[rsteenoven]

Ovo je moj dads računalo i imam osjećaj da ima neke loše stvari. Dakle ovdje su 2 izvješća. Također, Iexplore.exe koristi se mnogo memorije kad ni ne prikazuju.

Super protušpijunski log:

SUPERAntiSpyware Scan Prijava
http://www.superantispyware.com

Generirano 02/23/2008 at 07:01

Application Version: 3/9/1008

Core Pravila Database Version: 3389
Trace Pravila Database Version: 1383

Scan type: Cijela Scan
Ukupno Scan Vrijeme: 02:21:49

Memorija predmeta skenirane: 400
Memorija prijetnje otkrivena: 0
Registry stavke skenirane: 6072
Matični prijetnje otkrivena: 0
File skenirane podatke: 60290
File prijetnje otkrivena: 0


Hijack this log:


Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 19:44:10, dana 23/02/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ QuickTime \ qttask.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Intelligent \ Common \ RaUI.exe
C: \ Program Files \ Panasonic \ LUMIXSimpleViewer \ PhLeAutoRun.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://uk.yahoo.com/fsc/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://uk.yahoo.com/fsc/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_3_19_0. dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O3 - Toolbar: Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_3_19_0. dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM \ .. \ Run: [gramofonska igla EPSON DX3800 Series] C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIA CE.EXE / P26 "EPSON gramofonska igla DX3800 Series" / O6 "USB001" / M " gramofonska igla DX3800 "
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [AOL Spyware Protection] "C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe"
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [1 tražite preskočite mfcd] C: \ Documents and Settings \ All Users \ Application Data \ Četiri Pomoć Tražite 1 \ Long bin.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [theowns] C: \ DOCUME ~ 1 \ Graham \ APPLIC ~ 1 \ BIASWA ~ 1 \ SlowLoad.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk =?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: AOL 9,0 Trake Icon.lnk = C: \ Program Files \ AOL 9,0 \ aoltray.exe
O4 - Global Startup: Wireless Intelligent Utility.lnk = C: \ Program Files \ Intelligent \ Common \ RaUI.exe
O4 - Global Startup: Lumix Simple Viewer.lnk =?
O8 - Extra kontekst meni stavka: AOL Toolbar & search - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O8 - Extra kontekst meni stavka: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ npjpi160_03.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ npjpi160_03.dll
O9 - Extra button: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra 'Tools' MENUITEM: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ programa ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe
O9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ programa ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe
O9 - Extra button: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (dame Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (6E5E167B-1566-4316-B27F-0DDAB3484CF7) (Slika Uploader Control) -- http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Povezivanje Service (ACS AOL) - America Online, Inc - C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C: \ Program Files \ Common Files \ Sony Shared \ AVLib \ MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C: \ Program Files \ Common Files \ Sony Shared \ AVLib \ PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C: \ Program Files \ Common Files \ Sony Shared \ AVLib \ SPTISRV.exe

--
End of file - 8712 bytes

[evilfantasy]

Hijackthis Otvori, a zatim odaberite Da li je sustav skenirati samo.

Stavite oznaku uz sljedeće stavke: (ako postoji)

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)

Važno: Zatvori sve prozore osim Hijackthis a zatim kliknite Fix checked.

Izlaz Hijackthis.

----------

Download NoLop na Vašu radnu površinu s jednog od linkova ispod ...

• Link 1
• Link 2

• Zatvori imate bilo kakve programe prikazuju jer je potrebno ponovno pokrenuti
• Dvaput kliknite na NoLop.exe da ga
• Zatim kliknite na gumb s oznakom: Pretraživanje i uništiti
  • Vaše računalo sada će biti skenirani za zaražene datoteke
• Kada se skeniranje završi, ako je zaraženo, od vas će se tražiti da ponovno pokrenete
• Kliknite OK
• Sada kliknite na: Reboot
• Poruka trebali popup iz NoLop. Ako ne, Dvoklik program opet i ona će završiti.
• Post sadržaj C: \ NoLop.log u sljedećem odgovoru.

Napomena: Ako primate pogrešku ", mscomctl.ocx ili jedan od njegovih zavisnosti nisu ispravno registrirani, molimo preuzmite mscomctl.ocx na svoj system32 mapu onda ponovi program.

----------

Preuzimanje Vundofix.exe na radnu površinu.

• Dvokliknite VundoFix.exe da ga vode.
• Put ček pored Pokreni VundoFix kao zadatak.
• Primit ćete poruku rekavši vundofix će se zatvoriti i ponovno otvoriti u minutu ili manje. Kliknite U redu
• Kada VundoFix ponovo otvori, kliknite na Scan for Vundo gumb.
• Nakon što je učinio za skeniranje, kliknite na Remove Vundo gumb.
• Primit ćete brz molba ako želite ukloniti datoteke, kliknite DA
• Nakon što kliknete na Yes, vaš desktop će ići prazan jer počinje uklanjanjem Vundo.
• Kad je završio, on će zatražiti da će to shutdown računalo, kliknite na U redu.
• Okrenite se na vaše računalo.
• Molimo post sadržaj C: \vundofix.txt

Napomena: Moguće je da je naišao VundoFix datoteku ga nije mogao ukloniti. U ovom slučaju, VundoFix će se izvoditi na ponovno podizanje sustava, jednostavno slijedite gornje upute počevši od "Kliknite gumb Scan for Vundo" kada se pojavljuje na VundoFix ponovno podizanje sustava.

Javite Vundo završiti, ponekad može potrajati i više prolaza

----------

Preuzimanje SDFix.exe i spremite je na svoj Desktop.

Dvaput kliknite na SDFix.exe i ona će ekstrakt datoteke u% systemdrive%
(Pogon koji sadrži Windows Directory, obično C: \ SDFix)

Molimo, a zatim ponovo pokrenuti računalo u Safe Mode tako da učinite sljedeće:

• Ponovo pokrenite računalo
• Nakon rasprave vaše računalo bip jednom prilikom pokretanja, ali prije nego što Windows ikonu pojavi fleka tipku F8 neprekidno;
• Umjesto Windows učitava kao normalno, "Napredne opcije Meni trebaju pojaviti;
• Odaberite prvu opciju, to trčanje Windows u sigurnom načinu rada, a zatim pritisnite Enter.
• Izaberite Vaš uobičajeni račun.
• Otvorite mapu i izlučene SDFix Dvoklik RunThis.bat za pokretanje skripte.
• Vrsta Y da biste započeli proces čišćenje.
• To će ukloniti sve Trojanski Usluge i stavke registra da pronađe potom od vas zatražiti da pritisnete bilo koju tipku da biste ponovno podizanje sustava.
• Pritisnite bilo koju tipku, te će ponovo pokrenuti računalo.
• Kada se računalo ponovo pokreće se Fixtool će ponovno pokrenuti i dovršili postupak uklanjanja, zatim prikaz Završeno, Pritisnite bilo koju tipku da biste prekinuli učitavanje skripte i vaš desktop ikona.
• Jednom desktopu ikone učitati SDFix izvještaj na ekranu će se otvoriti i spremiti u mapu SDFix kao Report.txt
  (Report.txt će se kopirati u međuspremnik).
• Na kraju dodati sadržaj tog Report.txt u slijedećem postu.

----------

Sljedeća post
NoLop log
Vundofix log
SDFix log
Novi Hijackthis log

[rsteenoven]

NoLop! Prijavite by Skate_Punk_21

Škripac trčanje from: C: \ Documents and Settings \ Graham
[23/02/2008]
[20:13:10]

--- Infekcija datoteka Found/Removed---
C: \ WINDOWS \ zadaci \ A9115856918AD032.job

Počev Uklanjanje ...
Postupak ponovne inicijalizacije operacijskog sust ...
Uklanjanje landarati's Preostala Datoteke / mape ...
Uređivanje registra ...
** Fix Cijela! **

--- Popis AppData sub direktorije ---

C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ ispred
C: \ Documents and Settings \ All Users \ Application Data \ AOL
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Avg7
C: \ Documents and Settings \ All Users \ Application Data \ Bvrp Software
C: \ Documents and Settings \ All Users \ Application Data \ Četiri Pomoć Tražite 1
C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Sbsi
C: \ Documents and Settings \ All Users \ Application Data \ Sony Corporation
C: \ Documents and Settings \ All Users \ Application Data \ Superantispyware.com
C: \ Documents and Settings \ All Users \ Application Data \ Symantec
C: \ Documents and Settings \ All Users \ Application Data \ Temp - PRAZNA Directory
C: \ Documents and Settings \ All Users \ Application Data \ Videoegg
C: \ Documents and Settings \ All Users \ Application Data \ glediąta
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ Windows Live Toolbar
C: \ Documents and Settings \ Default User \ Application Data \ Identities
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ Graham \ Application Data \ Adobe
C: \ Documents and Settings \ Graham \ Application Data \ Adobeum
C: \ Documents and Settings \ Graham \ Application Data \ ispred
C: \ Documents and Settings \ Graham \ Application Data \ soft-nakovanj
C: \ Documents and Settings \ Graham \ Application Data \ AOL
C: \ Documents and Settings \ Graham \ Application Data \ Apple Computer
C: \ Documents and Settings \ Graham \ Application Data \ Avg7
C: \ Documents and Settings \ Graham \ Application Data \ Avs4you
C: \ Documents and Settings \ Graham \ Application Data \ pristranosti Pričekajte Iso
C: \ Documents and Settings \ Graham \ Application Data \ Divx
C: \ Documents and Settings \ Graham \ Application Data \ Dvdcss
C: \ Documents and Settings \ Graham \ Application Data \ Epson
C: \ Documents and Settings \ Graham \ Application Data \ Google
C: \ Documents and Settings \ Graham \ Application Data \ Greyfirst
C: \ Documents and Settings \ Graham \ Application Data \ Grisoft
C: \ Documents and Settings \ Graham \ Application Data \ Identities
C: \ Documents and Settings \ Graham \ Application Data \ Installshield
C: \ Documents and Settings \ Graham \ Application Data \ Intervideo
C: \ Documents and Settings \ Graham \ Application Data \ Lego tvrtke
C: \ Documents and Settings \ Graham \ Application Data \ Macromedia
C: \ Documents and Settings \ Graham \ Application Data \ Microsoft
C: \ Documents and Settings \ Graham \ Application Data \ Monkeyjam
C: \ Documents and Settings \ Graham \ Application Data \ Mozilla
C: \ Documents and Settings \ Graham \ Application Data \ Panasonic
C: \ Documents and Settings \ Graham \ Application Data \ Real
C: \ Documents and Settings \ Graham \ Application Data \ Snapfish
C: \ Documents and Settings \ Graham \ Application Data \ nedjelja
C: \ Documents and Settings \ Graham \ Application Data \ Superantispyware.com
C: \ Documents and Settings \ Graham \ Application Data \ Symantec
C: \ Documents and Settings \ Graham \ Application Data \ Systemrequirementslab
C: \ Documents and Settings \ Graham \ Application Data \ Talkback
C: \ Documents and Settings \ Graham \ Application Data \ Teamspeak2
C: \ Documents and Settings \ Graham \ Application Data \ OPS
C: \ Documents and Settings \ Graham \ Application Data \ Videoegg
C: \ Documents and Settings \ Graham \ Application Data \ glediąta
C: \ Documents and Settings \ Graham \ Application Data \ VLC
C: \ Documents and Settings \ Graham \ Application Data \ Xfire
C: \ Documents and Settings \ Graham \ Application Data \ You've Got Screensaver Slike
C: \ Documents and Settings \ Localservice \ Application Data \ Avg7 - PRAZNA Directory
C: \ Documents and Settings \ Localservice \ Application Data \ Microsoft
C: \ Documents and Settings \ Localservice \ Application Data \ Symantec
C: \ Documents and Settings \ Networkservice \ Application Data \ Microsoft



VundoFix V6.7.8

Checking Java inačica ...

Scan započeo u 20:28:56 23/02/2008

Popis datoteka pronađena pri pretraživanju ....

Nije pronađena su zaražene datoteke.


Počev uklanjanje ...




SDFix: 1,145 Version

Run by Graham dana 23/02/2008 u 20:59

Microsoft Windows XP [Version 5/1/2600]
Running From: C: \ SDFix

Provjera Usluge :


Vraćanjem Windows Registry Values
Vraćanjem sustava Windows Default Hosts File

Postupak ponovne inicijalizacije operacijskog sust


Provjera Files :

Ne Trojan Found Files






Uklanjanje Temp Files

Provjerite REKLAME :



Završna Provjeri :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-02-23 21:06:15
5/1/2600 Windows Service Pack 2 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih i usluge Grozd sustava ...

skeniranja skrivenih stavki registra ...

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Prefetcher]
"TracesProcessed" = dword: 00000000
"TracesSuccessful" = dword: 00000000
"LastTraceFailure" = dword: 00000000

skeniranja skrivenih datoteka ...


scan uspješno završena
skriveni procesi: 0
skriven usluge: 0
skrivene datoteke: 196


Preostali Usluge :



Ovlašteni Aplikacija Ključ Izvoz:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ standardnih profila \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe: *: Omogućen: Windows Messenger"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Omogućen: @ xpsp3res.dll, -20000"
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe: *: Omogućeno : AOL "
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe: *: Omogućeno : AOL "
"C: \ \ Program Files \ \ AOL 9,0 \ \ waol.exe" = "C: \ \ Program Files \ \ AOL 9,0 \ \ waol.exe: *: Omogućen: AOL 9,0"
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avginet.exe" = "C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avginet.exe: *: Omogućen: avgine t.exe"
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgamsvr.exe" = "C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgamsvr.exe: *: Omogućen: avgam svr.exe"
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgcc.exe" = "C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgcc.exe: *: Omogućen: avgcc.ex e"
"C: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" = "C: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe: *: Omogućen: Internet Explorer"
"C: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "C: \ \ Program Files \ \ Xfire \ \ xfire.exe: *: Omogućen: Xfire"
"C: \ \ WINDOWS \ \ system32 \ \ dpvsetup.exe" = "C: \ \ WINDOWS \ \ system32 \ \ dpvsetup.exe: *: Omogućen: Microsoft DirectPlay Voice Test"
"C: \ \ WINDOWS \ \ system32 \ \ rundll32.exe" = "C: \ \ WINDOWS \ \ system32 \ \ rundll32.exe: *: Omogućen: Pokrenite DLL kao App"
"C: \ \ Program Files \ \ Wolfenstein - Enemy Territory \ \ ET.exe" = "C: \ \ Program Files \ \ Wolfenstein - Enemy Territory \ \ ET.exe: *: Omogućen: ET"
"C: \ \ Program Files \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ Messenger \ \ msnmsgr.exe: *: Omogućen: Windows Live Messenger 8,1"
"C: \ \ Program Files \ \ Messenger \ \ livecall.exe" = "C: \ \ Program Files \ \ Messenger \ \ livecall.exe: *: Omogućen: Windows Live Messenger 8,1 (Phone)"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Omogućen: @ xpsp3res.dll, -20000"
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe: *: Omogućeno : AOL "
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe: *: Omogućeno : AOL "
"C: \ \ Program Files \ \ AOL 9,0 \ \ waol.exe" = "C: \ \ Program Files \ \ AOL 9,0 \ \ waol.exe: *: Omogućen: AOL 9,0"
"C: \ \ Program Files \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ Messenger \ \ msnmsgr.exe: *: Omogućen: Windows Live Messenger 8,1"
"C: \ \ Program Files \ \ Messenger \ \ livecall.exe" = "C: \ \ Program Files \ \ Messenger \ \ livecall.exe: *: Omogućen: Windows Live Messenger 8,1 (Phone)"

Preostali Files :



Skrivene datoteke s Svojstva :

Utorak 22. lipnja 2004 54384 A.. H. --- "C: \ Program Files \ AOL 9,0 \ aolphx.exe"
Utorak 22. lipnja 2004 156784 A.. H. --- "C: \ Program Files \ AOL 9,0 \ aoltray.exe"
Utorak 22. lipnja 2004 31344 A.. H. --- "C: \ Program Files \ AOL 9,0 \ RBM.exe"
Srijeda 9. siječanj 2002 1097728 A.. H. --- "C: \ Program Files \ VoyagerModemDrivers \ Dirapi.dll"
Srijeda 9. siječanj 2002 561152 A.. H. --- "C: \ Program Files \ VoyagerModemDrivers \ Iml32.dll"
Srijeda 1 Sep 2004 A. 2048. H. --- "C: \ Program Files \ VoyagerModemDrivers \ ipchecking.exe"
Utorak 8. siječanj 2002 266293 A.. H. --- "C: \ Program Files \ VoyagerModemDrivers \ Msvcrt.dll"
Srijeda 9. siječanj 2002 151552 A.. H. --- "C: \ Program Files \ VoyagerModemDrivers \ Proj.dll"
Utorak 1. ožujak 2005 467688 A.. H. --- "C: \ Program Files \ VoyagerModemDrivers \ WindowsXP-KB885295-x86-enu.exe"
Ponedjeljak 15 listopad, 2007 56 .. SHR --- "C: \ WINDOWS \ system32 \ F64AF6059C.sys"
Ponedjeljak 15 listopad 2007 952 A.SH. --- "C: \ WINDOWS \ system32 \ KGyGaAvL.sys"
Srijeda 26. prosinac 2007 4348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Ponedjeljak 26 veljača, 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Thu 20 Sep 2007 0 A.. H. --- "C: \ Windows \ SoftwareDistribution \ Download \ cf7ced0e 70c80a1e476f1abf49afecb1 \ BIT1.tmp"

Završeno!



Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 21:15:11, dana 23/02/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ QuickTime \ qttask.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIA CE.EXE
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
C: \ Program Files \ Intelligent \ Common \ RaUI.exe
C: \ Program Files \ Panasonic \ LUMIXSimpleViewer \ PhLeAutoRun.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page =
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://uk.yahoo.com/fsc/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://uk.yahoo.com/fsc/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_3_19_0. dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_3_19_0. dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM \ .. \ Run: [gramofonska igla EPSON DX3800 Series] C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIA CE.EXE / P26 "EPSON gramofonska igla DX3800 Series" / O6 "USB001" / M " gramofonska igla DX3800 "
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [AOL Spyware Protection] "C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe"
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [1 tražite preskočite mfcd] C: \ Documents and Settings \ All Users \ Application Data \ Četiri Pomoć Tražite 1 \ Long bin.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [theowns] C: \ DOCUME ~ 1 \ Graham \ APPLIC ~ 1 \ BIASWA ~ 1 \ SlowLoad.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk =?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: AOL 9,0 Trake Icon.lnk = C: \ Program Files \ AOL 9,0 \ aoltray.exe
O4 - Global Startup: Wireless Intelligent Utility.lnk = C: \ Program Files \ Intelligent \ Common \ RaUI.exe
O4 - Global Startup: Lumix Simple Viewer.lnk =?
O8 - Extra kontekst meni stavka: AOL Toolbar & search - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O8 - Extra kontekst meni stavka: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra 'Tools' MENUITEM: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ programa ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe
O9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ programa ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe
O9 - Extra button: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (dame Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (6E5E167B-1566-4316-B27F-0DDAB3484CF7) (Slika Uploader Control) -- http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Povezivanje Service (ACS AOL) - America Online, Inc - C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C: \ Program Files \ Common Files \ Sony Shared \ AVLib \ MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C: \ Program Files \ Common Files \ Sony Shared \ AVLib \ PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C: \ Program Files \ Common Files \ Sony Shared \ AVLib \ SPTISRV.exe

--
End of file - 8485 bytes

[evilfantasy]

Molimo, preuzmite Combofix by sUBs jedan od linkova ispod.
(Isprobajte sve tri ako je potrebno)

• Link # 1
• Link # 2
• Link # 3

Važno! Combofix.exe MORA biti spremljene i otrča iz Desktop.

• Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka Combofix.
• Važno! Privremeno onemogućiti tvoj AntiVirus, Skripta za blokiranje i bilo koji protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan.
  • Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih.
  • Ako tvoj nije na popisu, a vi ne znate kako ga isključiti, molimo pitati.
• Upozorenje: Combofix disconnects vašem računalu s Interneta. Se veza automatski obnovljena prije Combofix izvrši njegove vožnji.
• Dvaput kliknite combofix.exe i slijedite upute.
  • Iz tipkovnice odaberite 1 i pritisnite Enter
• Kada završite, on će proizvesti prijava za vas.
• Pošta da se prijavite u vaš sljedeći odgovor.

Upozorenje: Ne mouseclick combofix's prozor dok je pokrenut. To svibanj uzrokovati da se štala

• Ako Combofix prometuje na poteškoće i prestaje preuranjeno, veza može biti ručno restored by ponovo pokrenuti računalo.
• Važno: Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski prije reconnecting na Internet.

----------

Sljedeća post
Combofix log
NOVO Hijackthis log

[rsteenoven]

ComboFix 08-02-24.2 - Graham 2008-02-23 21:35:51.1 - NTFSx86
Running from: C: \ Documents and Settings \ Graham \ Desktop \ ComboFix.exe
* Created novu točku vraćanja

UPOZORENJE-ovaj stroj nema Recovery Console Installed!
.

((((((((((((((((((((((((( Files Created from 2008/01/24 da 2008/02/24 ))))))))))) ))))))))))))))))))))
.

2008-02-23 20:57. 2008-02-23 20:57 <DIR> d -------- C: \ WINDOWS \ ERUNT
2008-02-23 20:50. 2008-02-23 21:09 <DIR> d -------- C: \ SDFix
2008-02-23 20:28. 2008-02-23 20:28 <DIR> d -------- C: \ VundoFix sigurnosne kopije
2008-02-23 20:14. 2008-02-23 20:16 <DIR> d -------- C: \ NoLopBackups
2008-02-23 19:41. 2008-02-23 19:41 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-02-23 19:25. 2007-09-24 23:31 69.632 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2008-02-23 16:29. 2008-02-23 16:29 <DIR> d -------- C: \ Program Files \ CCleaner
2008-02-23 14:15. 2008-02-23 16:23 <DIR> d -------- C: \ Documents and Settings \ Graham \. Housecall6.6
2008-02-16 22:59. 2008-02-16 22:59 <DIR> d -------- C: \ Documents and Settings \ Graham \ Application Data \ dvdcss
2008-02-16 17:49. 2008-02-16 17:49 12.302.839 --------- C: \ avg7qt.dat
2008-02-14 11:21. 2008-02-14 11:21 <DIR> d -------- C: \ Program Files \ pristranosti Pričekajte Iso
2008-02-05 19:36. 2008-02-05 19:36 268 - ah ----- C: \ sqmdata09.sqm
2008-02-05 19:36. 2008-02-05 19:36 244 - ah ----- C: \ sqmnoopt09.sqm
2008-01-31 02:02. 2008-01-31 02:02 54.608 - a ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-26 19:25. 2008-02-23 19:11 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-26 19:25. 2008-01-26 19:25 <DIR> d -------- C: \ Documents and Settings \ Graham \ Application Data \ SUPERAntiSpyware.com
2008-01-26 19:25. 2008-01-26 19:25 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-26 19:22. 2008-01-26 19:22 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-26 19:18. 2008-01-26 19:18 <DIR> d -------- C: \ Documents and Settings \ Graham \ Application Data \ Grisoft
2008-01-26 19:17. 2007-05-30 12:10 10.872 - a ------ C: \ Windows \ System32 \ Drivers \ AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 19:40 --------- d ----- w C: \ Program Files \ Java
2008-02-23 12:32 --------- d ----- w C: \ Documents and Settings \ Graham \ Application Data \ Xfire
2008-02-16 19:01 --------- d ----- w C: \ Documents and Settings \ Graham \ Application Data \ pristranosti Pričekajte Iso
2008-02-16 18:54 --------- d ----- w C: \ Program Files \ SpeedFan
2008-02-16 17:49 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-02-14 16:57 --------- ds --- w C: \ Program Files \ Xfire
2008-02-14 11:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Četiri Pomoć Tražite 1
2008-01-26 19:17 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008-01-16 17:55 --------- d ----- w C: \ Program Files \ Circle Developement
2008-01-16 16:20 --------- d ----- w C: \ Program Files \ Image-Line
2008-01-16 16:17 --------- d ----- w C: \ Program Files \ VstPlugins
2008-01-05 13:12 --------- d ----- w C: \ Program Files \ LEGO tvrtke
2008-01-04 23:12 --------- d ----- w C: \ Program Files \ Windows Live
2008-01-04 23:12 --------- d ----- w C: \ Program Files \ MSN Messenger
2008-01-04 23:12 --------- d ----- w C: \ Program Files \ Messenger Plus! Živjeti
2008-01-04 23:12 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2007-12-26 11:37 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2007-12-26 11:37 --------- d ----- w C: \ Program Files \ Digitalne videokomunikacije
2007-12-26 11:36 --------- d ----- w C: \ Documents and Settings \ Graham \ Application Data \ InstallShield
2007-12-25 17:21 --------- d ----- w C: \ Program Files \ MonkeyJam
2007-12-07 00:44 666.112 AW ---- C: \ WINDOWS \ system32 \ Wininet.dll
2007-12-04 18:38 550.912 AW ---- C: \ WINDOWS \ system32 \ oleaut32.dll
2007-04-15 11:18 24.192 AW ---- C: \ Documents and Settings \ Graham \ usbsermptxp.sys
2007-04-15 11:18 22.768 AW ---- C: \ Documents and Settings \ Graham \ usbsermpt.sys
2007-10-15 16:48 56 - sh - r C: \ WINDOWS \ system32 \ F64AF6059C.sys
2007-10-15 16:48 952 - SHA-w C: \ WINDOWS \ system32 \ KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"updateMgr" = "C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"theowns" = "C: \ DOCUME ~ 1 \ Graham \ APPLIC ~ 1 \ BIASWA ~ 1 \ Sl. owLoad.exe" [2008-02-14 11:20 435200]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-08-22 07:26 185632]
"RTHDCPL" = "RTHDCPL.EXE" [2005-08-18 05:20 14820864 C: \ WINDOWS \ RTHDCPL.EXE]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2006-09-01 15:57 282624]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e Xe" [2001-07-09 09:50 155648]
"igfxtray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2005-08-24 10:50 94208]
"igfxpers" = "C: \ WINDOWS \ system32 \ igfxpers.exe" [2005-08-24 10:51 114688]
"igfxhkcmd" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2005-08-24 10:47 77824]
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" [2005-01-07 15:07 61952 C: \ WINDOWS \ system32 \ HdAShCut.exe]
"Gramofon igla EPSON DX3800 Series" = "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIACE.exe" [2005-02-08 04:00 98304]
"AVG7_CC" = "C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-21 15:07 579072]
"AOLDialer" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" [2004-11-09 23:22 497240]
"AOL Spyware zaštitu" = "C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ AOLSPY ~ 1 \ AOL SP Scheduler.exe" [2004-10-18 16:42 79448]
"traže mfcd preskočite 1" = "C: \ Documents and Settings \ All Users \ Application Data \ Četiri Pomoć Tražite 1 \ Long bin.exe" [2008-02-23 21:12 2885120]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"AVG7_Run" = "C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-10-24 10:19 219136]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Gamma Loader.lnk - C: \ Program Files \ Common Files \ Adobe \ Kalibracija \ Adobe Gamma Loader.exe [2006-01-10 19:06:38 113664]
Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe [2005-09-23 22:05:26 29696]
AOL 9,0 Trake Icon.lnk - C: \ Program Files \ AOL 9,0 \ aoltray.exe [2007-01-20 19:34:26 156784]
Inteligentni Wireless Utility.lnk - C: \ Program Files \ Intelligent \ Common \ RaUI.exe [2006-11-11 11:18:12 626688]
Lumix Simple Viewer.lnk - C: \ Program Files \ Panasonic \ LUMIXSimpleViewer \ PhLeAutoRun.exe [2006-12-02 09:48:19 61440]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLacsd.exe" =
"C: \ \ Program Files \ \ AOL 9,0 \ \ waol.exe" =
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avginet.exe" =
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgamsvr.exe" =
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgcc.exe" =
"C: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" =
"C: \ \ Program Files \ \ Xfire \ \ xfire.exe" =
"C: \ \ WINDOWS \ \ system32 \ \ dpvsetup.exe" =
"C: \ \ WINDOWS \ \ system32 \ \ rundll32.exe" =
"C: \ \ Program Files \ \ Wolfenstein - Enemy Territory \ \ ET.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Messenger \ \ livecall.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"27950: UDP" = 27950: UDP: Wolfenstein
"27951: UDP" = 27951: UDP: Wolfenstein1
"27960: UDP" = 27960: UDP: Wolfenstein2

R3 AN983; ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet adapter; C: \ Windows \ System32 \ Drivers \ AN983.sys [2005-01-13 08:28]
S3 CoachUsb; Trener digitalnog fotoaparata na USB; C: \ Windows \ System32 \ Drivers \ CoachUsb.sys [2004-01-22 12:41]

.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-02-24 21:39:46
5/1/2600 Windows Service Pack 2 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
Completion time: 2008-02-24 21:42:27
.
2008-02-13 12:22:05 --- EOF ---


Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 21:45:13, dana 24/02/2008
Platforma: Windows XP SP2 (Winnt 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ QuickTime \ qttask.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIA CE.EXE
C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Intelligent \ Common \ RaUI.exe
C: \ Program Files \ Panasonic \ LUMIXSimpleViewer \ PhLeAutoRun.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page =
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://uk.yahoo.com/fsc/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://uk.yahoo.com/fsc/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_3_19_0. dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalira \ cpn \ ycomp5_3_19_0. dll
O3 - Toolbar: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM \ .. \ Run: [gramofonska igla EPSON DX3800 Series] C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ E_FATIA CE.EXE / P26 "EPSON gramofonska igla DX3800 Series" / O6 "USB001" / M " gramofonska igla DX3800 "
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / StartUp
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [AOL Spyware Protection] "C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ AOL \ AOLSPY ~ 1 \ AOLSP Scheduler.exe"
O4 - HKLM \ .. \ Run: [1 tražite preskočite mfcd] C: \ Documents and Settings \ All Users \ Application Data \ Četiri Pomoć Tražite 1 \ Long bin.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [theowns] C: \ DOCUME ~ 1 \ Graham \ APPLIC ~ 1 \ BIASWA ~ 1 \ SlowLoad.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk =?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: AOL 9,0 Trake Icon.lnk = C: \ Program Files \ AOL 9,0 \ aoltray.exe
O4 - Global Startup: Wireless Intelligent Utility.lnk = C: \ Program Files \ Intelligent \ Common \ RaUI.exe
O4 - Global Startup: Lumix Simple Viewer.lnk =?
O8 - Extra kontekst meni stavka: AOL Toolbar & search - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O8 - Extra kontekst meni stavka: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra 'Tools' MENUITEM: AOL Toolbar - (4982D40A-C53B-4615-B15B-B5B5E98D167C) - C: \ Program Files \ AOL Toolbar \ toolbar.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 3 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: @ C: \ Program Files \ Messenger \ Msgslang.dll, -61144 - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (dame Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (6E5E167B-1566-4316-B27F-0DDAB3484CF7) (Slika Uploader Control) -- http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Povezivanje Service (ACS AOL) - America Online, Inc - C: \ Program Files \ Common Files \ AOL \ ACS \ AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ programa ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C: \ Program Files \ Common Files \ Sony Shared \ AVLib \ MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C: \ Program Files \ Common Files \ Sony Shared \ AVLib \ PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C: \ Program Files \ Common Files \ Sony Shared \ AVLib \ SPTISRV.exe

--
End of file - 8061 bytes

[evilfantasy]

Scan Sumnjičavu File (s)

Molimo posjetite jedan od sljedećeg:
(Višestruke stranice su u jednom slučaju ne radi)

• Virustotal
• Jotti's zlonamjernih programa skenirati
• VirSCAN.org

Kopirajte datoteku put u kodu okvir ispod.

Code:

C: \ Documents and Settings \ All Users \ Application Data \ Četiri Pomoć Tražite 1 \ Long bin.exe

Code:

C: \ DOCUME ~ 1 \ Graham \ APPLIC ~ 1 \ BIASWA ~ 1 \ SlowLoad.exe

Napomena: Možete skenirati samo jedna datoteka u isto vrijeme tako da ćete morati ponoviti procecc i post oba scan rezultata.

• Na učitavanje stranice, kliknite unutar prozora odjednom uz Browse.
• Press Ctrl + V na tipkovnici (oba u isto vrijeme) za lijepljenje put datoteke u prozoru.
• Kliknite Next Pošalji Datoteka / Pošalji / Upload (ovisno o lokaciji)
  • Vaša datoteka će možda biti unesen u red čekanja na koji normalno traje manje od minute za brisanje.
• Time će se izvesti na više različitih scan virus skeniranje motora.
• Molimo pričekajte trenutak za sve od motora do skeniranje završi.
• Copy, a zatim Paste rezultate u narednih odgovorite.

[rsteenoven]

Long bin.exe


Antivirusi Version Last Update Result AhnLab-V32008.2.22.02008.02.22-AntiVir7.6.0.672008.02.22-Authentium4.93.82008.02.23-Avast4.7.1098.02008.02.23-AVG7.5.0.5162008.02.22-BitDefender7.22008.02.23 -MAČKA-QuickHeal9.502008.02.22-ClamAV0.92.12008.02.23-DrWeb4.44.0.091702008.02.23-eSafe7.0.15.02008.02.21-eTrust-Vet31.3.55572008.02.23-Ewido4.02008.02.23-FileAdvisor12008.02.23-Fortinet3 .14.0.02008.02.23-F-Prot4 .4.2.542008.02.23-F-Secure6 .70.13260.02008.02.23-IkarusT3 .1.1.202008.02.23-Kaspersky7 .0.0.1252008.02.23-McAfee52362008 .02.22-Microsoft1 .32042008.02 ,23-NOD32v228982008 .02.23-Norman5 .80.022008.02.22-Panda9 .0.0.42008.02.23-Prevx1V22008 .02.23-Rising20 .32.52.002008.02.23-Sophos4 .26.02008.02.23-Sunbelt3 .0.893.02008.02.23-Symantec102008 .02.23 -TheHacker6.2.9.2282008.02.23-VBA323.12.6.12008.02.21-VirusBuster4.3.26 :92008.02.23-Webwasher-Gateway6 .6.22008.02.23 - Dodatne informacije Veličina datoteke: 2885120 bytesMD5: 394ff269da96f0189c9a2df92df41e46SHA1: bb51404b2d9c0c03e273f75f20cd01bd5aad5802PEiD: --

SlowLoad.exe

Antivirusi Version Last Update Result AhnLab-V32008.2.22.02008.02.22-AntiVir7.6.0.672008.02.22-Authentium4.93.82008.02.23Possibly novu varijantu W32/Swizzor-based! MaximusAvast4.7.1098.02008.02.23-AVG7.5.0 .5162008.02.22-BitDefender7 .22008.02.23-MAČKA-QuickHeal9 .502008.02.22-ClamAV0 .92.12008.02.23-DrWeb4 .44.0.091702008.02.23-eSafe7 .0.15.02008.02.21-eTrust-Vet31 .3.55572008.02.23-Ewido4 .02008.02.23-FileAdvisor12008.02.23-Fortinet3.14.0.02008.02.23-F-Prot4.4.2.542008.02.23W32/Swizzor-based! MaximusF-Secure6.70.13260.02008.02.23-IkarusT3.1.1.202008.02.23-Kaspersky7 .0.0.1252008.02.23-McAfee52362008 .02.22-Microsoft1 .32042008.02.23-NOD32v228982008 .02.23-Norman5 .80.022008.02.22-Panda9 .0.0.42008.02.23-Prevx1V22008 .02.23-Rising20 .32.52.002008.02.23-Sophos4 .26.02008 .02.23-Sunbelt3 .0.893.02008.02.23-Symantec102008 .02.23-TheHacker6 .2.9.2282008.02.23-VBA323 .12.6.12008.02.21-VirusBuster4 .3.26:92008.02.23 Trojan.DL.Swizzor.Gen! Pac.2Webwasher-Gateway6 .6.22008.02.23 - Dodatne informacije Veličina datoteke: 435200 bytesMD5: a8063318bfd0a7d6c9c4059d4506d021SHA1: 17a4d06e242919227ccc3f4e1c3b38dafbad4263PEiD: --

[evilfantasy]

Molimo trčanje F-Secure Online Scanner

Napomena: Ovaj Skener radi sa Internet Explorer Samo!

• Pomaknite se na dno stranice i kliknite na gumb Start scanning. Prozor će pop up.
• Omogućiti Active X kontrole da se instalira na vaše računalo, a zatim kliknite gumb Prihvati
• Kliknite Full System Scan i dopustiti komponentama za preuzimanje i scan to kompletan.
• Ako se utvrdi štetnih sadržaja, provjerite Submit uzoraka za F-Secure a zatim odaberite Automatsko čišćenje
• Prilikom čišćenja ima finitished, kliknite na Prikaži izvješće (to će otvoriti prozor programa Internet Explorer koja sadrži izvješća)
• Označite i kopirajte (Ctrl + C) kompletan izvještaj, a Zalijepi (Ctrl + V) u novom odgovorite na ovaj post
  • Ako Automatsko čišćenje s Submit uzoraka smrzne, kliknite Odustani, Zatim Novo pretraživanje
• Kada je opcija čišćenje predstavljaju, Isključi Submit uzoraka za F-Secure
• Kliknite Automatsko čišćenje
• Prilikom čišćenja ima finitished, kliknite Prikaži izvješće (ovaj će se otvoriti prozor programa Internet Explorer koja sadrži izvješća)
• Označite i kopirajte (Ctrl + C) kompletan izvještaj, a Zalijepi (Ctrl + V) u novom odgovorite na ovaj post.

Ako je potrebno ići u Početak> Trčanje> tip Notepad.exe zatim pritisnite U redu.
Lijepljenje se prijavite u Notepad i spremite ju na radnu površinu tako da se lako može biti objavljene kasnije.

Ovaj skeniranja može potrajati poprilično vremena, stoga molimo da budete strpljivi

----------

Sljedeća post
F-Secure log

Također javite mi kako je računalo sada.

[rsteenoven]

Skeniranje navika posao, IR uspomena kazivanje je pogreška.

Bilo koji ideja?

[evilfantasy]

Jeste li ga koristite u programu Internet Explorer? Ako to neće raditi onda koristiti BitDefender.


Taj skener radi samo s Internet Explorerom
Idite na BitDefender Online Scanner
Kliknite I Agree na licenca, a zatim instalirati ActiveX kontrolu.
Molim NE promijeniti Scanning Options.
To će omogućiti da Vaša logove ogromna i ne treba da vidi čistu datoteke.
Odaberi Start Scan za početak.
Ovaj skeniranja može potrajati neko vrijeme pa vas molimo budite strpljivi i pustite neka završi.


Nakon što se završi skeniranje Bitdefender:
Klikni na Uočenih problema tab.
Zatim odaberite Kliknite ovdje za izvoz scan izvješće



Kada je prozor dolazi do spremili izvješće, promijeniti Sačuvaj kao tip: okvir:
Tekst (tab delimited) (*. txt) a zatim u Naziv datoteke okvir unesite promjenu bdscan zatim pritisnite Spremiti



To će spremiti datoteku pod imenom bdscan.txt. Htjela predlažemo ušteda na Desktop tako da je možete lako pronaći.
(obazirati na to gdje ste vi to tako da možete naći noviji)

Ova datoteka će zapravo bdcan.txt sadržavati HTML code da možemo jednostavno vidjeti kasnije, dok s pregledom log. Sve što morate napraviti je preimenujte datoteku bdscan.html.

Ako ne slijedite ove korak, od vas će imati pogrešan prijavite ili lošije dnevnik sažetku koji je beskoristan u nas

Objaviti bdscan.txt u sljedećem postu.