mazāku kapitāla

Magazine
Go Back   Computer Sulas > Computer Software > Vīrusu, spiegprogrammatūru un drošība
Reload this Page

Contextadvisor - pop up vadītāja me mad

Reģistrēties Site Spy Member List Ziedot Meklēt Today's Posts Mark Forums Read Foruma Noteikumi

Register


 Default 

Contextadvisor - pop up vadītāja me mad




Reply
Page 1 of 3 1 23
 
Thread Tools
  #1  
Old Februāris 22, 2008, 15:46
Donors Group
  
Default Contextadvisor - pop up vadītāja me mad

par pēdējo 3 dienu laikā es regulāri saņemt šo uznirstošo nezināt, kā tikt vaļā no tā izdarīt hjt skenēšana, ja ir kaut kas tur, ka Jūs domājat, ka varētu izraisīt vai citas problēmas, lūdzu, man palīdzēt ar to, ko darīt

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 22:43:41, uz 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ hasplms.exe
c: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Acer \ Empowering Technology \ eLock \ LockServ.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Acer \ Empowering Technology \ eRecovery \ eRAgent.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SysMonitor.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ CameraFixer.exe
C: \ WINDOWS \ tsnp2std.exe
C: \ WINDOWS \ vsnp2std.exe
C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe
C: \ Acer \ Empowering Technology \ eLock \ Monitor \ LockMon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
C: \ WINDOWS \ System32 \ Rundll32.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ycommon.exe
C: \ Program Files \ Craft ROBO Controller \ CRSSupervisor.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ Bin \ hpoSTS08.exe
C: \ PROGRA ~ 1 \ Yahoo! \ COMPAN ~ 1 \ installs \ cpn0 \ YTBSDK.e XE
C: \ WINDOWS \ System32 \ svchost.exe
C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ YAHOOM ~ 1.EXE
C: \ Program Files \ King Kong Software \ Capture \ KingKongCapture.exe
C: \ Program Files \ Yahoo! \ Pārlūku \ ybrowser.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Documents and Settings \ Christine \ Desktop \ HiJackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://bt.my.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://search.aol.co.uk/web?isinit=true&query =% s
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Yahoo! IE Pakalpojumi Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: rightonads optimizētājs - (7D9362F8-77D8-4b29-97B5-621D550890C0) - C: \ WINDOWS \ system32 \ gzmrt.dll
O2 - BHO: ContextAdvisor - (87E68009-29A8-D669-F7C2-B31D08635C50) - C: \ Program Files \ ContextAdvisor \ ContextAdvisor-3.dll
O2 - BHO: ads_optimizer - (9C8A568E-4201-478a-8.536-526CF371D2E2) - C: \ WINDOWS \ system32 \ nst46.dll
O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8.280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6.328-4.933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Pārlūku \ YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [ntiMUI] C: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [IMEKRMIG6.1] C: \ WINDOWS \ ime \ imkr6_1 \ IMEKRMIG.EXE
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Acer Empowering Technology Monitor] C: \ WINDOWS \ system32 \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [eLockMonitor] C: \ Acer \ Empowering Technology \ eLock \ Monitor \ LaunchMonitor.exe
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Empowering Technology \ eRecovery \ eRAgent.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [ZoneAlarm Klientu] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [CameraFixer] C: \ WINDOWS \ CameraFixer.exe
O4 - HKLM \ .. \ Run: [tsnp2std] C: \ WINDOWS \ tsnp2std.exe
O4 - HKLM \ .. \ Run: [snp2std] C: \ WINDOWS \ vsnp2std.exe
O4 - HKLM \ .. \ Run: [RealTray] C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ Rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ Windows Live \ Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Yahoo! Peidžeri] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ YAHOOM ~ 1.EXE"-kluss
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
O4 - Global Startup: Amatniecības ROBO Status Supervisor.lnk =?
O4 - Global Startup: HP psc 1.000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
Ø8 - ārpus konteksta menu item: & AOL Toolbar meklēšana - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / search.html
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: BT Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø15 - Trusted Zona: http://www.photobucket.com
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
Ø16 - DPF: (6B75345B-AA36-438A-BBE6-4078B4C6984D) (HpProductDetection klase) -- http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C: \ Acer \ Empowering Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc - C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: aizbultēt License vadītājs (hasplms) - Aladdin Knowledge Systems Ltd - C: \ WINDOWS \ system32 \ hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1.150 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Marķēšanas dienests (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LockServ - Unknown īpašnieks - C: \ Acer \ Empowering Technology \ eLock \ LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: TrueVector Interneta Monitor (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif
--
End of failu - 11.705 bytes
  #2  
Old Februāris 22, 2008, 20:09
Moderator Group
  
Default Contextadvisor - pop up vadītāja me mad

Doties uz šis pavediens un vai pasākumi Viens divi un Trīs.

Pēc tam, kad tie ir pilnīgi darīts, un dators ir jāatsāk darboties jauns HijackThis skenēšanas un pēc šo žurnālu arī.
__________________
  #3  
Old Februāris 23, 2008, 02:12
Donors Group
  
Default Contextadvisor - pop up vadītāja me mad

i ir 3 programmas, im nezināt, kādi viņi ir, kas ir
commmercial
uzlabošanu pārlūku instrumenti rightonadz
sound'em 1,0
man vajadzētu izņemt tēzes? no mana Add / Remove Programs saraksta
  #4  
Old Februāris 23, 2008, 03:05
Donors Group
  
Default Contextadvisor - pop up vadītāja me mad

ir beigušies cc tīrāku un super anti spyware, bet kad pc atsākt es dabūju šo kļūdas paziņojumu

Kļūda ielādējot C \ Windows \ system32 \ gzmrt.dll
norādīto moduli nevar atrast
  #5  
Old Februāris 23, 2008, 03:09
Moderator Group
  
Default Contextadvisor - pop up vadītāja me mad

Quote:
Originally Posted by christine154 View Post
ir beigušies cc tīrāku un super anti spyware, bet kad pc atsākt es dabūju šo kļūdas paziņojumu

Kļūda ielādējot C \ Windows \ system32 \ gzmrt.dll
norādīto moduli nevar atrast
Tas ir saistīts ar kaitīgo programmu ir izvadīt ar SAS. Man ir vajadzīga jauna HijackThis log tagad.
__________________
  #6  
Old Februāris 23, 2008, 03:15
Donors Group
  
Default Contextadvisor - pop up vadītāja me mad

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 10:15:40, uz 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ hasplms.exe
c: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Acer \ Empowering Technology \ eLock \ LockServ.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ SysMonitor.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ CameraFixer.exe
C: \ Acer \ Empowering Technology \ eRecovery \ eRAgent.exe
C: \ WINDOWS \ tsnp2std.exe
C: \ WINDOWS \ vsnp2std.exe
C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Acer \ Empowering Technology \ eLock \ Monitor \ LockMon.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ycommon.exe
C: \ Program Files \ Craft ROBO Controller \ CRSSupervisor.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ Bin \ hpoSTS08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe
C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ YAHOOM ~ 1.EXE
C: \ Program Files \ Yahoo! \ Pārlūku \ ybrowser.exe
C: \ Program Files \ King Kong Software \ Capture \ KingKongCapture.exe
C: \ Documents and Settings \ Christine \ Desktop \ HiJackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://bt.my.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://search.aol.co.uk/web?isinit=true&query =% s
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Yahoo! IE Pakalpojumi Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: ContextAdvisor - (87E68009-29A8-D669-F7C2-B31D08635C50) - C: \ Program Files \ ContextAdvisor \ ContextAdvisor-3.dll
O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8.280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6.328-4.933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Pārlūku \ YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [ntiMUI] C: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [IMEKRMIG6.1] C: \ WINDOWS \ ime \ imkr6_1 \ IMEKRMIG.EXE
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Acer Empowering Technology Monitor] C: \ WINDOWS \ system32 \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [eLockMonitor] C: \ Acer \ Empowering Technology \ eLock \ Monitor \ LaunchMonitor.exe
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Empowering Technology \ eRecovery \ eRAgent.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [ZoneAlarm Klientu] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [CameraFixer] C: \ WINDOWS \ CameraFixer.exe
O4 - HKLM \ .. \ Run: [tsnp2std] C: \ WINDOWS \ tsnp2std.exe
O4 - HKLM \ .. \ Run: [snp2std] C: \ WINDOWS \ vsnp2std.exe
O4 - HKLM \ .. \ Run: [RealTray] C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ Rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ Windows Live \ Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Yahoo! Peidžeri] "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ YAHOOM ~ 1.EXE"-kluss
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
O4 - Global Startup: Amatniecības ROBO Status Supervisor.lnk =?
O4 - Global Startup: HP psc 1.000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
Ø8 - ārpus konteksta menu item: & AOL Toolbar meklēšana - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / search.html
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
Ø9 - Extra button: BT Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø15 - Trusted Zona: http://www.photobucket.com
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
Ø16 - DPF: (6B75345B-AA36-438A-BBE6-4078B4C6984D) (HpProductDetection klase) -- http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C: \ Acer \ Empowering Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc - C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: aizbultēt License vadītājs (hasplms) - Aladdin Knowledge Systems Ltd - C: \ WINDOWS \ system32 \ hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1.150 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Marķēšanas dienests (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LockServ - Unknown īpašnieks - C: \ Acer \ Empowering Technology \ eLock \ LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: TrueVector Interneta Monitor (vsmon) - Zone Labs, LLC - C: \ WINDOWS \ system32 \ ZoneLabs \ vsmon.exe
O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif
--
End of failu - 11.488 bytes
  #7  
Old Februāris 23, 2008, 03:38
Moderator Group
  
Default Contextadvisor - pop up vadītāja me mad

Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai pēc tam notiek atzīmi blakus:
  • O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8.280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
  • O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ WINDOWS \ System32 \ Rundll32.exe "C: \ WINDOWS \ system32 \ gzmrt.dll" DllStart
  • O24 - Desktop Component 0: (no name) -- http://www.pspug.org/pix/pspimem1.gif <<Ja Jums nav pievienotu šo pats pēc tam noņemiet to ar HijackThis.
Aizveriet visus logus, izņemot HijackThis un noklikšķiniet uz Labot pārbaudīt.

----------

Lejupielādēt SDFix.exe un saglabājiet to savā datorā.

Dubultklikšķis SDFix.exe un tā izrakstu failus uz% systemdrive%
(Drive, kas satur Windows Direktoriju, parasti C: \ SDFix)

Lūdzu, tad pārstartējiet datoru Safe Mode darot šādi:
  • Restartējiet datoru
  • Noklausījusies datoru pīkstienu, kad startēšanas laikā, bet pirms Windows ikona, pieskarieties F8 taustiņu pastāvīgi;
  • Vietā Windows iekraušanas kā parasti, Advanced Options Menu vajadzētu parādīties;
  • Izvēlieties pirmo iespēju, lai palaistu Windows drošajā režīmā, nospiediet Enter.
  • Izvēlieties savu parasto kontu.
  • Open ekstrahē SDFix mapi un veiciet dubultklikšķi uz RunThis.bat sākt skriptu.
  • Veids Y sākt tīrīšanas procesu.
  • Tas novērstu jebkādus Trojas Pakalpojumi un reģistra ieraksti, kas konstatē, tad ātri jums nospiediet jebkuru taustiņu, lai Reboot.
  • Nospiediet jebkuru taustiņu, un tas restart PC.
  • Kad PC restartējas Fixtool darbosies atkal un pabeigt atcelšanas procesā, tad displejs PabeigtieNospiediet jebkuru taustiņu, lai beigtu skriptu un slodzes darbvirsmas ikonas.
  • Vienreiz darbvirsmas ikonas slodze SDFix ziņojums tiks atvērts uz ekrāna, kā arī ietaupīt vērā SDFix mapi Report.txt
    (Report.txt tiks kopēts uz starpliktuvi).
  • Pievienošanas uz saturu Report.txt Jūsu nākamo post.
----------

Lūdzu, lejupielādējiet Combofix ar subs no vienas no saitēm.
(Try visi trīs, ja nepieciešams)Svarīgi! Combofix.exe Jābūt saglabāt un ilga no Desktop.
  • Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc) pirms uzsākt Combofix.
  • Svarīgi! Laiku sakropļot jūsu antivīruss, script bloķēšana un visiem antispyware reāllaika aizsardzību pirms veic skenēšanu.
    • Click šo saiti redzēt sarakstu drošības programmas, kas ir invalīdi un to, kā pārtraukt to darbību.
    • Ja jūsu valsts nav sarakstā, un jūs nezināt, kā atspējot, lūdzu, jautājiet.
  • Brīdinājums: Combofix atvieno datoru no interneta. Savienojums tiek automātiski atjaunots pirms Combofix pabeidz palaist.
  • Dubultklikšķi combofix.exe un sekojiet norādījumiem.
    • No tastatūras izvēlētos 1 un nospiediet Enter
  • Kad pabeigts, tas rada log for you.
  • Dienests, log jūsu nākamo atbildi.
Brīdinājums: Nav mouseclick combofix loga kamēr tas darbojas. Tas var izraisīt to stall
  • Ja Combofix nokļūst grūtībās, un to beidz priekšlaicīgi, savienojumu var manuāli atjaunoja restartējot datoru.
  • Svarīgi: Atcerieties, ka jauna aktivizētu jūsu antivīrusu un antispyware, pirms atjaunot saikni ar internetu.
----------

HJT Uninstall saraksts
  • Open HijackThis> Click "Misc Tools iedaļas"
  • Noklikšķiniet uz "Open Uninstall Manager".
  • Noklikšķiniet uz "Saglabāt sarakstu".
  • Saglabājiet to savā datorā.
  • Kopija par faila saturu uz nākamo atbildi.
----------

Next post lūdzu, pievienojiet
SDFix log
Combofix log
Uninstall saraksts
__________________
  #8  
Old Februāris 23, 2008, 05:03
Donors Group
  
Default Contextadvisor - pop up vadītāja me mad

neliela problēma, darīja visu, ko tu lūdz ar sdfix log bet tā noware lai konstatēts, log tas ir? Es varu jums pateikt, ka nav iespējams atrast trojons šeit citi saraksti
uninstall sarakstu
ACER eAcoustics Management
ACER eLock Management
Acer Empowering Technology
ACER ePerformance Management
Ad-Aware 2.007
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Apple Software Update
AVG 7,5
Browser Optimizer Adssite
BT Yahoo! Applications
BT Yahoo! TrueSwitch Wizard
CCleaner (noņemt tikai)
tirdzniecības
ContextAdvisor
Craft ROBO Controller
Create--Face 3,2
Cricut DesignStudio
Enhancement Browser Tools Rightonadz
Galaktikas Prāta spēles
Graphtec DesignMaster Web (C: \ Graphtec DesignMaster Web)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Labojumfailu Windows Media Format 11 SDK (KB929399)
Labojumfailu Windows Media Player 11 (KB939683)
Labojumfailu Windows XP (KB893357)
Labojumfailu Windows XP (KB896256)
Labojumfailu Windows XP (KB906569)
Labojumfailu Windows XP (KB914440)
Labojumfailu Windows XP (KB915865)
Labojumfailu Windows XP (KB926239)
Labojumfailu Windows XP (KB935448)
HP Photo and Imaging 2,0 - All-in-One
HP Photo and Imaging 2,0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1.200 sērija
HP Product Detection
hp psc 1.200 sērija
J2SE Runtime Environment 5,0 Update 6
Java (TM) 6 Update 3
Java (TM) 6 Update 4
King Kong Capture (noņemt tikai)
Learn2 Player (Uninstall Only)
MAX Console
Microsoft. NET Framework 1.1
Microsoft. NET Framework 1.1
Microsoft. NET Framework 1.1 Hotfix (KB928366)
Microsoft. NET Framework 2.0
Microsoft Compression Client Pack 1,0 uz Windows XP
Microsoft Internationalized Domain Names mazināšanas APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard skolēniem un skolotājiem
Microsoft User-Mode Driver Framework Feature Pack 1,0
Microsoft Visual C + + 2005 Redistributable
Mozilla Firefox (2.0.0.12)
NTI Backup NOW! 4
NTI CD & DVD-Maker
NVIDIA Drivers
OCA Client vēsture rīks instalēt
OLYMPUS CAMEDIA Master 4,0
Paint Shop Pro 7 Anniversary Edition
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
ROBO Master
Drošības atjauninājums CAPICOM (KB931906)
Drošības atjauninājums CAPICOM (KB931906)
Drošības atjauninājums Soli pa solim Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sound'Em 1,0
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Sure gabali Lot 1,004
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922120)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
USB2.0 PC Camera (SN9C201 & 202)
Viedoklis Media Player
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 Runtime
Windows Media Format 11 Runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
ZoneAlarm
ZoneAlarm Spy Blocker

combofix log
ComboFix 08-02-23.2 - Christine 2008-02-23 11:39:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.294 [GMT 0:00]
Sākot no: C: \ Documents and Settings \ Christine \ Desktop \ ComboFix.exe
* Izveido jaunu atjaunošanas punktu
WARNING, šī mašīna nav atkop Installed!
.
((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat
----- BITS: Iespējamie inficētās vietas -----
hxxp: / / au.download.windowsupdate
.
((((((((((((((((((((((((( Faili Created no 2008/01/23 līdz 2008/02/23 ))))))))))) ))))))))))))))))))))
.
2008/02/23 11:29. 2008/02/23 11:29 <DIR> d -------- C: \ WINDOWS \ ERUNT
2008/02/23 10:42. 2008/02/23 11:36 <DIR> d -------- C: \ SDFix
2008/02/23 09:01. 2008/02/23 09:14 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008/02/23 09:01. 2008/02/23 09:01 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ SUPERAntiSpyware.com
2008/02/23 09:01. 2008/02/23 09:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008/02/23 08:59. 2008/02/23 08:59 <DIR> d -------- C: \ Program Files \ CCleaner
2008/02/22 23:07. 2008/02/22 23:07 <DIR> d -------- C: \ Program Files \ Apple Software Update
2008/02/22 23:07. 2008/02/22 23:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008/02/22 23:07. 2008/02/22 23:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008/02/19 22:23. 2008/02/20 21:13 <DIR> d -------- C: \ Program Files \ FBrowsingAdvisor
2008/02/19 22:23. 2008/02/19 22:27 <DIR> d -------- C: \ Program Files \ FBrowserAdvisor
2008/02/19 22:23. 2008/02/23 03:45 <DIR> d -------- C: \ Program Files \ ContextAdvisor
2008/02/19 22:11. 2008/02/19 22:36 <DIR> d -------- C: \ Program Files \ limewire
2008/02/19 22:11. 2008/02/19 22:26 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ limewire
2008/02/19 21:11. 2008/02/19 21:11 <DIR> d -------- C: \ Program Files \ Cricut Software
2008/02/16 23:34. 2008/02/16 23:34 <DIR> d -------- C: \ Program Files \ TrueSwitch
2008/02/16 23:34. 2008/02/16 23:34 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ TrueSwitch
2008/02/16 23:33. 2008/02/23 11:37 <DIR> d -------- C: \ Program Files \ TrueSwitchBTYahoo
2008/02/16 04:57. 2008/02/16 04:57 <DIR> d -------- C: \ Program Files \ Common Files \ Aladdin Shared
2008/02/15 18:47. 2008/02/22 22:32 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ Yahoo!
2008/02/15 18:44. 2008/02/15 18:51 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo!
2008/02/15 18:44. 2002/02/21 18:56 24.576 - ------ C: \ WINDOWS \ system32 \ msxml3a.dll
2008/02/15 18:43. 2002/01/05 06:18 84.992 - ------ C: \ WINDOWS \ system32 \ ATL70.DLL
2008/02/15 18:43. 2001/10/11 11:26 65.536 - ------ C: \ WINDOWS \ system32 \ YCRWin32.dll
2008/02/15 16:28. 2008/02/15 16:28 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Citrix
2008/02/15 16:27. 2008/02/15 16:27 61.480 - ------ C: \ Documents and Settings \ Christine \ GoToAssistDownloadHelper.exe
2008/02/14 15:06. 2008/02/14 15:12 <DIR> d -------- C: \ WINDOWS \ SxsCaPendDel
2008/02/14 13:38. 2008/02/14 13:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ OLYMPUS
2008/02/14 13:37. 2008/02/14 13:37 <DIR> d -------- C: \ Program Files \ OLYMPUS
2008/02/08 18:04. 2008/02/08 18:24 <DIR> d -------- C: \ temp \ AOL
2008/02/08 11:34. 2008/02/08 11:34 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ ArcSoft
2008/02/07 16:55. 2008/02/07 16:55 <DIR> d -------- C: \ Program Files \ Common Files \ Scanner
2008/02/07 16:11. 2008/02/15 09:05 10 - ------ C: \ WINDOWS \ msoffice.ini
2008/02/07 16:02. 2008/02/07 18:18 <DIR> d -------- C: \ WINDOWS \ occache
2008/02/07 16:02. 2008/02/07 16:02 <DIR> d -------- C: \ Program Files \ Learn2.com
2008/02/07 16:02. 2008/02/08 18:09 <DIR> d -------- C: \ Program Files \ Common Files \ aolback
2008/02/07 16:02. 2008/02/07 16:02 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ You've Got Bildes Screensaver
2008/02/07 16:02. 2007/10/11 05:57 1.498.112 - ------ C: \ WINDOWS \ system32 \ shdocvw.bak
2008/02/07 16:02. 1998/06/26 00:00 644.400 - ------ C: \ WINDOWS \ system32 \ MSComCt2.ocx
2008/02/07 16:02. 2000/05/22 00:00 203.976 - ------ C: \ WINDOWS \ system32 \ RichTx32.ocx
2008/02/07 16:02. 1998/06/24 00:00 115.016 - ------ C: \ WINDOWS \ system32 \ MSInet.ocx
2008/02/07 16:02. 2001/11/21 10:15 102.400 - ------ C: \ WINDOWS \ system32 \ SimpleRegistry.dll
2008/02/07 16:02. 1999/04/17 01:06 10.752 - ------ C: \ WINDOWS \ system32 \ aamd532.dll
2008/02/07 16:02. 2008/02/08 18:10 719 - ------ C: \ WINDOWS \ aolback.exe.lnk
2008/02/07 16:01. 2008/02/22 23:08 <DIR> d -------- C: \ Program Files \ QuickTime
2008/02/07 16:01. 2008/02/07 16:01 <DIR> d -------- C: \ Program Files \ Common Files \ Real
2008/02/07 16:01. 2008/02/07 16:01 <DIR> d -------- C: \ My Music
2008/02/07 16:01. 2008/02/07 16:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ QuickTime
2008/02/07 16:01. 2008/02/07 16:01 24.576 - ------ C: \ WINDOWS \ system32 \ prefscpl.cpl
2008/02/07 16:01. 2008/02/07 16:01 8.552 - ------ C: \ WINDOWS \ system32 \ drivers \ asctrm.sys
2008/02/07 16:00. 2005/05/12 12:36 29.184 - ------ C: \ WINDOWS \ system32 \ popup.ocx
2008/02/07 15:45. 2008/02/22 18:50 <DIR> d - h ----- C: \ TEMP
2008/02/06 15:32. 2008/02/06 15:13 19.558 --------- C: \ WINDOWS \ hpoins01.dat.temp
2008/02/06 15:32. 2006/09/27 19:24 16.606 --------- C: \ WINDOWS \ hpomdl01.dat.temp
2008/02/06 15:16. 2008/02/23 10:46 526 - ------ C: \ hpfr3420.xml
2008/02/06 15:14. 2008/02/06 15:14 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ Hewlett-Packard
2008/02/06 15:12. 2008/02/06 15:12 <DIR> d -------- C: \ Program Files \ Common Files \ Hewlett-Packard
2008/02/06 15:10. 2008/02/06 15:11 <DIR> d -------- C: \ Program Files \ Hewlett-Packard
2008/02/06 15:10. 2006/09/27 19:23 233.528-ra ------ C: \ WINDOWS \ system32 \ HPZidr12.dll
2008/02/06 15:10. 2006/09/27 19:23 167.936-ra ------ C: \ WINDOWS \ system32 \ HPZipr12.dll
2008/02/06 15:10. 2006/09/27 19:23 94.208-ra ------ C: \ WINDOWS \ system32 \ HPZipt12.dll
2008/02/06 15:10. 2006/09/27 19:23 65.795-ra ------ C: \ WINDOWS \ system32 \ HPZipm12.exe
2008/02/06 15:10. 2006/09/27 19:23 61.699-ra ------ C: \ WINDOWS \ system32 \ HPZinw12.exe
2008/02/06 15:10. 2006/09/27 19:23 57.344-ra ------ C: \ WINDOWS \ system32 \ HPZisn12.dll
2008/02/06 15:10. 2006/09/27 19:23 51.024-ra ------ C: \ WINDOWS \ system32 \ drivers \ hpzid412.sys
2008/02/06 15:10. 2006/09/27 19:23 16.080-ra ------ C: \ WINDOWS \ system32 \ drivers \ HPZipr12.sys
2008/02/06 15:09. 2006/09/27 19:24 237.568-ra ------ C: \ WINDOWS \ system32 \ HPZc3212.dll
2008/02/06 15:09. 2006/09/27 19:23 21.456-ra ------ C: \ WINDOWS \ system32 \ drivers \ HPZius12.sys
2008/02/06 15:07. 2008/02/06 15:13 19.558 --------- C: \ WINDOWS \ hpoins01.dat
2008/02/06 15:07. 2006/09/27 19:24 16.606 --------- C: \ WINDOWS \ hpomdl01.dat
2008/02/06 14:21. 2008/02/06 14:21 <DIR> d -------- C: \ Program Files \ HP
2008/02/06 08:52. 2008/02/06 08:52 <DIR> d -------- C: \ Program Files \ Craft Edge
2008/02/04 14:52. 2008/02/04 14:52 <DIR> d -------- C: \ Program Files \ Windows Media Connect 2
2008/02/04 14:50. 2008/02/04 14:50 <DIR> d -------- C: \ WINDOWS \ system32 \ LogFiles
2008/02/04 14:50. 2008/02/04 14:51 <DIR> d -------- C: \ WINDOWS \ system32 \ drivers \ UMDF
2008/02/03 14:37. 1995/08/01 04:44 212.480 - ------ C: \ WINDOWS \ PCDLIB32.DLL
2008/02/03 14:37. 2003/09/19 15:45 21.248 - ------ C: \ WINDOWS \ system32 \ drivers \ pfc.sys
2008/02/03 14:35. 2008/02/03 14:35 <DIR> d -------- C: \ Program Files \ Common Files \ snp2std
2008/02/03 14:35. 2005/09/21 13:31 8.816.128 - ------ C: \ WINDOWS \ system32 \ drivers \ snp2sxp.sys
2008/02/03 14:34. 2005/10/03 11:23 20.480 --------- C: \ WINDOWS \ CameraFixer.exe
2008/02/02 23:31. 2004/08/03 23:07 59.264 - ------ C: \ WINDOWS \ system32 \ drivers \ USBAUDIO.sys
2008/02/02 23:31. 2004/08/03 23:07 59.264 - - c --- C: \ WINDOWS \ system32 \ dllcache \ usbaudio.sys
2008/02/02 15:14. 2008/02/04 09:26 147 - ------ C: \ WINDOWS \ fcp5.cfg
2008/02/02 11:39. 2008/02/02 11:39 <DIR> d -------- C: \ Program Files \ Jasc Software Inc
2008/02/01 01:09. 2007/03/20 19:33 43.520 - ------ C: \ WINDOWS \ system32 \ libusb0.dll
2008/02/01 01:09. 2007/03/20 19:33 28.672 - ------ C: \ WINDOWS \ system32 \ drivers \ libusb0.sys
2008/02/01 01:04. 2008/02/10 08:07 <DIR> d -------- C: \ Documents and Settings \ Admin \ Application Data \ AOL
2008/02/01 01:03. 2008/02/10 08:08 <DIR> d -------- C: \ Documents and Settings \ Admin \ Application Data \ AVG7
2008/01/31 23:13. 2008/01/31 23:13 90.112 - ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008/01/31 23:13. 2008/01/31 23:13 57.344 - ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008/01/28 05:24. 2007/06/27 21:10 202.048 - ------ C: \ WINDOWS \ system32 \ ftd2xx.dll
2008/01/28 05:24. 2007/06/27 21:10 111.936 - ------ C: \ WINDOWS \ system32 \ ftbusui.dll
2008/01/28 05:24. 2007/06/27 21:10 107.840 - ------ C: \ WINDOWS \ system32 \ FTLang.dll
2008/01/28 05:24. 2007/06/27 21:04 71.488 - ------ C: \ WINDOWS \ system32 \ drivers \ ftser2k.sys
2008/01/28 05:24. 2007/06/27 21:05 53.184 - ------ C: \ WINDOWS \ system32 \ drivers \ ftdibus.sys
2008/01/28 05:24. 2007/06/27 21:06 47.432 - ------ C: \ WINDOWS \ system32 \ ftserui2.dll
2008/01/27 08:28. 2008/01/27 08:28 268 - ah ----- C: \ sqmdata19.sqm
2008/01/27 08:28. 2008/01/27 08:28 244 - ah ----- C: \ sqmnoopt19.sqm
2008/01/26 07:27. 2008/02/03 15:52 268 - ah ----- C: \ sqmdata18.sqm
2008/01/26 07:27. 2008/02/03 15:52 244 - ah ----- C: \ sqmnoopt18.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/02/23 11:40 15.783.968 - SHA-w C: \ WINDOWS \ system32 \ drivers \ fidbox.dat
2008/02/23 11:25 185.732 - SHA-w C: \ WINDOWS \ system32 \ drivers \ fidbox.idx
2008/02/23 10:52 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AVG7
2008/02/23 09:01 --------- d ----- w C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/02/22 23:12 --------- d ----- w C: \ Program Files \ Java
2008/02/15 18:47 --------- d ----- w C: \ Program Files \ Yahoo!
2008/02/15 09:41 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2008/02/15 09:36 --------- d ----- w C: \ Program Files \ Common Files \ AOL
2008/02/15 09:06 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AOL
2008/02/15 09:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ AOL
2008/02/14 15:07 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2008/02/07 16:23 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2008/02/07 16:23 --------- d ----- w C: \ Program Files \ Google Toolbar
2008/02/05 12:00 --------- d ----- w C: \ Program Files \ Craft ROBO Controller
2008/02/05 11:59 --------- d ----- w C: \ Program Files \ ROBO Master
2008/02/04 13:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2008/02/03 15:21 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008/01/28 05:24 --------- d ----- w C: \ Program Files \ DIFX
2008/01/23 00:41 5.607 ---- aw C: \ WINDOWS \ ~ GLH0000.TMP
2008/01/23 00:41 137.504 ---- aw C: \ WINDOWS \ ~ GLC0000.TMP
2008/01/22 03:55 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ InstallShield
2008/01/22 02:21 --------- d ----- w C: \ Program Files \ eGames
2008/01/22 00:01 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ CyberLink
2008/01/21 22:27 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ Avocent AdminWorks
2008/01/21 22:27 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Avocent AdminWorks
2008/01/21 21:28 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ CyberLink
2008/01/21 07:06 171.520 ---- aw C: \ WINDOWS \ Internet Baļķi \ xDB1.tmp
2008/01/21 01:58 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008/01/21 01:33 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008/01/21 01:32 --------- d ----- w C: \ Program Files \ Lavasoft
2008/01/20 19:42 --------- d ----- w C: \ Program Files \ Microsoft ActiveSync
2008/01/20 05:50 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AdobeUM
2008/01/20 02:46 --------- d ----- w C: \ Program Files \ King Kong Software
2008/01/20 02:45 --------- d ----- w C: \ Program Files \ Izveidot--Face 3,2
2008/01/20 02:15 --------- d ----- w C: \ Program Files \ GRAPHTEC
2008/01/20 02:05 --------- d ----- w C: \ Program Files \ ZoneAlarmSB
2008/01/20 02:04 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ MailFrontier
2008/01/20 02:03 --------- d ----- w C: \ Program Files \ Zone Labs
2008/01/20 01:51 --------- d ----- w C: \ Program Files \ Microsoft CAPICOM 2.1.0.2
2008/01/19 16:48 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008/01/19 16:33 --------- d ----- w C: \ Program Files \ Real
2008/01/19 14:46 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Companion
2008/01/19 14:45 --------- d ----- w C: \ Program Files \ Common Files \ Nullsoft
2008/01/19 14:44 --------- d ----- w C: \ Program Files \ Viewpoint
2008/01/19 14:44 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Viewpoint
2008/01/19 14:34 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2008/01/19 14:34 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008/01/19 14:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ AOL Downloads
2008/01/19 14:29 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared
2008/01/19 14:29 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008/01/19 14:09 --------- d ----- w C: \ Program Files \ ACER
2008/01/19 14:02 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007/12/21 14:39 10.752 ---- aw C: \ WINDOWS \ system32 \ WhoisCL.exe
2007/12/14 19:32 12.632 ---- aw C: \ WINDOWS \ system32 \ lsdelete.exe
2007/12/07 02:21 824.832 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
2007/12/04 18:38 550.912 ------ w C: \ WINDOWS \ system32 \ oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (87E68009-29A8-D669-F7C2-B31D08635C50)]
2007/12/30 20:48 1.019.904 - ------ C: \ Program Files \ ContextAdvisor \ ContextAdvisor-3.dll
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA)]
2008/01/20 02:05 262.144 - ------ C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88)
(F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA)
[HKEY_CLASSES_ROOT \ CLSID \ (f0d4b239-da4b-4daf-81e4-dfee4931a4aa)]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser]
"(F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA)" = C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL [2008/01/20 02:05 262.144]
[HKEY_CLASSES_ROOT \ CLSID \ (f0d4b239-da4b-4daf-81e4-dfee4931a4aa)]
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004/08/04 05:00 15.360]
"MsnMsgr" = "C: \ Program Files \ Windows Live \ Messenger \ MsnMsgr.exe" []
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2004/10/13 16:24 1.694.208]
"Yahoo! Pager" = "C: \ PROGRA ~ 1 \ Yahoo! \ MESSEN ~ 1 \ YAHOOM ~ 1.exe" [2007/08/30 17:43 4.670.704]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007/06/21 14:06 1.318.912]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"LaunchApp" = "Alaunch" []
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006/07/11 22:19 7.626.752]
"nwiz" = "nwiz.exe" [2006/07/11 22:19 1.519.616 C: \ WINDOWS \ system32 \ nwiz.exe]
"RTHDCPL" = "RTHDCPL.EXE" [2006/06/01 00:48 16.208.384 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006/05/16 02:04 2.879.488 C: \ WINDOWS \ SkyTel.exe]
"ntiMUI" = "C: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe" [2005/05/12 00:15 45.056]
"RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004/11/03 03:24 32.768]
"IMJPMIG8.1" = "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.e XE" [2004/08/04 05:00 208.952]
"IMEKRMIG6.1" = "C: \ WINDOWS \ ime \ imkr6_1 \ IMEKRMIG.EXE" [2004/08/04 05:00 44.032]
"MSPY2002" = "C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScI nst.exe" [2004/08/04 05:00 59.392]
"PHIME2002ASync" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.exe" [2004/08/04 05:00 455.168]
"PHIME2002A" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TIN TSETP.exe" [2004/08/04 05:00 455.168]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2006/07/11 22:19 86.016]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe" [2007/12/14 03:42 144.784]
"Acer Empowering Technology Monitor" = "C: \ WINDOWS \ system32 \ SysMonitor.exe" [2006/04/19 03:54 49.152]
"eLockMonitor" = "C: \ Acer \ Empowering Technology \ eLock \ Monitor \ LaunchMonitor.exe" [2006/03/31 18:14 16.384]
"eRecoveryService" = "C: \ Acer \ Empowering Technology \ eRecovery \ eRAgent.exe" [2006/06/01 22:40 413.696]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008/01/19 16:21 579.072]
"ZoneAlarm Client" = "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe" [2007/11/15 00:05 919.016]
"CameraFixer" = "C: \ WINDOWS \ CameraFixer.exe" [2005/10/03 11:23 20.480]
"tsnp2std" = "C: \ WINDOWS \ tsnp2std.exe" [2005/11/03 10:12 106.496]
"snp2std" = "C: \ WINDOWS \ vsnp2std.exe" [2005/08/16 21:54 339.968]
"RealTray" = "C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe" [2008/02/07 16:01 26.112]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008/01/31 23:13 385.024]
"AOLDialer" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" []
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2008/01/11 22:16 39.792]
"YBrowser" = "C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.ex e" [2006/07/21 16:19 129.536]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2004/08/04 05:00 15.360]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008/01/19 16:21 219.136]
C: \ Documents and Settings \ Christine \ Start Menu \ Programs \ Startup \
TrueAssistant.lnk - C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe [2008/02/06 15:54:00 1.060.864]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Craft ROBO Status Supervisor.lnk - C: \ Program Files \ Craft ROBO Controller \ CRSSupervisor.exe [2008/02/05 12:00:04 32.768]
hp psc 1.000 series.lnk - C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe [2003/04/09 18:21:38 147.456]
hpoddt01.exe.lnk - C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe [2003/04/09 18:11:12 28.672]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE [2001/02/13 10:01:04 83.360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006/12/20 13:55 77.824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007/04/19 13:41 294.912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Acer Empowering Technology.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Acer Empowering Technology.lnk
backup = C: \ WINDOWS \ PSS \ Acer Empowering Technology.lnkCommon Startup
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Acer WLAN 11g USB Dongle.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Acer WLAN 11g USB Dongle.lnk
backup = C: \ WINDOWS \ PSS \ Acer WLAN 11g USB Dongle.lnkCommon Startup
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Adobe Reader Speed Launch.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Reader Speed Launch.lnk
backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ AdminWorks Tray]
C: \ Acer \ LANScope Agent \ awtray.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ eDataSecurity Loader]
C: \ Acer \ Empowering Technology \ eDataSecurity \ eDSloader.exe
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =% windir% \ \ system32 \ \ sessmgr.exe: @ xpsp2res.dll, -22.019
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avginet.exe" =
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgamsvr.exe" =
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgcc.exe" =
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgemc.exe" =
"C: \ \ Program Files \ \ AOL 9,0 VR \ \ waol.exe" =
"C: \ \ Program Files \ \ Common Files \ \ aol \ \ Topspeed \ \ 3,0 \ \ aoltpsd3.exe" =
"C: \ \ Program Files \ \ Common Files \ \ aol \ \ Loader \ \ aolload.exe" =
"C: \ \ Program Files \ \ Common Files \ \ aol \ \ System Information \ \ sinf.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: @ xpsp3res.dll, -20.000
"C: \ \ Program Files \ \ Common Files \ \ aol \ \ 1200753845 \ \ ee \ \ aolsoftware.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ AOL \ \ RC \ \ regClient.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLAcsd.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" =
"C: \ \ Program Files \ \ Common Files \ \ aol \ \ 1202403305 \ \ ee \ \ aolsoftware.exe" =
"C: \ \ Program Files \ \ AOL 9,0 \ \ waol.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YServer.exe" =
"C: \ \ Program Files \ \ limewire \ \ LimeWire.exe" =
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"1947: TCP" = 1947: TCP: aizbultēt SRM
"1947: UDP" = 1947: UDP: aizbultēt SRM
R0 UBHelper; UBHelper, C: \ WINDOWS \ system32 \ drivers \ UBHe lper.sys [2004/12/17 02:14]
R2 aksfridge; aksfridge, C: \ WINDOWS \ system32 \ drivers \ ak sfridge.sys [2007/03/13 04:48]
R2 eLock2BurnerLockDriver; eLock2BurnerLockDriver, C: \ W INDOWS \ system32 \ eLock2BurnerLockDriver.sys [2006/06/05 19:30]
R2 eLock2FSCTLDriver; eLock2FSCTLDriver, C: \ WINDOWS \ sys tem32 \ eLock2FSCTLDriver.sys [2006/06/07 02:36]
R2 hasplms; aizbultēt License Manager, C: \ WINDOWS \ system32 \ hasplms.exe [2007/03/15 22:48]
R2 LockServ; LockServ, C: \ Acer \ Empowering Technology \ eLock \ LockServ.exe [2006/05/29 20:25]
R3 int15.sys; int15.sys, C: \ Acer \ Empowering Technology \ eRecovery \ int15.sys [2005/01/13 22:46]
R3 SNP2STD, USB2.0 PC Camera (SNP2STD), C: \ WINDOWS \ system32 \ drivers \ snp2sxp.sys [2005/09/21 13:31]
S3 Acer ODDSpeedControl; Acer ODDSpeedControl; "C: \ Acer \ Empowering Technology \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe" [2005/02/15 17:02]
S3 CADlink; CADlink, C: \ Graphtec DesignMaster Web \ CADlink.sys [2007/09/25 17:10]
S3 libusb0; LibUsb-Win32 - Kernel Driver, Version 0.1.12.1, C: \ WINDOWS \ system32 \ drivers \ libusb0.sys [2007/03/20 19:33]
S3 psdfilter; psdfilter, C: \ WINDOWS \ System32 \ Drivers \ ps dfilter.sys []
S3 psdvdisk; psdvdisk, C: \ WINDOWS \ System32 \ Drivers \ psdv disk.sys []
S3 ZD1211BU (ZyDAS); ZyDAS ZD1211B IEEE 802.11 b + g Wireless LAN Driver (USB) (ZyDAS), C: \ WINDOWS \ system32 \ drivers \ zd1211Bu. SYS []
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (a8054a34-c869-11dc-abff-806d6172696f)]
\ Shell \ Autorun \ komandu - E: \ CDM.EXE
.
Saturs "Scheduled Tasks" mape
"2008/02/22 23:07:37 C: \ WINDOWS \ Uzdevumi \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
"2008/02/06 15:27:09 C: \ WINDOWS \ Uzdevumi \ FRU Task # Hewlett-Packard # HP PSC 1.200 sērija # 1202310815.job"
- C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ Bin \ hpqfrucl.exe4-I
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/02/23 11:41:00
Windows 5.1.2600 Service Pack 2 NTFS
skenēšana slēptās procesi ...
skenēšana slēptās palaišana ieraksti ...
skenēšana slēptos failus ...
scan sekmīgi pabeigta
slēptos failus: 0
************************************************** ************************
.
Pabeigšanas laiks: 2008/02/23 11:41:41
ComboFix-karantīnā-files.txt 2008/02/23 11:41:38
.
2008/02/15 09:53:53 --- EOF ---



  #9  
Old Februāris 23, 2008, 12:37
Moderator Group
  
Default Contextadvisor - pop up vadītāja me mad

Items atinstalēt
  • Browser Optimizer Adssite
  • tirdzniecības
  • Enhancement Browser Tools Rightonadz
  • J2SE Runtime Environment 5,0 Update 6
  • Java (TM) 6 Update 3
  • Viedoklis Media Player
----------

Lejupielādēt Vundofix.exe uz Jūsu rakstāmgalda.
  • Veiciet dubultklikšķi uz VundoFix.exe lai tā varētu darboties.
  • Put pārbaude blakus Run VundoFix kā uzdevums.
  • Jūs saņemsiet ziņojumu, kurā teikts vundofix slēgs un atkārtotu reģistrēšanu, minūte vai mazāks. Click OK
  • Kad VundoFix atkal atveras, noklikšķiniet uz Meklēt Vundo pogu.
  • Kad tas ir izdarīts skenēšanai, noklikšķiniet uz Noņemt Vundo pogu.
  • Jūs saņemsiet ātru jautā, ja jūs vēlaties izņemt failus, noklikšķiniet uz
  • Kad jūs noklikšķiniet uz Jā, darbvirsmā būs iet tukšā, jo tas sāk likvidēt Vundo.
  • Kad pabeigts, tas liks, ka tas shutdown jūsu datorā, noklikšķiniet uz OK.
  • Pārvērtiet savu datoru atpakaļ.
  • Lūdzu, sūtiet C saturs: \vundofix.txt.

Piezīme: Ir iespējams, ka VundoFix radās failu nevar noņemt. Šādā gadījumā VundoFix darbosies reboot, vienkārši izpildiet iepriekš instrukcijas, sākot no "Click Meklēt Vundo pogu", kad VundoFix parādās reboot.

Please let Vundo apdare, dažreiz to var veikt vairākas iet

----------

Lūdzu, dodieties uz šo ziņu uzstādīt, skenēšanas un saglabāt log no AVG Antispyware.

----------

Next post
Vundofix log
Iet uz C: \ SDFix un meklēt Fails Report.txt un pēc šo žurnālu arī.
__________________
  #10  
Old Februāris 23, 2008, 13:37
Donors Group
  
Default Contextadvisor - pop up vadītāja me mad

hi skrēja Vundo bet i cant post žurnālā, kā tas neražo vienu, jo teica, ka nebija inficēto failu, arī nevarēja novērst tirdzniecības no programmām parādījās kļūda, lūdzu skatīt ekrānuzņēmums pievienots un i ir Spybot instalēta uz mana pc kas i darbojas visu laiku, spyware so i man tiešām ir jāuzstāda vēl viena par manu datoru?
Attached Sīktēli
Contextadvisor - pop up driving me mad-4.jpg  
Reply
Page 1 of 3 1 23

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Sulas.
Kontaktpersona -- Privacy -- Sitemap -- Augša

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO līdz 2009 vBSEO ©, Crawlability, Inc