Contextadvisor - pop-up vairuotojo man proto

**christine154** · #1 Vasaris 22, 2008, 15:46

per pastaruosius 3 dienas gaunu tai Iššokantis nežinote, kaip atsikratyti tai padaryti hjt nuskaityti, jeigu yra kas nors ten, kad tu galvoji gali būti sukelti kitų problemų Please help me out, ką daryti

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 22:43:41, on 22/02/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ hasplms.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Acer \ Empowering Technology \ eLock \ LockServ.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Acer \ Empowering Technology \ eRecovery \ eRAgent.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SysMonitor.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ CameraFixer.exe
C: \ WINDOWS \ tsnp2std.exe
C: \ WINDOWS \ vsnp2std.exe
C: \ Program Files \ Real \ "RealPlayer \ RealPlay.exe
C: \ Acer \ Empowering Technology \ eLock \ monitor \ LockMon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ WINDOWS \ System32 \ rundll32.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program Files \ Craft ROBO kontrolieriaus \ CRSSupervisor.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoSTS08.exe
C: \ PROGRA ~ 1 \ Yahoo! \ COMPAN ~ 1 \ Įrenginiai \ cpn0 \ YTBSDK.e xe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE
C: \ Program Files \ King Kong Software \ Capture \ KingKongCapture.exe
C: \ Program Files \ Yahoo! \ Browser \ ybrowser.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Documents and Settings \ Christine \ Desktop \ HiJackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://bt.my.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://search.aol.co.uk/web?isinit=true&query =% s
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ cpn0 \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ cpn0 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: rightonads Optimizer - (7D9362F8-77D8-4b29-97B5-621D550890C0) - C: \ WINDOWS \ system32 \ gzmrt.dll
O2 - BHO: ContextAdvisor - (87E68009-29A8-D669-F7C2-B31D08635C50) - C: \ Program Files \ ContextAdvisor \ ContextAdvisor-3.dll
O2 - BHO: ads_optimizer - (9C8A568E-4201-478a-8536-526CF371D2E2) - C: \ WINDOWS \ system32 \ nst46.dll
O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ cpn0 \ yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [ntiMUI] C: \ Program Files \ NEWTECH Infosystems \ NTI CD & DVD Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [IMEKRMIG6.1] C: \ WINDOWS \ ime \ imkr6_1 \ IMEKRMIG.EXE
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / Sync
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / Sync
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Acer Empowering Technology Monitor] C: \ WINDOWS \ system32 \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [eLockMonitor] C: \ Acer \ Empowering Technology \ eLock \ monitor \ LaunchMonitor.exe
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Empowering Technology \ eRecovery \ eRAgent.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / autostart
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [CameraFixer] C: \ WINDOWS \ CameraFixer.exe
O4 - HKLM \ .. \ Run: [tsnp2std] C: \ WINDOWS \ tsnp2std.exe
O4 - HKLM \ .. \ Run: [snp2std] C: \ WINDOWS \ vsnp2std.exe
O4 - HKLM \ .. \ Run: [RealTray] C: \ Program Files \ Real \ "RealPlayer \ RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE"-tyliai
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
O4 - Global Startup: Craft ROBO Statusas Supervisor.lnk =?
O4 - Global Startup: HP PSC 1.000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe
O8 - Extra kontekstinio meniu punktą: & ICQ Toolbar Search - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: BT Yahoo! Paslaugos - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O15 - Trusted Zone: http://www.photobucket.com
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (6B75345B-AA36-438A-BBE6-4078B4C6984D) (HpProductDetection klasė) -- http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C: \ Acer \ Empowering Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe
O23 - Service: Memory Patikrinkite tarnyba (AcerMemUsageCheckService) - Acer Inc - C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd - C: \ WINDOWS \ system32 \ hasplms.exe
O23 - Service: InstallDriver lentelė Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1.150 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling tarnybos (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C: \ Acer \ Empowering Technology \ eLock \ LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: TrueVector Interneto monitorius (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif
--
End of file - 11.705 baitų

**evilfantasy** · #2 Vasaris 22, 2008, 20:09

Pereiti į šioje temoje ir atlikti veiksmus Vienas Du ir Trys.

Po šių yra visiškai padaryti ir iš naujo paleisti kompiuterį iš naujo HijackThis nuskaitymo ir rašyti, kad žurnalas taip pat.

**christine154** · #3 Vasaris 23, 2008, 02:12

aš turiu 3 programas, im not sure, ką jie, kurie
commmercial
stiprinti naršyklės įrankių rightonadz
sound'em 1,0
reikia pašalinti disertacija? iš savo Add / Remove Programs sąraše

**christine154** · #4 Vasaris 23, 2008, 03:05

darbinājis cc švaresnis ir super anti spyware, bet kai PC vėl aš šį klaidos pranešimą

Error loading C \ Windows \ system32 \ gzmrt.dll
nurodyta modulis nerastas

**evilfantasy** · #5 Vasaris 23, 2008, 03:09

Citata:

Originally Posted by christine154

darbinājis cc švaresnis ir super anti spyware, bet kai PC vėl aš šį klaidos pranešimą

Error loading C \ Windows \ system32 \ gzmrt.dll
nurodyta modulis nerastas

Tai yra dėl to, kenkėjiška programa buvo pašalinta SAS. Man reikia naujų HijackThis dabar.

**christine154** · #6 Vasaris 23, 2008, 03:15

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 10:15:40, on 23/02/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ hasplms.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Acer \ Empowering Technology \ eLock \ LockServ.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SysMonitor.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ CameraFixer.exe
C: \ Acer \ Empowering Technology \ eRecovery \ eRAgent.exe
C: \ WINDOWS \ tsnp2std.exe
C: \ WINDOWS \ vsnp2std.exe
C: \ Program Files \ Real \ "RealPlayer \ RealPlay.exe
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Acer \ Empowering Technology \ eLock \ monitor \ LockMon.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program Files \ Craft ROBO kontrolieriaus \ CRSSupervisor.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoSTS08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE
C: \ Program Files \ Yahoo! \ Browser \ ybrowser.exe
C: \ Program Files \ King Kong Software \ Capture \ KingKongCapture.exe
C: \ Documents and Settings \ Christine \ Desktop \ HiJackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://bt.my.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://search.aol.co.uk/web?isinit=true&query =% s
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ cpn0 \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ cpn0 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: ContextAdvisor - (87E68009-29A8-D669-F7C2-B31D08635C50) - C: \ Program Files \ ContextAdvisor \ ContextAdvisor-3.dll
O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ cpn0 \ yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [ntiMUI] C: \ Program Files \ NEWTECH Infosystems \ NTI CD & DVD Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [IMEKRMIG6.1] C: \ WINDOWS \ ime \ imkr6_1 \ IMEKRMIG.EXE
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / Sync
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / Sync
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Acer Empowering Technology Monitor] C: \ WINDOWS \ system32 \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [eLockMonitor] C: \ Acer \ Empowering Technology \ eLock \ monitor \ LaunchMonitor.exe
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Empowering Technology \ eRecovery \ eRAgent.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / autostart
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [CameraFixer] C: \ WINDOWS \ CameraFixer.exe
O4 - HKLM \ .. \ Run: [tsnp2std] C: \ WINDOWS \ tsnp2std.exe
O4 - HKLM \ .. \ Run: [snp2std] C: \ WINDOWS \ vsnp2std.exe
O4 - HKLM \ .. \ Run: [RealTray] C: \ Program Files \ Real \ "RealPlayer \ RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE"-tyliai
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
O4 - Global Startup: Craft ROBO Statusas Supervisor.lnk =?
O4 - Global Startup: HP PSC 1.000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe
O8 - Extra kontekstinio meniu punktą: & ICQ Toolbar Search - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra button: BT Yahoo! Paslaugos - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O15 - Trusted Zone: http://www.photobucket.com
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (6B75345B-AA36-438A-BBE6-4078B4C6984D) (HpProductDetection klasė) -- http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C: \ Acer \ Empowering Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe
O23 - Service: Memory Patikrinkite tarnyba (AcerMemUsageCheckService) - Acer Inc - C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd - C: \ WINDOWS \ system32 \ hasplms.exe
O23 - Service: InstallDriver lentelė Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1.150 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling tarnybos (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C: \ Acer \ Empowering Technology \ eLock \ LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: TrueVector Interneto monitorius (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif
--
End of file - 11.488 baitų

**evilfantasy** · #7 Vasaris 23, 2008, 03:38

Atidaryti HijackThis ir pasirinkite Ar sistema nuskaito tik tada vieta žymės langelį:

O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif <<Jeigu jums nepavyko įdėti šią nuorodą sau tada nuimkite jį su HijackThis.

Uždaryti visus išskyrus HijackThis ir paspauskite Fix Windows patikrinti.

----------

Atsisiųsti SDFix.exe ir išsaugokite jį darbalaukyje.

Dukart spustelėkite SDFix.exe ir jis bus išskleisti failus į% SystemDrive%
(Diskas, kuriame yra Windows kataloge, paprastai tai C: \ SDFix)

Prašome tada perkraukite kompiuterį Safe Mode atlikdami šiuos veiksmus:

Paleiskite kompiuterį
Išklausęs kompiuterio beep kartą paleisties metu, bet prieš "Windows", pasirodo piktograma, bakstelėkite F8 nuolat;
Vietoj Windows pakrovimą, kaip įprasta, Advanced Options meniu turėtų pasirodyti;
Pasirinkite pirmąjį variantą, paleisti Windows "Safe Mode, tada paspauskite Registracija.
Pasirinkite savo įprastinę sąskaitą.
Atidaryti išgauti SDFix katalogą ir dukart paspauskite RunThis.bat paleisti scenarijų.
Rūšis Y pradėti valymo procesas.
Ji bus pašalinti Trojan Paslaugos ir registro įrašus, kad ji nustato, tada greitai paspausti bet kurį klavišą, kad paleisti.
Paspauskite bet kurį klavišą, ir ji bus paleisti kompiuterį.
Kai kompiuteris bus paleistas iš naujo Fixtool bus paleisti iš naujo ir pašalinimo procesas, tada ekrane Baigta, Paspauskite bet kurį mygtuką pabaigoje scenarijų ir įkelti savo darbalaukio piktogramos.
Po darbalaukio piktogramos įkelti SDFix ataskaita bus atidarytas ekrane, o taip pat išsaugoti į SDFix aplanką, Report.txt
(Report.txt taip pat bus nukopijuotas į mainų sritį).
Galiausiai Pridėti į turinį Report.txt Jūsų kitą postą.

----------

Atsisiųskite Combofix iki einantys iš vienos iš žemiau nuorodų.
(Pabandykite visi trys, jei reikia)

Svarbu! Combofix.exe TURI išsaugota ir bėgo nuo Desktop.

Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt) prieš pradedant Combofix.
Svarbu! Laikinai daryti nepajėgų tavo Antivirus, script blokavimas ir bet Antispyware realaus laiko apsauga prieš atlikti nuskaitymo.
- Spauskite šį saitą matyti saugumo programų sąrašą, kuris turėtų būti išjungtas ir kaip juos išjungti.
- Jei Jūsų nėra šiame sąraše, ir jūs nežinote, kaip ją išjungti, kreipkitės.
Įspėjimas: Combofix atjungia kompiuterį nuo interneto. Ry ¹ ys automati ¹ kai atkurtas iki Combofix baigia paleisti.
Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas.
- Iš klaviatūros pasirinkite 1 paspauskite Registracija
Kai bus baigta, bus pateikti žurnalas Jums.
Skelbti kad Prisijungti kitą atsakymą.

Įspėjimas: Don't mouseclick combofix lango kol jis veikia. Tai gali sukelti jį gardas

Jei Combofix eina į sunkumus ir baigiasi anksčiau, ryšys gali būti rankiniu būdu atstatyta iš naujo paleisti kompiuterį.
Svarbu: Atminkite, kad vėl įjungti antivirusinę ir šnipinėjimo prieš prisijungti prie interneto.

----------

HJT Pašalinti sąrašą

Atidaryti HijackThis> spauskite "Misc Tools Section"
Spauskite "Atidaryti Uninstall Manager".
Paspauskite mygtuką "Išsaugoti sąrašą".
Išsaugokite jį darbalaukyje.
Kopijuoti turinį failo į kitą atsakymą.

----------

Sekantis prašome pridėti
SDFix Prisijungti
Combofix Prisijungti
Pašalinti sąrašą

**christine154** · #8 Vasaris 23, 2008, 05:03

nežymus problema padarė viską, ką Jūs kreipėtės su sdfix Prisijungti tačiau jo noware, kad buvo nustatyta, kad žurnale yra? galiu pasakyti, kad nerado jokių trojons čia kitais sąrašais
pašalinti sąrašas
Acer eAcoustics valdymo
Acer eLock Management
Acer Empowering Technology
Acer ePerformance Management
Ad-Aware 2007
Adobe Flash Player 9 "ActiveX
Adobe Flash Player "ActiveX
Adobe Flash Player
Adobe Reader 8.1.2
Apple Software Update
AVG 7,5
Naršyklė optimizavimo Adssite
BT Yahoo! Programos
BT Yahoo! TrueSwitch vedlys
CCleaner (pašalinti tik)
komercinė
ContextAdvisor
Craft ROBO kontrolierius
Create-A-Face 3,2
Cricut DesignStudio
Enhancement Naršyklės Įrankiai Rightonadz
Galaktika Brain Games
Graphtec DesignMaster Web (C: \ Graphtec DesignMaster Web)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Karštųjų Windows Media Format 11 SDK (KB929399)
Karštųjų Windows Media Player 11 "(KB939683)
Karštųjų Windows XP (KB893357)
Karštųjų Windows XP (KB896256)
Karštųjų Windows XP (KB906569)
Karštųjų Windows XP (KB914440)
Karštųjų Windows XP (KB915865)
Karštųjų Windows XP (KB926239)
Karštųjų Windows XP (KB935448)
HP Foto ir Vaizdo 2.0 - All-in-One
HP Foto ir Vaizdo 2.0 - All-in-One Tvarkyklės
HP Foto ir vaizdo 2,0 - HP PSC 1.200 serija
HP produkto aptikimo
HP PSC 1.200 serija
J2SE Runtime Environment 5.0 Update 6
Java (TM) 6 Update 3
Java (TM) 6 Update 4
King Kongas Capture (pašalinti tik)
Learn2 Player (pašalinti tik)
Max Console
Microsoft. NET Framework 1.1
Microsoft. NET Framework 1.1
Microsoft. NET Framework 1.1 Hotfix (KB928366)
Microsoft. NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
"Microsoft" Domenų vardai minkštinimo API
Microsoft "National Language Support Downlevel API
Microsoft Office XP Standard mokiniams ir mokytojams
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C + + 2005 Redistributable
Mozilla Firefox (2.0.0.12)
NTI Backup NOW! 4
NTI CD & DVD Maker
NVidia
Oca klientas istorija įrankis įdiegti
Olympus CAMEDIA Master 4,0
Paint Shop Pro 7 Anniversary Edition
PowerDVD
QuickTime
RealPlayer Pagrindinis
Realtek High Definition Audio Driver
ROBO Meistras
CAPICOM saugos naujinimas (KB931906)
CAPICOM saugos naujinimas (KB931906)
Naujinimas, skirtas Step by Step Interactive Training (KB898458)
Naujinimas skirtas "Windows Internet Explorer 7" (KB938127)
Naujinimas skirtas "Windows Internet Explorer 7" (KB942615)
Naujinimas skirtas "Windows Internet Explorer 7" (KB944533)
Naujinimas skirtas "Windows Media Player (KB911564)
Naujinimas skirtas "Windows Media Player 11" (KB936782)
Naujinimas skirtas "Windows Media Player 6.4 (KB925398)
Naujinimas skirtas "Windows Media Player 9 (KB936782)
Naujinimas skirtas "Windows XP (KB883939)
Naujinimas skirtas "Windows XP (KB890046)
Naujinimas skirtas "Windows XP (KB893756)
Naujinimas skirtas "Windows XP (KB896358)
Naujinimas skirtas "Windows XP (KB896422)
Naujinimas skirtas "Windows XP (KB896423)
Naujinimas skirtas "Windows XP (KB896424)
Naujinimas skirtas "Windows XP (KB896428)
Naujinimas skirtas "Windows XP (KB899587)
Naujinimas skirtas "Windows XP (KB899588)
Naujinimas skirtas "Windows XP (KB899589)
Naujinimas skirtas "Windows XP (KB899591)
Naujinimas skirtas "Windows XP (KB900725)
Naujinimas skirtas "Windows XP (KB901017)
Naujinimas skirtas "Windows XP (KB901190)
Naujinimas skirtas "Windows XP (KB901214)
Naujinimas skirtas "Windows XP (KB902400)
Naujinimas skirtas "Windows XP (KB903235)
Naujinimas skirtas "Windows XP (KB904706)
Naujinimas skirtas "Windows XP (KB905414)
Naujinimas skirtas "Windows XP (KB905749)
Naujinimas skirtas "Windows XP (KB905915)
Naujinimas skirtas "Windows XP (KB908519)
Naujinimas skirtas "Windows XP (KB908531)
Naujinimas skirtas "Windows XP (KB911562)
Naujinimas skirtas "Windows XP (KB911567)
Naujinimas skirtas "Windows XP (KB911927)
Naujinimas skirtas "Windows XP (KB912812)
Naujinimas skirtas "Windows XP (KB912919)
Naujinimas skirtas "Windows XP (KB913433)
Naujinimas skirtas "Windows XP (KB913446)
Naujinimas skirtas "Windows XP (KB913580)
Naujinimas skirtas "Windows XP (KB914388)
Naujinimas skirtas "Windows XP (KB914389)
Naujinimas skirtas "Windows XP (KB917344)
Naujinimas skirtas "Windows XP (KB918118)
Naujinimas skirtas "Windows XP (KB919007)
Naujinimas skirtas "Windows XP (KB920213)
Naujinimas skirtas "Windows XP (KB920670)
Naujinimas skirtas "Windows XP (KB920683)
Naujinimas skirtas "Windows XP (KB920685)
Naujinimas skirtas "Windows XP (KB921503)
Naujinimas skirtas "Windows XP (KB922819)
Naujinimas skirtas "Windows XP (KB923191)
Naujinimas skirtas "Windows XP (KB923414)
Naujinimas skirtas "Windows XP (KB923980)
Naujinimas skirtas "Windows XP (KB924270)
Naujinimas skirtas "Windows XP (KB924496)
Naujinimas skirtas "Windows XP (KB924667)
Naujinimas skirtas "Windows XP (KB925902)
Naujinimas skirtas "Windows XP (KB926255)
Naujinimas skirtas "Windows XP (KB926436)
Naujinimas skirtas "Windows XP (KB927779)
Naujinimas skirtas "Windows XP (KB927802)
Naujinimas skirtas "Windows XP (KB928255)
Naujinimas skirtas "Windows XP (KB928843)
Naujinimas skirtas "Windows XP (KB929123)
Naujinimas skirtas "Windows XP (KB930178)
Naujinimas skirtas "Windows XP (KB931261)
Naujinimas skirtas "Windows XP (KB931784)
Naujinimas skirtas "Windows XP (KB932168)
Naujinimas skirtas "Windows XP (KB933729)
Naujinimas skirtas "Windows XP (KB935839)
Naujinimas skirtas "Windows XP (KB935840)
Naujinimas skirtas "Windows XP (KB936021)
Naujinimas skirtas "Windows XP (KB937894)
Naujinimas skirtas "Windows XP (KB938127)
Naujinimas skirtas "Windows XP (KB938829)
Naujinimas skirtas "Windows XP (KB941202)
Naujinimas skirtas "Windows XP (KB941568)
Naujinimas skirtas "Windows XP (KB941569)
Naujinimas skirtas "Windows XP (KB941644)
Naujinimas skirtas "Windows XP (KB942615)
Naujinimas skirtas "Windows XP (KB943055)
Naujinimas skirtas "Windows XP (KB943460)
Naujinimas skirtas "Windows XP (KB943485)
Naujinimas skirtas "Windows XP (KB944653)
Naujinimas skirtas "Windows XP (KB946026)
Sound'Em 1,0
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Tikrai gabalai loto 1,004
Naujinimas, skirtas Windows XP (KB894391)
Naujinimas, skirtas Windows XP (KB896727)
Naujinimas, skirtas Windows XP (KB898461)
Naujinimas, skirtas Windows XP (KB900485)
Naujinimas, skirtas Windows XP (KB904942)
Naujinimas, skirtas Windows XP (KB910437)
Naujinimas, skirtas Windows XP (KB911280)
Naujinimas, skirtas Windows XP (KB912945)
Naujinimas, skirtas Windows XP (KB916595)
Naujinimas, skirtas Windows XP (KB920872)
Naujinimas, skirtas Windows XP (KB922120)
Naujinimas, skirtas Windows XP (KB922582)
Naujinimas, skirtas Windows XP (KB927891)
Naujinimas, skirtas Windows XP (KB930916)
Naujinimas, skirtas Windows XP (KB938828)
Naujinimas, skirtas Windows XP (KB942763)
Naujinimas, skirtas Windows XP (KB942840)
USB2.0 PC Camera (SN9C201 & 202)
Viewpoint Media Player "
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - FTDI ŠPM Driver kodo (06/27/2007 2.02.04)
Windows Driver Package - FTDI ŠPM Driver kodo (06/27/2007 2.02.04)
"Windows Installer 3.1 (KB893803)
"Windows Internet Explorer 7?
Windows Media Format 11 Runtime
Windows Media Format 11 Runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
ZoneAlarm
ZoneAlarm Spy Blocker

combofix Prisijungti
ComboFix 08-02-23.2 - Christine 2008-02-23 11:39:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.294 [GMT 0:00]
Veikia nuo: C: \ Documents and Settings \ Christine \ Desktop \ ComboFix.exe
* Sukurtas naujas atkūrimo taškas
ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!!
.
((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat
----- Bits: Galimi infekuotų teritorijų -----
hxxp: / / au.download.windowsupdate
.
((((((((((((((((((((((((( Failus, sukurtus nuo 2008/01/23 iki 2008/02/23 ))))))))))) ))))))))))))))))))))
.
2008-02-23 11:29. 2008-02-23 11:29 <DIR> d -------- C: \ WINDOWS \ ERUNT
2008-02-23 10:42. 2008-02-23 11:36 <DIR> d -------- C: \ SDFix
2008-02-23 09:01. 2008-02-23 09:14 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-02-23 09:01. 2008-02-23 09:01 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ SUPERAntiSpyware.com
2008-02-23 09:01. 2008-02-23 09:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-02-23 08:59. 2008-02-23 08:59 <DIR> d -------- C: \ Program Files \ CCleaner
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Program Files \ Apple Software Update
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008-02-19 22:23. 2008-02-20 21:13 <DIR> d -------- C: \ Program Files \ FBrowsingAdvisor
2008-02-19 22:23. 2008-02-19 22:27 <DIR> d -------- C: \ Program Files \ FBrowserAdvisor
2008-02-19 22:23. 2008-02-23 03:45 <DIR> d -------- C: \ Program Files \ ContextAdvisor
2008-02-19 22:11. 2008-02-19 22:36 <DIR> d -------- C: \ Program Files \ LimeWire
2008-02-19 22:11. 2008-02-19 22:26 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ LimeWire
2008-02-19 21:11. 2008-02-19 21:11 <DIR> d -------- C: \ Program Files \ Cricut Programinė įranga
2008-02-16 23:34. 2008-02-16 23:34 <DIR> d -------- C: \ Program Files \ TrueSwitch
2008-02-16 23:34. 2008-02-16 23:34 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ TrueSwitch
2008-02-16 23:33. 2008-02-23 11:37 <DIR> d -------- C: \ Program Files \ TrueSwitchBTYahoo
2008-02-16 04:57. 2008-02-16 04:57 <DIR> d -------- C: \ Program Files \ Common Files \ Aladdin Bendri
2008-02-15 18:47. 2008-02-22 22:32 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ Yahoo!
2008-02-15 18:44. 2008-02-15 18:51 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo!
2008-02-15 18:44. 2002-02-21 18:56 24.576 - ------ C: \ WINDOWS \ system32 \ msxml3a.dll
2008-02-15 18:43. 2002-01-05 06:18 84.992 - ------ C: \ WINDOWS \ system32 \ ATL70.DLL
2008-02-15 18:43. 2001-10-11 11:26 65.536 - ------ C: \ WINDOWS \ system32 \ YCRWin32.dll
2008-02-15 16:28. 2008-02-15 16:28 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Citrix
2008-02-15 16:27. 2008-02-15 16:27 61.480 - ------ C: \ Documents and Settings \ Christine \ GoToAssistDownloadHelper.exe
2008-02-14 15:06. 2008-02-14 15:12 <DIR> d -------- C: \ WINDOWS \ SxsCaPendDel
2008-02-14 13:38. 2008-02-14 13:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ OLYMPUS
2008-02-14 13:37. 2008-02-14 13:37 <DIR> d -------- C: \ Program Files \ OLYMPUS
2008-02-08 18:04. 2008-02-08 18:24 <DIR> d -------- C: \ TEMP \ AOL
2008-02-08 11:34. 2008-02-08 11:34 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ "ArcSoft
2008-02-07 16:55. 2008-02-07 16:55 <DIR> d -------- C: \ Program Files \ Common Files \ Skeneriai
2008-02-07 16:11. 2008-02-15 09:05 10 - ------ C: \ WINDOWS \ msoffice.ini
2008-02-07 16:02. 2008-02-07 18:18 <DIR> d -------- C: \ WINDOWS \ occache
2008-02-07 16:02. 2008-02-07 16:02 <DIR> d -------- C: \ Program Files \ Learn2.com
2008-02-07 16:02. 2008-02-08 18:09 <DIR> d -------- C: \ Program Files \ Common Files \ aolback
2008-02-07 16:02. 2008-02-07 16:02 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ You've Got Paveikslėliai Ekrano
2008-02-07 16:02. 2007-10-11 05:57 1.498.112 - ------ C: \ WINDOWS \ system32 \ shdocvw.bak
2008-02-07 16:02. 1998-06-26 00:00 644.400 - ------ C: \ WINDOWS \ system32 \ MSComCt2.ocx
2008-02-07 16:02. 2000-05-22 00:00 203.976 - ------ C: \ WINDOWS \ system32 \ RichTx32.ocx
2008-02-07 16:02. 1998-06-24 00:00 115.016 - ------ C: \ WINDOWS \ system32 \ MSInet.ocx
2008-02-07 16:02. 2001-11-21 10:15 102.400 - ------ C: \ WINDOWS \ system32 \ SimpleRegistry.dll
2008-02-07 16:02. 1999-04-17 01:06 10.752 - ------ C: \ WINDOWS \ system32 \ aamd532.dll
2008-02-07 16:02. 2008-02-08 18:10 719 - ------ C: \ WINDOWS \ aolback.exe.lnk
2008-02-07 16:01. 2008-02-22 23:08 <DIR> d -------- C: \ Program Files \ QuickTime
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ Program Files \ Common Files \ Real
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ My Music
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ QuickTime
2008-02-07 16:01. 2008-02-07 16:01 24.576 - ------ C: \ WINDOWS \ system32 \ prefscpl.cpl
2008-02-07 16:01. 2008-02-07 16:01 8.552 - ------ C: \ WINDOWS \ system32 \ drivers \ asctrm.sys
2008-02-07 16:00. 2005-05-12 12:36 29.184 - ------ C: \ WINDOWS \ system32 \ popup.ocx
2008-02-07 15:45. 2008-02-22 18:50 <DIR> D - h ----- C: \ TEMP
2008-02-06 15:32. 2008-02-06 15:13 19.558 --------- C: \ WINDOWS \ hpoins01.dat.temp
2008-02-06 15:32. 2006-09-27 19:24 16.606 --------- C: \ WINDOWS \ hpomdl01.dat.temp
2008-02-06 15:16. 2008-02-23 10:46 526 - ------ C: \ hpfr3420.xml
2008-02-06 15:14. 2008-02-06 15:14 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ Hewlett-Packard
2008-02-06 15:12. 2008-02-06 15:12 <DIR> d -------- C: \ Program Files \ Common Files \ Hewlett-Packard
2008-02-06 15:10. 2008-02-06 15:11 <DIR> d -------- C: \ Program Files \ Hewlett-Packard
2008-02-06 15:10. 2006-09-27 19:23 233.528-RA ------ C: \ WINDOWS \ system32 \ HPZidr12.dll
2008-02-06 15:10. 2006-09-27 19:23 167.936-RA ------ C: \ WINDOWS \ system32 \ HPZipr12.dll
2008-02-06 15:10. 2006-09-27 19:23 94.208-RA ------ C: \ WINDOWS \ system32 \ HPZipt12.dll
2008-02-06 15:10. 2006-09-27 19:23 65.795-RA ------ C: \ WINDOWS \ system32 \ HPZipm12.exe
2008-02-06 15:10. 2006-09-27 19:23 61.699-RA ------ C: \ WINDOWS \ system32 \ HPZinw12.exe
2008-02-06 15:10. 2006-09-27 19:23 57.344-RA ------ C: \ WINDOWS \ system32 \ HPZisn12.dll
2008-02-06 15:10. 2006-09-27 19:23 51.024-RA ------ C: \ WINDOWS \ system32 \ drivers \ hpzid412.sys
2008-02-06 15:10. 2006-09-27 19:23 16.080-RA ------ C: \ WINDOWS \ system32 \ drivers \ HPZipr12.sys
2008-02-06 15:09. 2006-09-27 19:24 237.568-RA ------ C: \ WINDOWS \ system32 \ HPZc3212.dll
2008-02-06 15:09. 2006-09-27 19:23 21.456-RA ------ C: \ WINDOWS \ system32 \ drivers \ HPZius12.sys
2008-02-06 15:07. 2008-02-06 15:13 19.558 --------- C: \ WINDOWS \ hpoins01.dat
2008-02-06 15:07. 2006-09-27 19:24 16.606 --------- C: \ WINDOWS \ hpomdl01.dat
2008-02-06 14:21. 2008-02-06 14:21 <DIR> d -------- C: \ Program Files \ HP
2008-02-06 08:52. 2008-02-06 08:52 <DIR> d -------- C: \ Program Files \ Craft kraštas
2008-02-04 14:52. 2008-02-04 14:52 <DIR> d -------- C: \ Program Files \ Windows Media Connect 2
2008-02-04 14:50. 2008-02-04 14:50 <DIR> d -------- C: \ WINDOWS \ system32 \ logo
2008-02-04 14:50. 2008-02-04 14:51 <DIR> d -------- C: \ WINDOWS \ system32 \ drivers \ UMDF
2008-02-03 14:37. 1995-08-01 04:44 212.480 - ------ C: \ WINDOWS \ PCDLIB32.DLL
2008-02-03 14:37. 2003-09-19 15:45 21.248 - ------ C: \ WINDOWS \ system32 \ drivers \ pfc.sys
2008-02-03 14:35. 2008-02-03 14:35 <DIR> d -------- C: \ Program Files \ Common Files \ snp2std
2008-02-03 14:35. 2005-09-21 13:31 8.816.128 - ------ C: \ WINDOWS \ system32 \ drivers \ snp2sxp.sys
2008-02-03 14:34. 2005-10-03 11:23 20.480 --------- C: \ WINDOWS \ CameraFixer.exe
2008-02-02 23:31. 2004-08-03 23:07 59.264 - ------ C: \ WINDOWS \ system32 \ drivers \ USBAUDIO.sys
2008-02-02 23:31. 2004-08-03 23:07 59.264 - - --- C C: \ WINDOWS \ system32 \ dllcache \ usbaudio.sys
2008-02-02 15:14. 2008-02-04 09:26 147 - ------ C: \ WINDOWS \ fcp5.cfg
2008-02-02 11:39. 2008-02-02 11:39 <DIR> d -------- C: \ Program Files \ Jasc Software Inc
2008-02-01 01:09. 2007-03-20 19:33 43.520 - ------ C: \ WINDOWS \ system32 \ libusb0.dll
2008-02-01 01:09. 2007-03-20 19:33 28.672 - ------ C: \ WINDOWS \ system32 \ drivers \ libusb0.sys
2008-02-01 01:04. 2008-02-10 08:07 <DIR> d -------- C: \ Documents and Settings \ Admin \ Application Data \ AOL
2008-02-01 01:03. 2008-02-10 08:08 <DIR> d -------- C: \ Documents and Settings \ Admin \ Application Data \ AVG7
2008-01-31 23:13. 2008-01-31 23:13 90.112 - ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-01-31 23:13. 2008-01-31 23:13 57.344 - ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-01-28 05:24. 2007-06-27 21:10 202.048 - ------ C: \ WINDOWS \ system32 \ ftd2xx.dll
2008-01-28 05:24. 2007-06-27 21:10 111.936 - ------ C: \ WINDOWS \ system32 \ ftbusui.dll
2008-01-28 05:24. 2007-06-27 21:10 107.840 - ------ C: \ WINDOWS \ system32 \ FTLang.dll
2008-01-28 05:24. 2007-06-27 21:04 71.488 - ------ C: \ WINDOWS \ system32 \ drivers \ ftser2k.sys
2008-01-28 05:24. 2007-06-27 21:05 53.184 - ------ C: \ WINDOWS \ system32 \ drivers \ ftdibus.sys
2008-01-28 05:24. 2007-06-27 21:06 47.432 - ------ C: \ WINDOWS \ system32 \ ftserui2.dll
2008-01-27 08:28. 2008-01-27 08:28 268 - Ah ----- C: \ sqmdata19.sqm
2008-01-27 08:28. 2008-01-27 08:28 244 - Ah ----- C: \ sqmnoopt19.sqm
2008-01-26 07:27. 2008-02-03 15:52 268 - Ah ----- C: \ sqmdata18.sqm
2008-01-26 07:27. 2008-02-03 15:52 244 - Ah ----- C: \ sqmnoopt18.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 11:40 15.783.968 - SHA-w C: \ WINDOWS \ system32 \ drivers \ fidbox.dat
2008-02-23 11:25 185.732 - SHA-w C: \ WINDOWS \ system32 \ drivers \ fidbox.idx
2008-02-23 10:52 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AVG7
2008-02-23 09:01 --------- d ----- w C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-02-22 23:12 --------- d ----- w C: \ Program Files \ Java
2008-02-15 18:47 --------- d ----- w C: \ Program Files \ Yahoo!
2008-02-15 09:41 --------- D - h - w C: \ Program Files \ InstallShield įrengimas Informacija
2008-02-15 09:36 --------- d ----- w C: \ Program Files \ Common Files \ AOL
2008-02-15 09:06 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AOL
2008-02-15 09:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-02-14 15:07 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2008-02-07 16:23 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2008-02-07 16:23 --------- d ----- w C: \ Program Files \ Google "įrankių juosta
2008-02-05 12:00 --------- d ----- w C: \ Program Files \ Craft ROBO kontrolierius
2008-02-05 11:59 --------- d ----- w C: \ Program Files \ ROBO Meistras
2008-02-04 13:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2008-02-03 15:21 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-28 05:24 --------- d ----- w C: \ Program Files \ DIFX
2008-01-23 00:41 5.607 ---- AW C: \ WINDOWS \ ~ GLH0000.TMP
2008-01-23 00:41 137.504 ---- AW C: \ WINDOWS \ ~ GLC0000.TMP
2008-01-22 03:55 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ InstallShield
2008-01-22 02:21 --------- d ----- w C: \ Program Files \ eGames
2008-01-22 00:01 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ CyberLink
2008-01-21 22:27 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ Avocent AdminWorks
2008-01-21 22:27 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Avocent AdminWorks
2008-01-21 21:28 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ CyberLink
2008-01-21 07:06 171.520 ---- AW C: \ WINDOWS \ Internet Logs \ xDB1.tmp
2008-01-21 01:58 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-01-21 01:33 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-01-21 01:32 --------- d ----- w C: \ Program Files \ Lavasoft
2008-01-20 19:42 --------- d ----- w C: \ Program Files \ Microsoft ActiveSync
2008-01-20 05:50 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AdobeUM
2008-01-20 02:46 --------- d ----- w C: \ Program Files \ King Kong įranga
2008-01-20 02:45 --------- d ----- w C: \ Program Files \ Create-A-Face 3,2
2008-01-20 02:15 --------- d ----- w C: \ Program Files \ GRAPHTEC
2008-01-20 02:05 --------- d ----- w C: \ Program Files \ ZoneAlarmSB
2008-01-20 02:04 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ MailFrontier
2008-01-20 02:03 --------- d ----- w C: \ Program Files \ Zone Labs
2008-01-20 01:51 --------- d ----- w C: \ Program Files \ Microsoft CAPICOM 2.1.0.2
2008-01-19 16:48 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-01-19 16:33 --------- d ----- w C: \ Program Files \ Real
2008-01-19 14:46 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Kompanionas
2008-01-19 14:45 --------- d ----- w C: \ Program Files \ Common Files \ Nullsoft
2008-01-19 14:44 --------- d ----- w C: \ Program Files \ Požiūris
2008-01-19 14:44 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Požiūris
2008-01-19 14:34 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2008-01-19 14:34 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008-01-19 14:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ AOL Atsisiuntimai
2008-01-19 14:29 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared
2008-01-19 14:29 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-01-19 14:09 --------- d ----- w C: \ Program Files \ Acer
2008-01-19 14:02 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-21 14:39 10.752 ---- AW C: \ WINDOWS \ system32 \ WhoisCL.exe
2007-12-14 19:32 12.632 ---- AW C: \ WINDOWS \ system32 \ lsdelete.exe
2007-12-07 02:21 824.832 ---- AW C: \ WINDOWS \ system32 \ wininet.dll
2007-12-04 18:38 550.912 ------ w C: \ WINDOWS \ system32 \ Oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (87E68009-29A8-D669-F7C2-B31D08635C50)]
2007-12-30 20:48 1019904 - ------ C: \ Program Files \ ContextAdvisor \ ContextAdvisor-3.dll
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA)]
2008-01-20 02:05 262144 - ------ C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88)
(F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA)
[HKEY_CLASSES_ROOT \ CLSID \ (f0d4b239-da4b-4daf-81e4-dfee4931a4aa)]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser]
(F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA) "= C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL [2008-01-20 02:05 262144]
[HKEY_CLASSES_ROOT \ CLSID \ (f0d4b239-da4b-4daf-81e4-dfee4931a4aa)]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"MsnMsgr" = "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" []
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2004-10-13 16:24 1694208]
"Yahoo! Gaviklis" = "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.exe" [2007-08-30 17:43 4670704]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"LaunchApp" = "Alaunch" []
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006-07-11 22:19 7626752]
"nwiz" = "nwiz.exe" [2006-07-11 22:19 1519616 C: \ WINDOWS \ system32 \ nwiz.exe]
"RTHDCPL" = "RTHDCPL.EXE" [2006-06-01 00:48 16208384 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 02:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"ntiMUI" = "C: \ Program Files \ NEWTECH Infosystems \ NTI CD & DVD Maker 7 \ ntiMUI.exe" [2005-05-12 00:15 45056]
"RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-03 03:24 32768]
"IMJPMIG8.1" = "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.e XE" [2004-08-04 05:00 208952]
"IMEKRMIG6.1" = "C: \ WINDOWS \ ime \ imkr6_1 \ IMEKRMIG.EXE" [2004-08-04 05:00 44032]
"MSPY2002" = "C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScI nst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TIN TSETP.exe" [2004-08-04 05:00 455168]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2006-07-11 22:19 86016]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe" [2007-12-14 03:42 144784]
"Acer Empowering Technology Monitor" = "C: \ WINDOWS \ system32 \ SysMonitor.exe" [2006-04-19 03:54 49152]
"eLockMonitor" = "C: \ Acer \ Empowering Technology \ eLock \ monitor \ LaunchMonitor.exe" [2006-03-31 18:14 16384]
"eRecoveryService" = "C: \ Acer \ Empowering Technology \ eRecovery \ eRAgent.exe" [2006-06-01 22:40 413696]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-19 16:21 579072]
"ZoneAlarm" Klientas "=" C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe "[2007-11-15 00:05 919016]
"CameraFixer" = "C: \ WINDOWS \ CameraFixer.exe" [2005-10-03 11:23 20480]
"tsnp2std" = "C: \ WINDOWS \ tsnp2std.exe" [2005-11-03 10:12 106496]
"snp2std" = "C: \ WINDOWS \ vsnp2std.exe" [2005-08-16 21:54 339968]
"RealTray" = "C: \ Program Files \ Real \" RealPlayer \ RealPlay.exe "[2008-02-07 16:01 26112]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-01-31 23:13 385024]
"AOLDialer" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" []
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 22:16 39792]
"YBrowser" = "C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.ex e" [2006-07-21 16:19 129536]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-01-19 16:21 219136]
C: \ Documents and Settings \ Christine \ Start Menu \ Programs \ Startup \
TrueAssistant.lnk - C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe [2008-02-06 15:54:00 1060864]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Craft ROBO Statusas Supervisor.lnk - C: \ Program Files \ Craft ROBO kontrolieriaus \ CRSSupervisor.exe [2008-02-05 12:00:04 32768]
HP PSC 1.000 series.lnk - C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe [2003-04-09 18:21:38 147456]
hpoddt01.exe.lnk - C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe [2003-04-09 18:11:12 28672]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe [2001-02-13 10:01:04 83360]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "= C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Paleidimas Acer Empowering Technology.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Acer Empowering Technology.lnk
Backup = C: \ WINDOWS \ PSS \ Acer Empowering Technology.lnkCommon Paleidimas
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Paleidimas Acer WLAN 11g USB Dongle.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Acer WLAN 11g USB Dongle.lnk
Backup = C: \ WINDOWS \ PSS \ Acer WLAN 11g USB Dongle.lnkCommon Paleidimas
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Startup "Adobe Reader Speed Launch.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ "Adobe Reader Speed Launch.lnk
Backup = C: \ WINDOWS \ PSS \ "Adobe Reader Speed Launch.lnkCommon Paleidimas
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ AdminWorks Tray]
C: \ Acer \ LANScope Agent \ awtray.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ eDataSecurity Loader]
C: \ Acer \ Empowering Technology \ eDataSecurity \ eDSloader.exe
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" = "% windir% \ \ System32 \ \ sessmgr.exe: @ Xpsp2res.dll, -22.019
"C: \ Program Files \ Grisoft \ \ AVG7 \ \ avginet.exe" =
"C: \ Program Files \ Grisoft \ \ AVG7 \ \ avgamsvr.exe" =
"C: \ Program Files \ Grisoft \ \ AVG7 \ \ avgcc.exe" =
"C: \ Program Files \ Grisoft \ \ AVG7 \ \ avgemc.exe" =
"C: \ Program Files \ AOL 9.0 VR \ \ waol.exe" =
"C: \ Program Files \ Common Files \ \ AOL \ \ TopSpeed \ \ 3.0 \ \ aoltpsd3.exe" =
"C: \ Program Files \ Common Files \ \ AOL \ \ krautuvas \ \ aolload.exe" =
"C: \ Program Files \ Common Files \ \ AOL \ \ Sistemos informacija \ \ sinf.exe" =
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ network diagnostic \ \ xpnetdiag.exe: @ Xpsp3res.dll, -20.000
"C: \ Program Files \ Common Files \ \ AOL \ \ 1200753845 \ \ EE \ \ aolsoftware.exe" =
"C: \ Program Files \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ Program Files \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ Program Files \ \ AOL \ \ RC \ \ regClient.exe" =
"C: \ Program Files \ Common Files \ \ AOL \ \ ACS \ \ AOLAcsd.exe" =
"C: \ Program Files \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" =
"C: \ Program Files \ Common Files \ \ AOL \ \ 1202403305 \ \ EE \ \ aolsoftware.exe" =
"C: \ Program Files \ \ AOL 9.0 \ \ waol.exe" =
"C: \ Program Files \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" =
"C: \ Program Files \ Yahoo! \ \ Messenger \ \ YServer.exe" =
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"1947: TCP" = 1947: TCP: HASP SPGM
"1947: UDP" = 1947: UDP: HASP SPGM
R0 UBHelper; UBHelper, C: \ WINDOWS \ system32 \ drivers \ UBHe lper.sys [2004-12-17 02:14]
R2 aksfridge; aksfridge, C: \ WINDOWS \ system32 \ drivers \ ak sfridge.sys [2007-03-13 04:48]
R2 eLock2BurnerLockDriver; eLock2BurnerLockDriver, C: \ W INDOWS \ system32 \ eLock2BurnerLockDriver.sys [2006-06-05 19:30]
R2 eLock2FSCTLDriver; eLock2FSCTLDriver, C: \ WINDOWS \ sys tem32 \ eLock2FSCTLDriver.sys [2006-06-07 02:36]
R2 hasplms; HASP License Manager, C: \ WINDOWS \ system32 \ hasplms.exe [2007-03-15 22:48]
R2 LockServ; LockServ, C: \ Acer \ Empowering Technology \ eLock \ LockServ.exe [2006-05-29 20:25]
R3 int15.sys; int15.sys, C: \ Acer \ Empowering Technology \ eRecovery \ int15.sys [2005-01-13 22:46]
R3 SNP2STD; USB2.0 PC Camera (SNP2STD), C: \ WINDOWS \ system32 \ drivers \ snp2sxp.sys [2005-09-21 13:31]
S3 Acer ODDSpeedControl; Acer ODDSpeedControl; "C: \ Acer \ Empowering Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe" [2005-02-15 17:02]
S3 CADlink; CADlink, C: \ Graphtec DesignMaster Web \ CADlink.sys [2007-09-25 17:10]
S3 libusb0; libusb-win32 - branduolio tvarkyklė, versija 0.1.12.1, C: \ WINDOWS \ system32 \ drivers \ libusb0.sys [2007-03-20 19:33]
S3 psdfilter; psdfilter, C: \ WINDOWS \ system32 \ drivers \ PS dfilter.sys []
S3 psdvdisk; psdvdisk, C: \ WINDOWS \ system32 \ drivers \ psdv Disk.sys []
S3 ZD1211BU (ZyDAS); ZyDAS ZD1211B IEEE 802,11 b + g Wireless LAN Driver (USB) (ZyDAS), C: \ WINDOWS \ system32 \ drivers \ zd1211Bu. SYS []
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (a8054a34-c869-11DC-abff-806d6172696f)]
\ Shell \ Autorun \ command - E: \ CDM.EXE
.
Turinys "Scheduled Tasks" katalogą
"2008-02-22 23:07:37 C: \ WINDOWS \ Uždaviniai \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
"2008-02-06 15:27:09 C: \ WINDOWS \ Uždaviniai \ FRU Užduotis # # Hewlett-Packard HP PSC 1.200 Series # 1202310815.job"
- C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpqfrucl.exe4-I
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 11:41:00
Windows 5.1.2600 Service Pack 2 NTFS
skenavimo paslėptus procesus ...
skenavimo paslėptas autostart entries ...
skenavimo paslėptus failus ...
skenavimas baigtas sėkmingai
paslėptus failus: 0
************************************************** ************************
.
Atlikimo laikas: 2008-02-23 11:41:41
ComboFix-karantine-files.txt 2008-02-23 11:41:38
.
2008-02-15 09:53:53 --- EOF ---

**evilfantasy** · #9 Vasaris 23, 2008, 12:37

Elementai pašalinti

Naršyklė optimizavimo Adssite
komercinė
Enhancement Naršyklės Įrankiai Rightonadz
J2SE Runtime Environment 5.0 Update 6
Java (TM) 6 Update 3
Viewpoint Media Player "

----------

Atsisiųsti Vundofix.exe darbalaukyje.

Dukart spustelėkite VundoFix.exe paleisti.
Uždėkite varnelę Pradėti VundoFix kaip užduotis.
Jūs gausite pranešimą: vundofix bus uždaryti ir vėl atidaryti per minutę ar mažiau. Spauskite Gerai
Kai VundoFix vėl atsidaro, paspauskite Nuskaityti Vundo mygtuką.
Kai tai daroma skenavimas, spustelėkite Pašalinti Vundo mygtuką.
Gausite greitą klausia, ar norite pašalinti failus, paspauskite TAIP
Kai spustelėsite Taip, jūsų darbalaukyje bus tuščias, kaip ji prasideda pašalinti Vundo.
Kai jis bus užbaigtas, tai bus greitai, kad jis bus išjungtas jūsų kompiuteryje, spustelėkite Gerai.
Paverskite savo kompiuterį atgal.
Prašome rašyti C Turinys: \vundofix.txt.

Pastaba Įmanoma, kad VundoFix susidūrė su byla, ji negali ištrinti. Šiuo atveju, VundoFix bus paleisti iš naujo paleisti kompiuterį, atlikite aukščiau instrukcijas, pradedant nuo "Paspauskite Ieškoti Vundo mygtuką" kai VundoFix pasirodo iš naujo paleisti kompiuterį.

Prašome informuoti Vundo apdaila, kartais tai gali užtrukti kelias eina

----------

Eikite į šį pranešimą diegti, nuskaityti ir išsaugoti nuo AVG Antispyware prisijunkite.

----------

Sekantis
Vundofix Prisijungti
Eiti į C: \ SDFix ir ieškoti failą pavadinimu Report.txt ir po, kad žurnalas taip pat.

**christine154** · #10 Vasaris 23, 2008, 13:37

Hi vyko Vundo But I cant post Prisijungti nes negamino vienos, nes ji sakė nebuvo užkrėstas rinkmenas, taip pat negalima pašalinti iš komercinių programų atėjo klaidos žr ekrano pritvirtinti ir turiu Spybot įdiegta mano kompiuteryje, kurį aš paleisti visus šnipinėjimo programų laiką, taigi aš turiu tikrai reikia įdiegti kito mano PC viena?