY FineReader 9,0 \ NetworkLicenseServer.exe" [2007-09-25 00:11]
S3 bepldr; BCL easyPDF SDK 5 Loader; "C: \ Archivos de programa \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe" [2007-08-22 16:19]
S3 USBSTOR; Dispositivo de datos de almacenamiento masivo USB; C: \ Windows \ System32 \ Drivers \ USBSTOR.SYS [2004-08-03 23:08]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost]
LocalService REG_MULTI_SZ Alerter WebClient LmHosts upnphost SSDPSRV

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (5714de88-a427-11dc-861c-00196604d2ae)]
\ Shell \ Automatska \ naredbu - H: \ Cn911.exe
\ Shell \ autorun \ naredbu - C: \ WINDOWS \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (68ae8df5-aca4-11dc-81b1-00196604d2ae)]
\ Shell \ autorun \ naredba - auto.exe
\ Shell \ istražiti \ Command - RavMon.exe-e
\ Shell \ otvoriti \ Command - RavMon.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (805ec9a7-a004-11dc-8615-00196604d2ae)]
\ Shell \ autorun \ naredbu - G: \ LaunchU3.exe-a

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (92ef7850-a108-11dc-8619-00196604d2ae)]
\ Shell \ Automatska \ naredbu - H: \ Cn911.exe
\ Shell \ autorun \ naredbu - C: \ WINDOWS \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (92ef78aa-a108-11dc-8619-00196604d2ae)]
\ Shell \ Automatska \ naredbu - H: \ Cn911.exe
\ Shell \ autorun \ naredbu - C: \ WINDOWS \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (92ef78b4-a108-11dc-8619-00196604d2ae)]
\ Shell \ Automatska \ naredbu - H: \ Cn911.exe
\ Shell \ autorun \ naredbu - C: \ WINDOWS \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (b05019b3-a665-11dc-a263-00196604d2ae)]
\ Shell \ autorun \ naredba - ntde1ect.com
\ Shell \ istražiti \ Command - ntde1ect.com
\ Shell \ otvoriti \ Command - ntde1ect.com

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (d79ae692-9f95-11dc-8614-00196604d2ae)]
\ Shell \ autorun \ naredbu - G: \ ntde1ect.com
\ Shell \ istražiti \ Command - G: \ ntde1ect.com
\ Shell \ otvoriti \ Command - G: \ ntde1ect.com

* Nedavno Created Service * - COMSYSAPP
* Nedavno Created Service * - PROCEXP90
.
Contenido de carpeta 'Tareas Programadas'
"2007-12-08 20:22:33 C: \ WINDOWS \ Tasks \ McDefragTask.job"
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-01-06 14:51:38
5/1/2600 Windows Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

disk error: C: \ Windows \

************************************************** ************************

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ c atchme]
"ImagePath" = "\? \ C: \ Windows \ Temp \ catchme.sys"
.
--------------------- DLL datoteke koje cargados Bajo los procesos en ejecución ---------------------

PROCES: C: \ WINDOWS \ system32 \ Winlogon.exe
-> C: \ WINDOWS \ system32 \ usbmons.dll
.
Tiempo completado: 2008-01-06 14:52:51
ComboFix-u karanteni-files.txt 2008-01-06 18:51:58
.
2007-12-18 03:51:13 --- EOF ---

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 03:32:28, dana 06/01/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe
C: \ Archivos de programa \ Archivos comunes \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe
C: \ Archivos de programa \ demon Tools \ daemon.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ system32 \ dllhost.exe
C: \ WINDOWS \ explorer.exe
C: \ Archivos de programa \ Mozilla Firefox \ firefox.exe
C: \ Archivos de programi \ Microsoft Office \ OFFICE11 \ WINWORD.EXE
C: \ Archivos de programa \ Trend Micro \ HijackThis \ asdf.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = o: blank
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Archivos de programa \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe"
O4 - HKCU \ .. \ Run: [demon Tools] "C: \ Archivos de programa \ demon Tools \ daemon.exe"-lang 1033
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Archivos de programa \ Windows Live \ Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [Comrade.exe] C: \ Archivos de programa \ GameSpy \ drug \ Comrade.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICIO')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de crveno')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Toolbars \ Ograničenja prisutan
O8 - Extra kontekst meni stavka: E & xportar Microsoft Excel - res: / / C: \ Archiv ~ 1 \ MICROS ~ 1 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: nedjelja Consola de Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: Referencia - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archiv ~ 1 \ MICROS ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/ES-LA/.../GAME_UNO1.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM \ System \ CCS \ Services \ TCPIP \ .. \ (BAA62A6B-DD15-4E55-A719-401AF676E3A9): NameServer = 10.0.0.1,10.0.0.2
O23 - Service: ABBYY FineReader 9,0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C: \ Archivos de programa \ ABBYY FineReader 9,0 \ NetworkLicenseServer.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C: \ Archivos de programa \ Ares \ chatServer.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown vlasnika - C: \ Archivos de programa \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe
O23 - Service: Indeksiranje Service (CiSvc) - Unknown vlasnika - C: \ WINDOWS \ system32 \ cisvc.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc - C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc - C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Spyware Doktor Pomoćne službe (sdAuxService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ svcntaux.exe
O23 - Service: Spyware Doktor Service (sdCoreService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ swdsvc.exe

--
End of file - 4754 bytes

**evilfantasy** · #6 5 siječnja 2008, 12:52

Koje je dobio, a nekoliko njih, ali još uvijek ima više.

Preuzimanje SDFix.exe i spremite je na svoj Desktop.

Dvaput kliknite na SDFix.exe i ona će ekstrakt datoteke u% systemdrive%
(Pogon koji sadrži Windows Directory, obično C: \ SDFix)

Molimo, a zatim ponovo pokrenuti računalo u Safe Mode tako da učinite sljedeće:

Ponovo pokrenite računalo
Nakon rasprave vaše računalo bip jednom prilikom pokretanja, ali prije nego što Windows ikonu pojavi fleka tipku F8 neprekidno;
Umjesto Windows učitava kao normalno, "Napredne opcije Meni trebaju pojaviti;
Odaberite prvu opciju, to trčanje Windows u sigurnom načinu rada, a zatim pritisnite Enter.
Izaberite Vaš uobičajeni račun.
Otvorite mapu i izlučene SDFix Dvoklik RunThis.bat za pokretanje skripte.
Vrsta Y da biste započeli proces čišćenje.
To će ukloniti sve Trojanski Usluge i stavke registra da pronađe potom od vas zatražiti da pritisnete bilo koju tipku da biste ponovno podizanje sustava.
Pritisnite bilo koju tipku, te će ponovo pokrenuti računalo.
Kada se računalo ponovo pokreće se Fixtool će ponovno pokrenuti i dovršili postupak uklanjanja, zatim prikaz Završeno, Pritisnite bilo koju tipku da biste prekinuli učitavanje skripte i vaš desktop ikona.
Jednom desktopu ikone učitati SDFix izvještaj na ekranu će se otvoriti i spremiti u mapu SDFix kao Report.txt
(Report.txt će se kopirati u međuspremnik).
Na kraju dodati sadržaj tog Report.txt u sljedećem post kao Prilog s novim HijackThis log

Sljedeća post
SDFix log
Novi Hijackthis log

**Nikronius** · #7 6 sječnja 2008, 09:58

problem riješen. :) Thnx

**evilfantasy** · #8 6. siječanj 2008, 12:47

Quote:

Originally Posted by Nikronius

problem riješen. :) Thnx

Biste li umu slanjem logove?

**Nikronius** · #9 9 siječnja 2008, 09:36

no prob.

Slične teme
Nit	Temu Započeo	Forum	Odgovori	Zadnji Post
Firefox preusmjerava na vještački Mapa Kada koristite Google pretraga	UncleSlam	Virus, Spyware i sigurnost	27	12. ožujak 2009 14:45
Outlook pretragu i napredno pretraživanje ne radi (pokušao remontovanje indeksa)	Psychotron	Office & Applications	1	16. srpnja 2008 19:22
XP SP3 cripples nekim računalima sa beskrajnim ponovno podizanje sustava	SocialWarfare	Windows Operating Systems	5	9. svibanj 2008 09:56
Jeste nešto glupo	FunkyJuice	CPU, Matične ploče i RAM	10	5. veljača 2008 17:09
Endless Problems, Windows navika Početak odmah	Polkigtry	General Hardware Chat	2	13 siječanj 2008 02:06