Please help! Moj računalu Viąestruki virusi / štetnih sadržaja.

**Mybabbits** · #1 18. lipnja 2009, 11:46

Pozdrav i hvala vam za čitanje. Ja sam bio težak to maknuti neželjen zlonamjernih programa iz računala za više od tjedan dana sada, i ništa ne činiti se biti rad. Našao sam nekoliko procesa, uključujući iexplorer.exe, Winlogon.exe, spoolsv.exe i druge nepoznate procese poput PavPrSrv.exe i McciCMService.exe. Morao sam promijeniti ime exe najveći dio programa da bi ih na otvorenom. I normalno koristiti AVG Free, ali sam ga i pokušao deinstaliran Panda da li bi pomoglo da se (nije). Od tada sam uklonio Panda i reinstalled AVG.

Hvala vam unaprijed na pomoći!

Evo log datoteke koje sam preuzeti.

SUPERAntiSpyware Scan Prijava
http://www.superantispyware.com

Generirano 06/18/2009 at 01:15

Application Version: 4/26/1004

Core Pravila Database Version: 3945
Trace Pravila Database Version: 1887

Scan type: Cijela Scan
Ukupno Scan Vrijeme: 01:11:18

Memorija predmeta skenirane: 373
Memorija prijetnje otkrivena: 1
Registry stavke skenirane: 4431
Matični prijetnje otkrivena: 86
File skenirane podatke: 39059
File prijetnje otkrivena: 11

Rootkit.Agent / Gen-UACFake
\? \ GLOBALROOT \ C: \ Windows \ System32 \ UACKPXJQWVUGNSPO KQ.DLL
\? \ GLOBALROOT \ C: \ Windows \ System32 \ UACKPXJQWVUGNSPO KQ.DLL

Unclassified.Unknown Origin
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (2520BA45-3D97-4864-82FF-F47F951727BA)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (9B053E00-78D3-47AE-B763-60FF36FF2886)
HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer Sion \ Ext \ Stats \ (2520BA45-3D97-4864-82FF-F47F951727BA)
HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer Sion \ Ext \ Stats \ (9B053E00-78D3-47AE-B763-60FF36FF2886)
HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (2520BA45-3D97-4864-82FF-F47F951727BA)
HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (9B053E00-78D3-47AE-B763-60FF36FF2886)
HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ tats S \ (2520BA45-3D97-4864-82FF-F47F951727BA)
HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ tats S \ (9B053E00-78D3-47AE-B763-60FF36FF2886)

Trojan.Agent / Gen-AmblBE
HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer Sion \ Ext \ Stats \ (06F20C1A-4811-4C73-A114-792ED70F2CAD)
HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ tats S \ (06F20C1A-4811-4C73-A114-792ED70F2CAD)

Adware.TrustInCash
C: \ WINDOWS \ system32 \ tisa.cnf
C: \ WINDOWS \ REMOVEADWARE.ICO
C: \ WINDOWS \ VIDEOSLOTS.ICO

Rogue.Component / Trace
HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ FIAS4057

Rootkit.Agent / general
HKLM \ SOFTWARE \ UAC
HKLM \ SOFTWARE \ UAC # cmddelay
HKLM \ SOFTWARE \ UAC # LastBSOD
HKLM \ SOFTWARE \ UAC # affid
HKLM \ SOFTWARE \ UAC type #
HKLM \ SOFTWARE \ UAC graditi #
HKLM \ SOFTWARE \ UAC # subid
HKLM \ SOFTWARE \ UAC # ecaab67d-7d92-4ec1-ac32-3087345120a3
HKLM \ SOFTWARE \ UAC # val
HKLM \ SOFTWARE \ UAC # sval
HKLM \ SOFTWARE \ UAC # pval
HKLM \ SOFTWARE \ UAC \ veze
HKLM \ SOFTWARE \ UAC \ veze # 905b3008
HKLM \ SOFTWARE \ UAC \ veze # 7d72e91c
HKLM \ SOFTWARE \ UAC \ veze # a2674c18
HKLM \ SOFTWARE \ UAC \ veze # b43dcf0f
HKLM \ SOFTWARE \ UAC \ veze # f2065612
HKLM \ SOFTWARE \ UAC \ odbijena
HKLM \ SOFTWARE \ UAC \ odbijena # trsetup.exe
HKLM \ SOFTWARE \ UAC \ odbijena # ViewpointService.exe
HKLM \ SOFTWARE \ UAC \ odbijena # ViewMgr.exe
HKLM \ SOFTWARE \ UAC \ odbijena # SpySweeper.exe
HKLM \ SOFTWARE \ UAC \ odbijena # SUPERAntiSpyware.exe
HKLM \ SOFTWARE \ UAC \ odbijena # SpySub.exe
HKLM \ SOFTWARE \ UAC \ odbijena # SpywareTerminatorShie ld.exe
HKLM \ SOFTWARE \ UAC \ odbijena # SpyHunter3.exe
HKLM \ SOFTWARE \ UAC \ odbijena # XoftSpy.exe
HKLM \ SOFTWARE \ UAC \ odbijena # SpyEraser.exe
HKLM \ SOFTWARE \ UAC \ odbijena # combofix.exe
HKLM \ SOFTWARE \ UAC \ odbijena # otscanit.exe
HKLM \ SOFTWARE \ UAC \ odbijena # mbam.exe
HKLM \ SOFTWARE \ UAC \ odbijena # mbam-setup.exe
HKLM \ SOFTWARE \ UAC \ odbijena # flash_disinfector.exe
HKLM \ SOFTWARE \ UAC \ odbijena # otmoveit2.exe
HKLM \ SOFTWARE \ UAC \ odbijena # smitfraudfix.exe
HKLM \ SOFTWARE \ UAC \ odbijena # prevxcsifree.exe
HKLM \ SOFTWARE \ UAC \ odbijena # download_mbam-setup.exe
HKLM \ SOFTWARE \ UAC \ odbijena # cbo_setup.exe
HKLM \ SOFTWARE \ UAC \ odbijena # spywareblastersetup.e Xe
HKLM \ SOFTWARE \ UAC \ odbijena # rminstall.exe
HKLM \ SOFTWARE \ UAC \ odbijena # sdsetup.exe
HKLM \ SOFTWARE \ UAC \ odbijena # vundofixsvc.exe
HKLM \ SOFTWARE \ UAC \ odbijena # daft.exe
HKLM \ SOFTWARE \ UAC \ odbijena # gmer.exe
HKLM \ SOFTWARE \ UAC \ odbijena # catchme.exe
HKLM \ SOFTWARE \ UAC \ odbijena # mcpr.exe
HKLM \ SOFTWARE \ UAC \ odbijena # sdfix.exe
HKLM \ SOFTWARE \ UAC \ odbijena # hjtinstall.exe
HKLM \ SOFTWARE \ UAC \ odbijena # fixpolicies.exe
HKLM \ SOFTWARE \ UAC \ odbijena # emergencyutil.exe
HKLM \ SOFTWARE \ UAC \ odbijena # techweb.exe
HKLM \ SOFTWARE \ UAC \ odbijena # GoogleUpdate.exe
HKLM \ SOFTWARE \ UAC \ odbijena # windowsdefender.exe
HKLM \ SOFTWARE \ UAC \ odbijena # spybotsd.exe
HKLM \ SOFTWARE \ UAC \ odbijena # winlognn.exe
HKLM \ SOFTWARE \ UAC \ odbijena # csrssc.exe
HKLM \ SOFTWARE \ UAC \ odbijena # klif.sys
HKLM \ SOFTWARE \ UAC \ odbijena # pctssvc.sys
HKLM \ SOFTWARE \ UAC \ odbijena # pctcore.sys
HKLM \ SOFTWARE \ UAC \ odbijena # mchinjdrv.sys
HKLM \ SOFTWARE \ UAC \ odbijena # szkg.sys
HKLM \ SOFTWARE \ UAC \ odbijena # sasdifsv.sys
HKLM \ SOFTWARE \ UAC \ odbijena # saskutil.sys
HKLM \ SOFTWARE \ UAC \ odbijena # sasenum.sys
HKLM \ SOFTWARE \ UAC \ odbijena # ccHPx86.sys
HKLM \ SOFTWARE \ UAC \ ubrizgač
HKLM \ SOFTWARE \ UAC \ ubrizgač # *
HKLM \ SOFTWARE \ UAC \ maska
HKLM \ SOFTWARE \ UAC \ maska # 6aed4b25
HKLM \ SOFTWARE \ UAC \ maska # e0ae8144
HKLM \ SOFTWARE \ UAC \ maska # 30910b28
HKLM \ SOFTWARE \ UAC \ maska # c6216721
HKLM \ SOFTWARE \ UAC \ maska # dd118673
HKLM \ SOFTWARE \ UAC \ verzije
HKLM \ SOFTWARE \ UAC \ verzije # / banner / crcmds / init

Adware.Tracking Cookie
C: \ Documents and Settings \ Gost \ Cookies \ guest@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Gost \ Cookies \ gost @ doubleclick [1]. Txt
C: \ Documents and Settings \ Gost \ Cookies \ gost @ myroitracking [1]. Txt
C: \ Documents and Settings \ Gost \ Cookies \ guest@serw.clicksor [1]. Txt
C: \ Windows \ System32 \ Config \ systemprofile \ Cookies \ s @ ystem pronaći IX-[1]. Txt

Adware.180solutions/Seekmo/Zango
C: \ Program Files \ FASOFT \ N-Track Studio 6 \ setup.exe

Browser Hijacker.MS Web Search
C: \ WINDOWS \ LOCAL.HTML

Malwarebytes' Anti-zaštita od zlonamjernih programa 1,37
Database Version: 2269
5/1/2600 Windows Service Pack 2

6/18/2009 2:25:06 PM
mbam-log-2009-06-18 (14-25-06). txt

Scan type: Quick Scan
Objekti skenirane: 28750
Vrijeme proteklo: 18 minute (s), 54 Drugi (a / e)

Memory Processes zaraženih: 0
Memorijske module zaraženih: 0
Ključevi registra zaraženih: 0
Registry Values zaraženih: 0
Registry Data Items zaraženih: 0
Mape zaraženih: 0
Zaraženih datoteka: 0

Memory Processes zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Memorijske module zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Ključevi registra zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Values zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Data Items zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Mape zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Zaražene datoteke:
(Nema stavki otkrivenih zlonamjernih)

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 2:28:36 Na 6/18/2009
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ programa ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ Program Files \ Common Files \ pokretačkoj \ McciCMService.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ glediąta \ Common \ ViewpointService.exe
C: \ programa ~ 1 \ AVG \ AVG8 \ avgrsx.exe
C: \ programa ~ 1 \ AVG \ AVG8 \ avgemc.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.att.net/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyServer = http = localhost: 7171
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = *. lokalne; <local>
O1 - Hosts::: 1 localhost
O1 - Hosts: 209.44.111.57 security.microsoft.com
O1 - Hosts: 209.44.111.57 inetavirus.com
O1 - Hosts: 209.44.111.57 www.inetavirus.com
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ rasporediti \ jqs \ ie \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKUS \ S-1-5-19 \ .. \ Run: [pivafuniya] Rundll32.exe "C: \ WINDOWS \ system32 \ luruwono.dll", s (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [pivafuniya] Rundll32.exe "C: \ WINDOWS \ system32 \ luruwono.dll", s (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe (User 'Default user')
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C: \ WINDOWS \ system32 \ zuhagiye.dll c: \ windows \ system32 \ nulakili.dll
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, sro - C: \ programa ~ 1 \ AVG \ AVG8 \ avgemc.exe
O23 - Service: AVG8 upozoravanje (avg8wd) - AVG Technologies CZ, sro - C: \ programa ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9c119864b630) (gupdate1c9c119864b630) - Google Inc - C: \ Program Files \ Google \ Update \ GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: Quick Početničko Java (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: McciCMService - motiv Communications, Inc - C: \ Program Files \ Common Files \ pokretačkoj \ McciCMService.exe
O23 - Service: Panda postupku zaštite Service (PavPrSrv) - Panda Security, SL - C: \ Program Files \ Common Files \ Panda Security \ PavShld \ pavprsrv.exe
O23 - Service: glediąta Manager Service - vidikovac Corporation - C: \ Program Files \ glediąta \ Common \ ViewpointService.exe

--
End of file - 4735 bytes

**sjb007** · #2 18. lipnja 2009, 15:35

Hi there Mybabbits

Preuzimanje Combofix iz bilo koje od linkova ispod. Ti morati preimenujte ga prije nego spremite ga. Snimite je na svoj Desktop kao kombinirani fix.exe -.

Link 1
Link 2
Link 3

Onemogući protuvirusni i protušpijunski aplikacija, obično preko desni klik na programskoj traci ikonu. Oni svibanj drugi način ometati naše alati

Otvori Task Manager tako što ćete pritisnuti Ctrl Alt i Del tipke, u isto vrijeme.

U izborniku na vrhu dijaloški okvir, kliknite na File> New Task (Run. ..)

Copy / Paste (ili tip) u sljedećim Run box i kliknite OK (pretpostavljiv ComboFix.exe je na radnoj površini kao što je bio upućen)

"% userprofile% \ desktop \ Combo-fix.exe" / killall

Pratiti na zaslonu insatructions i neka combofix kompletna njegova vožnji, Uvjerite se da ste instalirali konzolu za oporavak kad zatražio.

Post natrag s rezultatima u slijedećem postu.

Preuzimanje GMER Rootkit Scanner iz ovdje ili ovdje.

Ekstrakt sadržaj komprimiranog datoteku na radnu površinu.
Dvaput kliknite GMER.exe. Ako je pitao kako bi se omogućilo da bi se učitao upravljački program gmer.sys, molimo pristanka.
Ako to vam daje upozorenje o rootkit aktivnost te pita, ako želite pokrenuti skeniranje ... kliknite na NE.

Kliknite na sliku da je uvećate
U desnom prozoru ćete vidjeti nekoliko kutija koje su provjereni. Poništite sljedeće ...
- Sections
- IAT / Eat
- Diskovi / particije osim Systemdrive (obično C: \)
- Prikaži sve (ne propustite ovaj jedan)
Potom kliknite na gumb Scan i čekati da se završi.
Kada završite kliknite na [Spremi ..] dugme, a na području Naziv datoteke, upišite u "Gmer.txt" ili će ga spremiti kao. log datoteku
Spremi gdje ga možete lako naći, kao što su svoju radnu površinu i kopirati i zalijepiti u svoj sljedeći odgovor

** Oprez **
Rootkit scanova često false positives proizvoditi. NEMOJTE poduzimati nikakve akcije na bilo "<--- ROOKIT "entries

Kopirajte i zalijepite oba logove u sljedećoj odgovorite

**Mybabbits** · #3 18. lipnja 2009, 18:36

Ja skinuti ComboFix na desktopu i promijenio ime prema uputama. Našto JA pokušati trčanje "% userprofile% \ desktop \ Combo-fix.exe" / killall JA dobiti popup ekrana prvi upozorava da mi je da se program iz nepoznatih izvora, tako da sam odabrao vožnji. Nakon toga se čini kao da se izvodi pravilno combofix onda ja dobijem popup ekrana koja kaže nešto kao "Windows cannot find" grpconv ". Provjerite jeste li upisali ispravno ime ..." i tako na zaslonu nije dovoljno dugo ostati gore za mene to uhvatiti ostala je. Kliknuo sam OK, a onda sam dobio još jedan zaslon from combofix koja kaže da je otkrio AVG AntiVirus i dalje prikazivati. Imao sam problema onemogućivanju, pa sam otišao naprijed i deinstaliran ga u potpunosti. Im 'ne siguran zašto on još uvijek misli da je trčanje. Trebam li ići naprijed, a zatim kliknite OK iako one ekrane previše i vidjeti ako Internet htijenje pa ipak funkcionirati?

Hvala!

**sjb007** · #4 18. lipnja 2009, 23:48

Hi there

Kliknite U redu kroz zaslone i vidjeti ako možete dobiti combofix skenirati za dovršetak

**Mybabbits** · #5 19. lipnja 2009, 06:58

Još uvijek je imao problema s nekim combofix. U nekom trenutku tijekom postupka desktop prazan i ode combofix ekranu nestala. Je li to trebao učiniti? Čekao sam oko 10 minuta da vidite što će se dogoditi ako i tada JA ponovno podizanje sustava računalo. Nakon toga na ekranu combofix vratio gore i rekao je da je kreiranje log datoteka ...

Evo što sam dobio:

ComboFix 09-06-18.02 - Vlasnik 06/19/2009 9:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.286 [GMT -4:00]
Running from: C: \ Documents and Settings \ Owner \ desktop \ Combo-fix.exe
Naredba prekidači koji se koriste:: / killall
AV: AVG Anti-Virus Free * U * omogućen pristup skeniranje (Promjena) (17DDD097-36FF-435F-9E1B-52D74245D6BF)
FW: F-Secure Anti-Virus 2006 6,10 * * onemogućen (D4747503-0346-49EB-9262-997542F79BF4)

UPOZORENJE-ovaj stroj nema Recovery Console Installed!
.

Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ LocalService \ Application Data \ twain_32
C: \ Documents and Settings \ NetworkService \ Application Data \ twain_32
c: \ windows \ system32 \ komponente
c: \ windows \ system32 \ drivers \ UACymttprqpphespir.sys
c: \ windows \ system32 \ UACakmovnkvlbejvsw.dll
c: \ windows \ system32 \ UACjqblgassmsyrtsd.log
c: \ windows \ system32 \ UACkpxjqwvugnspokq.dll
c: \ windows \ system32 \ UACllkyxudengakpfn.dll
c: \ windows \ system32 \ UACmxexwkuwcfyxylo.dll
c: \ windows \ system32 \ UACtdqoweywvrmpfuc.dat
c: \ windows \ system32 \ UACwixxvmnqlxbujns.log
c: \ windows \ system32 \ UACwqwjasvfplrvpdn.log
c: \ windows \ system32 \ UACxcvrjkwrnbmiqml.dll
C: \ bt.log
C: \ Documents and Settings \ LocalService \ Application Data \ twain_32 \ user.ds
C: \ Documents and Settings \ NetworkService \ Application Data \ twain_32 \ user.ds
c: \ windows \ system32 \ arosetud.ini
c: \ windows \ system32 \ barohozi.dll.tmp
c: \ windows \ system32 \ bavuvofi.dll.tmp
c: \ windows \ system32 \ components \ flx0.dll
c: \ windows \ system32 \ diwovadu.dll.tmp
c: \ windows \ system32 \ drivers \ str.sys
c: \ windows \ system32 \ drivers \ UACymttprqpphespir.sys
c: \ windows \ system32 \ edurozoj.ini
c: \ windows \ system32 \ foyefolu.dll.tmp
c: \ windows \ system32 \ huboweri.dll.tmp
c: \ windows \ system32 \ ipepiyik.ini
c: \ windows \ system32 \ irawesak.ini
c: \ windows \ system32 \ jiyiduse.dll.tmp
c: \ windows \ system32 \ lcch.dat
c: \ windows \ system32 \ lut.dat
c: \ windows \ system32 \ nfr.assembly
c: \ windows \ system32 \ nfr.gpref
c: \ windows \ system32 \ obinunud.ini
c: \ windows \ system32 \ ofalonoy.ini
c: \ windows \ system32 \ ozejalir.ini
c: \ windows \ system32 \ srsut.bak1
c: \ windows \ system32 \ tconini.dat
c: \ windows \ system32 \ UACakmovnkvlbejvsw.dll
c: \ windows \ system32 \ uacinit.dll
c: \ windows \ system32 \ UACjqblgassmsyrtsd.log
c: \ windows \ system32 \ UACkpxjqwvugnspokq.dll
c: \ windows \ system32 \ UACllkyxudengakpfn.dll
c: \ windows \ system32 \ UACmxexwkuwcfyxylo.dll
c: \ windows \ system32 \ UACtdqoweywvrmpfuc.dat
c: \ windows \ system32 \ UACwixxvmnqlxbujns.log
c: \ windows \ system32 \ UACwqwjasvfplrvpdn.log
c: \ windows \ system32 \ UACxcvrjkwrnbmiqml.dll
c: \ windows \ system32 \ ugujasof.ini
c: \ windows \ system32 \ utodobah.ini

c: \ windows \ system32 \ grpconv.exe je nestalo
Restauriran primjerak s - c: \ windows \ ServicePackFiles \ i386 \ grpconv.exe

c: \ windows \ system32 \ proquota.exe je nestalo
Restauriran primjerak s - c: \ windows \ ServicePackFiles \ i386 \ proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Driveri / Usluge )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Service_UACd.sys
------- \ Legacy_PODMENA
------- \ Legacy_PODMENADRV

((((((((((((((((((((((((( Files Created from 2009/05/19 da 2009/06/19 ))))))))))) ))))))))))))))))))))
.

2009-06-19 13:09. 2004-08-04 07:56 50176-c - AW-c: \ windows \ system32 \ dllcache \ proquota.exe
2009-06-19 13:09. 2004-08-04 07:56 50176 ---- AW-c: \ windows \ system32 \ proquota.exe
2009-06-18 18:04. 2009-06-18 18:04 3561743 ---- AW-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes \ Malwarebytes' Anti-zaštita od zlonamjernih programa \ mbam-setup.exe
2009-06-18 15:58. 2009-06-18 18:01 117760 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-06-18 15:57. 2009-06-18 15:57 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2009-06-18 15:54. 2009-06-18 15:57 -------- d ----- w-C: \ Program Files \ SUPERAntiSpyware
2009-06-18 15:54. 2009-06-18 15:54 -------- d ----- w-c: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com
2009-06-18 15:53. 2009-06-18 15:53 -------- d ----- w-C: \ Program Files \ Common Files \ Wise Installation Wizard
2009-06-18 15:42. 2009-06-18 15:42 -------- d ----- w-C: \ Program Files \ CCleaner
2009-06-18 05:27. 2009-06-18 05:27 152576 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ nedjelja \ Java \ jre1.6.0_14 \ lzma.dll
2009-06-18 04:28. 2009-06-18 04:28 -------- d ----- w-C: \ Program Files \ Trend Micro
2009-06-13 07:06. 2002-06-19 23:03 151552 ---- AW-c: \ windows \ system32 \ igfxres.dll
2009-06-13 06:38. 2002-06-21 15:02 266240 ---- AW-c: \ windows \ system32 \ shpshftr.dll
2009-06-13 06:00. 2009-06-13 06:00 444 ---- AW-c: \ windows \ system32 \ d3d8caps.dat
2009-06-13 05:01. 2009-06-13 05:01 -------- d ----- w-c: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Mozilla
2009-06-13 04:44. 2009-06-18 04:53 -------- d ----- w-c: \ program files \ Startup Optimizator
2009-06-12 23:31. 2009-06-12 23:31 -------- d ----- w-c: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2009-06-12 22:21. 2009-05-26 17:20 40160 ---- AW-c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2009-06-12 22:21. 2009-06-12 22:23 -------- d ----- w-C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa
2009-06-12 22:21. 2009-05-26 17:19 19096 ---- AW-c: \ windows \ system32 \ drivers \ mbam.sys
2009-06-12 19:18. 2009-06-12 23:26 45 ---- AW-c: \ windows \ system32 \ ca.dat
2009-06-12 18:56. 2008-03-04 19:59 41144 ---- AW-c: \ windows \ system32 \ drivers \ ShlDrv51.sys
2009-06-12 18:56. 2008-02-07 16:03 179640 ---- AW-c: \ windows \ system32 \ drivers \ PavProc.sys
2009-06-12 18:21. 2009-06-12 18:56 -------- d ----- w-C: \ Program Files \ Common Files \ Panda Security
2009-06-03 05:12. 2004-08-04 07:56 221184 ---- AW-c: \ windows \ system32 \ wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 01:27. 2008-05-23 05:13 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ avg8
2009-06-18 05:31. 2009-01-05 00:21 410984 ---- AW-c: \ windows \ system32 \ deploytk.dll
2009-06-18 05:31. 2009-01-12 01:18 -------- d ----- w-C: \ Program Files \ Java
2009-06-13 04:50. 2009-01-05 04:50 -------- d ----- w-C: \ Program Files \ Web Objavi
2009-06-13 04:49. 2008-08-20 22:26 -------- d ----- w-C: \ Program Files \ Mozilla Thunderbird
2009-06-12 22:57. 2009-04-16 15:22 -------- d ----- w-c: \ Documents and Settings \ Owner \ Application Data \ U3
2009-06-12 18:22. 2006-05-02 03:43 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information
2009-06-12 16:10. 2009-04-19 18:00 -------- d ----- w-C: \ Program Files \ Google
2009-06-02 16:49. 2009-03-29 21:27 -------- d ----- w-c: \ Documents and Settings \ Owner \ Application Data \ n-Track Studio6
2009-05-15 13:30. 2006-07-15 14:36 -------- d ----- w-C: \ Program Files \ QuickTime
2009-05-15 13:30. 2006-07-15 15:39 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w-C: \ Program Files \ Apple Software Update
2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Apple
2009-05-12 19:53. 2009-05-12 19:53 16141 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ Pomoć \ lego.exe
2009-05-12 19:53. 2009-05-12 19:53 11410 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ Identities \ msgdi.dll
2009-05-12 19:53. 2009-05-12 19:53 10121 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ Lavasoft \ kern.dll
2009-05-12 19:53. 2009-05-12 19:53 422 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ Apple Computer \ socks1.exe
2009-05-12 19:53. 2009-05-12 19:53 145131 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ DivX \ nomad.exe
2009-05-12 19:53. 2009-05-12 19:53 13221 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ Adobe \ rengo.dll
2009-05-12 19:53. 2009-05-12 19:53 11232 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ acccore \ shalom.exe
2009-05-11 14:21. 2009-05-11 14:21 -------- d ----- w-c: \ Documents and Settings \ Owner \ Application Data \ Malwarebytes
2009-05-11 14:20. 2009-05-11 14:20 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2009-05-01 02:42. 2009-05-01 02:42 130443 ---- AW-c: \ windows \ system32 \ rn.tmp
2009-04-22 16:14. 2006-05-03 02:44 -------- d ----- w-c: \ Documents and Settings \ Owner \ Application Data \ n-Track Studio
2009-04-21 07:27. 2006-05-03 02:44 12024 ---- AW-c: \ Documents and Settings \ Owner \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT
2009-04-15 20:25. ------ 2009-04-19 18:01 43528 w-c: \ windows \ system32 \ drivers \ PxHelp20.sys
2009-04-15 20:25. 2009-04-19 18:01 9464 w------- C: \ Windows \ System32 \ Drivers \ cdralw2k.sys
2009-04-15 20:25. 2009-04-19 18:01 9336 w------- C: \ Windows \ System32 \ Drivers \ cdr4_xp.sys
2009-04-15 20:25. ------ 2009-04-19 18:01 120056 w-c: \ windows \ system32 \ pxcpyi64.exe
2009-04-15 20:25. ------ 2009-04-19 18:01 118520 w-c: \ windows \ system32 \ pxinsi64.exe
2009-04-15 20:25. ------ 2009-04-19 18:01 129784 w-c: \ windows \ system32 \ pxafs.dll
2009-04-15 20:24. 2009-04-15 20:24 90112 ---- AW-c: \ windows \ system32 \ dpl100.dll
2009-04-15 20:24. 2009-04-15 20:24 823296 ---- AW-c: \ windows \ system32 \ divx_xx0c.dll
2009-04-15 20:24. 2009-04-15 20:24 823296 ---- AW-c: \ windows \ system32 \ divx_xx07.dll
2009-04-15 20:24. 2009-04-15 20:24 815104 ---- AW-c: \ windows \ system32 \ divx_xx0a.dll
2009-04-15 20:24. 2009-04-15 20:24 802816 ---- AW-c: \ windows \ system32 \ divx_xx11.dll
2009-04-15 20:24. 2009-04-15 20:24 684032 ---- AW-c: \ windows \ system32 \ DivX.dll
2009-04-01 16:35. 2009-04-01 16:34 7040776 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ MySpace \ IM \ install \ MSIMClientSetup.1.0.789.0-statičko-A.exe
2009-04-01 16:33. 2009-04-01 16:33 300800 ---- AW-C: \ MySpaceIM_Setup.exe
2009-03-31 23:24. 2009-03-31 23:23 16494272 ---- AW-C: \ nTrackSetup.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _16496df1.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _69525f90.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _294823.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _18be6784.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _4ae13d6c.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _2cd672ae.exe
2009-02-26 16:20. 2009-02-26 16:20 6309376 ---- AW-c: \ program files \ ntrack.exe
2009-02-26 16:05. 2009-02-26 16:05 126976 ---- AW-c: \ program files \ AMGateway.ax
2009-02-26 16:05. 2009-02-26 16:05 63168 ---- AW-c: \ program files \ RegisterComponents.exe
2009-02-26 16:05. 2009-02-26 16:05 163520 ---- AW-c: \ program files \ ReportDump.exe
2009-02-26 16:04. 2009-02-26 16:04 86016 ---- AW-c: \ program files \ vstscan.exe
2009-02-26 16:04. 2009-02-26 16:04 45056 ---- AW-c: \ program files \ ball.ax
2009-02-26 16:01. 2009-02-26 16:01 78848 ---- AW-c: \ program files \ EmptyProjectAction.dll
2009-02-26 16:01. 2009-02-26 16:01 147456 ---- AW-c: \ program files \ nTrackDotControls.dll
2009-02-26 16:00. 2009-02-26 16:00 637440 ---- AW-c: \ program files \ NativeControls6.dll
2009-02-26 15:59. 2009-02-26 15:59 99328 ---- AW-c: \ program files \ SurroundVSTGui.dll
2009-02-26 15:59. 2009-02-26 15:59 45056 ---- AW-c: \ program files \ yeti.mmedia.dll
2009-02-26 15:59. 2009-02-26 15:59 40960 ---- AW-c: \ program files \ cdcopier.dll
2009-02-26 15:59. 2009-02-26 15:59 28672 ---- AW-c: \ program files \ Ripper.dll
2009-02-26 15:59. 2009-02-26 15:59 8704 ---- AW-c: \ program files \ ntrack3rdparty.dll
2009-02-26 15:59. 2009-02-26 15:59 5120 ---- AW-c: \ program files \ WindowsFormsBase.dll
2009-02-26 15:59. 2009-02-26 15:59 36864 ---- AW-c: \ program files \ nttest.dll
2009-02-26 15:59. 2009-02-26 15:59 32768 ---- AW-c: \ program files \ nTrackDotNet.dll
2009-02-26 15:59. 2009-02-26 15:59 24576 ---- AW-c: \ program files \ AVFader.dll
2009-02-26 15:59. 2009-02-26 15:59 6656 ---- AW-c: \ program files \ nativecontrolsinterop.dll
2009-02-07 22:10. 2009-02-07 22:10 528726 ---- AW-c: \ program files \ n-Track.htm
2009-02-06 00:15. 2009-02-06 00:15 225792 ---- AW-c: \ program files \ AutoVol.dll
2009-02-06 00:14. 2009-02-06 00:14 228352 ---- AW-c: \ program files \ Chorus.dll
2009-02-06 00:14. 2009-02-06 00:14 228864 ---- AW-c: \ program files \ Echo.dll
2009-02-06 00:12. 2009-02-06 00:12 369152 ---- AW-c: \ program files \ ntrck_PitchShift.dll
2009-02-06 00:11. 2009-02-06 00:11 176128 ---- AW-c: \ program files \ Riverbero.dll
2009-02-06 00:09. 2009-02-06 00:09 434688 ---- AW-c: \ program files \ facomp10.dll
2009-02-06 00:08. 2009-02-06 00:08 379904 ---- AW-c: \ program files \ dxirewire.dll
2009-02-06 00:06. 2009-02-06 00:06 951808 ---- AW-c: \ program files \ fa4bdeq.dll
2009-01-13 14:16. 2009-01-13 14:16 3455 ---- AW-c: \ program files \ order.html
2008-11-28 00:23. 2008-11-28 00:23 642840 ---- AW-c: \ program files \ n-track.cfg
2008-10-25 23:46. 2008-10-25 23:46 4920 ---- AW-c: \ program files \ order_upgrade.html
2008-09-02 23:06. 2008-09-02 23:06 231936 ---- AW-c: \ program files \ ShellCtl.dll
2008-08-31 13:20. 2008-08-31 13:20 105056 ---- AW-c: \ program files \ Setup.bmp
2008-06-20 18:37. 2008-06-20 18:37 24576 ---- AW-c: \ program files \ ScrollerAbout.dll
2008-06-20 18:18. 2008-06-20 18:18 831058 ---- AW-c: \ program files \ banks_default.txt
2008-06-20 18:18. 2008-06-20 18:18 709 ---- AW-c: \ program files \ ntrack.exe.config
2008-06-20 18:18. 2008-06-20 18:18 22124 ---- AW-c: \ program files \ us428_faders.dat
2008-06-20 18:18. 2008-06-20 18:18 22124 ---- AW-c: \ program files \ us224_faders.dat
2008-06-20 18:17. 2008-06-20 18:17 4035 ---- AW-c: \ program files \ n-track_help.cnt
2008-06-20 18:17. 2008-06-20 18:17 169585 ---- AW-c: \ program files \ Drum Example.sng
2008-06-20 18:17. 2008-06-20 18:17 15457 ---- AW-c: \ program files \ FACOMP10.HLP
2008-06-20 18:17. 2008-06-20 18:17 25698 ---- AW-c: \ program files \ FA4BDEQ.HLP
2008-06-20 18:16. 2008-06-20 18:16 19339 ---- AW-c: \ program files \ N-TRACK_EFX.HLP
2004-06-11 20:19. 2004-06-11 20:19 25214 ---- AW-c: \ program files \ help_icon.ico
2004-06-07 13:23. 2004-06-07 13:23 25214 ---- AW-c: \ program files \ link_icon.ico
2000-11-12 03:30. 2000-11-12 03:30 86 ---- AW-c: \ program files \ BUYIT!. URL
2000-11-12 03:28. 2000-11-12 03:28 73 ---- AW-c: \ program files \ n-Track.url
2009-04-15 20:24. 2009-04-15 20:24 1044480 ---- AW-C: \ Program Files \ Mozilla Firefox \ plugins \ libdivx.dll
2009-04-15 20:24. 2009-04-15 20:24 200704 ---- AW-C: \ Program Files \ Mozilla Firefox \ plugins \ ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "c: \ windows \ system32 \ igfxtray.exe" [2002-06-19 155648]
"HotKeysCmds" = "c: \ windows \ system32 \ hkcmd.exe" [2002-06-19 114688]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-06-18 148888]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"MySpaceIM" = "C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon]
2008-12-22 16:05 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ windows]
"AppInit_DLLs" = c: \ windows \ system32 \ avgrsstx.dl l

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgupd.exe" =
"c: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgemc.exe" =
"c: \ \ Program Files \ \ ATT-HSI \ \ McciBrowser.exe" =
"c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" =
"c: \ \ WINDOWS \ \ system32 \ \ igfxtray.exe" =
"c: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgrsx.exe" =
"% windir% \ \ system32 \ \ Drivers \ \ Svchost.exe" =
"c: \ \ Program Files \ \ MySpace \ \ IM \ \ MySpaceIM.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"53: TCP" = 53: TCP: websrvx

R1 AvgLdx86; AVG AVI Loader Driver x86, c: \ windows \ system32 \ drivers \ avgldx86.sys [5/23/2008 1:13 AM 96520]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R1 ShldDrv; Panda štit Driver datoteke c: \ windows \ system32 \ drivers \ ShlDrv51.sys [6/12/2009 2:56 PM 41144]
R2 avg8emc; AVG8 E-mail Scanner, c: \ programa ~ 1 \ AVG \ AVG8 \ avgemc.exe [5/23/2008 1:13 AM 902424]
R2 avg8wd; AVG8 Watchdog, c: \ programa ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [5/23/2008 1:13 AM 282904]
R2 AvgTdiX; AVG8 Network preusmjerivač; c: \ windows \ system32 \ drivers \ avgtdix.sys [5/23/2008 1:13 AM 75272]
R2 PavProc; Panda postupku zaštite Driver, c: \ windows \ system32 \ drivers \ PavProc.sys [6/12/2009 2:56 PM 179640]
R2 glediąta Manager Service; glediąta Manager Service; c: \ program files \ glediąta \ Common \ ViewpointService.exe [2/5/2009 6:56 PM 24652]
R3 (A7E39B01-11d4-B403-BD18-00D0B7A1821E); AIM 3,0 Part 01 Codec Driver VCH-A, C: \ Windows \ System32 \ Drivers \ Vch.sys [5/1/2006 11:58 20023]
S2 gupdate1c9c119864b630; Google Update Service (gupdate1c9c119864b630); C: \ Program Files \ Google \ Update \ GoogleUpdate.exe [4/19/2009 2:02 PM 133104]
S2 sgejhlqxcrvoui; sgejhlqxcrvoui; \? \ C: \ windows \ syste m32 \ Drivers \ ngaysfvqh.sys -> c: \ windows \ system32 \ drivers \ ngaysfvqh.sys [?]
S2 vnoakhdmmnhfkc; vnoakhdmmnhfkc; \? \ C: \ windows \ syste m32 \ Drivers \ ncjdccfwkwt.sys -> c: \ windows \ system32 \ drivers \ ncjdccfwkwt.sys [?]
S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Sadržaj je 'Scheduled Tasks' folder

2009/06/19 C: \ Windows \ Tasks \ GoogleUpdateTaskMachine.job
- C: \ Program Files \ Google \ Update \ GoogleUpdate.exe [2009-04-19 18:00]
.
.
------- Supplementary Scan -------
.
Page uStart = hxxp: / / www.att.net/
uInternet Connection Wizard, ShellNext = iexplore
uInternet Postavke, ProxyServer = http = localhost: 7171
uInternet Postavke, ProxyOverride = *. lokalne; <local>
uSearchURL, (Default) = hxxp: / / us.rd.yahoo.com / Customize / ycomp / osnovni / su / *http://www.yahoo.com
IE: & Traži
FF - ProfilePath - C: \ Documents and Settings \ Owner \ Application Data \ Mozilla \ Firefox \ Profiles \ a8c9lkqd.default \
FF - prefs.js: browser.search.defaulturl - hxxp: / / search.yahoo.com / search? Ffsp1 fr = & p =
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp: / / search.yahoo.com / search? Ffds1 fr = & p =
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - čep: C: \ Program Files \ Mozilla Firefox \ plugins \ npViewpoint.dll
FF - čep: c: \ program files \ glediąta \ glediąta Media Player \ npViewpoint.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2009-06-19 09:15
5/1/2600 Windows Service Pack 2 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
--------------------- Loaded DLL datoteke koje Under Running Processes ---------------------

- - - - - - -> 'Winlogon.exe' (612)
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
.
------------------------ Other Running Processes ----------------------- --
.
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ Program Files \ Common Files \ pokretačkoj \ McciCMService.exe
C: \ Program Files \ Common Files \ Panda Security \ PavShld \ PavPrSrv.exe
c: \ windows \ system32 \ wscntfy.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
.
************************************************** ************************
.
Completion time: 2009-06-19 9:20 - stroj je ponovno podizanje sustava
ComboFix-u karanteni-files.txt 2009-06-19 13:20

Pre-Run: 6120624128 bytes free
Post-Run: 6057713664 bytes free

300

GMER 1.0.15.14972 -- http://www.gmer.net
Rootkit scan 2009-06-19 09:55:00
5/1/2600 Windows Service Pack 2

---- System - GMER 1.0.15 ----

Šifra \? \ C: \ DOCUME ~ 1 \ Owner \ Mještani ~ 1 \ Temp \ catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

Device \ FileSystem \ NTFS \ NTFS ShlDrv51.sys (PandaShield Vozač / Panda Security, SL)
Device \ FileSystem \ Fastfat \ FatCdrom ShlDrv51.sys (PandaShield Vozač / Panda Security, SL)
Device \ Driver \ TCPIP \ Device \ Ip avgtdix.sys (AVG Network veze Stražar / AVG Technologies CZ, sro)
Device \ Driver \ TCPIP \ Device \ TCP avgtdix.sys (AVG Network veze Stražar / AVG Technologies CZ, sro)
Device \ Driver \ TCPIP \ Device \ UDP avgtdix.sys (AVG Network veze Stražar / AVG Technologies CZ, sro)
Device \ Driver \ TCPIP \ Device \ RawIp avgtdix.sys (AVG Network veze Stražar / AVG Technologies CZ, sro)
Device \ Driver \ TCPIP \ Device \ IPMULTICAST avgtdix.sys (AVG Network veze Stražar / AVG Technologies CZ, sro)
Device \ FileSystem \ Fastfat \ Fat ShlDrv51.sys (PandaShield Vozač / Panda Security, SL)

AttachedDevice \ FileSystem \ Fastfat \ Fat fltmgr.sys (Microsoft Filesystem Filter Manager / Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

**sjb007** · #6 19. lipnja 2009, 15:36

Zdravo postoji

Dobar posao u dobivanju combofix to kompletan, combofix sigurno uzeo neke junk iz vašeg sustava! Ipak neki rad lijeve učiniti iako još ....

1. Zatvori bilo koji otvoreni preglednicima.

2.Bili sigurni da imate onemogućene sve protu-virus i anti štetnih sadržaja programa, tako da ne ometati vođenje ComboFix.

3. Otvorite notepad i copy / paste tekst u nastavku quotebox u nju:

Code:

File:: C: \ WINDOWS \ system32 \ luruwono.dll c: \ windows \ system32 \ rn.tmp c: \ windows \ system32 \ drivers \ ngaysfvqh.sys c: \ windows \ system32 \ drivers \ ncjdccfwkwt.sys Driver: sgejhlqxcrvoui vnoakhdmmnhfkc DDS:: uInternet Postavke, ProxyServer = http = localhost: 7171 uInternet Postavke, ProxyOverride = *. lokalne; <local> FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy. http_port - 7171 FF - prefs.js: network.proxy.type - 4

Spremi kao CFScript.txt, Na istom mjestu kao ComboFix.exe

Osvrchuchi se na slici gore, povucite CFScript u ComboFix.exe

Kada završite, on će proizvesti prijava za Vas C: \ ComboFix.txt što će zahtijevati i ja u svoj sljedeći odgovor.

Molimo download ATF čistiju by Atribune.
Ovaj program je za XP i Windows 2000, samo

Dvokliknite ATF-Cleaner.exe za pokretanje programa.
Pod Glavni odaberite: Odaberi Sve
Kliknite Prazan Izdvojeno gumb.

Ako koristite Firefox preglednik
Kliknite Firefox na vrhu i odaberite: Odaberi Sve
Kliknite Prazan Izdvojeno gumb.
NAPOMENA: Ako želite zadržati svoje spremljene lozinke, molimo Vas kliknite Ne na redak.

Ako koristite Opera browser
Kliknite Opera na vrhu i odaberite: Odaberi Sve
Kliknite Prazan Izdvojeno gumb.
NAPOMENA: Ako želite zadržati svoje spremljene lozinke, molimo Vas kliknite Ne na redak.

Kliknite Izlaz na glavnom izborniku za zatvaranje programa.
Za Tehnička podrška, Dvokliknite e-mail adresa se nalazi na dnu svake izbornika.

Uspostaviti internetsku vezu i obavite online scan sa Internet Explorer na Kaspersky Online Scanner.

** Vista korisnici - kliknite desnom tipkom IE / Firefox Ikona i trčanje kao upravnik

Kliknite Prihvati, Kada su upitani za preuzimanje i instaliranje programskih datoteka i baza podataka zlonamjernih programa definicije.

Kliknite Pokrenuti Sigurnost na redak.
Program će tada početi s preuzimanjem i instaliranjem i također će ažurirati bazu podataka.
Molimo budite strpljivi, jer to može potrajati nekoliko minuta.
Nakon što je nadogradnja završena, kliknite na My Computer pod zelen Skeniranje bar s lijeve strane da biste započeli pretraživanje.
Nakon što se skeniranje završi, ona će se prikazati ako tvoj sistem je okužen. Ona ne daje opciju za čistu / dezinficirati. Mi samo zahtijevati izvješće iz njega.
Učiniti NE uznemirujte se od onoga što vidite u izvješću. Mnogi od nalaza su vjerojatno bili u karanteni.
Kliknite Prikaži scan izvješće na dnu.
Kliknite Spremi izvješće kao... gumb.
Kliknite Spremi kao Tekst dugme da spremite datoteku na radnu površinu, tako da ćete svibanj post je na sljedeći odgovor.

Ova animacija vodit će vas kroz proces:

Napomena ** **

Da biste optimizirali skeniranje i proizvesti više osjetljiv izvješće za pregled:
Zatvori bilo koji otvoreni programi
Isključite realnom vremenu za sve postojeće skener antivirusni program tijekom vršenja online scan. Vi svibanj isključiti s interneta nakon što počnete skeniranje.

Napomena za Internet Explorer 7 korisnicima: Ako u bilo koje vrijeme ste imali problema s pregledom prihvatiti dugme za licencu, kliknite na Zoom tool se nalazi na dnu desnom dijelu IE prozora i postavite zoom na 75%. Nakon što je prihvatio licencu, vratiti na 100%.

Post natrag s rezultatima iz combofix i od Kaspersky scan. Obnovi me o tome kako se stvari sada prikazivati

**Mybabbits** · #7 21. lipnja 2009, 09:08

http://www.yahoo.com IE: Search & FF - ProfilePath -. ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net

**sjb007** · #8 21. lipnja 2009, 14:54

Hi there

Zapisnička posted vam je nečitak, Možete li molimo repost koristeći Notepad kao urednik i osigurali da se riječ wrap isključen.

Omogućava isprobajte neku drugu skener ...

Obavi online scan sa Panda ActiveScan

Kliknite na Skenirajte svoje računalo odmah
A "pop up" prozor će se pojaviti, ili će se otvoriti novi tab.
Kliknite na Registracija
Izaberite opciju vam se najviše sviđa, ali preporučujemo Free Registration.
Kliknite na Registracija
Unesite svoju e-mail adresa, lozinka i stvoriti.
Odaberite "Ne želim primati bilo koju vrstu informacija". (Osim ako ne želi primati takve informacije)
Kliknite na Slati
Potvrdite registraciju, i nastavi tako da unesete svoje korisničko ime i lozinku, zatim kliknite na Enter
Odaberite Full Scan, a zatim kliknite na Scan Now
Pričekajte komponente da se učita i instalira. Ne zatvorite ovaj prozor ili idite na drugu stranicu, a to je skidanje. Možete nastaviti koristeći Internet otvaranjem drugog prozora u pregledniku.
Ako se utvrdi bilo koji štetni sadržaj može dezinficirati, dezinficirati na gumb će biti omogućena. Kliknite na Dezinficirati
Zanemarite ponudu za kupnju programa. Kliknite na Izvezi u
Izvoz zapisnik i spremite ju na radnu površinu.
Molimo post sadržaja da se prijavite u svoj odgovor.

* Isključite realnom vremenu za sve postojeće skener antivirusni program tijekom vršenja online scan.

Avast korisnici napomena:

Molimo da nastavi s online scan at Panda ako primiti obavijest. To je lažno pozitivnih od Avast Panda Antivirus jer ne šifriramo njegovih virus database.

**Mybabbits** · #9 22. lipnja 2009, 04:28

Wow. Ti si apsolutno u pravu da je zadnji post Nažalost o tome. Nemam pojma što se dogodilo (to kad sam pogledao desno zalijepljen je svejedno), ali ću probati ponovno. The Active Scan radila, ali ne mislim to stvarno dezinficirati ništa, sam kliknuo na tipku on se okrenu i sivo, ali ništa dogodilo. Evo zapisnicima s obje:

ComboFix 09-06-20.04 - Vlasnik 06/21/2009 11:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.123 [GMT -4:00]
Running from: C: \ Documents and Settings \ Owner \ Desktop \ Combo-Fix.exe
Naredba prekidači koji se koriste:: C: \ Documents and Settings \ Owner \ Desktop \ CFScript.txt
AV: AVG Anti-Virus Free * U * omogućen pristup skeniranje (Promjena) (17DDD097-36FF-435F-9E1B-52D74245D6BF)
FW: F-Secure Anti-Virus 2006 6,10 * * onemogućen (D4747503-0346-49EB-9262-997542F79BF4)

SLIKA:
"c: \ windows \ system32 \ drivers \ ncjdccfwkwt.sys"
"c: \ windows \ system32 \ drivers \ ngaysfvqh.sys"
"c: \ windows \ system32 \ luruwono.dll"
"c: \ windows \ system32 \ rn.tmp"
.

Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ windows \ system32 \ rn.tmp

.
((((((((((((((((((((((((((((((((((((((( Driveri / Usluge )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_SGEJHLQXCRVOUI
------- \ Legacy_VNOAKHDMMNHFKC
------- \ Service_sgejhlqxcrvoui
------- \ Service_vnoakhdmmnhfkc

((((((((((((((((((((((((( Files Created from 2009/05/21 da 2009/06/21 ))))))))))) ))))))))))))))))))))
.

2009-06-19 13:09. 2004-08-04 07:56 50176-c - AW-c: \ windows \ system32 \ dllcache \ proquota.exe
2009-06-19 13:09. 2004-08-04 07:56 50176 ---- AW-c: \ windows \ system32 \ proquota.exe
2009-06-19 13:09. 2004-08-04 07:56 39424-c - AW-c: \ windows \ system32 \ dllcache \ grpconv.exe
2009-06-19 13:09. 2004-08-04 07:56 39424 ---- AW-c: \ windows \ system32 \ grpconv.exe
2009-06-18 18:04. 2009-06-18 18:04 3561743 ---- AW-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes \ Malwarebytes' Anti-zaštita od zlonamjernih programa \ mbam-setup.exe
2009-06-18 15:58. 2009-06-18 18:01 117760 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-06-18 15:57. 2009-06-18 15:57 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2009-06-18 15:54. 2009-06-18 15:57 -------- d ----- w-C: \ Program Files \ SUPERAntiSpyware
2009-06-18 15:54. 2009-06-18 15:54 -------- d ----- w-c: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com
2009-06-18 15:53. 2009-06-18 15:53 -------- d ----- w-C: \ Program Files \ Common Files \ Wise Installation Wizard
2009-06-18 15:42. 2009-06-18 15:42 -------- d ----- w-C: \ Program Files \ CCleaner
2009-06-18 05:27. 2009-06-18 05:27 152576 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ nedjelja \ Java \ jre1.6.0_14 \ lzma.dll
2009-06-18 04:28. 2009-06-18 04:28 -------- d ----- w-C: \ Program Files \ Trend Micro
2009-06-13 07:06. 2002-06-19 23:03 151552 ---- AW-c: \ windows \ system32 \ igfxres.dll
2009-06-13 06:38. 2002-06-21 15:02 266240 ---- AW-c: \ windows \ system32 \ shpshftr.dll
2009-06-13 06:00. 2009-06-13 06:00 444 ---- AW-c: \ windows \ system32 \ d3d8caps.dat
2009-06-13 05:01. 2009-06-13 05:01 -------- d ----- w-c: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Mozilla
2009-06-13 04:44. 2009-06-18 04:53 -------- d ----- w-c: \ program files \ Startup Optimizator
2009-06-12 23:31. 2009-06-12 23:31 -------- d ----- w-c: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2009-06-12 22:21. 2009-05-26 17:20 40160 ---- AW-c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2009-06-12 22:21. 2009-06-12 22:23 -------- d ----- w-C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa
2009-06-12 22:21. 2009-05-26 17:19 19096 ---- AW-c: \ windows \ system32 \ drivers \ mbam.sys
2009-06-12 19:18. 2009-06-12 23:26 45 ---- AW-c: \ windows \ system32 \ ca.dat
2009-06-12 18:56. 2008-03-04 19:59 41144 ---- AW-c: \ windows \ system32 \ drivers \ ShlDrv51.sys
2009-06-12 18:56. 2008-02-07 16:03 179640 ---- AW-c: \ windows \ system32 \ drivers \ PavProc.sys
2009-06-12 18:21. 2009-06-12 18:56 -------- d ----- w-C: \ Program Files \ Common Files \ Panda Security
2009-06-03 05:12. 2004-08-04 07:56 221184 ---- AW-c: \ windows \ system32 \ wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 01:27. 2008-05-23 05:13 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ avg8
2009-06-18 05:31. 2009-01-05 00:21 410984 ---- AW-c: \ windows \ system32 \ deploytk.dll
2009-06-18 05:31. 2009-01-12 01:18 -------- d ----- w-C: \ Program Files \ Java
2009-06-13 04:50. 2009-01-05 04:50 -------- d ----- w-C: \ Program Files \ Web Objavi
2009-06-13 04:49. 2008-08-20 22:26 -------- d ----- w-C: \ Program Files \ Mozilla Thunderbird
2009-06-12 22:57. 2009-04-16 15:22 -------- d ----- w-c: \ Documents and Settings \ Owner \ Application Data \ U3
2009-06-12 18:22. 2006-05-02 03:43 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information
2009-06-12 16:10. 2009-04-19 18:00 -------- d ----- w-C: \ Program Files \ Google
2009-06-02 16:49. 2009-03-29 21:27 -------- d ----- w-c: \ Documents and Settings \ Owner \ Application Data \ n-Track Studio6
2009-05-15 13:30. 2006-07-15 14:36 -------- d ----- w-C: \ Program Files \ QuickTime
2009-05-15 13:30. 2006-07-15 15:39 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w-C: \ Program Files \ Apple Software Update
2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Apple
2009-05-12 19:53. 2009-05-12 19:53 16141 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ Pomoć \ lego.exe
2009-05-12 19:53. 2009-05-12 19:53 11410 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ Identities \ msgdi.dll
2009-05-12 19:53. 2009-05-12 19:53 10121 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ Lavasoft \ kern.dll
2009-05-12 19:53. 2009-05-12 19:53 422 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ Apple Computer \ socks1.exe
2009-05-12 19:53. 2009-05-12 19:53 145131 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ DivX \ nomad.exe
2009-05-12 19:53. 2009-05-12 19:53 13221 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ Adobe \ rengo.dll
2009-05-12 19:53. 2009-05-12 19:53 11232 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ acccore \ shalom.exe
2009-05-11 14:21. 2009-05-11 14:21 -------- d ----- w-c: \ Documents and Settings \ Owner \ Application Data \ Malwarebytes
2009-05-11 14:20. 2009-05-11 14:20 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2009-04-22 16:14. 2006-05-03 02:44 -------- d ----- w-c: \ Documents and Settings \ Owner \ Application Data \ n-Track Studio
2009-04-21 07:27. 2006-05-03 02:44 12024 ---- AW-c: \ Documents and Settings \ Owner \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT
2009-04-15 20:25. ------ 2009-04-19 18:01 43528 w-c: \ windows \ system32 \ drivers \ PxHelp20.sys
2009-04-15 20:25. 2009-04-19 18:01 9464 w------- C: \ Windows \ System32 \ Drivers \ cdralw2k.sys
2009-04-15 20:25. 2009-04-19 18:01 9336 w------- C: \ Windows \ System32 \ Drivers \ cdr4_xp.sys
2009-04-15 20:25. ------ 2009-04-19 18:01 120056 w-c: \ windows \ system32 \ pxcpyi64.exe
2009-04-15 20:25. ------ 2009-04-19 18:01 118520 w-c: \ windows \ system32 \ pxinsi64.exe
2009-04-15 20:25. ------ 2009-04-19 18:01 129784 w-c: \ windows \ system32 \ pxafs.dll
2009-04-15 20:24. 2009-04-15 20:24 90112 ---- AW-c: \ windows \ system32 \ dpl100.dll
2009-04-15 20:24. 2009-04-15 20:24 823296 ---- AW-c: \ windows \ system32 \ divx_xx0c.dll
2009-04-15 20:24. 2009-04-15 20:24 823296 ---- AW-c: \ windows \ system32 \ divx_xx07.dll
2009-04-15 20:24. 2009-04-15 20:24 815104 ---- AW-c: \ windows \ system32 \ divx_xx0a.dll
2009-04-15 20:24. 2009-04-15 20:24 802816 ---- AW-c: \ windows \ system32 \ divx_xx11.dll
2009-04-15 20:24. 2009-04-15 20:24 684032 ---- AW-c: \ windows \ system32 \ DivX.dll
2009-04-01 16:35. 2009-04-01 16:34 7040776 ---- AW-c: \ Documents and Settings \ Owner \ Application Data \ MySpace \ IM \ install \ MSIMClientSetup.1.0.789.0-statičko-A.exe
2009-04-01 16:33. 2009-04-01 16:33 300800 ---- AW-C: \ MySpaceIM_Setup.exe
2009-03-31 23:24. 2009-03-31 23:23 16494272 ---- AW-C: \ nTrackSetup.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _16496df1.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _69525f90.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _294823.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _18be6784.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _4ae13d6c.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _2cd672ae.exe
2009-02-26 16:20. 2009-02-26 16:20 6309376 ---- AW-c: \ program files \ ntrack.exe
2009-02-26 16:05. 2009-02-26 16:05 126976 ---- AW-c: \ program files \ AMGateway.ax
2009-02-26 16:05. 2009-02-26 16:05 63168 ---- AW-c: \ program files \ RegisterComponents.exe
2009-02-26 16:05. 2009-02-26 16:05 163520 ---- AW-c: \ program files \ ReportDump.exe
2009-02-26 16:04. 2009-02-26 16:04 86016 ---- AW-c: \ program files \ vstscan.exe
2009-02-26 16:04. 2009-02-26 16:04 45056 ---- AW-c: \ program files \ ball.ax
2009-02-26 16:01. 2009-02-26 16:01 78848 ---- AW-c: \ program files \ EmptyProjectAction.dll
2009-02-26 16:01. 2009-02-26 16:01 147456 ---- AW-c: \ program files \ nTrackDotControls.dll
2009-02-26 16:00. 2009-02-26 16:00 637440 ---- AW-c: \ program files \ NativeControls6.dll
2009-02-26 15:59. 2009-02-26 15:59 99328 ---- AW-c: \ program files \ SurroundVSTGui.dll
2009-02-26 15:59. 2009-02-26 15:59 45056 ---- AW-c: \ program files \ yeti.mmedia.dll
2009-02-26 15:59. 2009-02-26 15:59 40960 ---- AW-c: \ program files \ cdcopier.dll
2009-02-26 15:59. 2009-02-26 15:59 28672 ---- AW-c: \ program files \ Ripper.dll
2009-02-26 15:59. 2009-02-26 15:59 8704 ---- AW-c: \ program files \ ntrack3rdparty.dll
2009-02-26 15:59. 2009-02-26 15:59 5120 ---- AW-c: \ program files \ WindowsFormsBase.dll
2009-02-26 15:59. 2009-02-26 15:59 36864 ---- AW-c: \ program files \ nttest.dll
2009-02-26 15:59. 2009-02-26 15:59 32768 ---- AW-c: \ program files \ nTrackDotNet.dll
2009-02-26 15:59. 2009-02-26 15:59 24576 ---- AW-c: \ program files \ AVFader.dll
2009-02-26 15:59. 2009-02-26 15:59 6656 ---- AW-c: \ program files \ nativecontrolsinterop.dll
2009-02-07 22:10. 2009-02-07 22:10 528726 ---- AW-c: \ program files \ n-Track.htm
2009-02-06 00:15. 2009-02-06 00:15 225792 ---- AW-c: \ program files \ AutoVol.dll
2009-02-06 00:14. 2009-02-06 00:14 228352 ---- AW-c: \ program files \ Chorus.dll
2009-02-06 00:14. 2009-02-06 00:14 228864 ---- AW-c: \ program files \ Echo.dll
2009-02-06 00:12. 2009-02-06 00:12 369152 ---- AW-c: \ program files \ ntrck_PitchShift.dll
2009-02-06 00:11. 2009-02-06 00:11 176128 ---- AW-c: \ program files \ Riverbero.dll
2009-02-06 00:09. 2009-02-06 00:09 434688 ---- AW-c: \ program files \ facomp10.dll
2009-02-06 00:08. 2009-02-06 00:08 379904 ---- AW-c: \ program files \ dxirewire.dll
2009-02-06 00:06. 2009-02-06 00:06 951808 ---- AW-c: \ program files \ fa4bdeq.dll
2009-01-13 14:16. 2009-01-13 14:16 3455 ---- AW-c: \ program files \ order.html
2008-11-28 00:23. 2008-11-28 00:23 642840 ---- AW-c: \ program files \ n-track.cfg
2008-10-25 23:46. 2008-10-25 23:46 4920 ---- AW-c: \ program files \ order_upgrade.html
2008-09-02 23:06. 2008-09-02 23:06 231936 ---- AW-c: \ program files \ ShellCtl.dll
2008-08-31 13:20. 2008-08-31 13:20 105056 ---- AW-c: \ program files \ Setup.bmp
2008-06-20 18:37. 2008-06-20 18:37 24576 ---- AW-c: \ program files \ ScrollerAbout.dll
2008-06-20 18:18. 2008-06-20 18:18 831058 ---- AW-c: \ program files \ banks_default.txt
2008-06-20 18:18. 2008-06-20 18:18 709 ---- AW-c: \ program files \ ntrack.exe.config
2008-06-20 18:18. 2008-06-20 18:18 22124 ---- AW-c: \ program files \ us428_faders.dat
2008-06-20 18:18. 2008-06-20 18:18 22124 ---- AW-c: \ program files \ us224_faders.dat
2008-06-20 18:17. 2008-06-20 18:17 4035 ---- AW-c: \ program files \ n-track_help.cnt
2008-06-20 18:17. 2008-06-20 18:17 169585 ---- AW-c: \ program files \ Drum Example.sng
2008-06-20 18:17. 2008-06-20 18:17 15457 ---- AW-c: \ program files \ FACOMP10.HLP
2008-06-20 18:17. 2008-06-20 18:17 25698 ---- AW-c: \ program files \ FA4BDEQ.HLP
2008-06-20 18:16. 2008-06-20 18:16 19339 ---- AW-c: \ program files \ N-TRACK_EFX.HLP
2004-06-11 20:19. 2004-06-11 20:19 25214 ---- AW-c: \ program files \ help_icon.ico
2004-06-07 13:23. 2004-06-07 13:23 25214 ---- AW-c: \ program files \ link_icon.ico
2000-11-12 03:30. 2000-11-12 03:30 86 ---- AW-c: \ program files \ BUYIT!. URL
2000-11-12 03:28. 2000-11-12 03:28 73 ---- AW-c: \ program files \ n-Track.url
2009-04-15 20:24. 2009-04-15 20:24 1044480 ---- AW-C: \ Program Files \ Mozilla Firefox \ plugins \ libdivx.dll
2009-04-15 20:24. 2009-04-15 20:24 200704 ---- AW-C: \ Program Files \ Mozilla Firefox \ plugins \ ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-19_13.16.48 )))))))))))) )))))))))))))))))))))))))))))
.
+ 2009-06-21 15:41. 2009-06-21 15:41 16384 C: \ Windows \ Temp \ Perflib_Perfdata_5b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "c: \ windows \ system32 \ igfxtray.exe" [2002-06-19 155648]
"HotKeysCmds" = "c: \ windows \ system32 \ hkcmd.exe" [2002-06-19 114688]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-06-18 148888]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"MySpaceIM" = "C: \ Program Files \ MySpace \ IM \ MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon]
2008-12-22 16:05 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ windows]
"AppInit_DLLs" = c: \ windows \ system32 \ avgrsstx.dl l

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgupd.exe" =
"c: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgemc.exe" =
"c: \ \ Program Files \ \ ATT-HSI \ \ McciBrowser.exe" =
"c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" =
"c: \ \ WINDOWS \ \ system32 \ \ igfxtray.exe" =
"c: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgrsx.exe" =
"% windir% \ \ system32 \ \ Drivers \ \ Svchost.exe" =
"c: \ \ Program Files \ \ MySpace \ \ IM \ \ MySpaceIM.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"53: TCP" = 53: TCP: websrvx

R1 AvgLdx86; AVG AVI Loader Driver x86, c: \ windows \ system32 \ drivers \ avgldx86.sys [5/23/2008 1:13 AM 96520]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R1 ShldDrv; Panda štit Driver datoteke c: \ windows \ system32 \ drivers \ ShlDrv51.sys [6/12/2009 2:56 PM 41144]
R2 avg8emc; AVG8 E-mail Scanner, c: \ programa ~ 1 \ AVG \ AVG8 \ avgemc.exe [5/23/2008 1:13 AM 902424]
R2 avg8wd; AVG8 Watchdog, c: \ programa ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [5/23/2008 1:13 AM 282904]
R2 AvgTdiX; AVG8 Network preusmjerivač; c: \ windows \ system32 \ drivers \ avgtdix.sys [5/23/2008 1:13 AM 75272]
R2 PavProc; Panda postupku zaštite Driver, c: \ windows \ system32 \ drivers \ PavProc.sys [6/12/2009 2:56 PM 179640]
R2 glediąta Manager Service; glediąta Manager Service; c: \ program files \ glediąta \ Common \ ViewpointService.exe [2/5/2009 6:56 PM 24652]
R3 (A7E39B01-11d4-B403-BD18-00D0B7A1821E); AIM 3,0 Part 01 Codec Driver VCH-A, C: \ Windows \ System32 \ Drivers \ Vch.sys [5/1/2006 11:58 20023]
S2 gupdate1c9c119864b630; Google Update Service (gupdate1c9c119864b630); C: \ Program Files \ Google \ Update \ GoogleUpdate.exe [4/19/2009 2:02 PM 133104]
S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Sadržaj je 'Scheduled Tasks' folder

2009/06/21 C: \ Windows \ Tasks \ GoogleUpdateTaskMachine.job
- C: \ Program Files \ Google \ Update \ GoogleUpdate.exe [2009-04-19 18:00]
.
.
------- Supplementary Scan -------
.
Page uStart = hxxp: / / www.att.net/
uInternet Connection Wizard, ShellNext = iexplore
uSearchURL, (Default) = hxxp: / / us.rd.yahoo.com / Customize / ycomp / osnovni / su / *http://www.yahoo.com
IE: & Traži
FF - ProfilePath --
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2009-06-21 11:42
5/1/2600 Windows Service Pack 2 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
--------------------- Loaded DLL datoteke koje Under Running Processes ---------------------

- - - - - - -> 'Winlogon.exe' (612)
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
.
------------------------ Other Running Processes ----------------------- --
.
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ Program Files \ Common Files \ pokretačkoj \ McciCMService.exe
C: \ Program Files \ Common Files \ Panda Security \ PavShld \ PavPrSrv.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
c: \ windows \ system32 \ wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-06-21 11:47 - stroj je ponovno podizanje sustava
ComboFix-u karanteni-files.txt 2009-06-21 15:47
ComboFix2.txt 2009-06-19 13:20

Pre-Run: 4974522368 bytes free
Post-Run: 5621665792 bytes free

WindowsXP-KB310994-SP2-Home-Bootdisk-enu.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[operating systems]
c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Home Edition" / fastdetect / noexecute = OptIn

248

;************************************************* ************************************************** ************************************************** ******************************
ANALIZA: 2009-06-22 07:16:51
Zaštitama: 1
Zlonamjernih programa: 10
Osumnjiccenih: 0
;************************************************* ************************************************** ************************************************** ******************************
Zaštite
Opis Verzija Updated Aktivan
;================================================= ================================================== ================================================== =================
AVG Anti-Virus Free 8,0 Da Da
;================================================= ================================================== ================================================== =================
Zlonamjernih programa
Id Opis Vrsta Aktivni severityu Disinfectable dezinficirati Lokacija
;================================================= ================================================== ================================================== =================
00139061 Kolačića / Doubleclick TrackingCookie Ne 0 Da Ne C: \ Documents and Settings \ Owner \ Cookies \ vlasnik @ doubleclick [1]. Txt
00262020 Kolačića / Atwola TrackingCookie Ne 0 Da Ne C: \ Documents and Settings \ Owner \ Cookies \ vlasnik @ atwola [2]. Txt
00590315 Rootkit / Agent.LNB HackTools Ne 0 Da Ne C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP500 \ A0228202.sys
00590315 Rootkit / Agent.LNB HackTools Ne 0 Da Ne C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP501 \ A0229224.sys
00590315 Rootkit / Agent.LNB HackTools Ne 0 Da Ne C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP491 \ A0222017.sys
00590315 Rootkit / Agent.LNB HackTools Ne 0 Da Ne C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP493 \ A0223098.sys
00674736 W32/Autorun.AFX Virus / crv 1 Da Ne Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP491 \ A0221911.dll
00674736 W32/Autorun.AFX Virus / crv 1 Da Ne Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP490 \ A0221821.dll
00950476 Bck / Tdss.AZ Virus / Trojan Ne 0 Da Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233263.dll
00950476 Bck / Tdss.AZ Virus / Trojan Ne 0 Da Da C: \ Qoobox \ Karantena \ C \ Windows \ System32 \ UACakmovnk vlbejvsw.dll.vir
00950477 Bck / Tdss.AZ Virus / Trojan Ne 0 Da Da C: \ Qoobox \ Karantena \ C \ Windows \ System32 \ UACllkyxud engakpfn.dll.vir
00950477 Bck / Tdss.AZ Virus / Trojan Ne 0 Da Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233264.dll
00966996 Bck / Tdss.BC Virus / Trojan Ne 0 Da Da C: \ Qoobox \ Karantena \ C \ Windows \ System32 \ UACkpxjqwv ugnspokq.dll.vir
00966996 Bck / Tdss.BC Virus / Trojan Ne 0 Da Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233265.dll
01099605 Trj / Alureon.AL Virus / Trojan Ne 0 Da Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233262.dll
01099605 Trj / Alureon.AL Virus / Trojan Ne 0 Da Da C: \ Qoobox \ Karantena \ C \ Windows \ System32 \ UACxcvrjkw rnbmiqml.dll.vir
01318562 Trj / Downloader.WAV Virus / Trojan Ne 0 Da Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223044.dll
01318562 Trj / Downloader.WAV Virus / Trojan Ne 0 Da Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223065.dll
01318562 Trj / Downloader.WAV Virus / Trojan Ne 0 Da Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223056.dll
01318562 Trj / Downloader.WAV Virus / Trojan Ne 0 Da Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223073.dll
02885963 Rootkit / Booto.C Virus / crv Ne 0 Da Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0234260.sys
02885963 Rootkit / Booto.C Virus / crv Ne 0 Da Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP505 \ A0235260.sys
02885963 Rootkit / Booto.C Virus / crv Ne 0 Da Da C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233266.sys
;================================================= ================================================== ================================================== =================
Osumnjičenih
Poslano Lokacija f
;================================================= ================================================== ================================================== =================
;================================================= ================================================== ================================================== =================
Povredivosti
Id severityu Opis f
;================================================= ================================================== ================================================== =================
208380 VISOKE MS09-015 F
208379 VISOKE MS09-014 F
208378 VISOKE MS09-013 F
208377 VISOKE MS09-012 F
206981 VISOKE MS09-007 F
206980 VISOKE MS09-006 F
204670 VISOKE MS09-001 F
203806 VISOKE MS08-078 F
203508 VISOKE MS08-073 F
203505 VISOKE MS08-071 F
202465 VISOKE MS08-068 F
201683 VISOKE MS08-067 F
201258 VISOKE MS08-066 F
201256 VISOKE MS08-064 F
201255 VISOKE MS08-063 F
201253 VISOKE MS08-061 F
201250 VISOKE MS08-058 F
209275 VISOKE MS08-049 F
209273 VISOKE MS08-045 F
196455 SREDNJE MS08-037 F
194861 VISOKE MS08-031 F
194860 VISOKE MS08-030 F
191618 VISOKE MS08-025 F
191617 VISOKE MS08-024 F
191614 VISOKE MS08-021 F
191613 VISOKE MS08-020 F
187735 VISOKE MS08-010 F
187733 VISOKE MS08-008 F
184380 SREDNJE MS08-002 F
184379 SREDNJE MS08-001 F
182048 VISOKE MS07-069 F
182046 VISOKE MS07-067 F
179553 VISOKE MS07-061 F
176383 VISOKE MS07-058 F
176382 VISOKE MS07-057 F
170911 VISOKE MS07-050 F
170907 VISOKE MS07-046 F
170906 VISOKE MS07-045 F
170904 VISOKE MS07-043 F
114666 VISOKE MS06-015 F
93454 SREDNJE MS05-049 F
;================================================= ================================================== ================================================== =================

**sjb007** · #10 22. lipnja 2009, 09:30

Zdravo postoji

Napominjemo - Tijekom ovog popravka ćemo ulaska u safe modu. Molimo isprintati ove upute kao svoju internet vezu neće biti na raspolaganju tokom ovog perioda. Vi svibanj također kopirati i zalijepiti popraviti u tekstualnu datoteku i spremite je na lokaciji lako pristupačna za referencu.

Quote:

Nažalost o tome. Nemam pojma što se dogodilo

Ne brini, samo jedna od tih stvari!

Neki predmet JA je značilo da je bio ranije spomenuti da izgleda da su dva antiviruses instalirati, s jednom onemogućen. Mogu li samo pitati je F-Secure AV stari gdje pretplata je trčanje vanjska strana?

Iako je Panda scan pokupila nekoliko stavki - skeniranje zapisa stvarno izgleda dobro. Većina onoga što je pronađeno je bilo u karantenu ili je po combofix zarobljen u svoj sistem vratiti kojima možemo istjerati na kraju se popraviti kako bi se spriječilo ponovno infekcije.

Ja primjetiti da li imate instaliran SUPERAntiSpyware ...

Želim da pokrenete skeniranje za mene u sigurnom načinu rada.

Prvi omogućava ažuriranje SAS i podesiti opcije prije skeniranja

ažurirati definicije odabirom "Provjeri ažuriranja". (Ako naiđete na bilo kakve probleme tijekom preuzimanja ažuriranja, ručno ih preuzeti iz ovdje. Dvaput kliknite na hipervezu Installer za preuzimanje i spremanje SASDEFINITIONS.EXE na Vašu radnu površinu. Zatim dvokliknite na SASDEFINITIONS.EXE instalirati definicije.)
U glavnom izborniku, kliknite na Preferences ... gumb.
Kliknite na "Skeniranje Control"Tab, te pod Scanner Opcije, Provjerite sljedeće se provjeravaju (ostavite sve ostale Neprovjereni):
- Zatvori preglednici prije skeniranja.
- Scan for tracking cookies.
- Raskinuti memorije prijetnje prije quarantining.
Kliknite na "Zatvoriti"Gumb za izlaz iz kontrolnog centra zaslona i izlaz iz programa.
Ne pokrenuti skeniranje samo još.

Ponovno pokrenuti računalo u "Safe Mode"Pomoću F8 metoda. Da biste to učinili, pokrenite računalo, a nakon rasprave vaše računalo bip jednom tijekom pokretanja (ali prije nego se pojavi ikona Windows) pritisnite tipku F8 uzastopno. A pojavit će se izbornik s nekoliko opcija. Pomoću tipki sa strelicama za navigaciju i odaberite opciju za pokrenuti Windows u "Safe Mode".

Skeniraj sa SUPERAntiSpyware kako slijedi:

Pokrenite program i natrag na glavnom ekranu, pod "Scan for štetnim Software"Klik Skenirajte svoje računalo.
Na lijevoj strani, provjerite da li Vam ček C: \ Fiksni Drive.
Na desno, pod "Cijela Scan", Odabrati Obavi Cijela Scan i kliknite na "Dalje".
Nakon što je skeniranje završi, skeniranja Summary pojavit će se okvir s potencijalno štetne stavke koje su bile detektirane. Kliknite na "U redu".
Provjerite jesu li sve ima kvačica pored njega i kliknite na "Dalje".
A pojavit će se obavijest da je "Karantena i uklanjanje Cijela je. "Kliknite"U redu"I kliknite"Završi"Gumb za povratak na glavni izbornik.
Ako je pitao ukoliko ištanje to ponovno podizanje sustava, kliknite na "Da"I ponovo pokrenuti normalno.
Da biste preuzeli uklanjanje informacija nakon ponovno podizanje sustava, pokretanje SUPERAntispyware opet.
- Kliknite Preferences, A zatim pritisnite Statistika / Evidencije tab.
- Pod Scanner Evidencije, dvokliknite SUPERAntiSpyware Scan Prijava.
- Ako postoji nekoliko logove, kliknite trenutni aktualizacija prijaviti i pritisnite Prikaži zapisnik. Tekstualnu datoteku će se otvoriti u zadani uređivač teksta.
- Molimo kopirajte i zalijepite Scan Prijavite rezultate u sljedećoj odgovor.
Kliknite Zatvoriti za izlaz iz programa.

Post vratio sa nastale zapisnik, također ažurirati mi o tome kako se stvari sada prikazivati

Slične teme
Nit	Temu Započeo	Forum	Odgovori	Zadnji Post
XP Running Polako, bez Malware ...	mbonwick	Windows Operating Systems	3	24 kolovoz 2009 07:52
Višestruki Svchost.exe 's Running	Paul4763	Općenito Software Chat	2	24. srpnja 2009 02:43
Računalo ima problema s višestrukim Running Programs	flamefrenzy56	Općenito Software Chat	1	11. ožujak 2009 23:27
Višestruke instance iexplore izvodi u bakground	walnav	Virus, Spyware i sigurnost	1	13. srpnja 2008 01:35
Računalo isključi prije ja mogu skenirati za viruse ili formatu!	SgtJohnDoe	General Hardware Chat	6	21. Ruj 2007 14:31