Windows Vidik Ažurirati Won't

**Bubba** · #1 23 svi 2009, 09:33

Imam prijatelje na računalu, Vista i Windows neće ažurirati. Do sada sam pronašao i uklonio Internet Anti-Virus, Win32Adload.r i video.exe. Oni također imao taj kupon spyware i njihov sin drže loading limewire. Ja uklonjena oba (LOL Limewire sama instalira na 400 mjesta, morao sam proći kroz svaku datoteku i mapu da biste dobili osloboditi od taj). Ali ipak prozora neće ažurirati. Im 'uzimajući 80072efd broj koji kaže je firewall sprečava prozor s ažuriranjem. Ne mogu pronaći bilo koji drugi firewall od Windowsa i ja pogledao u svakoj mapi. Ovdje su tri zapisnicima, ne mogu naći ništa, sam je propustila ništa?

NAPOMENA: Ne mogu učitati bilo koji od tri logove. Stalno dobivam nevažeće datoteku s web lokacije. Što je s tim? Imam previše učitavanja ovdje? pusti me probati kopiju tijesto:

SUPERAntiSpyware Scan Prijava
http://www.superantispyware.com

Generirano 05/23/2009 at 04:42

Application Version: 4/26/1002

Core Pravila Database Version: 3908
Trace Pravila Database Version: 1852

Scan type: Cijela Scan
Ukupno Scan Vrijeme: 03:45:40

Memorija predmeta skenirane: 831
Memorija prijetnje otkrivena: 0
Registry stavke skenirane: 6407
Matični prijetnje otkrivena: 0
File skenirane podatke: 326608
File prijetnje otkrivena: 78

Adware.Tracking Cookie
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman ager [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley specificcli @ CK [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley tribalfusio @ n [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@adopt.specificcli CK [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnservices.112.2 o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman ager [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley specificcli @ CK [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley tribalfusio @ n [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@adopt.specificcli CK [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnservices.112.2 o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt

Malwarebytes' Anti-zaštita od zlonamjernih programa 1,36
Database version: 2150
Windows 6.0.6001 Service Pack 1

5/19/2009 8:40:58 AM
mbam-log-2009-05-19 (08-40-58). txt

Scan type: Quick Scan
Objekti skenirane: 71524
Proteklo vrijeme: 3 minute (s), 23 Drugi (a / e)

Memory Processes zaraženih: 0
Memorijske module zaraženih: 0
Ključevi registra zaraženih: 13
Registry Values zaraženih: 0
Registry Data Items zaraženih: 3
Mape zaraženih: 3
Zaražene datoteke: 11

Memory Processes zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Memorijske module zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Ključevi registra zaraženih:
HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ CLSID \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karanteni i uspješno izbrisan.
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karanteni i uspješno izbrisan.
HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet AntiVirus pro_is1 (Rogue.InternetAntivirus) -> karanteni i uspješno izbrisan.

Registry Values zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Data Items zaraženih:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karanteni i uspješno izbrisan.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karanteni i uspješno izbrisan.

Mape zaraženih:
C: \ Windows \ System32 \ 199638 (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
C: \ Program Files \ websrvx (Trojan.Downloader) -> karanteni i uspješno izbrisan.
C: \ Windows \ System32 \ 796525 (Trojan.BHO) -> karanteni i uspješno izbrisan.

Zaražene datoteke:
C: \ Windows \ System32 \ 199638 \ 199638.dll (Trojan.FakeAlert) -> karanteni i uspješno izbrisan.
C: \ Windows \ System32 \ 796525 \ 796525.dll (Trojan.BHO) -> karanteni i uspješno izbrisan.
C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> karanteni i uspješno izbrisan.
C: \ Program Files \ Common Files \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> karanteni i uspješno izbrisan.
C: \ Windows \ msmark2.dat (Worm.KoobFace) -> karanteni i uspješno izbrisan.
C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> karanteni i uspješno izbrisan.
C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> karanteni i uspješno izbrisan.
C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> karanteni i uspješno izbrisan.
C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> karanteni i uspješno izbrisan.
C: \ Windows \ f5087.dat (Worm.KoobFace) -> karanteni i uspješno izbrisan.
C: \ Windows \ f23567.dat (Worm.KoobFace) -> karanteni i uspješno izbrisan.
(gore je bio prvi zapisnik, u nastavku je trenutno jedan)

Malwarebytes' Anti-zaštita od zlonamjernih programa 1,36
Database version: 2150
Windows 6.0.6001 Service Pack 1

5/23/2009 9:03:23 AM
mbam-log-2009-05-23 (09-03-23). txt

Scan type: Quick Scan
Objekti skenirane: 70234
Proteklo vrijeme: 2 minute (s), 28 Drugi (a / e)

Memory Processes zaraženih: 0
Memorijske module zaraženih: 0
Ključevi registra zaraženih: 0
Registry Values zaraženih: 0
Registry Data Items zaraženih: 0
Mape zaraženih: 0
Zaraženih datoteka: 0

Memory Processes zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Memorijske module zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Ključevi registra zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Values zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Registry Data Items zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Mape zaraženih:
(Nema stavki otkrivenih zlonamjernih)

Zaražene datoteke:
(Nema stavki otkrivenih zlonamjernih)

Logfile of Trend Micro HijackThis v2.0.2
Scan spremljena u 9:09:09 Na 5/23/2009
Platforma: Windows Vista SP1 (Winnt 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Pokretanje procesa:
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Windows \ RtHDVCpl.exe
C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe
C: \ Acer \ Osnaživanje Tehnologija \ SysMonitor.exe
C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe
C: \ Windows \ System32 \ nvraidservice.exe
C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Windows \ ehome \ ehtray.exe
C: \ Program Files \ Olympus \ Olympus Master 2 \ MMonitor.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ gumicu \ Eraser.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe
C: \ Windows \ system32 \ wbem \ unsecapp.exe
C: \ Acer \ Osnaživanje Tehnologija \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C: \ Acer \ Osnaživanje Tehnologija \ eRecovery \ ERAGENT.EXE
C: \ Windows \ ehome \ ehmsas.exe
C: \ Users \ Shirley \ Desktop \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyServer = http = localhost: 7171
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts::: 1 localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (no file)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: (no name) - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - (no file)
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll
O2 - BHO: Google rječnik sdch Kompresija - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Program Files \ Google \ Google Toolbar \ Komponenta \ fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe"
O4 - HKLM \ .. \ Run: [Osnaživanje Acer Technology Monitor] C: \ Acer \ Osnaživanje Tehnologija \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe
O4 - HKLM \ .. \ Run: [Acer proizvoda Registration] "C: \ Program Files \ Acer Registracija \ ACE1.exe" / pokretanja
O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ spool \ drivers \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [ArcSoft Connection Service] C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 9,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [avast!] C: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Program Files \ Olympus \ Olympus Master 2 \ MMonitor.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [gumicu] C: \ Program Files \ gumicu \-hide Eraser.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Osnaživanje Tehnologija Launcher.lnk =?
O4 - Global Startup: Kodak EasyShare software.lnk = C: \ Program Files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & kraj OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ programa ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - smolastoga Prefiks:
O16 - DPF: (3860DD98-0549-4D50-AA72-5D17D200EE10) --
O18 - Filter: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Program Files \ Google \ Google Toolbar \ Komponenta \ fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Obavijesti:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: ArcSoft Connect demon (ACDaemon) - ArcSoft Inc - C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACService.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown vlasnika - C: \ Acer \ Osnaživanje Tehnologija \ ePerformance \ MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc - C: \ Acer \ Osnaživanje Tehnologija \ eRecovery \ eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown vlasnika - C: \ Acer \ Osnaživanje Tehnologija \ eSettings \ Service \ capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe
O23 - Service: NTI Backup Now 5 Planer Service (NTISchedulerSvc) - Unknown vlasnika - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd - C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe

--
End of file - 9919 bytes

**sjb007** · #2 23 svi 2009, 23:45

Bok Bubba ....

Mi moramo onemogućiti Vaš jer svibanj TeaTimer interferirati s ispravci da je potrebno napraviti.

1) Pokreni Spybot-S & D
2) Idi na način izbornika, a pobrinite se "Advanced Mode" je odabrana
3) se nalazi na lijevoj strani odaberite Tools -> Resident
4) Isključite "Resident TeaTimer" i OK bilo koje potiču
5) Ponovo pokrenite računalo.

Preuzimanje ResetTeaTimer.bat desnim klikom na link i odaberete Save As.

* Snimite je na svoj Desktop.
* Dvokliknite ResetTeaTimer.zip
* Dvokliknite ResetTeaTimer.bat i kliknite Run ukloniti sve stavke koje postavlja TeaTimer.

Nakon svega za ispravci su potpuni vrlo je važno da omogućite TeaTimer opet, ja ću Vas obavijestili kad je sigurno da to učinite.

Uvod za Tea Timer možete naći ovdje -> http://russelltexas.com/malware/teatimer.htm

==========================================\u0

Preuzmite i scan sa ComboFix.exe. Molimo, posjetite ovu web stranicu za download linkovi i upute za pokretanje alata:

http://www.bleepingcomputer.com/comb...o-use-combofix

Bili sigurni da imate onemogućene sve protu-virus i anti zlonamjernih programa, uključujući programe winpatrol kako oni ne ometati vođenje ComboFix.

Molimo uključite C: \ ComboFix.txt u sljedećoj odgovor na daljnje razmatranje.

==========================================\u0

Idi na Početni izbornik > Odaberi Pokrenuti i copy / paste u sljedećim Trčanje kutija i klik U redu:

C: \ Qoobox \ Add-Remove Programs.txt

Tekstualnu datoteku trebali otvoriti. Molimo post sadržaja tu datoteku u vaš sljedeći odgovor.

**Bubba** · #3 24 svi 2009, 02:33

Nekoliko stvari prije nego što sam objaviti logs:

1. U Tea timer tutorial ste povezani, on je rekao da također onemogućiti SDHelper stanovnik tako sam učinio.
2. ComboFix nije prikazati kopiju regisdtry ekranu, osim ako je brz ekran, a ja ga propustili dok gleda na moje računalo (zapamtite ovo je na prijatelje). Nije se isključiti s interneta, niti sam ga primijetiti promjenu vremena. Obje su bile vidljive ikone kombinirani škripac dok je pokrenut. Je li to problem? Također, nakon trčanje Combofix, pozadinu je iskrivljen, pa sam ponovno podizanje sustava. Kada je computerstarted natrag gore, pozadinu otišao, Firefox više nije zadani preglednik i poruku popped up to IE homepage bio promijenjen u MSN (mislim). Je li to normalna? Također, Winpatrol primijetio da je nova usluga bio dodano: appmgmts.dll.

3. Prije nego što je odgovorio na to, ja je dobio osloboditi od Google Toolbar. Nekoliko je HJT unose izgledao neparan. Na 018 primjerice, zvalo x-sdCH umjesto x-sdHC .......... Osim lol, Mrzim tool barove i oni mogu uvijek dodaj natrag ako oni ištanje to. Bez obzira, koji je promijenio HJT prijavite. JA isto tako je dobio osloboditi od 2 do 02 i da nije imao datoteke povezane s njima.

4. Što smo tražili u Combofix? LOL ja počeo preuzmite i pokrenite ga prije nego što sam posted this thread, a odlučio sam znaš znali dovoljno tek nered s njom.

A bez dodatnih teškoća:

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Running from: C: \ Users \ Shirley \ Desktop \ ComboFix.exe
SP: Spybot - Search zatrite * onemogućen * (zastarjeli) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SUPERAntiSpyware * * onemogućena (Ažurirano) (222A897C-5018-402e-943F-7E7AC8560DA7)
SP: Windows Defender * omoguæi * (Updated) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Files Created from 2009/04/24 da 2009/05/24 ))))))))))) ))))))))))))))))))))
.

2009-05-22 23:57. 2009-05-24 08:40 117760 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ programdata \ SUPERAntiSpyware.com
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Program Files \ SUPERAntiSpyware
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com
2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard
2009-05-22 15:06. 2009-02-05 20:06 51376 AW ---- C: \ Windows \ System32 \ Drivers \ aswTdi.sys
2009-05-22 15:06. 2009-02-05 20:06 23152 AW ---- C: \ Windows \ System32 \ Drivers \ aswRdr.sys
2009-05-22 15:06. 2009-02-05 20:07 114768 AW ---- C: \ Windows \ System32 \ Drivers \ aswSP.sys
2009-05-22 15:06. 2009-02-05 20:07 20560 AW ---- C: \ Windows \ System32 \ Drivers \ aswFsBlk.sys
2009-05-22 15:06. 2009-02-05 20:04 97480 AW ---- c: \ windows \ system32 \ AvastSS.scr
2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- AW c: \ windows \ system32 \ aswBoot.exe
2009-05-22 15:06. 2009-02-05 20:06 51792 AW ---- C: \ Windows \ System32 \ Drivers \ aswMonFlt.sys
2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- wc: \ Program Files \ Alwil Software
2009-05-22 04:38. 2009-05-22 04:38 738120 AW ---- C: \ programdata \ Microsoft \ eHome \ Paketi \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll
2009-05-20 12:43. 2008-06-20 01:14 97800 AW ---- c: \ windows \ system32 \ infocardapi.dll
2009-05-20 12:43. 2008-06-20 01:14 105016 AW ---- c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 11264 AW ---- c: \ windows \ system32 \ icardres.dll
2009-05-20 12:43. 2008-06-20 01:14 622080 AW ---- c: \ windows \ system32 \ icardagt.exe
2009-05-20 12:43. 2008-06-20 01:14 43544 AW ---- c: \ windows \ system32 \ PresentationHostProxy.dll
2009-05-20 12:43. 2008-06-20 01:14 781344 AW ---- c: \ windows \ system32 \ PresentationNative_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 326160 AW ---- c: \ windows \ system32 \ PresentationHost.exe
2009-05-20 12:33. 2008-07-27 18:03 96760 AW ---- c: \ windows \ system32 \ dfshim.dll
2009-05-20 12:33. 2008-07-27 18:03 282112 AW ---- c: \ windows \ system32 \ mscoree.dll
2009-05-20 12:33. 2008-07-27 18:03 41984 AW ---- c: \ windows \ system32 \ netfxperf.dll
2009-05-20 12:32. 2008-07-27 18:03 158720 AW ---- c: \ windows \ system32 \ mscorier.dll
2009-05-20 12:32. 2008-07-27 18:03 83968 AW ---- c: \ windows \ system32 \ mscories.dll
2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight
2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Safety Center
2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV Mađioničar
2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ nedjelja
2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40. 2009-05-19 11:41 38200 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe
2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ gumicu
2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- wc: \ Program Files \ gumicu
2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi
2009-05-19 17:11. 2008-07-10 06:32 538 AW ---- c: \ windows \ system32 \ RegRaidSedona.bat
2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Program Files \ Spybot - Search & Destroy
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ programdata \ Spybot - Search & Destroy
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol
2009-05-19 13:01. 2006-09-18 21:43 10 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009-05-19 13:01. 2006-09-18 21:43 24 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Program Files \ BillP Studios
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009-05-19 12:26. 2009-04-06 19:32 15504 AW ---- C: \ Windows \ System32 \ Drivers \ mbam.sys
2009-05-19 12:26. 2009-04-06 19:32 38496 AW ---- C: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys
2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ programdata \ Malwarebytes
2009-05-19 11:53. 2009-05-19 11:53 0 ---- AW c: \ windows \ nsreg.dat
2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla
2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR
2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ programdata \ NOS
2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Sedam Zip
2009-05-19 10:41. 2009-03-19 20:32 23400 AW ---- C: \ Windows \ System32 \ Drivers \ GEARAspiWDM.sys
2009-05-19 10:41. 2008-04-17 16:12 107368 AW ---- c: \ windows \ system32 \ GEARAspi.dll
2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- wc: \ Program Files \ iPod
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ programdata \ (-8CD7F5AF ECFA-4793-BF40-D8F42DBFF906)
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Program Files \ iTunes
2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- wc: \ Program Files \ QuickTime
2009-05-19 10:34. 2009-05-19 10:34 75048 AW ---- C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- wc: \ Program Files \ Bonjour
2009-05-19 10:33. 2009-05-19 10:33 416128 AW ---- C: \ programdata \ Microsoft \ eHome \ Paketi \ NetTV \ čelo se \ NetTVResources.dll
2009-05-19 10:29. 2009-05-19 10:29 410984 AW ---- c: \ windows \ system32 \ deploytk.dll
2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat
2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- AW c: \ programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 08:39. 2009-02-17 13:54 602 AW ---- C: \ programdata \ ArcSoft \ Kodak-printcreations-22-080812-OEM \ acforall.dll
2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- wc: \ Program Files \ Google
2009-05-20 11:55. 2008-09-11 17:01 104472 AW ---- C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ programdata \ Microsoft Pomoć
2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works
2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- wc: \ Program Files \ Lx_cats
2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe
2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information
2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live
2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ CyberLink
2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Dijeljeno
2009-05-19 21:04. 2008-09-12 14:09 1664 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony
2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ programdata \ NVIDIA
2009-05-19 16:54. 2008-02-05 18:03 36864 AW ---- c: \ windows \ system32 \ nvcod100.dll
2009-05-19 16:54. 2007-10-25 11:02 147456 AW ---- c: \ windows \ system32 \ nvcolor.exe
2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire
2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- wc: \ Program Files \ Yahoo!
2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- wc: \ Program Files \ Java
2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple
2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ programdata \ Apple Computer
2009-05-11 12:10. 2009-05-11 12:10 78260 AW ---- C: \ programdata \ SPL23D4.tmp
2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail
2009-04-02 22:13. 2009-04-02 22:13 702127 AW ---- C: \ programdata \ SPLFB91.tmp
2009-03-19 20:32. 2009-03-19 20:32 23400 AW ---- C: \ programdata \ (-8CD7F5AF ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009-03-17 03:38. 2009-04-17 05:22 13824 AW ---- c: \ windows \ system32 \ apilogen.dll
2009-03-17 03:38. 2009-04-17 05:22 24064 AW ---- c: \ windows \ system32 \ amxread.dll
2009-03-08 11:34. 2009-05-20 03:47 914944 AW ---- c: \ windows \ system32 \ Wininet.dll
2009-03-08 11:34. 2009-05-20 03:47 43008 AW ---- c: \ windows \ system32 \ licmgr10.dll
2009-03-08 11:33. 2009-05-20 03:47 18944 AW ---- c: \ windows \ system32 \ corpol.dll
2009-03-08 11:33. 2009-05-20 03:47 109056 AW ---- c: \ windows \ system32 \ iesysprep.dll
2009-03-08 11:33. 2009-05-20 03:47 109568 AW ---- c: \ windows \ system32 \ PDMSetup.exe
2009-03-08 11:33. 2009-05-20 03:47 107520 AW ---- c: \ windows \ system32 \ RegisterIEPKEYs.exe
2009-03-08 11:33. 2009-05-20 03:47 103936 AW ---- c: \ windows \ system32 \ SetDepNx.exe
2009-03-08 11:33. 2009-05-20 03:47 132608 AW ---- c: \ windows \ system32 \ ieUnatt.exe
2009-03-08 11:33. 2009-05-20 03:47 107008 AW ---- c: \ windows \ system32 \ SetIEInstalledDate.exe
2009-03-08 11:33. 2009-05-20 03:47 420352 AW ---- c: \ windows \ system32 \ vbscript.dll
2009-03-08 11:32. 2009-05-20 03:47 72704 AW ---- c: \ windows \ system32 \ admparse.dll
2009-03-08 11:32. 2009-05-20 03:47 71680 AW ---- c: \ windows \ system32 \ iesetup.dll
2009-03-08 11:32. 2009-05-20 03:47 66560 AW ---- c: \ windows \ system32 \ wextract.exe
2009-03-08 11:32. 2009-05-20 03:47 169472 AW ---- c: \ windows \ system32 \ iexpress.exe
2009-03-08 11:31. 2009-05-20 03:47 34816 AW ---- c: \ windows \ system32 \ imgutil.dll
2009-03-08 11:31. 2009-05-20 03:47 48128 AW ---- c: \ windows \ system32 \ mshtmler.dll
2009-03-08 11:31. 2009-05-20 03:47 45568 AW ---- c: \ windows \ system32 \ mshta.exe
2009-03-08 11:22. 2009-05-20 03:47 156160 AW ---- c: \ windows \ system32 \ msls31.dll
2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- AW c: \ windows \ system32 \ Ntkrnlpa.exe
2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- AW c: \ windows \ system32 \ ntoskrnl.exe
2009-03-03 04:39. 2009-04-17 05:22 183296 AW ---- c: \ windows \ system32 \ sdohlp.dll
2009-03-03 04:39. 2009-04-17 05:22 551424 AW ---- c: \ windows \ system32 \ rpcss.dll
2009-03-03 04:39. 2009-04-17 05:22 26112 AW ---- c: \ windows \ system32 \ printfilterpipelineprxy.dll
2009-03-03 04:37. 2009-04-17 05:22 98304 AW ---- c: \ windows \ system32 \ iasrecst.dll
2009-03-03 04:37. 2009-04-17 05:22 54784 AW ---- c: \ windows \ system32 \ iasads.dll
2009-03-03 04:37. 2009-04-17 05:22 44032 AW ---- c: \ windows \ system32 \ iasdatastore.dll
2009-03-03 03:04. 2009-04-17 05:22 666624 AW ---- c: \ windows \ system32 \ printfilterpipelinesvc.exe
2009-03-03 02:38. 2009-04-17 05:22 17408 AW ---- c: \ windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ehTray.exe" = "C: \ Windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "C: \ Program Files \ Olympus \ Olympus Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Gumica" = "C: \ Program Files \ gumicu \ Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552]
"Osnaživanje Acer Technology Monitor" = "C: \ Acer \ Osnaživanje Tehnologija \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer proizvoda Registracija" = "C: \ Program Files \ Acer Registracija \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "c: \ windows \ system32 \ spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9,0 \ Reader \ Reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"avast!" = "c: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007-10-11 4702208]

c: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \
Osnaživanje Tehnologija Launcher.lnk - C: \ Acer \ Osnaživanje Tehnologija \ eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon]
2008-12-22 16:05 356352 AW ---- C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend]
@ = "Usluga"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-4C39-178B-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-48CC-1B85-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa \ mbam.exe: Malwarebytes' Anti-zaštita od zlonamjernih programa
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa \ mbam.exe: Malwarebytes' Anti-zaštita od zlonamjernih programa
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Ažuriranje Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Ažuriranje Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; avast! Self Protection; c: \ Windows \ System32 \ Drivers \ aswSP.sys [5/22/2009 11:06 AM 114768]
R1 FAMv4; FAMv4; c: \ Windows \ System32 \ Drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 aswFsBlk; aswFsBlk; c: \ Windows \ System32 \ Drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560]
R2 aswMonFlt; aswMonFlt; c: \ Windows \ System32 \ Drivers \ kao wMonFlt.sys [5/22/2009 11:06 AM 51792]
R2 BUNAgentSvc; NTI Backup Now 5 Agent Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752]
R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520]
R2 NTISchedulerSvc; NTI Backup Now 5 Planer Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440]
R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368]
R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aktivnih setup \ instalirane komponente \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"C: \ Windows \ System32 \ rundll32.exe" C: \ Windows \ System32 \ iedkcs32.dll ", BrandIEActiveSe ovan Signup
.
- - - - Orphans Odstranjena - - - --

SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
Page uStart = hxxp: / / www.yahoo.com/
Page mStart = hxxp: / / en.us.acer.yahoo.com
uInternet Postavke, ProxyOverride = <local>; *. lokalne
uInternet Postavke, ProxyServer = http = localhost: 7171
IE: E & zvezi u Microsoft Excel - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
Trusted Zone: microsoft.com \ update
Trusted Zone: microsoft.com \ WindowsUpdate
FF - ProfilePath - C: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ rofiles P \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2009-05-24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ drivers \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
--------------------- --------------------- Zaključana registarske ključeve

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Odbijen: (A) (Korisnici)
@ Odbijen: (A) (svi)
@ Dozvoljen: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Completion time: 2009-05-24 4:55
ComboFix-u karanteni-files.txt 2009-05-24 08:55

Pre-Run: 173756547072 bytes free
Post-Run: 173859581952 bytes free

269 --- EOF --- 2009-05-17 10:04

DODAJ Ukloni programe

Microsoft Office Shared MUI (Engleski) 2007
Microsoft Office Shared Setup Metapodatci MUI (Engleski) 2007
Microsoft Office Word MUI (Engleski) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 Redistributable
Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 parser i SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Open File Manager (ukloniti samo)
NVIDIA Driveri
OfotoXMI
Olympus Master 2
Olympus muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Sigurnosno ažuriranje za Microsoft Office PowerPointa 2007 (KB957789)
SFR
SHASTA
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
alata
Turbo Pizza
Ažuriranje za Microsoft Office sustava 2007 (KB967642)
Ažuriranje za Microsoft Office 2007 Pomoć za zajedničke karakteristike (KB963673)
Ažuriranje za Microsoft Office Excel 2007 Pomoć (KB963678)
Ažuriranje za Microsoft Office OneNote 2007 Pomoć (KB963670)
Ažuriranje za Microsoft Office PowerPoint 2007 Pomoć (KB963669)
Ažuriranje za Microsoft Office Script Editor Pomoć (KB963671)
Ažuriranje za Microsoft Office Word 2007 Pomoć (KB963665)
VPRINTOL
Windows Live OneCare sigurnosni skener
WinPatrol 2009
BEŽIČNOM
Zuma Deluxe

EDIT: još tri pitanja: primijetio sam jedan Limewire DLL, možemo ubiti to?

Iako je LTI legitimni program, je li potrebno? Mislim da je došao u paketu s ovo glupo Acer računala (čovjek ne opterećenja ove stvari sa junk), a izrađen je po blagoglagoljiv ugrađeni u Microsoft program.

LT Cats, je izgrađen od spyware lprinter proizvođača, Lenmark. Sam mislio JA je dobio Internet vanjska relevantnih dijelova, ali nisam siguran koliko se sjekira bez onemogućivanju pisač. Može li više ići ili je ono što je ostalo u redu?

**sjb007** · #4 24 svi 2009, 04:03

Bok Bubba

Molimo vas da ne igraju, osim ako se ne razumijete HJT djelovanju toga. Morate zapamtiti da je na snazi HJT jednom alatu Registry Editor u drugačijem kontekstu. Ja bih vas mrze pretvoriti PC u skupim vratima! Dvije 02 stavki koje ste izbrisali su čitljiv, iako izvješća datoteku kakva nedostaje to nije uvijek slučaj. HJT je poznato da misreport određenih stavki.

Što se tiče limewire, jeste li ga deinstalirati putem control panel? Ako je tako onda možemo sprati par više suvišne stavke koje su preostao.

Vidim par bitova koji se odnose na Sjever, je bila u paketu na ovom računalu istovremeno? Molimo pokrenite sjever uklanjanje alat očistiti izvaditi reminants. Tamo možete naći alat ovdje: Norton Removal Tool

Nakon što završite ......

Combofix

Zatvori bilo koji otvoreni preglednicima.
Zatvori bilo koji sigurnost primjene (Antivirus, Antimalware itd..)
Otvoriti Notepad i copy / paste tekst u okvir ispod u nju:

Quote:

DDS::
uInternet Postavke, ProxyOverride = <local>; *. lokalne
uInternet Postavke, ProxyServer = http = localhost: 7171

RegLock::
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \ 0000 \ AllUserSettings]

Gledajući sliku ispod kao primjer

Spremi kao CFScript.txt, Na istom mjestu kao ComboFix.exe

Osvrchuchi se na slici gore, povucite CFScript na ComboFix.exe.

Kada završite, on će proizvesti prijava za Vas "C: \ ComboFix.txt"

Ne mouseclick combofix's prozor dok je pokrenut. Ovaj svibanj uzrokovati da se zatajiti.

OPREZ! Bilo tko drukčije misli koristeći gore original to čini na vlastitu odgovornost - vi svibanj kraj gore što nećete morati ponovo instalirati sustav Windows?

Molimo, prijavite se post C: \ ComboFix.txt za daljnje razmatranje.

=====================================

JA obavijest da je prijava bila deinstalirali odsječene na vrhu, možete li to za mene repost molim. Također imajte me updated on kako stvari su mudri sustav

**Bubba** · #5 24 svi 2009, 04:53

Limewire neće pojaviti u programe i značajke ploče za deinstalaciju. datoteka "Pokreni" to sam našao su cca slika, ne exe, pa sam trudged kroz C disk i izbrisati sve što sam mogao naći. Vidim ja propułtenih barem jedan u registru ipak.

Kao za Sjever ........ Yeah, Acer učitan na probnu verziju. Deinstaliran sam ga kroz control panel, a zatim je koristio Norton uklanjanje alat. (To je bilo prvo što sam učinio, čak i prije nego što sam loaded Spybot, Winpatrol, a ostatak od stvari.) Kad sam prolazio kroz C voziti kartoteka, JA je zadržao više pronalaženju ostacima Norton i briąu ih kao što sam otišao. To mi se nikada nije dogodila da ga opet, a ja ću to učiniti sada.

LOL Te tri datoteke u Combofix su tri sam bio znatiželjan o većini. Tu ne bi trebalo biti proxy host, niti mislim profila bi trebalo biti zaključan za sve. Ali ja nisam studirala Combofix ali to je razlog zašto nisam ga koristiti ja kao takav, bio sam clueless kao što učiniti s onima koji su tri, pa čak i ako su, u stvari, "loš".

Nažalost o rezanjem glave off deinstalacije zapisnik, što je blesav sam je gledao u njega dva puta jer nije imao postavku, a propustili moja zabluda oba puta.

EDIT: i ja još uvijek ga zaboravili post:

2007 Microsoft Office Suite Service Pack 2 (SP2)
Acer Arcade Live Main Page
Osnaživanje Acer Technology
Acer ePerformance Management
Acer eSettings Management
Acer GameZone konzole DTV 2.0.1.1
Acer Registracija
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Adobe Shockwave Player 11,5
Agatha Christie Death na Nila
Alice Greenfingers
Apple Mobile Device Support
Apple Software Update
ArcSoft Ispiši Creations
ArcSoft Ispiši Creations - Album Page
ArcSoft Ispiši Creations - Funhouse
ArcSoft Ispiši Creations - čestitka
ArcSoft Ispiši Creations - Photo Book
ArcSoft Ispiši Creations - Foto Kalendar
ArcSoft Ispiši Creations - Spomenar
ArcSoft Ispiši Creations - Slimline Card
avast! Antivirus
Azada
Backspin Billiards
Big Kahuna Greben
Bonjour
Knjiški moljac Deluxe
Cigle Egipta
Torta Manija
CCScore
Chicken Invaders 3
Chuzzle
Diner crtica Flo Idi na
Brisač
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Flip Words 2
HijackThis 2.0.2
Hotfix za Microsoft. NET Framework 3,5 SP1 (KB953595)
Hotfix za Microsoft. NET Framework 3,5 SP1 (KB958484)
iTunes
Java (tm) 6 Update 13
Jewel Quest Solitaire
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kick N Rush
Kodak EasyShare softver
KODAK Galerija Učitaj Software
Lexmark 4300 Series
Mahjong Escape Ancient China
Mahjongg artefakata
Malwarebytes' Anti-zaštita od zlonamjernih programa
Memorex exPressit Label Design Studio
Microsoft. NET Framework 3,5 SP1
Microsoft Office Excel MUI (Engleski) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Engleski) 2007
Microsoft Office PowerPoint MUI (Engleski) 2007
Microsoft Office Proof (Engleski) 2007
Microsoft Office Proof (Francuska) 2007
Microsoft Office Proof (španjolski) 2007
Microsoft Office Proofing (Engleski) 2007
Microsoft Office Shared MUI (Engleski) 2007
Microsoft Office Shared Setup Metapodatci MUI (Engleski) 2007
Microsoft Office Word MUI (Engleski) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 Redistributable
Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 parser i SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Open File Manager (ukloniti samo)
NVIDIA Driveri
OfotoXMI
Olympus Master 2
Olympus muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Sigurnosno ažuriranje za Microsoft Office PowerPointa 2007 (KB957789)
SFR
SHASTA
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
alata
Turbo Pizza
Ažuriranje za Microsoft Office sustava 2007 (KB967642)
Ažuriranje za Microsoft Office 2007 Pomoć za zajedničke karakteristike (KB963673)
Ažuriranje za Microsoft Office Excel 2007 Pomoć (KB963678)
Ažuriranje za Microsoft Office OneNote 2007 Pomoć (KB963670)
Ažuriranje za Microsoft Office PowerPoint 2007 Pomoć (KB963669)
Ažuriranje za Microsoft Office Script Editor Pomoć (KB963671)
Ažuriranje za Microsoft Office Word 2007 Pomoć (KB963665)
VPRINTOL
Windows Live OneCare sigurnosni skener
WinPatrol 2009
BEŽIČNOM
Zuma Deluxe

**sjb007** · #6 24 svi 2009, 05:58

Hi there Bubba

Hvala za deinstalaciju ažurirana lista - možete postavljati nove combofix prijava za mene kao zatražili.

Quote:

Što smo tražili u Combofix?

Uglavnom samo nešto zlonamjerni, combofix uglavnom je napredni alat za analizu, koji nam daje više informacija od HJT

Što se tiče LTCats:
From što Ja mogu reći da je ovo valjana ulaza, ali je klasificiran kao "Izbor korisnika" na to da li radi na start up

Što se tiče Limewire:
Vidim par stavki koje su još uvijek tamo, ali možemo ih sa ge sljedećeg pokretanja programa combofix

**Bubba** · #7 24 svi 2009, 07:03

Ouch, računalo zaključano i zatvorena, jer je izgledao kao Combofix o to završiti gore. Ona i ja ponovno podizanje sustava odabrane safemode. Ne mislim da su stvorene zapisnik, ali ja ne znam za sigurno. Ovdje je Microsoft popup.

Windows se oporavila od neočekivani shutdown.

Problem signature:
Problem Event Name: Blue Screen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033

Dodatne informacije o problemu:

BCCODE: 50
BCP1: E0858E9B
BCP2: 00000000
BCP3: 9B9D2D10
BCP4: 00000002
OS Version: 6_6_6001
Service Pack: 1_0
Proizvod: 768_1

Datoteke koje opisuju problem:

C \ Windows \ minidump \ mini052409-01.dmp
C \ Users \ Shirley \ appdata \ Temp \ WER-85644-0.systemdata.xml
C \ Users \ Shirley \ Appdata \ Local \ Temp \ WERC6C7.tmp.ver sion.txt

Ja sam lijevo na to da računalo zaslon u safemode. Što želiš od mene da radimo s njim? I'm ostavljajući ga u safemode dok čujem nešto, moram ići filma sada, vratiti se u oko 3 sata. Čovjek je lijepo raditi na nečije računalo, tako da sam od mina još uvijek dobiti pomoć ovdje.

EDIT: nisam pokušao, ali siguran sam da ne mogu dobiti one datoteke u safemode ako trebate znati što reći, ali ja također ne znam kako otvoriti datoteku.

**sjb007** · #8 24 svi 2009, 07:11

Bok Bubba

Postupak ponovne inicijalizacije operacijskog sust Probajte i vidjeti ako je čizmama uspješno opet, ako ne i pokušajte pritisnuti F8 da biste pristupili boot ekran na start up i izaberite opciju za Last Known Good Configuration.

**Bubba** · #9 24 svi 2009, 07:50

To booted i tu je bio ComboFix2 prijavite postoji, to je prilično identičan prva, ali je 10:04 datumom se odnose na karantenu log. The quarentine prijava je prazna. Ovdje je slika, ne znam ako je potpuna ili ono što želite. Sam u Split.

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Running from: C: \ Users \ Shirley \ Desktop \ ComboFix.exe
SP: Spybot - Search zatrite * onemogućen * (zastarjeli) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SUPERAntiSpyware * * onemogućena (Ažurirano) (222A897C-5018-402e-943F-7E7AC8560DA7)
SP: Windows Defender * omoguæi * (Updated) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Files Created from 2009/04/24 da 2009/05/24 ))))))))))) ))))))))))))))))))))
.

2009-05-22 23:57. 2009-05-24 08:40 117760 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ programdata \ SUPERAntiSpyware.com
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Program Files \ SUPERAntiSpyware
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com
2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard
2009-05-22 15:06. 2009-02-05 20:06 51376 AW ---- C: \ Windows \ System32 \ Drivers \ aswTdi.sys
2009-05-22 15:06. 2009-02-05 20:06 23152 AW ---- C: \ Windows \ System32 \ Drivers \ aswRdr.sys
2009-05-22 15:06. 2009-02-05 20:07 114768 AW ---- C: \ Windows \ System32 \ Drivers \ aswSP.sys
2009-05-22 15:06. 2009-02-05 20:07 20560 AW ---- C: \ Windows \ System32 \ Drivers \ aswFsBlk.sys
2009-05-22 15:06. 2009-02-05 20:04 97480 AW ---- c: \ windows \ system32 \ AvastSS.scr
2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- AW c: \ windows \ system32 \ aswBoot.exe
2009-05-22 15:06. 2009-02-05 20:06 51792 AW ---- C: \ Windows \ System32 \ Drivers \ aswMonFlt.sys
2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- wc: \ Program Files \ Alwil Software
2009-05-22 04:38. 2009-05-22 04:38 738120 AW ---- C: \ programdata \ Microsoft \ eHome \ Paketi \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll
2009-05-20 12:43. 2008-06-20 01:14 97800 AW ---- c: \ windows \ system32 \ infocardapi.dll
2009-05-20 12:43. 2008-06-20 01:14 105016 AW ---- c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 11264 AW ---- c: \ windows \ system32 \ icardres.dll
2009-05-20 12:43. 2008-06-20 01:14 622080 AW ---- c: \ windows \ system32 \ icardagt.exe
2009-05-20 12:43. 2008-06-20 01:14 43544 AW ---- c: \ windows \ system32 \ PresentationHostProxy.dll
2009-05-20 12:43. 2008-06-20 01:14 781344 AW ---- c: \ windows \ system32 \ PresentationNative_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 326160 AW ---- c: \ windows \ system32 \ PresentationHost.exe
2009-05-20 12:33. 2008-07-27 18:03 96760 AW ---- c: \ windows \ system32 \ dfshim.dll
2009-05-20 12:33. 2008-07-27 18:03 282112 AW ---- c: \ windows \ system32 \ mscoree.dll
2009-05-20 12:33. 2008-07-27 18:03 41984 AW ---- c: \ windows \ system32 \ netfxperf.dll
2009-05-20 12:32. 2008-07-27 18:03 158720 AW ---- c: \ windows \ system32 \ mscorier.dll
2009-05-20 12:32. 2008-07-27 18:03 83968 AW ---- c: \ windows \ system32 \ mscories.dll
2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight
2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Safety Center
2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV Mađioničar
2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ nedjelja
2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40. 2009-05-19 11:41 38200 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ bin \ airapp ... pinstaller.exe
2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ gumicu
2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- wc: \ Program Files \ gumicu
2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi
2009-05-19 17:11. 2008-07-10 06:32 538 AW ---- c: \ windows \ system32 \ RegRaidSedona.bat
2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Program Files \ Spybot - Search & Destroy
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ programdata \ Spybot - Search & Destroy
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol
2009-05-19 13:01. 2006-09-18 21:43 10 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009-05-19 13:01. 2006-09-18 21:43 24 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Program Files \ BillP Studios
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009-05-19 12:26. 2009-04-06 19:32 15504 AW ---- C: \ Windows \ System32 \ Drivers \ mbam.sys
2009-05-19 12:26. 2009-04-06 19:32 38496 AW ---- C: \ Windows \ System32 \ Drivers \ mbamswissarmy.sys
2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ programdata \ Malwarebytes
2009-05-19 11:53. 2009-05-19 11:53 0 ---- AW c: \ windows \ nsreg.dat
2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla
2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR
2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ programdata \ NOS
2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Sedam Zip
2009-05-19 10:41. 2009-03-19 20:32 23400 AW ---- C: \ Windows \ System32 \ Drivers \ GEARAspiWDM.sys
2009-05-19 10:41. 2008-04-17 16:12 107368 AW ---- c: \ windows \ system32 \ GEARAspi.dll
2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- wc: \ Program Files \ iPod
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ programdata \ (-8CD7F5AF ECFA-4793-BF40-D8F42DBFF906)
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Program Files \ iTunes
2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- wc: \ Program Files \ QuickTime
2009-05-19 10:34. 2009-05-19 10:34 75048 AW ---- C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- wc: \ Program Files \ Bonjour
2009-05-19 10:33. 2009-05-19 10:33 416128 AW ---- C: \ programdata \ Microsoft \ eHome \ Paketi \ NetTV \ čelo se \ NetTVResources.dll
2009-05-19 10:29. 2009-05-19 10:29 410984 AW ---- c: \ windows \ system32 \ deploytk.dll
2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat
2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- AW c: \ programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 08:39. 2009-02-17 13:54 602 AW ---- C: \ programdata \ ArcSoft \ Kodak-printcreations-22-080812-OEM \ acforall.dll
2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- wc: \ Program Files \ Google
2009-05-20 11:55. 2008-09-11 17:01 104472 AW ---- C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ programdata \ Microsoft Pomoć
2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works
2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- wc: \ Program Files \ Lx_cats
2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe
2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information
2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live
2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ CyberLink
2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Dijeljeno
2009-05-19 21:04. 2008-09-12 14:09 1664 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony
2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ programdata \ NVIDIA
2009-05-19 16:54. 2008-02-05 18:03 36864 AW ---- c: \ windows \ system32 \ nvcod100.dll
2009-05-19 16:54. 2007-10-25 11:02 147456 AW ---- c: \ windows \ system32 \ nvcolor.exe
2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire
2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- wc: \ Program Files \ Yahoo!
2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- wc: \ Program Files \ Java
2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple
2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ programdata \ Apple Computer
2009-05-11 12:10. 2009-05-11 12:10 78260 AW ---- C: \ programdata \ SPL23D4.tmp
2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail
2009-04-02 22:13. 2009-04-02 22:13 702127 AW ---- C: \ programdata \ SPLFB91.tmp
2009-03-19 20:32. 2009-03-19 20:32 23400 AW ---- C: \ programdata \ (-8CD7F5AF ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009-03-17 03:38. 2009-04-17 05:22 13824 AW ---- c: \ windows \ system32 \ apilogen.dll
2009-03-17 03:38. 2009-04-17 05:22 24064 AW ---- c: \ windows \ system32 \ amxread.dll
2009-03-08 11:34. 2009-05-20 03:47 914944 AW ---- c: \ windows \ system32 \ Wininet.dll
2009-03-08 11:34. 2009-05-20 03:47 43008 AW ---- c: \ windows \ system32 \ licmgr10.dll
2009-03-08 11:33. 2009-05-20 03:47 18944 AW ---- c: \ windows \ system32 \ corpol.dll
2009-03-08 11:33. 2009-05-20 03:47 109056 AW ---- c: \ windows \ system32 \ iesysprep.dll
2009-03-08 11:33. 2009-05-20 03:47 109568 AW ---- c: \ windows \ system32 \ PDMSetup.exe
2009-03-08 11:33. 2009-05-20 03:47 107520 AW ---- c: \ windows \ system32 \ RegisterIEPKEYs.exe
2009-03-08 11:33. 2009-05-20 03:47 103936 AW ---- c: \ windows \ system32 \ SetDepNx.exe
2009-03-08 11:33. 2009-05-20 03:47 132608 AW ---- c: \ windows \ system32 \ ieUnatt.exe
2009-03-08 11:33. 2009-05-20 03:47 107008 AW ---- c: \ windows \ system32 \ SetIEInstalledDate.exe
2009-03-08 11:33. 2009-05-20 03:47 420352 AW ---- c: \ windows \ system32 \ vbscript.dll
2009-03-08 11:32. 2009-05-20 03:47 72704 AW ---- c: \ windows \ system32 \ admparse.dll
2009-03-08 11:32. 2009-05-20 03:47 71680 AW ---- c: \ windows \ system32 \ iesetup.dll
2009-03-08 11:32. 2009-05-20 03:47 66560 AW ---- c: \ windows \ system32 \ wextract.exe
2009-03-08 11:32. 2009-05-20 03:47 169472 AW ---- c: \ windows \ system32 \ iexpress.exe
2009-03-08 11:31. 2009-05-20 03:47 34816 AW ---- c: \ windows \ system32 \ imgutil.dll
2009-03-08 11:31. 2009-05-20 03:47 48128 AW ---- c: \ windows \ system32 \ mshtmler.dll
2009-03-08 11:31. 2009-05-20 03:47 45568 AW ---- c: \ windows \ system32 \ mshta.exe
2009-03-08 11:22. 2009-05-20 03:47 156160 AW ---- c: \ windows \ system32 \ msls31.dll
2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- AW c: \ windows \ system32 \ Ntkrnlpa.exe
2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- AW c: \ windows \ system32 \ ntoskrnl.exe
2009-03-03 04:39. 2009-04-17 05:22 183296 AW ---- c: \ windows \ system32 \ sdohlp.dll
2009-03-03 04:39. 2009-04-17 05:22 551424 AW ---- c: \ windows \ system32 \ rpcss.dll
2009-03-03 04:39. 2009-04-17 05:22 26112 AW ---- c: \ windows \ system32 \ printfilterpipelineprxy.dll
2009-03-03 04:37. 2009-04-17 05:22 98304 AW ---- c: \ windows \ system32 \ iasrecst.dll
2009-03-03 04:37. 2009-04-17 05:22 54784 AW ---- c: \ windows \ system32 \ iasads.dll
2009-03-03 04:37. 2009-04-17 05:22 44032 AW ---- c: \ windows \ system32 \ iasdatastore.dll
2009-03-03 03:04. 2009-04-17 05:22 666624 AW ---- c: \ windows \ system32 \ printfilterpipelinesvc.exe
2009-03-03 02:38. 2009-04-17 05:22 17408 AW ---- c: \ windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ehTray.exe" = "C: \ Windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "C: \ Program Files \ Olympus \ Olympus Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Gumica" = "C: \ Program Files \ gumicu \ Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552]
"Osnaživanje Acer Technology Monitor" = "C: \ Acer \ Osnaživanje Tehnologija \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer proizvoda Registracija" = "C: \ Program Files \ Acer Registracija \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "c: \ windows \ system32 \ spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9,0 \ Reader \ Reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"avast!" = "c: \ programa ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007-10-11 4702208]

c: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \
Osnaživanje Tehnologija Launcher.lnk - C: \ Acer \ Osnaživanje Tehnologija \ eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ winlogon \ obavijestiti \! SASWinLogon]
2008-12-22 16:05 356352 AW ---- C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend]
@ = "Usluga"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-4C39-178B-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-48CC-1B85-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa \ mbam.exe: Malwarebytes' Anti-zaštita od zlonamjernih programa
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-zaštita od zlonamjernih programa \ mbam.exe: Malwarebytes' Anti-zaštita od zlonamjernih programa
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Ažuriranje Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Ažuriranje Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; avast! Self Protection; c: \ Windows \ System32 \ Drivers \ aswSP.sys [5/22/2009 11:06 AM 114768]
R1 FAMv4; FAMv4; c: \ Windows \ System32 \ Drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 aswFsBlk; aswFsBlk; c: \ Windows \ System32 \ Drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560]
R2 aswMonFlt; aswMonFlt; c: \ Windows \ System32 \ Drivers \ kao wMonFlt.sys [5/22/2009 11:06 AM 51792]
R2 BUNAgentSvc; NTI Backup Now 5 Agent Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752]
R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520]
R2 NTISchedulerSvc; NTI Backup Now 5 Planer Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440]
R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368]
R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aktivnih setup \ instalirane komponente \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"C: \ Windows \ System32 \ rundll32.exe" C: \ Windows \ System32 \ iedkcs32.dll ", BrandIEActiveSe ovan Signup
.
- - - - Orphans Odstranjena - - - --

SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
Page uStart = hxxp: / / www.yahoo.com/
Page mStart = hxxp: / / en.us.acer.yahoo.com
uInternet Postavke, ProxyOverride = <local>; *. lokalne
uInternet Postavke, ProxyServer = http = localhost: 7171
IE: E & zvezi u Microsoft Excel - C: \ programa ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
Trusted Zone: microsoft.com \ update
Trusted Zone: microsoft.com \ WindowsUpdate
FF - ProfilePath - C: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ rofiles P \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2009-05-24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ drivers \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
--------------------- --------------------- Zaključana registarske ključeve

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Odbijen: (A) (Korisnici)
@ Odbijen: (A) (svi)
@ Dozvoljen: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Completion time: 2009-05-24 4:55
ComboFix-u karanteni-files.txt 2009-05-24 08:55

Pre-Run: 173756547072 bytes free
Post-Run: 173859581952 bytes free

269 --- EOF --- 2009-05-17 10:04

EDIT: Nope, brza usporedba prvog jedan, mislim da je identična.

**sjb007** · #10 24 svi 2009, 10:38

Bok Bubba,

Quote:

EDIT: Nope, brza usporedba prvog jedan, mislim da je identična.

Da li se pravo - da je od prvog pokretanja programa combofix

Sadašnja prijava mogu se naći na C: / combofix.txt.

Slične teme
Nit	Temu Započeo	Forum	Odgovori	Zadnji Post
Čepljenje Windows Vidik Ažurirati od Dizanje	mrdaveyk	Windows Operating Systems	1	8. listopada 2009 02:27
Windows Vista neće Ažuriraj	gamiseta	Windows Operating Systems	6	4. veljača 2009 11:44
Windows Vidik Ažurirati Problems - KB36330 - KB950759	katiecoos	Windows Operating Systems	3	18. lipnja 2008 16:08
Windows Vidik Ažurirati Greška	robina80	Windows Operating Systems	1	12. lipnja 2008 09:09
Ažuriranje za Windows Vista	Roman	Windows Operating Systems	1	13 siječanj 2008 11:26