Uzklikšķinot, skaņas un slēptās iexplore.exe process

ad hoc · #1 Oktobris 6, 2008, 23:30

Čau,

Any help ar šo jautājumu daudz apprecated. SAS, SSD un anti-ļaundabīgo programmu šķiet, nevaram atrast, ko jebkad esmu. Lūk, kā tas notiek:

1) Ja nav saistīta ar manu modemu, pastāvīgu noklikšķinot nāk no mana datora (es pieņemu, jo kaut ko mēģina atvērt iexplorer.exe
2) laiku pa laikam beebing (viens atšķirībā no visiem jebkad esmu dzirdējis) pīkstieni trīs vai četras reizes
3) Ja saistīti ar modemu, iexplorer.exe darbojas (kaut gan es nekad izmantot Internet Explorer) un kad es slēgti process ir atvērts tiesības atpakaļ uz augšu.

Liels paldies visiem, un visi palīdzēt, šeit HJT žurnāls:

Logfile of HijackThis v1.99.1
Scan saglabāts 11:15:50 par 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
C: \ WINDOWS \ System32 \ DVDRAMSV.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ ARCGIS.exe
C: \ Program Files \ Hotspot Shield \ bin \ openvpnas.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WINNT \ spnsrvnt.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
C: \ Program Files \ TOSHIBA \ Touchpad \ TPTray.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ WINDOWS \ Siemens \ PanelMgr \ ssmmgr.exe
C: \ WINDOWS \ HCWemMON.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ SpyNoMore \ SNM.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ initio \ Button Manager v1.836 \ inihid.exe
C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Program Files \ TOSHIBA \ Touchpad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ Siemens \ PanelMgr \ ssmmgr.exe / Autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Program Files \ SpyNoMore \ SNM.exe / starta
O4 - HKCU \ .. \ Run: [Free Download Manager] C: \ Program Files \ Free Download Manager \ fdm.exe-Autorun
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_9-reboot 1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Button Manager v1.836.lnk =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ Linksys EasyLink Advisor.exe
O4 - Global Startup: Say Time.lnk = C: \ Program Files \ Say Time \ SayTime.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø15 - Trusted IP diapazons: 206.161.125.149
Ø15 - ProtocolDefaults: 'http' protokols ir My Computer zonā, vajadzētu būt interneta Zone (HKLM)
Ø16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
Ø16 - DPF: (04E214E5-63AF-4.236-83C6-A7ADCBF9BD02) (HouseCall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
Ø16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ sastāvdaļas \ hidinputmonitorx.ocx
Ø16 - DPF: (4F63D44B-6.274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ sastāvdaļas \ A9.ocx
Ø16 - DPF: (74D05D43-3.236-11D4-BDCD-00C04F9A3B61) (HouseCall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
Ø16 - DPF: (BAC01377-73DD-4.796-854D-2A8997E3D68A) (Yahoo! Photos Easy Upload Tool klase) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
Ø16 - DPF: (E7DBFB6C-113.A-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Paziņot: NavLogon - C: \ WINDOWS \ System32 \ NavLogon.dll
Ø20 - Winlogon Paziņot: WgaLogon - C: \ Windows \
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown īpašnieks - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown īpašnieks - C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC - C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - Toshiba Corporation - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc - C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co Ltd - C: \ WINDOWS \ System32 \ DVDRAMSV.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown īpašnieks - C: \ Program Files \ Hotspot Shield \ bin \ openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WINNT \ spnsrvnt.exe

**evilfantasy** · #2 7 oktobris 2008, 00:28

Jūs izmantojat novecojušu versiju HijackThis. Lūdzu, instalējiet jauno versiju HijackThis bet neskrien, līdz pēc SDFix ir pabeigts, tā ir process.

Lejupielādēt TrendMicro HijackThis.exe (HJT) uz Desktop.

Double-click uz HJTInstall.
Noklikšķiniet uz Install pogu.
Tas automātiski novietot HJT in C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Pēc instalēšanas, HijackThis jāatver jums.
Noklikšķiniet uz Vai sistēmas skenēšanu un saglabāt log failu poga
HijackThis skenēs un tad log atvērsies notepad.
Nokopējiet un ielīmējiet visu saturu no log in your post.
Nav ir HijackThis noteikt kaut kas vēl. Lielākā daļa no tā konstatē, būs nekaitīgi vai pat nepieciešama.

----------

Lūdzu drukāt šos norādījumus, jo tās būs vajadzīgas vēlāk, kad Interneta pieslēgums nav pieejams.

Lejupielādēt SDFix ar AndyManchesta un saglabājiet to savā datorā.

Izmantojot šo līdzekli, jums jālieto Administratora kontu vai kontu ar Administratīvās tiesības

Dubultklikšķis SDFix.exe un tā izrakstu failus uz% systemdrive%
(tas ir disks, kurā ir Windows Direktoriju, parasti C: \ SDFix).
Nelietojiet to, tikai vēl nav.

Pārstartēt datoru Safe Mode izmantojot F8 metodi. Lai to izdarītu, restartējiet datoru un uzklausot Jūsu datora skaņas signāls, kad startēšanas laikā (bet pirms Windows ikona), nospiediet taustiņu F8 atkārtoti. Izvēlne parādīsies ar vairākām opcijām. Izmantojiet bultiņu taustiņus, lai pārvietotos un izvēlētos iespēju palaist Windows "Safe Mode".

Open SDFix mapi un veiciet dubultklikšķi uz RunThis.bat sākt skriptu.

Veids Y sākt tīrīšanas procesu.
Tas novērstu jebkādus Trojan Services vai Reģistra ieraksti atrasti, tad ātri jums nospiediet jebkuru taustiņu, lai Reboot.
Nospiediet jebkuru taustiņu, un tas restart PC.
Kad PC restartējas, Fixtool darbosies atkal un pabeigt atcelšanas procesā, tad displejs PabeigtieNospiediet jebkuru taustiņu, lai beigtu skriptu un slodzes darbvirsmas ikonas.
Vienreiz darbvirsmas ikonas slodze SDFix ziņojums tiks atvērts uz ekrāna, kā arī ietaupīt vērā SDFix mapi Report.txt.
Kopēt un ielīmēt no rezultātiem saturu failu Report.txt Jūsu nākamo atbildi kopā ar jaunu HijackThis log.

ad hoc · #3 7 oktobris 2008, 02:15

Thanks for your help,

Tas ir šķebinošs one! Problēma ir vēl joprojām turpinās, kaut gan mans dators ieguva apmēram 20 min no atelpu pēc darbības SDFix.

SDFix un HijackThis logs šādas:

Un atkal daudzi, daudzi paldies

SD Labojums:

SDFix: Version 1,230
Vada īpašnieku 10/06/2008 Mon at 11:59

Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ SDFix

Checking Pakalpojumi :

Vārds :
tdssserv

Ceļš :
\ systemroot \ system32 \ drivers \ TDSSserv.sys

tdssserv - Svītrots

Atjaunot noklusējuma drošības Vērtības
Atjaunot Default Hosts fails

Rebooting

Checking Files :

Trojan Faili Atrasts:

C: \ WINDOWS \ SYSTEM32 \ CQVJNG.EXE - Svītrots
C: \ WINDOWS \ SYSTEM32 \ FTPUPD.EXE - Svītrots
C: \ WINDOWS \ SYSTEM32 \ NTBLTF.EXE - Svītrots
C: \ WINDOWS \ SYSTEM32 \ PUOGNR.EXE - Svītrots

Noņemot Temp faili

ADS Pārbaudīt :

Galīgā pārbaude :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/10/07 00:20:58
Windows 5.1.2600 Service Pack 2 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās pakalpojumi un sistēmas stropa ...

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ d346prt \ cfg \ 0Jf40]

skenēšana slēptos reģistra ierakstus ...

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ (56CA5D3B-3002-4E7B-90FE-071D8FDF3814)]
"DisplayName" = "Daemon Tools"

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptās procesiem: 0
slēptās pakalpojumi: 0
slēptos failus: 0

Remaining Pakalpojumi :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ standarta profils \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22.019"
"C: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" = "C: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe: *: Disabled: Internet Explorer"
"C: \ \ Program Files \ \ BitTornado \ \ btdownloadgui.exe" = "C: \ \ Program Files \ \ BitTornado \ \ btdownloadgui.exe: *: Enabled: btd ownloadgui"
"C: \ \ Program Files \ \ limewire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ limewire \ \ LimeWire.exe: *: Enabled: limewire"
"C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 6,2"
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ \ Program Files \ \ GameHouse \ \ TextTwist \ \ TextTwist.exe" = "C: \ \ P rogram Files \ \ GameHouse \ \ TextTwist \ \ TextTwist.exe: *: Enabl ed: Super TextTwist"
"C: \ \ Program Files \ \ Hexacto Games \ \ Lemonade Tycoon \ \ Lemonade.exe" = "C: \ \ Program Files \ \ Hexacto Games \ \ Lemonade Tycoon \ \ Lemonade.exe: *: Disabled: Limonāde"
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe: *: Enabled: Firefox"
"C: \ \ Program Files \ \ Global Star \ \ Age of Sail II \ \ privateer.exe" = "C: \ \ Program Files \ \ Global Star \ \ Age of Sail II \ \ privateer.exe: *: Enabled : korsārs "
"C: \ \ Program Files \ \ Windows Media Player \ \ wmplayer.exe" = "C: \ \ Program Files \ \ Windows Media Player \ \ wmplayer.exe: *: Disabled: Windows Media Player
"C: \ \ Program Files \ \ Real \ \ RealPlayer \ \ realplay.exe" = "C: \ \ PROGRA m Files \ \ Real \ \ RealPlayer \ \ realplay.exe: *: Enabled: Re alPlayer"
"C: \ \ Program Files \ \ Atari-Infogrames \ \ Civilization III Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe" = "C: \ \ Program Files \ \ Atari-Infogrames \ \ Civilization III Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe: *: Enabled: Civ ilization3X "
"C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe" = "C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe: *: Enabled: BitTor īri"
", C: \ \ Program Files \ \ Kerio \ \ Personal Firewall \ \ PERSFW.exe" = "C: \ \ Program Files \ \ Kerio \ \ Personal Firewall \ \ PERSFW.exe: *: Enabled: Kerio Personal Firewall Engine"
"C: \ \ Program Files \ \ TVUPlayer \ \ TVUPlayer.exe" = "C: \ \ Program Files \ \ TVUPlayer \ \ TVUPlayer.exe: *: Enabled: TVU Player sastāvdaļa"
"C: \ \ Program Files \ \ SopCast \ \ SopCast.exe" = "C: \ \ Program Files \ \ SopCast \ \ SopCast.exe: *: Enabled: SopCast"
"C: \ \ Documents and Settings \ \ Īpašnieks \ \ Application Data \ \ SopCast \ \ adv \ \ SopAdver.exe" = "C: \ \ Documents and Settings \ \ Īpašnieks \ \ Application Data \ \ SopCast \ \ adv \ \ SopAdver.exe: *: Enabled: SopAdve r "
"C: \ \ Program Files \ \ QuickTime \ \ QuickTimePlayer.exe" = "C: \ \ PROGRA m Files \ \ QuickTime \ \ QuickTimePlayer.exe: *: Enabled: Qu ickTime Player
"C: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "C: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe: *: Enabled: Veoh Klients"
"C: \ \ Documents and Settings \ \ Īpašnieks \ \ Local Settings \ \ Temp \ \ Charon.exe" = "C: \ \ Documents and Settings \ \ Īpašnieks \ \ Local Settings \ \ Temp \ \ Charon.exe: * : Enabled: Charon - Pilnvaras pārbaudīt / skenējot programmu. "
"C: \ \ ruby \ \ bin \ \ ruby.exe" = "C: \ \ ruby \ \ bin \ \ ruby.exe: *: Enabled: Ruby interpreter"
"C: \ \ Program Files \ \ Azureus \ \ Azureus.exe" = "C: \ \ Program Files \ \ Azureus \ \ Azureus.exe: *: Enabled: Azureus (2)"
"C: \ \ Program Files \ \ VideoLAN \ \ VLC \ \ vlc.exe" = "C: \ \ Program Files \ \ VideoLAN \ \ VLC \ \ vlc.exe: *: Enabled: VLC media player"
"C: \ \ Program Files \ \ Google \ \ Google Talk \ \ googletalk.exe" = "C: \ \ Program Files \ \ Google \ \ Google Talk \ \ googletalk.exe: *: Enabled: Google Talk"
"C: \ \ Program Files \ \ SopCast \ \ adv \ \ SopAdver.exe" = "C: \ \ Program Files \ \ SopCast \ \ adv \ \ SopAdver.exe: *: Enabled: SopCas t reklamēt"
"C: \ \ Documents and Settings \ \ Īpašnieks \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ \ Documents and Settings \ \ Īpašnieks \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Enabled: PowerSoccer "
"C: \ \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Enabled: PowerSoccer "
"C: \ \ Program Files \ \ Common Files \ \ SafeNet Sentinel \ \ Sentinel Protection Server \ \ WinNT \ \ spnsrvnt.exe" = "C: \ \ Program Files \ \ Common Files \ \ SafeNet Sentinel \ \ Sentinel Protection Server \ \ WinNT \ \ spnsrvnt.exe: *: Disabled: Sentinel Protection Server "
"C: \ \ Program Files \ \ NHL 2008 \ \ nhl2008.exe" = "C: \ \ Program Files \ \ NHL 2008 \ \ nhl2008.exe: *: Enabled: nhl2008"
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ Program Files \ \ Konami \ \ Pro Evolution Soccer 2008 ASV \ \ PES2008.exe" = "C: \ \ Program Files \ \ Konami \ \ Pro Evolution Soccer 2008 ASV \ \ PES2008.exe: *: Enabled : Pro Evolution Soccer 2008 "
"C: \ \ WINDOWS \ \ system32 \ \ drivers \ \ svchost.exe" = "C: \ \ WINDOWS \ \ system32 \ \ drivers \ \ svchost.exe: *: Disable d: svchost"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22.019"
"C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 6,2"

Remaining Faili :

File Backups: - C: \ SDFix \ backups \ backups.zip

Failus ar Slēpts Rekvizīti :

Treš 13 oktobris 2004 1.694.208 .. SH. --- "C: \ Program Files \ Messenger \ msmsgs.exe"
Pirm 15 septembris 2008 1.562.960 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll"
Pirm 7 jūlijs 2008 1.429.840 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe"
Pirm 7 jūlijs 2008 4.891.472 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe"
Otr 16 septembris 2008 1.833.296 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe"
Fri 27 janvāris 2006 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Sestdiena 14 jūnijs, 2008 50.688 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ ~ WRL0001.tmp"
Sestdiena 14 jūnijs, 2008 50.176 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ ~ WRL1778.tmp"
Pirm 3 marts 2008 176.128 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ Interop.NetworkCore.dll"
Pirm 3 marts 2008 36.864 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ LelaAccount.dll"
Pirm 3 marts 2008 200.704 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ LelaNetwork.dll"
Pirm 3 marts 2008 143.360 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ LelaNetworkLib.dll"
Pirm 3 marts 2008 20.480 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ LelaPrint.dll"
Pirm 3 marts 2008 176.128 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ LelaResource.dll"
Pirm 3 marts 2008 151.552 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ LelaServices.dll"
Pirm 3 marts 2008 110.592 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ Linksys EasyLink Advisor.exe"
Pirm 3 marts 2008 18.879.808 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ LinksysUpdaterSetup.exe"
Pirm 3 marts 2008 270.336 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ log4net.dll"
Pirm 3 marts 2008 8.353.080 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ PlatformSetup.exe"
Mon 23 aprīlis 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Cet 16 augusts 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv02.tmp"
Cet 16 augusts 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv03.tmp"
Sestdiena 20 oktobris 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv04.tmp"
Sun 21 oktobris 2007 87.552 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analītiķis oct2007 \ ~ WRL0029.tmp"
Sun 21 oktobris 2007 85.504 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analītiķis oct2007 \ ~ WRL0207.tmp"
Sun 21 oktobris 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analītiķis oct2007 \ ~ WRL0362.tmp"
Sun 21 oktobris 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analītiķis oct2007 \ ~ WRL1369.tmp"
Sun 21 oktobris 2007 81.920 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analītiķis oct2007 \ ~ WRL1945.tmp"
Sun 21 oktobris 2007 84.992 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analītiķis oct2007 \ ~ WRL2108.tmp"
Sun 21 oktobris 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analītiķis oct2007 \ ~ WRL2659.tmp"
Sun 21 oktobris 2007 87.552 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analītiķis oct2007 \ ~ WRL2779.tmp"
Sun 21 oktobris 2007 86.016 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analītiķis oct2007 \ ~ WRL2918.tmp"
Sest 9 jūnijs 2007 33.280 ... H. --- "C: \ Documents and Settings \ jen \ Local Settings \ Temp \ ~ WRL1284.tmp"
Otr 27 decembris 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0003.tmp"
Otr 27 decembris 2005 33.792 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0774.tmp"
Otr 27 decembris 2005 34.816 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0804.tmp"
Otr 27 decembris 2005 33.792 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL1393.tmp"
Otr 27 decembris 2005 36.864 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL1707.tmp"
Otr 27 decembris 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL2134.tmp"
Otr 27 decembris 2005 35.840 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL2768.tmp"
Otr 27 decembris 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL3330.tmp"
Otr 27 decembris 2005 36.352 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL3500.tmp"
Pirm 3 janvāris 2005 25.088 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ My Skenē \ ~ WRL2003.tmp"
Pirm 3 janvāris 2005 25.088 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ My Skenē \ ~ WRL3264.tmp"
Pirm 17 aprīlis 2006 40.960 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ~ WRL2617.tmp"
Pirm 25 septembris 2006 38.400 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ~ WRL2726.tmp"
Sun 24 septembris 2006 30.720 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ~ WRL3228.tmp"
Sun 16 aprīlis 2006 38.912 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ~ WRL3396.tmp"
Pirm 3 marts 2008 81.920 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ ar \ LelaResource.resources.dll"
Pirm 3 marts 2008 69.632 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ da \ LelaResource.resources.dll"
Pirm 3 marts 2008 73.728 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ de \ LelaResource.resources.dll"
Pirm 3 marts 2008 94.208 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ el \ LelaResource.resources.dll"
Pirm 3 marts 2008 77.824 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink konsultants \ en-US \ LelaAccount.resources.dll"
Pirm 3 marts 2008 446.464 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink konsultants \ en-US \ LelaNetwork.resources.dll"
Pirm 3 marts 2008 11.407.360 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink konsultants \ en-US \ LelaResource.resources.dll"
Pirm 3 marts 2008 1.916.928 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink konsultants \ en-US \ Linksys EasyLink Advisor.resources.dll"
Otr 25 marts 2008 26.112 ... H. --- "C: \ Documents and Settings \ All Users \ Documents \ Happy House Info \ 2008 \ ~ WRL0454.tmp"
Cet 27 marts 2008 22.016 ... H. --- "C: \ Documents and Settings \ All Users \ Documents \ Happy House Info \ 2008 \ ~ WRL1118.tmp"
Piekt 7 aprīlis 2006 3.595.264 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ Application Data \ Microsoft \ Word \ ~ WRL2168.tmp"
Piekt 7 aprīlis 2006 3.593.728 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ Application Data \ Microsoft \ Word \ ~ WRL2962.tmp"
Treš 5 aprīlis 2006 4.252.160 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ Application Data \ Microsoft \ Word \ ~ WRL3217.tmp"
Fri 27 janvāris 2006 4.348 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ My Music \ License Backup \ drmv1key.bak"
Sat 30 septembris 2006 20 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ My Music \ License Backup \ drmv1lic.bak"
Fri 27 janvāris 2006 400 A.SH. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ My Music \ License Backup \ drmv2key.bak"
Pirm 18 septembris 2006 32.256 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Biotech 206B \ ~ WRL0004.tmp"
Otr 31 oktobris 2006 114.688 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Biotech 206B \ ~ WRL1340.tmp"
Sun 17 septembris 2006 30.720 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Biotech 206B \ ~ WRL2439.tmp"
Pirm 18 septembris 2006 32.256 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Biotech 206B \ ~ WRL3767.tmp"
Treš 21 septembris 2005 26.624 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ chem 120 labs \ ~ WRL0005.tmp"
Sestdiena 26 novembris 2005 27.136 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ chem 120 labs \ ~ WRL3662.tmp"
Pirm 13 jūnijs 2005 30.208 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Eng 150 \ ~ WRL0386.tmp"
Sun 5 jūnijs 2005 25.088 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Eng 150 \ ~ WRL0788.tmp"
Sun 5 jūnijs 2005 25.600 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Eng 150 \ ~ WRL0794.tmp"
Pirm 13 jūnijs 2005 30.208 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Eng 150 \ ~ WRL1533.tmp"
Treš 1 jūnijs 2005 24.064 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Eng 150 \ ~ WRL1817.tmp"
Pirm 13 jūnijs 2005 31.232 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Eng 150 \ ~ WRL2720.tmp"
Otr 14 jūnijs 2005 35.840 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Eng 150 \ ~ WRL2966.tmp"
Otr 14 jūnijs 2005 36.864 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Eng 150 \ ~ WRL3073.tmp"
Cet 9 jūnijs 2005 28.160 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Eng 150 \ ~ WRL3453.tmp"
Thu 2 februāris 2006 382.464 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL0003.tmp"
Piekt 7 aprīlis 2006 3.594.240 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL0004.tmp"
Treš 5 aprīlis 2006 4.243.968 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL0010.tmp"
Treš 5 aprīlis 2006 4.254.720 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL0303.tmp"
Sest 4 februāris 2006 928.256 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL0501.tmp"
Sun 5 februāris 2006 591.360 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL0928.tmp"
Treš 5 aprīlis 2006 4.254.720 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL1029.tmp"
Treš 5 aprīlis 2006 24.064 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL1104.tmp"
Sest 4 februāris 2006 384.000 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL1259.tmp"
Treš 5 aprīlis 2006 4.243.456 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL1375.tmp"
Treš 5 aprīlis 2006 4.244.992 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL1969.tmp"
Cet 6 aprīlis 2006 710.656 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL2066.tmp"
Fri 31 marts 2006 35.840 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL2175.tmp"
Otr 28 marts 2006 185.856 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL2368.tmp"
Fri 31 marts 2006 65.024 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL2573.tmp"
Otr 4 aprīlis 2006 4.242.944 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL2686.tmp"
Sun 5 februāris 2006 891.904 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL2700.tmp"
Sest 4 februāris 2006 507.392 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL2881.tmp"
Treš 5 aprīlis 2006 4.244.480 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL2992.tmp"
Treš 5 aprīlis 2006 24.576 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL3160.tmp"
Treš 5 aprīlis 2006 4.242.432 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL3277.tmp"
Sest 4 februāris 2006 928.768 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL3387.tmp"
Treš 5 aprīlis 2006 4.251.648 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL3591.tmp"
Sest 4 februāris 2006 383.488 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL3770.tmp"
Treš 5 aprīlis 2006 4.243.456 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL3900.tmp"
Treš 5 aprīlis 2006 4.243.456 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL3905.tmp"
Sest 4 februāris 2006 382.976 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ ENVR 253 \ ~ WRL4065.tmp"
Cet 23 marts 2006 27.648 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Envrionmental \ ~ WRL3569.tmp"
Sestdiena 25 novembris 2006 20.480 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Geog 220 \ ~ WRL1016.tmp"
Pirm 4 decembris 2006 27.648 ... H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ Geog 220 \ ~ WRL2705.tmp"
Saules 6 marts 2005 56.832 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ fizika 11 \ ~ WRL3235.tmp"
Sun 20 februāris 2005 36.864 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ fizika 11 \ ~ WRL3307.tmp"
Sun 13 novembris 2005 27.648 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ chem 120 labs \ chem teorija \ ~ WRL0952.tmp"
Sun 13 novembris 2005 27.648 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ chem 120 labs \ chem teorija \ ~ WRL1162.tmp"
Sun 13 novembris 2005 26.112 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ chem 120 labs \ chem teorija \ ~ WRL1539.tmp"
Sun 13 novembris 2005 24.576 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ chem 120 labs \ chem teorija \ ~ WRL1964.tmp"
Sun 13 novembris 2005 27.136 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ chem 120 labs \ chem teorija \ ~ WRL2068.tmp"
Sun 13 novembris 2005 28.672 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ chem 120 labs \ chem teorija \ ~ WRL3230.tmp"
Sun 13 novembris 2005 27.648 A.. H. --- "C: \ Documents and Settings \ Īpašnieks \ My Documents \ skola \ chem 120 labs \ chem teorija \ ~ WRL3512.tmp"

Noslēgusies!

HiJack rezultātā:

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 2:12:20, par 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ ARCGIS.exe
C: \ WINDOWS \ System32 \ DVDRAMSV.exe
C: \ Program Files \ Hotspot Shield \ bin \ openvpnas.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WINNT \ spnsrvnt.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
C: \ Program Files \ TOSHIBA \ Touchpad \ TPTray.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ WINDOWS \ Siemens \ PanelMgr \ ssmmgr.exe
C: \ WINDOWS \ HCWemMON.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ SpyNoMore \ SNM.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ initio \ Button Manager v1.836 \ inihid.exe
C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ PROGRA ~ 1 \ WinZip \ winzip32.exe
C: \ Documents and Settings \ Īpašnieks \ Local Settings \ Temp \ HijackThis.exe
C: \ Program Files \ Windows NT \ Aksesuāri \ WORDPAD.EXE

R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Program Files \ TOSHIBA \ Touchpad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ Siemens \ PanelMgr \ ssmmgr.exe / Autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Program Files \ SpyNoMore \ SNM.exe / starta
O4 - HKCU \ .. \ Run: [Free Download Manager] C: \ Program Files \ Free Download Manager \ fdm.exe-Autorun
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_9-reboot 1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Button Manager v1.836.lnk =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Program Files \ Linksys \ Linksys EasyLink padomnieks \ Linksys EasyLink Advisor.exe
O4 - Global Startup: Say Time.lnk = C: \ Program Files \ Say Time \ SayTime.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ nwprovau.dll
Ø15 - Trusted IP diapazons: 206.161.125.149
Ø15 - ProtocolDefaults: 'http' protokols ir My Computer zonā, vajadzētu būt interneta Zone (HKLM)
Ø16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
Ø16 - DPF: (04E214E5-63AF-4.236-83C6-A7ADCBF9BD02) (HouseCall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
Ø16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ sastāvdaļas \ hidinputmonitorx.ocx
Ø16 - DPF: (4F63D44B-6.274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ sastāvdaļas \ A9.ocx
Ø16 - DPF: (74D05D43-3.236-11D4-BDCD-00C04F9A3B61) (HouseCall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
Ø16 - DPF: (BAC01377-73DD-4.796-854D-2A8997E3D68A) (Yahoo! Photos Easy Upload Tool klase) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
Ø16 - DPF: (E7DBFB6C-113.A-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown īpašnieks - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown īpašnieks - C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC - C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - Toshiba Corporation - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc - C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co Ltd - C: \ WINDOWS \ System32 \ DVDRAMSV.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown īpašnieks - C: \ Program Files \ Hotspot Shield \ bin \ openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WINNT \ spnsrvnt.exe

--
End of failu - 9.148 bytes

**evilfantasy** · #4 7 oktobris 2008, 09:48

Disable Spybot's TeaTimer

Kaut TeaTimer ir lielisks līdzeklis, lai novērstu spiegprogrammatūras, tā var arī ietekmēt ar HijackThis fixes. Lūdzu atslēgt TeaTimer tagad, kamēr ir tīrs.

1. Right click Spybot in System Tray (izskatās kalendārs ar piekaramo atslēgu simbols). Izvēlēties Iziet Spybot S & D Resident
2. Skriet Spybot S & D
3. Iet uz Mode menuUn pārliecinieties, Advanced Mode ir izvēlēts.
4. Uz kreisajā pusē, izvēlieties Rīki > Resident
neatķeksējiet Resident TeaTimer un OK jebkurš ātru un Restart datoru.

Piezīme: Ja TeaTimer dod jums brīdinājums tam, ka dažas izmaiņas tika veiktas, lai šajā vietā bloķējot to.

Ja TeaTimer nevarēs izslēgt, tad atinstalēt Spybot, līdz mēs veikta tīrīšana.

----------

Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai.

Vieta atzīme blakus šādiem ierakstiem: (ja ir)

Ø15 - Trusted IP diapazons: 206.161.125.149
Ø15 - ProtocolDefaults: 'http' protokols ir My Computer zonā, vajadzētu būt interneta Zone (HKLM)

Svarīgi: Aizveriet visus atvērtos logus, izņemot HijackThis un pēc tam noklikšķiniet uz Fix pārbaudīja.

Kad pabeigts, izbraukšanas HijackThis.

----------

Download ComboFix by subs no vienas no saitēm. Pārliecinieties top saglabājiet to Desktop.

Link # 1
Link # 2

** Piezīme: Ir svarīgi, ka tā ir saglabāta tieši jūsu Desktop

Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc) pirms uzsākt ComboFix.

Laiku sakropļot jūsu antivīruss, Un jebkuru antispyware reāllaika aizsardzību pirms veic skenēšanu. Click šo saiti redzēt sarakstu drošības programmas, kas ir invalīdi un to, kā pārtraukt to darbību.

Dubultklikšķi combofix.exe un sekojiet norādījumiem.
Kad pabeigts ComboFix ražos log for you.
Post ComboFix log Jūsu nākamo atbildi.

Svarīgi: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt to apstāsies.

Atcerieties, ka jauna aktivizētu jūsu antivīrusu un antispyware aizsardzību, ja ComboFix ir pabeigta.

ad hoc · #5 7 oktobris 2008, 18:34

Paldies EF tu rock,

Combofix log ir milzīgs, tādēļ ir pievienots kā zip failu:
combofixlog.zip

**evilfantasy** · #6 7 oktobris 2008, 18:44

[*] Noklikšķiet START tad RUN[*] Tagad tips Combofix / u in runbox [*] Pārliecinieties, ka tur atstarpes starp Combofix un / u [*] Tad hit Enter.

----------

Lejupielādēt OTMoveIt2 ar oldtimer un saglabājiet to savā Desktop.

Piezīme: Ja jūs izmantojat uz Vista, ar peles labo pogu noklikšķiniet uz OTMoveIt2.exe un izvēlēties Run As Administrator.

1. Veiciet dubultklikšķi uz OTMoveIt2.exe lai tā varētu darboties.
2. Kopija ar codebox zem līnijas.

Kods:

[kill explorer] C: \ WINDOWS \ system32 \ xVB47F7a.exe C: \ DOCUME ~ 1 \ Īpašnieks \ Lokālie ~ 1 \ Temp \ RGI5.tmp EmptyTemp [sākums Explorer]

3. Atgriezties OTMoveIt2 labo klikšķi Ielīmēt saraksts failus / mapes Pārvietot logu (ar dzeltenu joslu) un izvēlieties Ielīmēt
4. Click sarkans Moveit! pogu.
5. Kopija viss Rezultāti loga (zem zaļā josla) un ielīmējiet to savā nākamajā atbildi.
6. Aizvērt OTMoveIt2

Atzīmēt: Ja faila vai mapes nevar pārvietot tieši jums var lūgt pārstartēt datoru lai pabeigtu pārvietoties procesu. Ja lūdza reboot, izvēlieties Jā. Ja ne, reboot anyway.

----------

Pēc nosūtīšanas OTMoveIt2 žurnālā.

1. Dubultklikšķis OTMoveIt2.exe to uzsākt.
Vista lietotājiem labo klikšķi un izvēlies Run As Administrator
2. Noklikšķiniet uz Cleanup! pogu.
3. OTMoveIt2 lejupielādēt sarakstu no interneta, ja jūsu ugunsmūra vai citas aizsardzības programmas jūs brīdina, ļauj tai piekļūt.
4. Click JĀ pie nākamā ātru (saraksts lejupielādēt, Vai vēlaties sākt cleanup process)?

Kad pabeigts izejas no OTMoveIt2

----------

Run CCleaner.

----------

Palaist šo online scan.

Šis skeneris pieprasa Internet Explorer

Lietošanai ESET Nod32 Online Scanner

1. Pārbaudiet lodziņu blakus Jā, es piekrītu Lietošanas noteikumi.
2. Click Sākums
3. Jautāti, ļauj ActiveX kontroli, lai instalētu
4. Click Sākums
5. Pārliecinieties, ka opcija Noņemt atrasts draudi un izvēle Scan nevēlamas programmas tikai jāpārbauda marked.
6. Click Scan
7. Sagaidiet scan pabeigt
8. Lietot notepad atvērt logfile atrodas C: \ Program Files \ EsetOnlineScanner \ log.txt
9. Pievienot C: \ Program Files \ EsetOnlineScanner \ log.txt Ieejiet savā nākamajā atbildi.

Similar Threads
Pavediens	Thread Starter	Forums	Replies	Last Post
Vīruss: iexplore.exe kā sistēmu process	mkjuan	Vīrusu, spiegprogrammatūru un drošība	14	7 novembris 2008 00:14
Dators nav darba tas ir skaņas!	PyroTails	General Hardware Čats	8	15 septembris 2008 13:08
Dīvains skaņas troksnis	sam182666	General Hardware Čats	6	26 aprīlis 2008 12:23
Problēmas ar logus un iexplore ekspluatācijas process	1carly1	Vīrusu, spiegprogrammatūru un drošība	3	15 februāris 2008 10:36
Skaņas par Boot Up	nuteck	CPU, Motherboards & RAM	11	21 janvāris 2008 05:55