Please Help! Min datamaskin kjører flere virus / malware.

**Mybabbits** · #1 18 juni 2009, 11:46

Hei og takk for lesing. Jeg har vært i ferd med å fjerne uønsket malware fra datamaskinen for mer enn en uke nå, og ingenting ser ut til å fungere. Jeg har funnet flere prosesser inkludert iexplorer.exe, Winlogon.exe, Spoolsv.exe og andre ukjente prosesser som PavPrSrv.exe og McciCMService.exe. Jeg måtte endre exe navnet på de fleste av programmene for å få dem til å åpne. Jeg vanligvis bruker AVG Free, men jeg har avinstallert den og prøvd Panda å se om det ville hjelpe (det gjorde det ikke). Siden da har jeg fjernet Panda og reinstallert AVG.

På forhånd takk for hjelpen!

Her er loggfilene som jeg har hentet.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2009 at 01:15

Application Version: 4.26.1004

Core Rules Database Version: 3945
Trace Rules Database Version: 1887

Scan type: Complete Scan
Total Scan Time: 01:11:18

Minne eks skannet: 373
Minne trusler oppdages: 1
Registerelementene skannet: 4431
Registerverdi trusler oppdages: 86
Fil eks skannet: 39059
Fil trusler oppdages: 11

Rootkit.Agent / Gen-UACFake
\? \ GLOBALROOT \ C: \ WINDOWS \ system32 \ UACKPXJQWVUGNSPO KQ.DLL
\? \ GLOBALROOT \ C: \ WINDOWS \ system32 \ UACKPXJQWVUGNSPO KQ.DLL

Unclassified.Unknown Origin
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ EXP lorer \ Browser Helper Objects \ (2520BA45-3D97-4864-82FF-F47F951727BA)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ EXP lorer \ Browser Helper Objects \ (9B053E00-78D3-47AE-B763-60FF36FF2886)
HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer Sion \ Ext \ Stats \ (2520BA45-3D97-4864-82FF-F47F951727BA)
HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer Sion \ Ext \ Stats \ (9B053E00-78D3-47AE-B763-60FF36FF2886)
HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (2520BA45-3D97-4864-82FF-F47F951727BA)
HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (9B053E00-78D3-47AE-B763-60FF36FF2886)
HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ S tats \ (2520BA45-3D97-4864-82FF-F47F951727BA)
HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ S tats \ (9B053E00-78D3-47AE-B763-60FF36FF2886)

Trojan.Agent / Gen-AmblBE
HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer Sion \ Ext \ Stats \ (06F20C1A-4811-4C73-a114-792ED70F2CAD)
HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ S tats \ (06F20C1A-4811-4C73-a114-792ED70F2CAD)

Adware.TrustInCash
C: \ WINDOWS \ system32 \ tisa.cnf
C: \ WINDOWS \ REMOVEADWARE.ICO
C: \ WINDOWS \ VIDEOSLOTS.ICO

Rogue.Component / Trace
HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ FIAS4057

Rootkit.Agent / Gen
HKLM \ SOFTWARE \ UAC
HKLM \ SOFTWARE \ UAC # cmddelay
HKLM \ SOFTWARE \ UAC # LastBSOD
HKLM \ SOFTWARE \ UAC # affid
HKLM \ SOFTWARE \ UAC # type
HKLM \ SOFTWARE \ UAC # bygge
HKLM \ SOFTWARE \ UAC # subid
HKLM \ SOFTWARE \ UAC # ecaab67d-7d92-4ec1-ac32-3087345120a3
HKLM \ SOFTWARE \ UAC # val
HKLM \ SOFTWARE \ UAC # sval
HKLM \ SOFTWARE \ UAC # pval
HKLM \ SOFTWARE \ UAC \ tilkoblinger
HKLM \ SOFTWARE \ UAC \ tilkoblinger # 905b3008
HKLM \ SOFTWARE \ UAC \ tilkoblinger # 7d72e91c
HKLM \ SOFTWARE \ UAC \ tilkoblinger # a2674c18
HKLM \ SOFTWARE \ UAC \ tilkoblinger # b43dcf0f
HKLM \ SOFTWARE \ UAC \ tilkoblinger # f2065612
HKLM \ SOFTWARE \ UAC \ nektet
HKLM \ SOFTWARE \ UAC \ nektet # trsetup.exe
HKLM \ SOFTWARE \ UAC \ nektet # ViewpointService.exe
HKLM \ SOFTWARE \ UAC \ nektet # ViewMgr.exe
HKLM \ SOFTWARE \ UAC \ nektet # SpySweeper.exe
HKLM \ SOFTWARE \ UAC \ nektet # SUPERAntiSpyware.exe
HKLM \ SOFTWARE \ UAC \ nektet # SpySub.exe
HKLM \ SOFTWARE \ UAC \ nektet # SpywareTerminatorShie ld.exe
HKLM \ SOFTWARE \ UAC \ nektet # SpyHunter3.exe
HKLM \ SOFTWARE \ UAC \ nektet # XoftSpy.exe
HKLM \ SOFTWARE \ UAC \ nektet # SpyEraser.exe
HKLM \ SOFTWARE \ UAC \ nektet # combofix.exe
HKLM \ SOFTWARE \ UAC \ nektet # otscanit.exe
HKLM \ SOFTWARE \ UAC \ nektet # mbam.exe
HKLM \ SOFTWARE \ UAC \ nektet # mbam-setup.exe
HKLM \ SOFTWARE \ UAC \ nektet # flash_disinfector.exe
HKLM \ SOFTWARE \ UAC \ nektet # otmoveit2.exe
HKLM \ SOFTWARE \ UAC \ nektet # smitfraudfix.exe
HKLM \ SOFTWARE \ UAC \ nektet # prevxcsifree.exe
HKLM \ SOFTWARE \ UAC \ nektet # download_mbam-setup.exe
HKLM \ SOFTWARE \ UAC \ nektet # cbo_setup.exe
HKLM \ SOFTWARE \ UAC \ nektet # spywareblastersetup.e XE
HKLM \ SOFTWARE \ UAC \ nektet # rminstall.exe
HKLM \ SOFTWARE \ UAC \ nektet # sdsetup.exe
HKLM \ SOFTWARE \ UAC \ nektet # vundofixsvc.exe
HKLM \ SOFTWARE \ UAC \ nektet # daft.exe
HKLM \ SOFTWARE \ UAC \ nektet # gmer.exe
HKLM \ SOFTWARE \ UAC \ nektet # catchme.exe
HKLM \ SOFTWARE \ UAC \ nektet # mcpr.exe
HKLM \ SOFTWARE \ UAC \ nektet # sdfix.exe
HKLM \ SOFTWARE \ UAC \ nektet # hjtinstall.exe
HKLM \ SOFTWARE \ UAC \ nektet # fixpolicies.exe
HKLM \ SOFTWARE \ UAC \ nektet # emergencyutil.exe
HKLM \ SOFTWARE \ UAC \ nektet # techweb.exe
HKLM \ SOFTWARE \ UAC \ nektet # GoogleUpdate.exe
HKLM \ SOFTWARE \ UAC \ nektet # windowsdefender.exe
HKLM \ SOFTWARE \ UAC \ nektet # spybotsd.exe
HKLM \ SOFTWARE \ UAC \ nektet # winlognn.exe
HKLM \ SOFTWARE \ UAC \ nektet # csrssc.exe
HKLM \ SOFTWARE \ UAC \ nektet # klif.sys
HKLM \ SOFTWARE \ UAC \ nektet # pctssvc.sys
HKLM \ SOFTWARE \ UAC \ nektet # pctcore.sys
HKLM \ SOFTWARE \ UAC \ nektet # mchinjdrv.sys
HKLM \ SOFTWARE \ UAC \ nektet # szkg.sys
HKLM \ SOFTWARE \ UAC \ nektet # sasdifsv.sys
HKLM \ SOFTWARE \ UAC \ nektet # saskutil.sys
HKLM \ SOFTWARE \ UAC \ nektet # sasenum.sys
HKLM \ SOFTWARE \ UAC \ nektet # ccHPx86.sys
HKLM \ SOFTWARE \ UAC \ injector
HKLM \ SOFTWARE \ UAC \ injector # *
HKLM \ SOFTWARE \ UAC \ maske
HKLM \ SOFTWARE \ UAC \ maske # 6aed4b25
HKLM \ SOFTWARE \ UAC \ maske # e0ae8144
HKLM \ SOFTWARE \ UAC \ maske # 30910b28
HKLM \ SOFTWARE \ UAC \ maske # c6216721
HKLM \ SOFTWARE \ UAC \ maske # dd118673
HKLM \ SOFTWARE \ UAC \ versjoner
HKLM \ SOFTWARE \ UAC \ versjoner # / banner / crcmds / init

Adware.Tracking Cookie
C: \ Documents and Settings \ Gjest \ Cookies \ guest@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Gjest \ Cookies \ gjest @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Gjest \ Cookies \ gjest @ myroitracking [1]. Txt
C: \ Documents and Settings \ Gjest \ Cookies \ guest@serw.clicksor [1]. Txt
C: \ WINDOWS \ system32 \ config \ systemprofile \ Cookies \ s ystem @ ix finner [1]. Txt

Adware.180solutions/Seekmo/Zango
C: \ Programfiler \ FASOFT \ n-TRACK STUDIO 6 \ setup.exe

Nettleser Hijacker.MS Web Search
C: \ WINDOWS \ LOCAL.HTML

Malwarebytes' Anti-Malware 1.37
Database versjon: 2269
Windows 5.1.2600 Service Pack 2

6/18/2009 2:25:06 PM
mbam-log-2009-06-18 (14-25-06). txt

Scan type: Quick Scan
Objekter skannet: 28750
Tid brukt: 18 minutt (er), 54 sekund (er)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registernøkler Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(Ingen skadelige eks oppdaget)

Memory Modules Infected:
(Ingen skadelige eks oppdaget)

Registernøkler Infected:
(Ingen skadelige eks oppdaget)

Registry Values Infected:
(Ingen skadelige eks oppdaget)

Registry Data Items Infected:
(Ingen skadelige eks oppdaget)

Folders Infected:
(Ingen skadelige eks oppdaget)

Files Infected:
(Ingen skadelige eks oppdaget)

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 2:28:36 PM, on 6/18/2009
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Programfiler \ Java \ jre6 \ bin \ jusched.exe
C: \ progra ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
C: \ Programfiler \ Java \ jre6 \ bin \ jqs.exe
C: \ Programfiler \ Fellesfiler \ motiv \ McciCMService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ progra ~ 1 \ AVG \ AVG8 \ avgrsx.exe
C: \ progra ~ 1 \ AVG \ AVG8 \ avgemc.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.att.net/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Innstillinger ProxyServer = http = localhost: 7171
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local; <local>
O1 - Hosts::: 1 localhost
O1 - Hosts: 209.44.111.57 security.microsoft.com
O1 - Hosts: 209.44.111.57 inetavirus.com
O1 - Hosts: 209.44.111.57 www.inetavirus.com
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Programfiler \ AVG \ AVG8 \ avgssie.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Programfiler \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Programfiler \ Java \ jre6 \ lib \ distribuere \ jqs \ ie \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKUS \ S-1-5-19 \ .. \ Run: [pivafuniya] rundll32.exe "C: \ WINDOWS \ system32 \ luruwono.dll", s (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [pivafuniya] rundll32.exe "C: \ WINDOWS \ system32 \ luruwono.dll", s (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [MySpaceIM] C: \ Programfiler \ MySpace \ Chat \ MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [MySpaceIM] C: \ Programfiler \ MySpace \ Chat \ MySpaceIM.exe (User 'Default user')
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Programfiler \ AVG \ AVG8 \ avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C: \ WINDOWS \ system32 \ zuhagiye.dll c: \ windows \ system32 \ nulakili.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, sro - C: \ progra ~ 1 \ AVG \ AVG8 \ avgemc.exe
O23 - Service: AVG8 Watchdog (avg8wd) - AVG Technologies CZ, sro - C: \ progra ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9c119864b630) (gupdate1c9c119864b630) - Google Inc. - C: \ Programfiler \ Google \ Update \ GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C: \ Programfiler \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: McciCMService - motiv Communications, Inc. - C: \ Programfiler \ Fellesfiler \ motiv \ McciCMService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, SL - C: \ Programfiler \ Fellesfiler \ Panda Security \ PavShld \ pavprsrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe

--
End of file - 4735 bytes

**sjb007** · #2 18 juni 2009, 15:35

Hei Mybabbits

Laste ned Combofix fra noen av lenkene nedenfor. Du må endre navn på den før du lagrer den. Lagre den på skrivebordet ditt som Kombitaster fix.exe.

Link 1
Link 2
Link 3

Deaktivere antivirus-og antispionprogrammer, vanligvis via et høyreklikk på System-ikonet. De kan ellers forstyrrer våre verktøy

Åpne Oppgavebehandling ved å trykke Ctrl-Alt og Del tastene samtidig.

I menyen øverst i dialogboksen, klikker du Fil> Ny oppgave (Kjør. ..)

Kopier / lim inn (eller skriv inn) følgende i Kjør-boksen og klikk OK: (forutsatt ComboFix.exe er på skrivebordet, slik det ble beskrevet)

"% brukerprofil% \ desktop \ Kombitaster fix.exe" / killall

Følg instruksjonene på skjermen insatructions og la combofix fullføre kjøre, Kontroller at du installerer gjenopprettingskonsollen på forespørsel.

Post tilbake med resultatet i din neste post.

Laste ned GMER Rootkit Scanner fra her eller her.

Pakk ut innholdet i den zippede filen til skrivebordet.
Dobbeltklikk GMER.exe. Hvis du blir bedt om å tillate gmer.sys driveren lastes, må du samtykke.
Hvis det gir deg en advarsel om rootkit aktivitet og spør om du vil kjøre scan ... klikke på NO.

Klikk på bildet for å forstørre det
I panelet til høyre, vil du se flere bokser som har blitt kontrollert. Fjern merket følgende ...
- Seksjoner
- IAT / Spis
- Drives / partisjon enn SystemDrive (vanligvis C: \)
- Vis alle (ikke glipp av dette)
Deretter klikker du på Scan-knappen og vente på at den blir ferdig.
Når ferdig, klikker du på [Lagre ..] -knappen, og i Filnavn området, skriv inn "Gmer.txt" eller det vil lagre som en. loggfilen
Lagre det der du enkelt kan finne den, for eksempel på skrivebordet, og kopiere og lime inn i din neste svar

** Advarsel **
Rootkit skanner ofte produsere falske positive. Ikke foretar oss noe om eventuelle "<--- ROOKIT "entries

Kopier og lim både loggene i neste svar

**Mybabbits** · #3 18 juni 2009, 18:36

Jeg lastet ned ComboFix til skrivebordet og endret navnet som beskrevet. Når jeg prøver å kjøre "% brukerprofil% \ desktop \ Kombitaster fix.exe" / killall Jeg får en popup-skjerm som første advarer meg at programmet er fra en uidentifisert kilde, så jeg valgte kjøre. Etter at det synes som om combofix kjører riktig så får jeg en popup-skjermen som sier noe sånt som "Windows finner ikke" grpconv ". Kontroller at du har skrevet navnet riktig ..." og så videre-skjermen ikke holde seg lenge nok for meg å få resten av det. Jeg klikket OK der, og så fikk jeg en annen skjerm fra combofix som sier det har oppdaget AVG antivirus fremdeles kjører. Jeg hadde problemer med å deaktivere den, så jeg gikk videre og avinstallert den helt. Jeg er ikke sikker på hvorfor det likevel synes det er i gang. Skal jeg gå og klikk OK om disse skjermene for og se om den vil fremdeles arbeide?

Takk!

**sjb007** · #4 18 juni 2009, 23:48

Hei

Klikk OK gjennom skjermene og se om du kan få combofix søke å fullføre

**Mybabbits** · #5 19 juni 2009, 06:58

Jeg hadde noen problemer med combofix. På et tidspunkt i prosessen skrivebordet gikk tom og combofix skjermen forsvant. Er det lov til å gjøre dette? Jeg ventet 10 minutter for å se om noe ville skje, og jeg omstartet datamaskinen. Etter at combofix skjermen kom opp og sa det var å skape loggfilen ...

Her er hva jeg fikk:

ComboFix 09-06-18.02 - Eier 06/19/2009 9:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.286 [GMT -4:00]
Running from: C: \ Documents and Settings \ Eier \ Skrivebord \ Kombitaster fix.exe
Command brytere brukes:: / killall
AV: AVG Anti-Virus Free * On-tilgang skanning aktivert * (Oppdatert) (17DDD097-36FF-435F-9E1B-52D74245D6BF)
FW: F-Secure Anti-Virus 2006 6,10 * deaktivert * (D4747503-0346-49EB-9262-997542F79BF4)

ADVARSEL-Denne maskinen har ikke gjenopprettingskonsollen INSTALLERT!
.

((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ Documents and Settings \ LocalService \ Application Data \ twain_32
c: \ Documents and Settings \ NetworkService \ Application Data \ twain_32
c: \ windows \ system32 \ komponenter
c: \ windows \ system32 \ drivers \ UACymttprqpphespir.sys
c: \ windows \ system32 \ UACakmovnkvlbejvsw.dll
c: \ windows \ system32 \ UACjqblgassmsyrtsd.log
c: \ windows \ system32 \ UACkpxjqwvugnspokq.dll
c: \ windows \ system32 \ UACllkyxudengakpfn.dll
c: \ windows \ system32 \ UACmxexwkuwcfyxylo.dll
c: \ windows \ system32 \ UACtdqoweywvrmpfuc.dat
c: \ windows \ system32 \ UACwixxvmnqlxbujns.log
c: \ windows \ system32 \ UACwqwjasvfplrvpdn.log
c: \ windows \ system32 \ UACxcvrjkwrnbmiqml.dll
C: \ bt.log
c: \ Documents and Settings \ LocalService \ Application Data \ twain_32 \ user.ds
c: \ Documents and Settings \ NetworkService \ Application Data \ twain_32 \ user.ds
c: \ windows \ system32 \ arosetud.ini
c: \ windows \ system32 \ barohozi.dll.tmp
c: \ windows \ system32 \ bavuvofi.dll.tmp
c: \ windows \ system32 \ Components \ flx0.dll
c: \ windows \ system32 \ diwovadu.dll.tmp
c: \ windows \ system32 \ drivers \ str.sys
c: \ windows \ system32 \ drivers \ UACymttprqpphespir.sys
c: \ windows \ system32 \ edurozoj.ini
c: \ windows \ system32 \ foyefolu.dll.tmp
c: \ windows \ system32 \ huboweri.dll.tmp
c: \ windows \ system32 \ ipepiyik.ini
c: \ windows \ system32 \ irawesak.ini
c: \ windows \ system32 \ jiyiduse.dll.tmp
c: \ windows \ system32 \ lcch.dat
c: \ windows \ system32 \ lut.dat
c: \ windows \ system32 \ nfr.assembly
c: \ windows \ system32 \ nfr.gpref
c: \ windows \ system32 \ obinunud.ini
c: \ windows \ system32 \ ofalonoy.ini
c: \ windows \ system32 \ ozejalir.ini
c: \ windows \ system32 \ srsut.bak1
c: \ windows \ system32 \ tconini.dat
c: \ windows \ system32 \ UACakmovnkvlbejvsw.dll
c: \ windows \ system32 \ uacinit.dll
c: \ windows \ system32 \ UACjqblgassmsyrtsd.log
c: \ windows \ system32 \ UACkpxjqwvugnspokq.dll
c: \ windows \ system32 \ UACllkyxudengakpfn.dll
c: \ windows \ system32 \ UACmxexwkuwcfyxylo.dll
c: \ windows \ system32 \ UACtdqoweywvrmpfuc.dat
c: \ windows \ system32 \ UACwixxvmnqlxbujns.log
c: \ windows \ system32 \ UACwqwjasvfplrvpdn.log
c: \ windows \ system32 \ UACxcvrjkwrnbmiqml.dll
c: \ windows \ system32 \ ugujasof.ini
c: \ windows \ system32 \ utodobah.ini

c: \ windows \ system32 \ grpconv.exe mangler
Restaurert kopi fra - c: \ windows \ ServicePackFiles \ i386 \ grpconv.exe

c: \ windows \ system32 \ proquota.exe mangler
Restaurert kopi fra - c: \ windows \ ServicePackFiles \ i386 \ proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Service_UACd.sys
------- \ Legacy_PODMENA
------- \ Legacy_PODMENADRV

((((((((((((((((((((((((( Files Created fra 2009-05-19 til 2009-06-19 ))))))))))) ))))))))))))))))))))
.

2009-06-19 13:09. 2004-08-04 07:56 50176-c - aw-c: \ windows \ system32 \ dllcache \ proquota.exe
2009-06-19 13:09. 2004-08-04 07:56 50176 ---- aw-c: \ windows \ system32 \ proquota.exe
2009-06-18 18:04. 2009-06-18 18:04 3561743 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes \ Malwarebytes' Anti-Malware \ mbam-setup.exe
2009-06-18 15:58. 2009-06-18 18:01 117760 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-06-18 15:57. 2009-06-18 15:57 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2009-06-18 15:54. 2009-06-18 15:57 -------- d ----- w-c: \ Programfiler \ SUPERAntiSpyware
2009-06-18 15:54. 2009-06-18 15:54 -------- d ----- w-c: \ Documents and Settings \ Eier \ Programdata \ SUPERAntiSpyware.com
2009-06-18 15:53. 2009-06-18 15:53 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ Wise Installation Wizard
2009-06-18 15:42. 2009-06-18 15:42 -------- d ----- w-c: \ Programfiler \ CCleaner
2009-06-18 05:27. 2009-06-18 05:27 152576 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ søndag \ Java \ jre1.6.0_14 \ lzma.dll
2009-06-18 04:28. 2009-06-18 04:28 -------- d ----- w-c: \ Programfiler \ Trend Micro
2009-06-13 07:06. 2002-06-19 23:03 151552 ---- aw-c: \ windows \ system32 \ igfxres.dll
2009-06-13 06:38. 2002-06-21 15:02 266240 ---- aw-c: \ windows \ system32 \ shpshftr.dll
2009-06-13 06:00. 2009-06-13 06:00 444 ---- aw-c: \ windows \ system32 \ d3d8caps.dat
2009-06-13 05:01. 2009-06-13 05:01 -------- d ----- w-c: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Programdata \ Mozilla
2009-06-13 04:44. 2009-06-18 04:53 -------- d ----- w-c: \ Program Files \ Startup Optimizer
2009-06-12 23:31. 2009-06-12 23:31 -------- d ----- w-c: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2009-06-12 22:21. 2009-05-26 17:20 40160 ---- aw-c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2009-06-12 22:21. 2009-06-12 22:23 -------- d ----- w-c: \ Programfiler \ Malwarebytes' Anti-Malware
2009-06-12 22:21. 2009-05-26 17:19 19096 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys
2009-06-12 19:18. 2009-06-12 23:26 45 ---- aw-c: \ windows \ system32 \ ca.dat
2009-06-12 18:56. 2008-03-04 19:59 41144 ---- aw-c: \ windows \ system32 \ drivers \ ShlDrv51.sys
2009-06-12 18:56. 2008-02-07 16:03 179640 ---- aw-c: \ windows \ system32 \ drivers \ PavProc.sys
2009-06-12 18:21. 2009-06-12 18:56 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ Panda Security
2009-06-03 05:12. 2004-08-04 07:56 221184 ---- aw-c: \ windows \ system32 \ wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 01:27. 2008-05-23 05:13 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ avg8
2009-06-18 05:31. 2009-01-05 00:21 410984 ---- aw-c: \ windows \ system32 \ deploytk.dll
2009-06-18 05:31. 2009-01-12 01:18 -------- d ----- w-c: \ Programfiler \ Java
2009-06-13 04:50. 2009-01-05 04:50 -------- d ----- w-c: \ Programfiler \ webpublisering
2009-06-13 04:49. 2008-08-20 22:26 -------- d ----- w-c: \ Programfiler \ Mozilla Thunderbird
2009-06-12 22:57. 2009-04-16 15:22 -------- d ----- w-c: \ Documents and Settings \ Eier \ Programdata \ U3
2009-06-12 18:22. 2006-05-02 03:43 -------- d - h - w-c: \ Programfiler \ InstallShield Installasjonsinformasjon
2009-06-12 16:10. 2009-04-19 18:00 -------- d ----- w-c: \ Programfiler \ Google
2009-06-02 16:49. 2009-03-29 21:27 -------- d ----- w-c: \ Documents and Settings \ Eier \ Programdata \ n-Track Studio6
2009-05-15 13:30. 2006-07-15 14:36 -------- d ----- w-c: \ Programfiler \ QuickTime
2009-05-15 13:30. 2006-07-15 15:39 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w-c: \ Programfiler \ Apple Software Update
2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Apple
2009-05-12 19:53. 2009-05-12 19:53 16141 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ Help \ lego.exe
2009-05-12 19:53. 2009-05-12 19:53 11410 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ Identities \ msgdi.dll
2009-05-12 19:53. 2009-05-12 19:53 10121 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ Lavasoft \ kern.dll
2009-05-12 19:53. 2009-05-12 19:53 422 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ Apple Computer \ socks1.exe
2009-05-12 19:53. 2009-05-12 19:53 145131 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ DivX \ nomad.exe
2009-05-12 19:53. 2009-05-12 19:53 13221 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ Adobe \ rengo.dll
2009-05-12 19:53. 2009-05-12 19:53 11232 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ acccore \ shalom.exe
2009-05-11 14:21. 2009-05-11 14:21 -------- d ----- w-c: \ Documents and Settings \ Eier \ Programdata \ Malwarebytes
2009-05-11 14:20. 2009-05-11 14:20 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2009-05-01 02:42. 2009-05-01 02:42 130443 ---- aw-c: \ windows \ system32 \ rn.tmp
2009-04-22 16:14. 2006-05-03 02:44 -------- d ----- w-c: \ Documents and Settings \ Eier \ Programdata \ n-Track Studio
2009-04-21 07:27. 2006-05-03 02:44 12024 ---- aw-c: \ Documents and Settings \ Eier \ Lokale innstillinger \ Programdata \ GDIPFONTCACHEV1.DAT
2009-04-15 20:25. 2009-04-19 18:01 43528 ------ w-c: \ windows \ system32 \ drivers \ PxHelp20.sys
2009-04-15 20:25. 2009-04-19 18:01 9464 ------ w-c: \ windows \ system32 \ drivers \ cdralw2k.sys
2009-04-15 20:25. 2009-04-19 18:01 9336 ------ w-c: \ windows \ system32 \ drivers \ cdr4_xp.sys
2009-04-15 20:25. 2009-04-19 18:01 120056 ------ w-c: \ windows \ system32 \ pxcpyi64.exe
2009-04-15 20:25. 2009-04-19 18:01 118520 ------ w-c: \ windows \ system32 \ pxinsi64.exe
2009-04-15 20:25. 2009-04-19 18:01 129784 ------ w-c: \ windows \ system32 \ pxafs.dll
2009-04-15 20:24. 2009-04-15 20:24 90112 ---- aw-c: \ windows \ system32 \ dpl100.dll
2009-04-15 20:24. 2009-04-15 20:24 823296 ---- aw-c: \ windows \ system32 \ divx_xx0c.dll
2009-04-15 20:24. 2009-04-15 20:24 823296 ---- aw-c: \ windows \ system32 \ divx_xx07.dll
2009-04-15 20:24. 2009-04-15 20:24 815104 ---- aw-c: \ windows \ system32 \ divx_xx0a.dll
2009-04-15 20:24. 2009-04-15 20:24 802816 ---- aw-c: \ windows \ system32 \ divx_xx11.dll
2009-04-15 20:24. 2009-04-15 20:24 684032 ---- aw-c: \ windows \ system32 \ DivX.dll
2009-04-01 16:35. 2009-04-01 16:34 7040776 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ MySpace \ IM \ Installer \ MSIMClientSetup.1.0.789.0-statisk A.exe
2009-04-01 16:33. 2009-04-01 16:33 300800 ---- aw-C: \ MySpaceIM_Setup.exe
2009-03-31 23:24. 2009-03-31 23:23 16494272 ---- aw-C: \ nTrackSetup.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _16496df1.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _69525f90.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _294823.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _18be6784.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _4ae13d6c.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _2cd672ae.exe
2009-02-26 16:20. 2009-02-26 16:20 6309376 ---- aw-c: \ Programfiler \ ntrack.exe
2009-02-26 16:05. 2009-02-26 16:05 126976 ---- aw-c: \ Programfiler \ AMGateway.ax
2009-02-26 16:05. 2009-02-26 16:05 63168 ---- aw-c: \ Programfiler \ RegisterComponents.exe
2009-02-26 16:05. 2009-02-26 16:05 163520 ---- aw-c: \ Programfiler \ ReportDump.exe
2009-02-26 16:04. 2009-02-26 16:04 86016 ---- aw-c: \ Programfiler \ vstscan.exe
2009-02-26 16:04. 2009-02-26 16:04 45056 ---- aw-c: \ Programfiler \ ball.ax
2009-02-26 16:01. 2009-02-26 16:01 78848 ---- aw-c: \ Programfiler \ EmptyProjectAction.dll
2009-02-26 16:01. 2009-02-26 16:01 147456 ---- aw-c: \ Programfiler \ nTrackDotControls.dll
2009-02-26 16:00. 2009-02-26 16:00 637440 ---- aw-c: \ Programfiler \ NativeControls6.dll
2009-02-26 15:59. 2009-02-26 15:59 99328 ---- aw-c: \ Programfiler \ SurroundVSTGui.dll
2009-02-26 15:59. 2009-02-26 15:59 45056 ---- aw-c: \ Programfiler \ yeti.mmedia.dll
2009-02-26 15:59. 2009-02-26 15:59 40960 ---- aw-c: \ Programfiler \ cdcopier.dll
2009-02-26 15:59. 2009-02-26 15:59 28672 ---- aw-c: \ Programfiler \ Ripper.dll
2009-02-26 15:59. 2009-02-26 15:59 8704 ---- aw-c: \ Programfiler \ ntrack3rdparty.dll
2009-02-26 15:59. 2009-02-26 15:59 5120 ---- aw-c: \ Programfiler \ WindowsFormsBase.dll
2009-02-26 15:59. 2009-02-26 15:59 36864 ---- aw-c: \ Programfiler \ nttest.dll
2009-02-26 15:59. 2009-02-26 15:59 32768 ---- aw-c: \ Programfiler \ nTrackDotNet.dll
2009-02-26 15:59. 2009-02-26 15:59 24576 ---- aw-c: \ Programfiler \ AVFader.dll
2009-02-26 15:59. 2009-02-26 15:59 6656 ---- aw-c: \ Programfiler \ nativecontrolsinterop.dll
2009-02-07 22:10. 2009-02-07 22:10 528726 ---- aw-c: \ Program Files \ n-Track.htm
2009-02-06 00:15. 2009-02-06 00:15 225792 ---- aw-c: \ Programfiler \ AutoVol.dll
2009-02-06 00:14. 2009-02-06 00:14 228352 ---- aw-c: \ Programfiler \ Chorus.dll
2009-02-06 00:14. 2009-02-06 00:14 228864 ---- aw-c: \ Programfiler \ Echo.dll
2009-02-06 00:12. 2009-02-06 00:12 369152 ---- aw-c: \ Programfiler \ ntrck_PitchShift.dll
2009-02-06 00:11. 2009-02-06 00:11 176128 ---- aw-c: \ Programfiler \ Riverbero.dll
2009-02-06 00:09. 2009-02-06 00:09 434688 ---- aw-c: \ Programfiler \ facomp10.dll
2009-02-06 00:08. 2009-02-06 00:08 379904 ---- aw-c: \ Programfiler \ dxirewire.dll
2009-02-06 00:06. 2009-02-06 00:06 951808 ---- aw-c: \ Programfiler \ fa4bdeq.dll
2009-01-13 14:16. 2009-01-13 14:16 3455 ---- aw-c: \ Programfiler \ order.html
2008-11-28 00:23. 2008-11-28 00:23 642840 ---- aw-c: \ Program Files \ n-track.cfg
2008-10-25 23:46. 2008-10-25 23:46 4920 ---- aw-c: \ Programfiler \ order_upgrade.html
2008-09-02 23:06. 2008-09-02 23:06 231936 ---- aw-c: \ Programfiler \ ShellCtl.dll
2008-08-31 13:20. 2008-08-31 13:20 105056 ---- aw-c: \ Programfiler \ Setup.bmp
2008-06-20 18:37. 2008-06-20 18:37 24576 ---- aw-c: \ Programfiler \ ScrollerAbout.dll
2008-06-20 18:18. 2008-06-20 18:18 831058 ---- aw-c: \ Programfiler \ banks_default.txt
2008-06-20 18:18. 2008-06-20 18:18 709 ---- aw-c: \ Programfiler \ ntrack.exe.config
2008-06-20 18:18. 2008-06-20 18:18 22124 ---- aw-c: \ Programfiler \ us428_faders.dat
2008-06-20 18:18. 2008-06-20 18:18 22124 ---- aw-c: \ Programfiler \ us224_faders.dat
2008-06-20 18:17. 2008-06-20 18:17 4035 ---- aw-c: \ Program Files \ n-track_help.cnt
2008-06-20 18:17. 2008-06-20 18:17 169585 ---- aw-c: \ Programfiler \ Drum Example.sng
2008-06-20 18:17. 2008-06-20 18:17 15457 ---- aw-c: \ Programfiler \ FACOMP10.HLP
2008-06-20 18:17. 2008-06-20 18:17 25698 ---- aw-c: \ Programfiler \ FA4BDEQ.HLP
2008-06-20 18:16. 2008-06-20 18:16 19339 ---- aw-c: \ Programfiler \ N-TRACK_EFX.HLP
2004-06-11 20:19. 2004-06-11 20:19 25214 ---- aw-c: \ Programfiler \ help_icon.ico
2004-06-07 13:23. 2004-06-07 13:23 25214 ---- aw-c: \ Programfiler \ link_icon.ico
2000-11-12 03:30. 2000-11-12 03:30 86 ---- aw-c: \ Programfiler \ BUYIT!. URL
2000-11-12 03:28. 2000-11-12 03:28 73 ---- aw-c: \ Program Files \ n-Track.url
2009-04-15 20:24. 2009-04-15 20:24 1044480 ---- aw-c: \ Programfiler \ Mozilla Firefox \ plugins \ libdivx.dll
2009-04-15 20:24. 2009-04-15 20:24 200704 ---- aw-c: \ Programfiler \ Mozilla Firefox \ plugins \ ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "c: \ windows \ system32 \ igfxtray.exe" [2002-06-19 155648]
"HotKeysCmds" = "c: \ windows \ system32 \ hkcmd.exe" [2002-06-19 114688]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-06-18 148888]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"MySpaceIM" = "C: \ Program Files \ MySpace \ Chat \ MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2008-12-22 16:05 356352 ---- aw-c: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ windows]
"AppInit_DLLs" = C: \ Windows \ system32 \ avgrsstx.dl l

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Program Files \ \ AVG \ AVG8 \ \ avgupd.exe" =
"c: \ \ Program Files \ \ AVG \ AVG8 \ \ avgemc.exe" =
"c: \ \ Program Files \ \ ATT-Hsi \ \ McciBrowser.exe" =
"c: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" =
"c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" =
"c: \ \ WINDOWS \ \ system32 \ igfxtray.exe" =
"c: \ \ Program Files \ \ AVG \ AVG8 \ \ avgrsx.exe" =
"% windir% \ \ system32 \ \ drivers \ \ Svchost.exe" =
"c: \ \ Program Files \ \ MySpace \ \ Chat \ \ MySpaceIM.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"53: TCP" = 53: TCP: websrvx

R1 AvgLdx86; AVG AVI Loader Driver x86; c: \ windows \ system32 \ drivers \ avgldx86.sys [5/23/2008 1:13 AM 96520]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R1 ShldDrv; Panda File Shield Driver; c: \ windows \ system32 \ drivers \ ShlDrv51.sys [6/12/2009 2:56 PM 41144]
R2 avg8emc; AVG8 E-mail Scanner; c: \ progra ~ 1 \ AVG \ AVG8 \ avgemc.exe [5/23/2008 1:13 AM 902424]
R2 avg8wd; AVG8 Watchdog; c: \ progra ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [5/23/2008 1:13 AM 282904]
R2 AvgTdiX; AVG8 Network Redirector; c: \ windows \ system32 \ drivers \ avgtdix.sys [5/23/2008 1:13 AM 75272]
R2 PavProc; Panda Process Protection Driver; c: \ windows \ system32 \ drivers \ PavProc.sys [6/12/2009 2:56 PM 179640]
R2 Viewpoint Manager Service; Viewpoint Manager Service; C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2/5/2009 6:56 PM 24652]
R3 (A7E39B01-B403-11D4-BD18-00D0B7A1821E); AIM 3,0 Part 01 Codec Driver VCH-A, C: \ windows \ system32 \ drivers \ Vch.sys [5/1/2006 11:58 PM 20023]
S2 gupdate1c9c119864b630; Google Update Service (gupdate1c9c119864b630); c: \ Programfiler \ Google \ Update \ GoogleUpdate.exe [4/19/2009 2:02 PM 133104]
S2 sgejhlqxcrvoui; sgejhlqxcrvoui; \? \ C: \ windows \ system m32 \ drivers \ ngaysfvqh.sys -> c: \ windows \ system32 \ drivers \ ngaysfvqh.sys [?]
S2 vnoakhdmmnhfkc; vnoakhdmmnhfkc; \? \ C: \ windows \ system m32 \ drivers \ ncjdccfwkwt.sys -> c: \ windows \ system32 \ drivers \ ncjdccfwkwt.sys [?]
S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Innholdet i "Scheduled Tasks"-mappen

2009-06-19 C: \ Windows \ Tasks \ GoogleUpdateTaskMachine.job
- C: \ Programfiler \ Google \ Update \ GoogleUpdate.exe [2009-04-19 18:00]
.
.
------- Tilleggsavtale Scan -------
.
uStart Page = hxxp: / / www.att.net/
uInternet Connection Wizard, ShellNext = iexplore
uInternet Innstillinger ProxyServer = http = localhost: 7171
uInternet Settings, ProxyOverride = *. local; <local>
uSearchURL, (Default) = hxxp: / / us.rd.yahoo.com / tilpasse / ycomp / defaults / su / *http://www.yahoo.com
IE: & Search
FF - ProfilePath - c: \ Documents and Settings \ Eier \ Programdata \ Mozilla \ Firefox \ Profiles \ a8c9lkqd.default \
FF - prefs.js: browser.search.defaulturl - hxxp: / / search.yahoo.com / search? Fr = ffsp1 & p =
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp: / / search.yahoo.com / search? Fr = ffds1 & p =
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - plugin: C: \ Programfiler \ Mozilla Firefox \ plugins \ npViewpoint.dll
FF - plugin: C: \ Program Files \ Viewpoint \ Viewpoint Media Player \ npViewpoint.dll
.

************************************************** ************************

CatchMe 0.3.1398 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 09:15
Windows 5.1.2600 Service Pack 2 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

skanning skjulte filer ...

skanning er fullført
skjulte filer: 0

************************************************** ************************
.
--------------------- DLLer Loaded Under Running Processes ---------------------

- - - - - - -> 'Winlogon.exe' (612)
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
.
------------------------ Other Running Prosesser ----------------------- --
.
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
c: \ Programfiler \ Fellesfiler \ motiv \ McciCMService.exe
c: \ Programfiler \ Fellesfiler \ Panda Security \ PavShld \ PavPrSrv.exe
c: \ windows \ system32 \ wscntfy.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
.
************************************************** ************************
.
Fullføringstidspunkt: 2009-06-19 9:20 - maskinen ble startet på nytt
ComboFix-karantene-files.txt 2009-06-19 13:20

Pre-Run: 6120624128 bytes gratis
Post-Run: 6057713664 bytes gratis

300

GMER 1.0.15.14972 -- http://www.gmer.net
Rootkit scan 2009-06-19 09:55:00
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

Code \? \ C: \ DOCUME ~ 1 \ Eier \ LOCALS ~ 1 \ Temp \ catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

Device \ filsystem \ ntfs \ ntfs ShlDrv51.sys (PandaShield sjåfør / Panda Security, SL)
Device \ filsystem \ Fastfat \ FatCdrom ShlDrv51.sys (PandaShield sjåfør / Panda Security, SL)
Device \ Driver \ Tcpip \ Device \ IP avgtdix.sys (AVG Nettverkstilkobling Watcher / AVG Technologies CZ, sro)
Device \ Driver \ Tcpip \ Device \ Tcp avgtdix.sys (AVG Nettverkstilkobling Watcher / AVG Technologies CZ, sro)
Device \ Driver \ Tcpip \ Device \ UDP avgtdix.sys (AVG Nettverkstilkobling Watcher / AVG Technologies CZ, sro)
Device \ Driver \ Tcpip \ Device \ RawIp avgtdix.sys (AVG Nettverkstilkobling Watcher / AVG Technologies CZ, sro)
Device \ Driver \ Tcpip \ Device \ IPMULTICAST avgtdix.sys (AVG Nettverkstilkobling Watcher / AVG Technologies CZ, sro)
Device \ filsystem \ Fastfat \ Fat ShlDrv51.sys (PandaShield sjåfør / Panda Security, SL)

AttachedDevice \ filsystem \ Fastfat \ Fat fltmgr.sys (Microsoft Filesystem Filteradministrator / Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

**sjb007** · #6 19 juni 2009, 15:36

Hei der

Godt arbeid i å få combofix å fullføre, combofix sikkert tok litt søppel ut av systemet! Fortsatt noe arbeid igjen å gjøre ennå men ....

1. Lukk alle åpne nettlesere.

2.Kontroller at du har deaktivert alle anti-virus og anti malware-programmene slik at de ikke forstyrrer driften av ComboFix.

3. Åpne notisblokk og kopier / lim inn teksten i quotebox nedenfor i den:

Code:

File:: C: \ WINDOWS \ system32 \ luruwono.dll c: \ windows \ system32 \ rn.tmp c: \ windows \ system32 \ drivers \ ngaysfvqh.sys c: \ windows \ system32 \ drivers \ ncjdccfwkwt.sys Driver:: sgejhlqxcrvoui vnoakhdmmnhfkc DDS:: uInternet Innstillinger ProxyServer = http = localhost: 7171 uInternet Settings, ProxyOverride = *. local; <local> FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy. http_port - 7171 FF - prefs.js: network.proxy.type - 4

Lagre dette som CFScript.txt, På samme sted som ComboFix.exe

Henvise til bildet over, flytter CFScript inn ComboFix.exe

Når du er ferdig, skal produsere en logg for deg C: \ ComboFix.txt som jeg vil kreve i neste svaret.

Last ned ATF Cleaner ved Atribune.
Dette programmet er for XP og Windows 2000

Dobbeltklikk ATF-Cleaner.exe å kjøre programmet.
Under Hovedsaklig Velg: Velg alle
Klikk Empty Selected knappen.

Hvis du bruker nettleseren Firefox
Klikk Firefox øverst og velge: Velg alle
Klikk Empty Selected knappen.
MERK: Hvis du vil beholde det lagrede passord, kan du klikke Nei ved ledeteksten.

Hvis du bruker Opera nettleseren
Klikk Opera øverst og velge: Velg alle
Klikk Empty Selected knappen.
MERK: Hvis du vil beholde det lagrede passord, kan du klikke Nei ved ledeteksten.

Klikk Avslutt på hovedmenyen for å lukke programmet.
For Teknisk supportDobbeltklikk e-postadressen som ligger i bunnen av hver meny.

Etablere en internettforbindelse og utføre en online scan med Internet Explorer ved Kaspersky Online Scanner.

** Vista brukere - høyreklikk IE / Firefox, og kjører som administrator

Klikk GodtaNår du blir bedt om å laste ned og installere programmet filer og database med malware definisjoner.

Klikk Løpe ved Security ledeteksten.
Programmet vil da begynne å laste ned og installere, og vil også oppdatere databasen.
Vær tålmodig, da dette kan ta flere minutter.
Når oppdateringen er fullført, klikker du på Min datamaskin under grønn Scan bar til venstre for å starte søket.
Når skanningen er fullført, vises det hvis systemet er infisert. Det gir ikke et alternativ å rengjøre / desinfisere. Vi krever bare en rapport fra den.
Gjøre IKKE bli skremt av det du ser i rapporten. Mange av funnene har trolig vært i karantene.
Klikk Se skanne rapporten på bunnen.
Klikk Lagre rapporten som... knappen.
Klikk Lagre som Tekst-knappen for å lagre filen på skrivebordet slik at du kan legge den i neste svaret.

Denne animasjonen vil lede deg gjennom prosessen:

** Note **

Å optimalisere skanning tid og produsere en mer fornuftig rapport for vurdering:
Lukk alle åpne programmer
Slå av sanntid scanner av et eksisterende antivirusprogram mens utføre online scan. Du kan koble fra Internett når du starter søket.

Merk for Internet Explorer 7-brukere: Hvis du på noe tidspunkt har du problemer med å vise godkjenningsknappen av lisensen, klikk på Zoom-verktøyet finnes nederst til høyre på IE vinduet og sette zoome til 75%. Når lisensen tillatt, tilbakestilles til 100%.

Post tilbake med resultatene fra combofix og fra Kaspersky skanning. Oppdatere meg på hvordan ting kjører nå

**Mybabbits** · #7 21 juni 2009, 09:08

http://www.yahoo.com IE: & Search FF - ProfilePath -. ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net

**sjb007** · #8 21 juni 2009, 14:54

Hei

Loggen du postet er uleselig, Kan du vennligst repost den med notepad som redaktør, og sikre at ordet wrap er slått av.

Kan prøve en annen scanner ...

Utføre en online scan med Panda ActiveScan

Klikk på Scan PCen nå
En "pop up"-vindu vises, eller en ny fane åpnes.
Klikk på Registrer
Velg det du liker best, men vi anbefaler Gratis registering.
Klikk på Registrer
Oppgi din e-postadresse, og lage et passord.
Velg "Jeg ønsker ikke å motta noen form for informasjon. "(Med mindre du ønsker å motta slik informasjon)
Klikk på Sende
Bekreft registreringen, og fortsette med å oppgi brukernavn og passord, klikk deretter på Angi
Velg Full Scan, klikk på Scan Now
Vent på de komponenter som skal lastes inn og installert. Ikke lukk dette vinduet, eller gå til en annen side mens det nedlasting. Du kan fortsette å bruke Internett ved å åpne et nytt vindu i nettleseren din.
Hvis den finner malware kan desinfisere den desinfiserer knappen blir aktivert. Klikk på Desinfisere
Vær ignorere tilbud om å kjøpe programmet. Klikk på Eksporter til
Eksportere loggen og lagre den på skrivebordet.
Vær innlegget innholdet i denne loggen til ditt svar.

* Slå av sanntid scanner av et eksisterende antivirusprogram mens utføre online scan.

Avast brukere beskjed:

Vennligst fortsette med online scan på Panda hvis du mottar et varsel. Det er en falsk positiv fra Avast fordi Panda Antivirus ikke kryptere sin virus database.

**Mybabbits** · #9 22 juni 2009, 04:28

Wow. Du har helt rett om det siste innlegget-beklager. Jeg aner ikke hva som skjedde (det så ut til høyre når jeg limt den likevel), men jeg skal prøve igjen. Active Scan arbeidet, men jeg tror ikke det faktisk desinfiseres noe, jeg klikket på knappen, og det viste grått, men ingenting skjedde. Her er loggene fra begge:

ComboFix 09-06-20.04 - Eier 06/21/2009 11:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.123 [GMT -4:00]
Running from: C: \ Documents and Settings \ Eier \ Skrivebord \ Kombitaster Fix.exe
Command brytere brukes:: C: \ Documents and Settings \ Eier \ Skrivebord \ CFScript.txt
AV: AVG Anti-Virus Free * On-tilgang skanning aktivert * (Oppdatert) (17DDD097-36FF-435F-9E1B-52D74245D6BF)
FW: F-Secure Anti-Virus 2006 6,10 * deaktivert * (D4747503-0346-49EB-9262-997542F79BF4)

FIL::
"c: \ windows \ system32 \ drivers \ ncjdccfwkwt.sys"
"c: \ windows \ system32 \ drivers \ ngaysfvqh.sys"
"c: \ windows \ system32 \ luruwono.dll"
"c: \ windows \ system32 \ rn.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ windows \ system32 \ rn.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_SGEJHLQXCRVOUI
------- \ Legacy_VNOAKHDMMNHFKC
------- \ Service_sgejhlqxcrvoui
------- \ Service_vnoakhdmmnhfkc

((((((((((((((((((((((((( Files Created fra 2009-05-21 til 2009-06-21 ))))))))))) ))))))))))))))))))))
.

2009-06-19 13:09. 2004-08-04 07:56 50176-c - aw-c: \ windows \ system32 \ dllcache \ proquota.exe
2009-06-19 13:09. 2004-08-04 07:56 50176 ---- aw-c: \ windows \ system32 \ proquota.exe
2009-06-19 13:09. 2004-08-04 07:56 39424-c - aw-c: \ windows \ system32 \ dllcache \ grpconv.exe
2009-06-19 13:09. 2004-08-04 07:56 39424 ---- aw-c: \ windows \ system32 \ grpconv.exe
2009-06-18 18:04. 2009-06-18 18:04 3561743 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes \ Malwarebytes' Anti-Malware \ mbam-setup.exe
2009-06-18 15:58. 2009-06-18 18:01 117760 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-06-18 15:57. 2009-06-18 15:57 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2009-06-18 15:54. 2009-06-18 15:57 -------- d ----- w-c: \ Programfiler \ SUPERAntiSpyware
2009-06-18 15:54. 2009-06-18 15:54 -------- d ----- w-c: \ Documents and Settings \ Eier \ Programdata \ SUPERAntiSpyware.com
2009-06-18 15:53. 2009-06-18 15:53 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ Wise Installation Wizard
2009-06-18 15:42. 2009-06-18 15:42 -------- d ----- w-c: \ Programfiler \ CCleaner
2009-06-18 05:27. 2009-06-18 05:27 152576 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ søndag \ Java \ jre1.6.0_14 \ lzma.dll
2009-06-18 04:28. 2009-06-18 04:28 -------- d ----- w-c: \ Programfiler \ Trend Micro
2009-06-13 07:06. 2002-06-19 23:03 151552 ---- aw-c: \ windows \ system32 \ igfxres.dll
2009-06-13 06:38. 2002-06-21 15:02 266240 ---- aw-c: \ windows \ system32 \ shpshftr.dll
2009-06-13 06:00. 2009-06-13 06:00 444 ---- aw-c: \ windows \ system32 \ d3d8caps.dat
2009-06-13 05:01. 2009-06-13 05:01 -------- d ----- w-c: \ Documents and Settings \ Administrator \ Lokale innstillinger \ Programdata \ Mozilla
2009-06-13 04:44. 2009-06-18 04:53 -------- d ----- w-c: \ Program Files \ Startup Optimizer
2009-06-12 23:31. 2009-06-12 23:31 -------- d ----- w-c: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2009-06-12 22:21. 2009-05-26 17:20 40160 ---- aw-c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2009-06-12 22:21. 2009-06-12 22:23 -------- d ----- w-c: \ Programfiler \ Malwarebytes' Anti-Malware
2009-06-12 22:21. 2009-05-26 17:19 19096 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys
2009-06-12 19:18. 2009-06-12 23:26 45 ---- aw-c: \ windows \ system32 \ ca.dat
2009-06-12 18:56. 2008-03-04 19:59 41144 ---- aw-c: \ windows \ system32 \ drivers \ ShlDrv51.sys
2009-06-12 18:56. 2008-02-07 16:03 179640 ---- aw-c: \ windows \ system32 \ drivers \ PavProc.sys
2009-06-12 18:21. 2009-06-12 18:56 -------- d ----- w-c: \ Programfiler \ Fellesfiler \ Panda Security
2009-06-03 05:12. 2004-08-04 07:56 221184 ---- aw-c: \ windows \ system32 \ wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 01:27. 2008-05-23 05:13 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ avg8
2009-06-18 05:31. 2009-01-05 00:21 410984 ---- aw-c: \ windows \ system32 \ deploytk.dll
2009-06-18 05:31. 2009-01-12 01:18 -------- d ----- w-c: \ Programfiler \ Java
2009-06-13 04:50. 2009-01-05 04:50 -------- d ----- w-c: \ Programfiler \ webpublisering
2009-06-13 04:49. 2008-08-20 22:26 -------- d ----- w-c: \ Programfiler \ Mozilla Thunderbird
2009-06-12 22:57. 2009-04-16 15:22 -------- d ----- w-c: \ Documents and Settings \ Eier \ Programdata \ U3
2009-06-12 18:22. 2006-05-02 03:43 -------- d - h - w-c: \ Programfiler \ InstallShield Installasjonsinformasjon
2009-06-12 16:10. 2009-04-19 18:00 -------- d ----- w-c: \ Programfiler \ Google
2009-06-02 16:49. 2009-03-29 21:27 -------- d ----- w-c: \ Documents and Settings \ Eier \ Programdata \ n-Track Studio6
2009-05-15 13:30. 2006-07-15 14:36 -------- d ----- w-c: \ Programfiler \ QuickTime
2009-05-15 13:30. 2006-07-15 15:39 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w-c: \ Programfiler \ Apple Software Update
2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Apple
2009-05-12 19:53. 2009-05-12 19:53 16141 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ Help \ lego.exe
2009-05-12 19:53. 2009-05-12 19:53 11410 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ Identities \ msgdi.dll
2009-05-12 19:53. 2009-05-12 19:53 10121 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ Lavasoft \ kern.dll
2009-05-12 19:53. 2009-05-12 19:53 422 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ Apple Computer \ socks1.exe
2009-05-12 19:53. 2009-05-12 19:53 145131 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ DivX \ nomad.exe
2009-05-12 19:53. 2009-05-12 19:53 13221 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ Adobe \ rengo.dll
2009-05-12 19:53. 2009-05-12 19:53 11232 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ acccore \ shalom.exe
2009-05-11 14:21. 2009-05-11 14:21 -------- d ----- w-c: \ Documents and Settings \ Eier \ Programdata \ Malwarebytes
2009-05-11 14:20. 2009-05-11 14:20 -------- d ----- w-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2009-04-22 16:14. 2006-05-03 02:44 -------- d ----- w-c: \ Documents and Settings \ Eier \ Programdata \ n-Track Studio
2009-04-21 07:27. 2006-05-03 02:44 12024 ---- aw-c: \ Documents and Settings \ Eier \ Lokale innstillinger \ Programdata \ GDIPFONTCACHEV1.DAT
2009-04-15 20:25. 2009-04-19 18:01 43528 ------ w-c: \ windows \ system32 \ drivers \ PxHelp20.sys
2009-04-15 20:25. 2009-04-19 18:01 9464 ------ w-c: \ windows \ system32 \ drivers \ cdralw2k.sys
2009-04-15 20:25. 2009-04-19 18:01 9336 ------ w-c: \ windows \ system32 \ drivers \ cdr4_xp.sys
2009-04-15 20:25. 2009-04-19 18:01 120056 ------ w-c: \ windows \ system32 \ pxcpyi64.exe
2009-04-15 20:25. 2009-04-19 18:01 118520 ------ w-c: \ windows \ system32 \ pxinsi64.exe
2009-04-15 20:25. 2009-04-19 18:01 129784 ------ w-c: \ windows \ system32 \ pxafs.dll
2009-04-15 20:24. 2009-04-15 20:24 90112 ---- aw-c: \ windows \ system32 \ dpl100.dll
2009-04-15 20:24. 2009-04-15 20:24 823296 ---- aw-c: \ windows \ system32 \ divx_xx0c.dll
2009-04-15 20:24. 2009-04-15 20:24 823296 ---- aw-c: \ windows \ system32 \ divx_xx07.dll
2009-04-15 20:24. 2009-04-15 20:24 815104 ---- aw-c: \ windows \ system32 \ divx_xx0a.dll
2009-04-15 20:24. 2009-04-15 20:24 802816 ---- aw-c: \ windows \ system32 \ divx_xx11.dll
2009-04-15 20:24. 2009-04-15 20:24 684032 ---- aw-c: \ windows \ system32 \ DivX.dll
2009-04-01 16:35. 2009-04-01 16:34 7040776 ---- aw-c: \ Documents and Settings \ Eier \ Programdata \ MySpace \ IM \ Installer \ MSIMClientSetup.1.0.789.0-statisk A.exe
2009-04-01 16:33. 2009-04-01 16:33 300800 ---- aw-C: \ MySpaceIM_Setup.exe
2009-03-31 23:24. 2009-03-31 23:23 16494272 ---- aw-C: \ nTrackSetup.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _16496df1.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _69525f90.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _294823.exe
2009-03-30 22:38. 2009-03-30 22:38 2998 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _18be6784.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _4ae13d6c.exe
2009-03-30 22:38. 2009-03-30 22:38 25214 ---- ar-c: \ Documents and Settings \ Eier \ Programdata \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _2cd672ae.exe
2009-02-26 16:20. 2009-02-26 16:20 6309376 ---- aw-c: \ Programfiler \ ntrack.exe
2009-02-26 16:05. 2009-02-26 16:05 126976 ---- aw-c: \ Programfiler \ AMGateway.ax
2009-02-26 16:05. 2009-02-26 16:05 63168 ---- aw-c: \ Programfiler \ RegisterComponents.exe
2009-02-26 16:05. 2009-02-26 16:05 163520 ---- aw-c: \ Programfiler \ ReportDump.exe
2009-02-26 16:04. 2009-02-26 16:04 86016 ---- aw-c: \ Programfiler \ vstscan.exe
2009-02-26 16:04. 2009-02-26 16:04 45056 ---- aw-c: \ Programfiler \ ball.ax
2009-02-26 16:01. 2009-02-26 16:01 78848 ---- aw-c: \ Programfiler \ EmptyProjectAction.dll
2009-02-26 16:01. 2009-02-26 16:01 147456 ---- aw-c: \ Programfiler \ nTrackDotControls.dll
2009-02-26 16:00. 2009-02-26 16:00 637440 ---- aw-c: \ Programfiler \ NativeControls6.dll
2009-02-26 15:59. 2009-02-26 15:59 99328 ---- aw-c: \ Programfiler \ SurroundVSTGui.dll
2009-02-26 15:59. 2009-02-26 15:59 45056 ---- aw-c: \ Programfiler \ yeti.mmedia.dll
2009-02-26 15:59. 2009-02-26 15:59 40960 ---- aw-c: \ Programfiler \ cdcopier.dll
2009-02-26 15:59. 2009-02-26 15:59 28672 ---- aw-c: \ Programfiler \ Ripper.dll
2009-02-26 15:59. 2009-02-26 15:59 8704 ---- aw-c: \ Programfiler \ ntrack3rdparty.dll
2009-02-26 15:59. 2009-02-26 15:59 5120 ---- aw-c: \ Programfiler \ WindowsFormsBase.dll
2009-02-26 15:59. 2009-02-26 15:59 36864 ---- aw-c: \ Programfiler \ nttest.dll
2009-02-26 15:59. 2009-02-26 15:59 32768 ---- aw-c: \ Programfiler \ nTrackDotNet.dll
2009-02-26 15:59. 2009-02-26 15:59 24576 ---- aw-c: \ Programfiler \ AVFader.dll
2009-02-26 15:59. 2009-02-26 15:59 6656 ---- aw-c: \ Programfiler \ nativecontrolsinterop.dll
2009-02-07 22:10. 2009-02-07 22:10 528726 ---- aw-c: \ Program Files \ n-Track.htm
2009-02-06 00:15. 2009-02-06 00:15 225792 ---- aw-c: \ Programfiler \ AutoVol.dll
2009-02-06 00:14. 2009-02-06 00:14 228352 ---- aw-c: \ Programfiler \ Chorus.dll
2009-02-06 00:14. 2009-02-06 00:14 228864 ---- aw-c: \ Programfiler \ Echo.dll
2009-02-06 00:12. 2009-02-06 00:12 369152 ---- aw-c: \ Programfiler \ ntrck_PitchShift.dll
2009-02-06 00:11. 2009-02-06 00:11 176128 ---- aw-c: \ Programfiler \ Riverbero.dll
2009-02-06 00:09. 2009-02-06 00:09 434688 ---- aw-c: \ Programfiler \ facomp10.dll
2009-02-06 00:08. 2009-02-06 00:08 379904 ---- aw-c: \ Programfiler \ dxirewire.dll
2009-02-06 00:06. 2009-02-06 00:06 951808 ---- aw-c: \ Programfiler \ fa4bdeq.dll
2009-01-13 14:16. 2009-01-13 14:16 3455 ---- aw-c: \ Programfiler \ order.html
2008-11-28 00:23. 2008-11-28 00:23 642840 ---- aw-c: \ Program Files \ n-track.cfg
2008-10-25 23:46. 2008-10-25 23:46 4920 ---- aw-c: \ Programfiler \ order_upgrade.html
2008-09-02 23:06. 2008-09-02 23:06 231936 ---- aw-c: \ Programfiler \ ShellCtl.dll
2008-08-31 13:20. 2008-08-31 13:20 105056 ---- aw-c: \ Programfiler \ Setup.bmp
2008-06-20 18:37. 2008-06-20 18:37 24576 ---- aw-c: \ Programfiler \ ScrollerAbout.dll
2008-06-20 18:18. 2008-06-20 18:18 831058 ---- aw-c: \ Programfiler \ banks_default.txt
2008-06-20 18:18. 2008-06-20 18:18 709 ---- aw-c: \ Programfiler \ ntrack.exe.config
2008-06-20 18:18. 2008-06-20 18:18 22124 ---- aw-c: \ Programfiler \ us428_faders.dat
2008-06-20 18:18. 2008-06-20 18:18 22124 ---- aw-c: \ Programfiler \ us224_faders.dat
2008-06-20 18:17. 2008-06-20 18:17 4035 ---- aw-c: \ Program Files \ n-track_help.cnt
2008-06-20 18:17. 2008-06-20 18:17 169585 ---- aw-c: \ Programfiler \ Drum Example.sng
2008-06-20 18:17. 2008-06-20 18:17 15457 ---- aw-c: \ Programfiler \ FACOMP10.HLP
2008-06-20 18:17. 2008-06-20 18:17 25698 ---- aw-c: \ Programfiler \ FA4BDEQ.HLP
2008-06-20 18:16. 2008-06-20 18:16 19339 ---- aw-c: \ Programfiler \ N-TRACK_EFX.HLP
2004-06-11 20:19. 2004-06-11 20:19 25214 ---- aw-c: \ Programfiler \ help_icon.ico
2004-06-07 13:23. 2004-06-07 13:23 25214 ---- aw-c: \ Programfiler \ link_icon.ico
2000-11-12 03:30. 2000-11-12 03:30 86 ---- aw-c: \ Programfiler \ BUYIT!. URL
2000-11-12 03:28. 2000-11-12 03:28 73 ---- aw-c: \ Program Files \ n-Track.url
2009-04-15 20:24. 2009-04-15 20:24 1044480 ---- aw-c: \ Programfiler \ Mozilla Firefox \ plugins \ libdivx.dll
2009-04-15 20:24. 2009-04-15 20:24 200704 ---- aw-c: \ Programfiler \ Mozilla Firefox \ plugins \ ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-19_13.16.48 )))))))))))) )))))))))))))))))))))))))))))
.
+ 2009-06-21 15:41. 2009-06-21 15:41 16384 c: \ windows \ temp \ Perflib_Perfdata_5b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "c: \ windows \ system32 \ igfxtray.exe" [2002-06-19 155648]
"HotKeysCmds" = "c: \ windows \ system32 \ hkcmd.exe" [2002-06-19 114688]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-06-18 148888]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"MySpaceIM" = "C: \ Program Files \ MySpace \ Chat \ MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2008-12-22 16:05 356352 ---- aw-c: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ windows]
"AppInit_DLLs" = C: \ Windows \ system32 \ avgrsstx.dl l

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Program Files \ \ AVG \ AVG8 \ \ avgupd.exe" =
"c: \ \ Program Files \ \ AVG \ AVG8 \ \ avgemc.exe" =
"c: \ \ Program Files \ \ ATT-Hsi \ \ McciBrowser.exe" =
"c: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" =
"c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" =
"c: \ \ WINDOWS \ \ system32 \ igfxtray.exe" =
"c: \ \ Program Files \ \ AVG \ AVG8 \ \ avgrsx.exe" =
"% windir% \ \ system32 \ \ drivers \ \ Svchost.exe" =
"c: \ \ Program Files \ \ MySpace \ \ Chat \ \ MySpaceIM.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"53: TCP" = 53: TCP: websrvx

R1 AvgLdx86; AVG AVI Loader Driver x86; c: \ windows \ system32 \ drivers \ avgldx86.sys [5/23/2008 1:13 AM 96520]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R1 ShldDrv; Panda File Shield Driver; c: \ windows \ system32 \ drivers \ ShlDrv51.sys [6/12/2009 2:56 PM 41144]
R2 avg8emc; AVG8 E-mail Scanner; c: \ progra ~ 1 \ AVG \ AVG8 \ avgemc.exe [5/23/2008 1:13 AM 902424]
R2 avg8wd; AVG8 Watchdog; c: \ progra ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [5/23/2008 1:13 AM 282904]
R2 AvgTdiX; AVG8 Network Redirector; c: \ windows \ system32 \ drivers \ avgtdix.sys [5/23/2008 1:13 AM 75272]
R2 PavProc; Panda Process Protection Driver; c: \ windows \ system32 \ drivers \ PavProc.sys [6/12/2009 2:56 PM 179640]
R2 Viewpoint Manager Service; Viewpoint Manager Service; C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2/5/2009 6:56 PM 24652]
R3 (A7E39B01-B403-11D4-BD18-00D0B7A1821E); AIM 3,0 Part 01 Codec Driver VCH-A, C: \ windows \ system32 \ drivers \ Vch.sys [5/1/2006 11:58 PM 20023]
S2 gupdate1c9c119864b630; Google Update Service (gupdate1c9c119864b630); c: \ Programfiler \ Google \ Update \ GoogleUpdate.exe [4/19/2009 2:02 PM 133104]
S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Innholdet i "Scheduled Tasks"-mappen

2009-06-21 C: \ Windows \ Tasks \ GoogleUpdateTaskMachine.job
- C: \ Programfiler \ Google \ Update \ GoogleUpdate.exe [2009-04-19 18:00]
.
.
------- Tilleggsavtale Scan -------
.
uStart Page = hxxp: / / www.att.net/
uInternet Connection Wizard, ShellNext = iexplore
uSearchURL, (Default) = hxxp: / / us.rd.yahoo.com / tilpasse / ycomp / defaults / su / *http://www.yahoo.com
IE: & Search
FF - ProfilePath --
.

************************************************** ************************

CatchMe 0.3.1398 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 11:42
Windows 5.1.2600 Service Pack 2 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

skanning skjulte filer ...

skanning er fullført
skjulte filer: 0

************************************************** ************************
.
--------------------- DLLer Loaded Under Running Processes ---------------------

- - - - - - -> 'Winlogon.exe' (612)
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
.
------------------------ Other Running Prosesser ----------------------- --
.
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
c: \ Programfiler \ Fellesfiler \ motiv \ McciCMService.exe
c: \ Programfiler \ Fellesfiler \ Panda Security \ PavShld \ PavPrSrv.exe
C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
c: \ windows \ system32 \ wscntfy.exe
.
************************************************** ************************
.
Fullføringstidspunkt: 2009-06-21 11:47 - maskinen ble startet på nytt
ComboFix-karantene-files.txt 2009-06-21 15:47
ComboFix2.txt 2009-06-19 13:20

Pre-Run: 4974522368 bytes gratis
Post-Run: 5621665792 bytes gratis

WindowsXP-KB310994-SP2-Home-bootdisk-ENU.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[operating systems]
c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro myk Windows XP Home Edition" / fastdetect / noexecute = OptIn

248

;************************************************* ************************************************** ************************************************** ******************************
ANALYSE: 2009-06-22 07:16:51
Beskyttelsene: 1
Malware: 10
Mistenkte: 0
;************************************************* ************************************************** ************************************************** ******************************
Beskyttelsene
Beskrivelse Versjon Active Oppdatert
;================================================= ================================================== ================================================== =================
AVG Anti-Virus Free 8.0 Ja Ja
;================================================= ================================================== ================================================== =================
Malware
Id Beskrivelse Type Aktiv Severity Disinfectable desinfiseres Beliggenhet
;================================================= ================================================== ================================================== =================
00139061 Cookie / Dobbeltklikk TrackingCookie Nei 0 Ja Nei C: \ Documents and Settings \ Eier \ Cookies \ eier @ DoubleClick [1]. Txt
00262020 Cookie / Atwola TrackingCookie Nei 0 Ja Nei C: \ Documents and Settings \ Eier \ Cookies \ eier @ atwola [2]. Txt
00590315 Rootkit / Agent.LNB HackTools Nei 0 Ja Nei C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP500 \ A0228202.sys
00590315 Rootkit / Agent.LNB HackTools Nei 0 Ja Nei C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP501 \ A0229224.sys
00590315 Rootkit / Agent.LNB HackTools Nei 0 Ja Nei C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP491 \ A0222017.sys
00590315 Rootkit / Agent.LNB HackTools Nei 0 Ja Nei C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP493 \ A0223098.sys
00674736 W32/Autorun.AFX Virus / Worm Nei 1 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP491 \ A0221911.dll
00674736 W32/Autorun.AFX Virus / Worm Nei 1 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP490 \ A0221821.dll
00950476 Bck / Tdss.AZ Virus / Trojan Nei 0 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233263.dll
00950476 Bck / Tdss.AZ Virus / Trojan Nei 0 Ja Ja C: \ Qoobox \ Karantene \ C \ WINDOWS \ system32 \ UACakmovnk vlbejvsw.dll.vir
00950477 Bck / Tdss.AZ Virus / Trojan Nei 0 Ja Ja C: \ Qoobox \ Karantene \ C \ WINDOWS \ system32 \ UACllkyxud engakpfn.dll.vir
00950477 Bck / Tdss.AZ Virus / Trojan Nei 0 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233264.dll
00966996 Bck / Tdss.BC Virus / Trojan Nei 0 Ja Ja C: \ Qoobox \ Karantene \ C \ WINDOWS \ system32 \ UACkpxjqwv ugnspokq.dll.vir
00966996 Bck / Tdss.BC Virus / Trojan Nei 0 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233265.dll
01099605 Trj / Alureon.AL Virus / Trojan Nei 0 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233262.dll
01099605 Trj / Alureon.AL Virus / Trojan Nei 0 Ja Ja C: \ Qoobox \ Karantene \ C \ WINDOWS \ system32 \ UACxcvrjkw rnbmiqml.dll.vir
01318562 Trj / Downloader.WAV Virus / Trojan Nei 0 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223044.dll
01318562 Trj / Downloader.WAV Virus / Trojan Nei 0 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223065.dll
01318562 Trj / Downloader.WAV Virus / Trojan Nei 0 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223056.dll
01318562 Trj / Downloader.WAV Virus / Trojan Nei 0 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223073.dll
02885963 Rootkit / Booto.C Virus / Worm Nei 0 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0234260.sys
02885963 Rootkit / Booto.C Virus / Worm Nei 0 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP505 \ A0235260.sys
02885963 Rootkit / Booto.C Virus / Worm Nei 0 Ja Ja C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233266.sys
;================================================= ================================================== ================================================== =================
Mistenkte
Sendt Beliggenhet f
;================================================= ================================================== ================================================== =================
;================================================= ================================================== ================================================== =================
Sikkerhetsproblemer
ID Severity Beskriving f
;================================================= ================================================== ================================================== =================
208.380 HIGH MS09-015 f
208.379 HIGH MS09-014 f
208.378 HIGH MS09-013 f
208.377 HIGH MS09-012 f
206.981 HIGH MS09-007 f
206.980 HIGH MS09-006 f
204.670 HIGH MS09-001 f
203.806 HIGH MS08-078 f
203.508 HIGH MS08-073 f
203.505 HIGH MS08-071 f
202.465 HIGH MS08-068 f
201.683 HIGH MS08-067 f
201.258 HIGH MS08-066 f
201.256 HIGH MS08-064 f
201.255 HIGH MS08-063 f
201.253 HIGH MS08-061 f
201.250 HIGH MS08-058 f
209.275 HIGH MS08-049 f
209.273 HIGH MS08-045 f
196455 MEDIUM MS08-037 f
194.861 HIGH MS08-031 f
194.860 HIGH MS08-030 f
191.618 HIGH MS08-025 f
191.617 HIGH MS08-024 f
191.614 HIGH MS08-021 f
191.613 HIGH MS08-020 f
187.735 HIGH MS08-010 f
187.733 HIGH MS08-008 f
184380 MEDIUM MS08-002 f
184379 MEDIUM MS08-001 f
182.048 HIGH MS07-069 f
182.046 HIGH MS07-067 f
179.553 HIGH MS07-061 f
176.383 HIGH MS07-058 f
176.382 HIGH MS07-057 f
170.911 HIGH MS07-050 f
170.907 HIGH MS07-046 f
170.906 HIGH MS07-045 f
170.904 HIGH MS07-043 f
114.666 HIGH MS06-015 f
93454 MEDIUM MS05-049 f
;================================================= ================================================== ================================================== =================

**sjb007** · #10 22 juni 2009, 09:30

Hei der

Vær oppmerksom - Under denne feilrettingsfilen vi vil gå inn i sikker modus. Fyll ut disse instruksjonene som Internett-tilkoblingen vil ikke være tilgjengelig for deg i denne perioden. Du kan også kopiere og lime inn fikse til en tekstfil og lagre den i et lett tilgjengelig sted for referanse.

Sitat:

Beklager. Jeg aner ikke hva som skjedde

Ikke bekymre deg, bare en av disse tingene!

En ting jeg gjorde bety å nevne tidligere var at du synes å ha to antiviruses installert, med en deaktivert. Kan jeg bare spør, er F-Secure en gammel AV hvor abonnementet har kjørt ut?

Selv om Panda skanne plukket opp et par eks - skanningen resultater som faktisk ser bra ut. Mesteparten av det som er funnet, er enten i karantene av combofix eller er fanget i systemgjenopprettingspunkt som vi kan spyle ut på slutten av feilrettingsfilen for å forhindre ny infeksjon.

Jeg ser at du allerede har SUPERAntiSpyware installert ...

Jeg vil at du skal kjøre en scan for meg i sikker modus.

Først lar oppdateringen SAS og angi alternativer før skanning

oppdatere definisjoner ved å velge "Se etter oppdateringer". (Hvis det oppstår problemer under nedlasting av oppdateringer manuelt laste dem ned fra her. Dobbeltklikk på hyperkoblingen for Download Installer og lagre SASDEFINITIONS.EXE til skrivebordet. Deretter dobbeltklikker du på SASDEFINITIONS.EXE å installere definisjoner.)
I hovedmenyen, klikker du Innstillinger ... knappen.
Klikk "Scanning Control"-Kategorien, og under Scanner Valg, Sørg følgende sjekkes (la alle andre merket):
- Lukk lesere før skanning.
- Søk etter sporingskapsler.
- Terminate minne trusler før quarantining.
Klikk "Lukke"Knappen for å forlate kontrollsenter skjerm og avslutter programmet.
Ikke kjør et søk ennå.

Start maskinen i "Sikkermodus"Bruke F8 metode. Du gjør dette ved å starte datamaskinen, og etter å ha hørt maskinen piper én gang under oppstart (men før Windows ikonet) trykker du F8-tasten gjentatte ganger. En meny vises med flere alternativer. Bruk piltastene til å navigere og velge alternativet for å kjøre Windows i "sikker modus".

Scan med SUPERAntiSpyware som følger:

Start programmet og tilbake på hovedskjermbildet, under "Scan for skadelig programvare"Klikk Skanner datamaskinen.
På venstre, må du sjekke C: \ Fixed Drive.
På høyre side, under "Complete Scan", Velger Utfør Complete Scan og klikk "Neste".
Når skanningen er fullført, en Skann sammendrag boks med potensielt skadelige elementer som ble oppdaget. Klikk "OK".
Sørg for at alt har et merke ved siden av den og klikke "Neste".
En melding vil vises som "Karantene og fjerning er fullført". Klikk"OK"Og klikk"Fullfør"Knappen for å gå tilbake til hovedmenyen.
Hvis du blir spurt om du ønsker å starte på nytt, klikk "Ja"Og gjenstarte normalt.
Å hente fjerningen informasjon etter omstart, lansere SUPERAntispyware igjen.
- Klikk PreferanserOg deretter på Statistikk / Logs tab.
- Under Scanner Logger, dobbeltklikk SUPERAntiSpyware Scan Log.
- Hvis det er flere logger, klikker du gjeldende datert loggen og trykk Vis logg. En tekstfil åpnes i standard tekstredigeringsprogram.
- Må du kopiere og lime Scan Logg resultater i neste svaret.
Klikk Lukke for å avslutte programmet.

Post tilbake med resultatet logg, også oppdatere meg på hvordan ting kjører nå