[Mohi212]

čau. Mans dators ir noteikti inficēt ar Trojas, ļaunprātīgu programmatūru vai spiegprogrammatūru. kad es atveru savu datoru, balonu pops up no uzdevumjoslas, sakot, ka mans dators ir inficēts, un pēkšņi visas šīs reklāmas pop izveido un regulāri atverot jaunas. un es uzskatu, diplomdarbus procesi, ko redzu Task Manager ir respnsible

kaut kā lssmon.exe, lssmgr.exe (nevar tieši būt vienāds) cuz kad es aizvērtu balons pazūd.

Anyways, šeit ir mana nolaupīt žurnālu, lai Plz help me out.


Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 1:52:14 gada 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running procesiem:
D: \ WINDOWS \ System32 \ Smss.exe
D: \ WINDOWS \ SYSTEM32 \ winlogon.exe
D: \ WINDOWS \ system32 \ services.exe
D: \ WINDOWS \ system32 \ lsass.exe
D: \ WINDOWS \ system32 \ svchost.exe
D: \ WINDOWS \ System32 \ svchost.exe
D: \ WINDOWS \ explorer.exe
D: \ WINDOWS \ system32 \ svchost.exe
D: \ WINDOWS \ system32 \ slserv.exe
D: \ WINDOWS \ system32 \ wscntfy.exe
D: \ Program Files \ Opera \ opera.exe
E: \ ALL Programmatūra \ HiJackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar =

http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page =

http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = aptuveni: blank
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) =

http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
F2 - REG: SYSTEM.INI: Shell = Explorer.exe ssvichosst.exe
O2 - BHO: DAPHelper Class - (0000CC75-ACF3-4cac-A0A9-DD3868E06852) - D: \ Program

Files \ DAP \ DAPBHO.dll
O2 - BHO: IDM Helper - (0055C089-8.582-441B-A0BF-17B458C2A3A8) - D: \ Program Files \ Internet

Download Manager \ IDMIECC.dll
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Skype add-on (mastermind) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - D: \ Program

Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8.333-CF10577473F7) - D: \ program

Files \ Google \ googletoolbar2.dll
O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - D: \ program

Files \ Google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "D: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [PCSuiteTrayApplication] D: \ Program Files \ Nokia \ Nokia PC Suite

6 \ LaunchApplication.exe-starta
O4 - HKLM \ .. \ Run: [googletalk] D: \ Program Files \ Google \ Google Talk \ googletalk.exe / palaišana
O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] D: \ WINDOWS \ system32 \ LSSMON.EXE
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe

/ NoDialog (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe

/ NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
Ø8 - ārpus konteksta menu item: & Download ar & DAP - D: \ PROGRA ~ 1 \ DAP \ dapextie.htm
Ø8 - ārpus konteksta menu item: Download & visi ar DAP - D: \ PROGRA ~ 1 \ DAP \ dapextie2.htm
Ø8 - ārpus konteksta menu item: Download visas saites ar IDM - D: \ Program Files \ Internet Download

Manager \ IEGetAll.htm
Ø8 - ārpus konteksta menu item: Download FLV video saturu IDM - D: \ Program Files \ Internet Download

Manager \ IEGetVL.htm
Ø8 - ārpus konteksta menu item: Download ar IDM - D: \ Program Files \ Internet Download

Manager \ IEExt.htm
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel --

res: / / D: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
Ø9 - Extra button: Run DAP - (669695BC-A811-4A9D-8CDF-BA8C795F261C) --

D: \ PROGRA ~ 1 \ DAP \ DAP.EXE
Ø9 - Extra button: Skype - (77BF5300-1.474-4EC7-9.980-D32B190E9B07) - D: \ Program

Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
Ø9 - Extra button: AIM - (AC9E2541-2.814-11d5-BC6D-00B0D0A1DE45) - D: \ Program Files \ AIM \ aim.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - D: \ Program

Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) --

D: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9.458-1830C7DD7F5D) --

D: \ PROGRA ~ 1 \ Common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Ares tērzētavu serveri (AresChatServer) - Ares Development Group - D: \ Program

Files \ Ares \ chatServer.exe
O23 - Service: Avast! Antivirus Avast! SamSs (Avast! SamSs) - Unknown īpašnieks --

D: \ WINDOWS \ system32 \ dllcaches.exe
O23 - Service: Google Updater Service (gusvc) - Google - D: \ Program Files \ Google \ Common \ Google

Updater \ GoogleUpdaterService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown īpašnieks - D: \ Program Files \ Sunbelt

Software \ CounterSpy \ SBCSSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D: \ WINDOWS \ SYSTEM32 \ slserv.exe

--
End of failu - 4.603 bytes

[evilfantasy]

Hello Mohi212. Welcome to CJ.

Disable CounterSpy lai tas nebloķē labojumus mēs.

Right click ikonu un izslēdziet CounterSpy.

----------

Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai.

Vieta atzīme blakus šādiem ierakstiem: (ja ir)

• O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
• O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] D: \ WINDOWS \ system32 \ LSSMON.EXE
• O23 - Service: Avast! Antivirus Avast! SamSs (Avast! SamSs) - Unknown īpašnieks - D: \ WINDOWS \ system32 \ dllcaches.exe

Svarīgi: Aizveriet visus logus, izņemot HijackThis un pēc tam noklikšķiniet uz Fix pārbaudīja.

Iziet HijackThis.

----------

Doties uz Start> Run un tips Notepad.exe noklikšķiniet uz OK.

Nokopējiet un ielīmējiet turpmāk teksta kods kārbas, jauns Notepad fails.

Kods:

@ ECHO OFF sc stop Avast! SamSs sc izdzēst Avast! SamSs izejas

In Notepad izv Fails un Saglabāt kā
Izvēlieties Saglabāt, lai vietā, ko Desktop un Faila nosaukums: tips fixme.bat pārliecinoties, ka Saglabāt kā tipu lauka saka Visi faili.

Next dubultklikšķis fixservice.bat lai tā varētu darboties.
Melnā kaste vajadzētu atvērt un aizvērt pēc neilga laika, tas ir normāli.
Neturpina, līdz melnā kaste ir slēgts
Dzēst fixservice.bat no darbvirsmas.

----------

Piezīme: Instrukcijas turpmāk tika izveidota speciāli šim lietotājam. Ja Jums nav šī lietotāja, DO NOT ievērojiet šos norādījumus, jo tie varētu kaitēt jūsu sistēmas darbības principus

Doties uz Start> Run un tips notepad.exe noklikšķiniet uz OK

Kopēt tekstu kodeksā lodziņā zemāk un ielīmējiet to Notepad.

Kods:

REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] "Layersecurity Servicemonitor" =-

In Notepad atveriet File> Save as ...

Blakus Faila nosaukums: veids fixme.reg Izmantojiet nolaižamo lodziņu blakus Save as type: un izvēlieties Visi faili. Saglabājiet to uz darbvirsmas.

Tur šobrīd būtu failu Desktop, kas izskatās šādi

Veiciet dubultklikšķi uz fixme.reg, un tas varētu apvienot ar reģistru.

Jūs varat neredzēt kaut notikt, bet arī tā dažas sekundes vai arī tā līdz beigām.

Tagad izdzēst fixme.reg failu no darbvirsmas.

Restart Computer.

----------

Tagad sākas jauna HijackThis skenēšanas un pasta žurnālā.

Svarīgi: Kad no HijackThis log pārādās in Notepad, pirms kopēšanas tā, ejiet uz Formāts un noklikšķiniet uz Word wrap. Tad nokopējiet un ielīmējiet log šeit.

[Mohi212]

hey thanks for your help. bet kad es atsākt pc, pop up joprojām atvēršanai un ka balons sakot, spyware konstatēta. noklikšķiniet šeit, lai uzstādītu anti-vīrusu joprojām parādās

Anyways, šeit ir nolaupīt log pēc restart.


Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 5:03:35 gada 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running procesiem:
D: \ WINDOWS \ System32 \ Smss.exe
D: \ WINDOWS \ SYSTEM32 \ winlogon.exe
D: \ WINDOWS \ system32 \ services.exe
D: \ WINDOWS \ system32 \ lsass.exe
D: \ WINDOWS \ system32 \ svchost.exe
D: \ WINDOWS \ System32 \ svchost.exe
D: \ WINDOWS \ explorer.exe
D: \ WINDOWS \ system32 \ Spoolsv.exe
D: \ WINDOWS \ system32 \ slserv.exe
D: \ WINDOWS \ system32 \ wscntfy.exe
E: \ ALL Programmatūra \ HiJackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = aptuveni: blank
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
F2 - REG: SYSTEM.INI: Shell = Explorer.exe ssvichosst.exe
O2 - BHO: DAPHelper Class - (0000CC75-ACF3-4cac-A0A9-DD3868E06852) - D: \ Program Files \ DAP \ DAPBHO.dll
O2 - BHO: IDM Helper - (0055C089-8.582-441B-A0BF-17B458C2A3A8) - D: \ Program Files \ Internet Download Manager \ IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - D: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8.333-CF10577473F7) - D: \ Program Files \ Google \ googletoolbar2.dll
O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - D: \ Program Files \ Google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "D: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [PCSuiteTrayApplication] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe-starta
O4 - HKLM \ .. \ Run: [googletalk] D: \ Program Files \ Google \ Google Talk \ googletalk.exe / palaišana
O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] D: \ WINDOWS \ system32 \ LSSMON.EXE
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
Ø8 - ārpus konteksta menu item: & Download ar & DAP - D: \ PROGRA ~ 1 \ DAP \ dapextie.htm
Ø8 - ārpus konteksta menu item: Download & visi ar DAP - D: \ PROGRA ~ 1 \ DAP \ dapextie2.htm
Ø8 - ārpus konteksta menu item: Download visas saites ar IDM - D: \ Program Files \ Internet Download Manager \ IEGetAll.htm
Ø8 - ārpus konteksta menu item: Download FLV video saturu IDM - D: \ Program Files \ Internet Download Manager \ IEGetVL.htm
Ø8 - ārpus konteksta menu item: Download ar IDM - D: \ Program Files \ Internet Download Manager \ IEExt.htm
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / D: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
Ø9 - Extra button: Run DAP - (669695BC-A811-4A9D-8CDF-BA8C795F261C) - D: \ PROGRA ~ 1 \ DAP \ DAP.EXE
Ø9 - Extra button: Skype - (77BF5300-1.474-4EC7-9.980-D32B190E9B07) - D: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
Ø9 - Extra button: AIM - (AC9E2541-2.814-11d5-BC6D-00B0D0A1DE45) - D: \ Program Files \ AIM \ aim.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - D: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - D: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9.458-1830C7DD7F5D) - D: \ PROGRA ~ 1 \ Common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Ares tērzētavu serveri (AresChatServer) - Ares Development Group - D: \ Program Files \ Ares \ chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - D: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown īpašnieks - D: \ Program Files \ Sunbelt Software \ CounterSpy \ SBCSSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D: \ WINDOWS \ SYSTEM32 \ slserv.exe

--
End of failu - 4.384 bytes

[evilfantasy]

Lejupielādēt Malwarebytes "Anti-Malware (MBAM)

• Veiciet dubultklikšķi uz mbam-setup.exe un sekojiet norādījumiem, lai instalētu programmu.
• Gada beigās, pārliecinieties atzīmes atrodas blakus šādi:
  • Update Malwarebytes "Anti-Malware
  • Launch Malwarebytes "Anti-Malware
• Pēc tam noklikšķiniet uz Apdare.
• Ja atjaunināšana ir atrasts, tas lejupielādētu un instalētu jaunāko versiju.
• Kad programma ir piekrauts, izvēlieties Veikt quick scan, Tad noklikšķiniet uz Scan.
• Kad skenēšana ir pabeigta, noklikšķiniet uz OK, Tad Parādīt rezultātus apskatīt rezultātus.
• Pārliecinieties, ka viss ir pārbaudīts, un noklikšķiniet uz Noņemt atlasīto.
• Kad dezinfekcija ir pabeigta, log atvērsies Notepad un jums var tikt piedāvāts restartēt. (Skatīt Extra piezīmi)
• Log tiek automātiski saglabāts ar MBAM un to var apskatīt, noklikšķinot Baļķi cilnē MBAM.
• Kopēt un ielīmēt visu ziņojumu savā nākamajā atbildi.

Extra Piezīme: Ja MBAM sastopas failu, kas ir grūta, Jums tiks parādīts 1 of 2 uzvednes, noklikšķiniet uz Labi, lai nu un ļaujiet MBAM rīkoties ar dezinfekcijas procesu, ja prasīts restartēt datoru, lūdzu, dariet to nekavējoties.

[Mohi212]

šis rezultāts ir pilna skenēšanu. kad man bija ātrs to atklāt adware, kuru es noņemts.

Malwarebytes "Anti-Malware 1,26
Database version: 1120
Windows 5.1.2600 Service Pack 2

9/7/2008 2:21:54
mbam-log-2008-09-07 (02-21-54). txt

Scan type: Full Scan (D: \ |)
Objekti skenēts: 92.811
Pagājušo laiku: 38 minūte (s), 35 second (s)

Memory Processes Inficētie: 0
Memory Modules Inficētie: 0
Registry Keys Inficētie: 0
Reģistra vērtības Inficētie: 0
Registry Data Items Infected: 0
Mapes Inficētie: 0
Faili Inficētie: 0

Atmiņas procesi Inficētie:
(No ļaunprātīgs preces konstatētas)

Memory Modules Inficētie:
(No ļaunprātīgs preces konstatētas)

Registry Keys Inficētie:
(No ļaunprātīgs preces konstatētas)

Reģistra vērtības Inficētie:
(No ļaunprātīgs preces konstatētas)

Registry Data Items Infected:
(No ļaunprātīgs preces konstatētas)

Mapes Inficētie:
(No ļaunprātīgs preces konstatētas)

Faili Inficētie:
(No ļaunprātīgs preces konstatētas)

[evilfantasy]

Download ComboFix by subs no vienas no saitēm. Pārliecinieties top saglabājiet to Desktop.

Link # 1
Link # 2

** Piezīme: Ir svarīgi, ka tā ir saglabāta tieši jūsu Desktop

Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc) pirms uzsākt ComboFix.

Laiku sakropļot jūsu antivīruss, Un jebkuru antispyware reāllaika aizsardzību pirms veic skenēšanu. Click šo saiti redzēt sarakstu drošības programmas, kas ir invalīdi un to, kā pārtraukt to darbību.

Dubultklikšķi combofix.exe un sekojiet norādījumiem.
Kad pabeigts ComboFix ražos log for you.
Post ComboFix log un jaunu HijackThis log Jūsu nākamo atbildi.

Svarīgi: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt to apstāsies.

Atcerieties, ka jauna aktivizētu jūsu antivīrusu un antispyware aizsardzību, ja ComboFix ir pabeigta.

[Mohi212]

Šeit ir Combo noteikt log. Kad pēc atsākšanas, tas bija pieņemšanas žurnālu, kas pop-ups un gaisa balona parādījās atkal.

šeit tā ir.

ComboFix 08-09-05.02 - Burhan 2008-09-07 13:40:43.1 -- FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.24 [GMT 5:00] Running no: D: \ Documents and Settings \ Burhan \ Desktop \ ComboFix.exe
* Izveido jaunu atjaunošanas punktu

WARNING, šī mašīna nav atkop Installed!
.

((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

D: \ Documents and Settings \ Burhan \ Cookies \ burhan@ad.yieldmanager [1]. Txt
D: \ Documents and Settings \ Burhan \ Cookies \ burhan @ antispywaremaster [2]. Txt
D: \ Documents and Settings \ Burhan \ Local Settings \ Temporary Internet Files \ descript.ion
D: \ setup.exe
D: \ WINDOWS \ system32 \ autorun.ini
D: \ WINDOWS \ system32 \ avpo0.dll
D: \ WINDOWS \ system32 \ SCVHSOT.exe
D: \ WINDOWS \ system32 \ setting.ini
D: \ WINDOWS \ system32 \ spool.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers / Pakalpojumi )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_CSNETMANAGERXP
------- \ Legacy_SYSREST.SYS


((((((((((((((((((((((((( Faili Created no 2008/08/07 līdz 2008/09/07 ))))))))))) ))))))))))))))))))))
.

2008/09/07 13:47. 2008/09/07 13:47 <DIR> d - hs ---- D: \ FOUND.145
2008/09/06 13:10. 2008/09/06 13:10 <DIR> d -------- D: \ Program Files \ XoftSpySE
2008/09/06 00:19. 2008/09/06 00:19 <DIR> d - hs ---- D: \ FOUND.144
2008/09/05 23:07. 2008/09/05 23:37 741.376 - ------ D: \ WINDOWS \ system32 \ msupd32.exe
2008/09/05 22:29. 2008/09/05 23:37 741.376 - ------ D: \ WINDOWS \ system32 \ LSSMON.EXE
2008/09/05 22:29. 2008/09/04 17:49 17.920 - ------ D: \ WINDOWS \ system32 \ LSASSMGR.EXE
2008/09/05 17:04. 2008/09/05 22:41 54.156 - ah ----- D: \ WINDOWS \ QTFont.qfn
2008/09/05 17:04. 2008/09/05 17:04 1.409 - ------ D: \ WINDOWS \ QTFont.for
2008/09/05 15:15. 2008/09/07 13:48 0 - ------ D: \ WINDOWS \ system32 \ bsc32.dll
2008/09/05 15:14. 2008/09/05 15:14 <DIR> d - hs ---- D: \ FOUND.143
2008/09/05 13:25. 2008/09/05 13:25 <DIR> d - hs ---- D: \ FOUND.142
2008/09/05 00:39. 2008/09/05 00:39 <DIR> d - hs ---- D: \ FOUND.141
2008/09/04 18:19. 2008/09/04 18:19 <DIR> d -------- D: \ Documents and Settings \ LocalService \ Application Data \ Yahoo!
2008/09/04 17:49. 2008/09/05 23:37 741.376 - ------ D: \ WINDOWS \ divx32.dll
2008/09/04 17:49. 2008/09/04 17:49 17.920 - ------ D: \ WINDOWS \ system32 \ srtsrv32.exe
2008/09/04 17:48. 2008/09/05 12:40 741.376 - ------ D: \ WINDOWS \ system32 \ upd01.exe
2008/09/04 17:45. 2008/09/04 17:45 <DIR> d - hs ---- D: \ FOUND.140
2008/09/04 07:11. 2008/09/04 07:11 <DIR> d -------- D: \ Documents and Settings \ Burhan \ Application Data \ Yahoo!
2008/09/03 12:21. 2008/09/03 12:21 <DIR> d - hs ---- D: \ FOUND.139
2008/09/01 20:51. 2008/09/01 20:51 <DIR> d - hs ---- D: \ FOUND.138
2008/08/31 13:53. 2008/08/31 13:53 <DIR> d - hs ---- D: \ FOUND.137
2008/08/28 23:04. 2008/08/28 23:04 <DIR> d - hs ---- D: \ FOUND.136
2008/08/27 08:13. 2008/08/27 08:13 <DIR> d - hs ---- D: \ FOUND.135
2008/08/27 00:54. 2008/08/27 00:54 4.096 - ------ D: \ WINDOWS \ d3dx.dat
2008/08/26 10:33. 2008/08/26 10:33 <DIR> d - hs ---- D: \ FOUND.134
2008/08/26 02:27. 2008/08/26 02:27 <DIR> d - hs ---- D: \ FOUND.133
2008/08/26 01:07. 2008/08/26 01:07 <DIR> d - hs ---- D: \ FOUND.132
2008/08/26 00:15. 2008/08/26 00:15 <DIR> d - hs ---- D: \ FOUND.131
2008/08/25 23:13. 2008/08/25 23:13 <DIR> d -------- D: \ Program Files \ Microsoft Encarta
2008/08/25 18:41. 2008/08/25 18:41 <DIR> d - hs ---- D: \ FOUND.130
2008/08/25 17:09. 2008/08/25 17:09 <DIR> d - hs ---- D: \ FOUND.129
2008/08/25 08:14. 2008/08/25 08:14 <DIR> d - hs ---- D: \ FOUND.128
2008/08/25 06:09. 2008/08/25 06:09 23.552 - ------ D: \ Documents and Settings \ Burhan \ S87ekhV.exe
2008/08/25 06:00. 2008/08/25 06:00 <DIR> d - hs ---- D: \ FOUND.127
2008/08/25 05:36. 2008/08/25 05:36 <DIR> d - hs ---- D: \ FOUND.126
2008/08/24 23:36. 2008/08/24 23:36 <DIR> d - hs ---- D: \ FOUND.125
2008/08/24 03:11. 2008/08/24 03:11 <DIR> d - hs ---- D: \ FOUND.124
2008/08/23 12:06. 2008/08/23 12:06 <DIR> d - hs ---- D: \ FOUND.123
2008/08/23 10:55. 2008/08/23 10:55 <DIR> d - hs ---- D: \ FOUND.122
2008/08/23 08:38. 2008/08/23 08:38 <DIR> d - hs ---- D: \ FOUND.121
2008/08/23 01:49. 2008/08/23 01:49 <DIR> d - hs ---- D: \ FOUND.120
2008/08/22 18.20. 2008/08/22 18:20 <DIR> d - hs ---- D: \ FOUND.119
2008/08/20 21:05. 2008/08/20 21:05 <DIR> d -------- D: \ spoolerlogs
2008/08/19 22:32. 2008/08/19 22:32 <DIR> d - hs ---- D: \ FOUND.118
2008/08/19 22:12. 2008/08/19 22:12 <DIR> d - hs ---- D: \ FOUND.117
2008/08/19 16:13. 2008/08/19 16:13 <DIR> d - hs ---- D: \ FOUND.116
2008/08/18 03:50. 2008/08/18 03:51 108 - ------ D: \ Documents and Settings \ Burhan \ Application Data \ netstat.bat
2008/08/17 09:54. 2008/08/17 09:54 <DIR> d - hs ---- D: \ FOUND.115
2008/08/13 02:42. 2008/08/13 02:42 <DIR> d - hs ---- D: \ FOUND.114
2008/08/12 16:17. 2008/08/12 16:17 <DIR> d - hs ---- D: \ FOUND.113
2008/08/11 13:37. 2008/09/05 22:31 0 - ------ D: \ WINDOWS \ system32 \ sc02.sc
2008/08/11 13:33. 2008/08/11 13:33 <DIR> d - hs ---- D: \ FOUND.112
2008/08/11 10:55. 2008/08/11 10:55 857.037 - ------ D: \ WINDOWS \ system32 \ CSRLT.EXE
2008/08/11 10:55. 2008/08/11 10:55 857.037 - ------ D: \ WINDOWS \ MSBLT.EXE
2008/08/09 02:36. 2008/08/09 02:36 <DIR> d - hs ---- D: \ FOUND.111
2008/08/08 21:17. 2008/08/08 21:17 <DIR> d - hs ---- D: \ FOUND.110
2008/08/08 16:54. 2008/08/08 16:54 <DIR> d - hs ---- D: \ FOUND.109
2008/08/08 02:35. 2008/08/08 02:35 <DIR> d -------- D: \ Documents and Settings \ Burhan \ Application Data \ GlarySoft
2008/08/08 02:20. 2008/08/08 02:20 <DIR> d -------- D: \ Program Files \ Glary Registry Repair
2008/08/08 00:18. 2008/08/08 00:18 <DIR> d -------- D: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008/08/07 20:27. 2008/08/07 20:27 <DIR> d -------- D: \ Program Files \ Internet Download Manager
2008/08/07 20:27. 2008/08/07 20:27 <DIR> d -------- D: \ Documents and Settings \ Burhan \ Application Data \ IDM
2008/08/07 14:01. 2008/08/07 14:01 <DIR> d - hs ---- D: \ FOUND.108
2008/08/07 01:26. 2008/08/07 01:26 <DIR> d -------- D: \ Documents and Settings \ All Users \ Application Data \ TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/09/01 19:16 38.528 ---- aw D: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008/09/01 19:16 17.200 ---- aw D: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008/08/04 22:08 109.150 ---- aw D: \ WINDOWS \ system32 \ drivers \ b88b9e8e.sys
2008/08/04 16:05 --------- d ----- w D: \ Program Files \ Malwarebytes "Anti-Malware
2008/08/04 16:05 --------- d ----- w D: \ Documents and Settings \ Burhan \ Application Data \ Malwarebytes
2008/08/04 16:05 --------- d ----- w D: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008/07/30 16:24 499.712 ---- aw D: \ WINDOWS \ system32 \ msvcp71.dll
2008/07/30 16:24 348.160 ---- aw D: \ WINDOWS \ system32 \ msvcr71.dll
2008/07/29 22:43 --------- d ----- w D: \ Documents and Settings \ All Users \ Application Data \ ACD Systems
2008/07/29 22:42 --------- d ----- w D: \ Program Files \ Common Files \ ACD Systems
2008/07/29 22:42 --------- d ----- w D: \ Program Files \ ACD Systems
2008/07/21 16:50 --------- d ----- w D: \ Documents and Settings \ Burhan \ Application Data \ uTorrent
2008/07/21 11:05 --------- d ----- w D: \ Program Files \ uTorrent
2008/07/19 19:28 --------- d ----- w D: \ Documents and Settings \ Burhan \ Application Data \ DMCache
2008/07/19 10:00 --------- d ----- w D: \ Program Files \ Common Files \ L & H
2008/07/17 13:32 --------- d ----- w D: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab Setup Files
2008/07/17 01:11 --------- d ----- w D: \ Program Files \ Ares
2008/07/16 23:15 --------- d ----- w D: \ Program Files \ Advantage
2008/07/09 22:08 41.984 - sh - R D: \ WINDOWS \ system32 \ dllcaches.exe
2008/06/27 21:05 33.576 ---- aw D: \ Documents and Settings \ Burhan \ Application Data \ GDIPFONTCACHEV1.DAT
2008/06/22 15:33 7.680 ---- aw D: \ WINDOWS \ system32 \ ff_vfw.dll
2008/06/22 15:33 60.273 ---- aw D: \ WINDOWS \ system32 \ pthreadGC2.dll
.

------- Sigcheck -------

2004/08/03 21:14 359.040 1745b00fc1141404b28f4b94f69a8871 D: \ WINDOWS \ system32 \ drivers \ Tcpip.sys
2004/08/03 21:14 359.040 1745b00fc1141404b28f4b94f69a8871 D: \ WINDOWS \ system32 \ dllcache \ Tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = "D: \ Program Files \ QuickTime \ qttask.exe" [2006/09/01 282.624]
"PCSuiteTrayApplication" = "D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe" [2007/06/18 271.360]
"googletalk" = "D: \ Program Files \ Google \ Google Talk \ googletalk.exe" [2007/01/02 3.739.648]
"Layersecurity Servicemonitor" = "D: \ WINDOWS \ system32 \ LSSMON.EXE" [2008/09/05 741.376]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Nokia.PCSync" = "D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe" [2007/06/19 1.241.088]

D: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Microsoft Office.lnk - D: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE [2001/02/13 83.360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = sockspy.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.D263" = xl_x263dec.dll
"VIDC.YV12" = xl_yv12.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izpildes iespējām \ firefox.exe]
"Debugger" = D: \ Program Files \ Mozilla Firefox \ firefoxe.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izpildes iespējām \ iexplore.exe]
"Debugger" = D: \ Program Files \ Internet Explorer \ iexplor.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izpildes iespējām \ Spoolsv.exe]
"Debugger" = D: \ WINDOWS \ system32 \ spool.exe

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"D: \ \ Program Files \ \ Ares \ \ Ares.exe" =
"D: \ \ Program Files \ \ AIM \ \ aim.exe" =
"D: \ \ Program Files \ \ Messenger \ \ MSMSGS.EXE" =
"D: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" =
"D: \ \ Program Files \ \ MSN Messenger \ \ livecall.exe" =
"D: \ \ Program Files \ \ NetMeeting \ \ conf.exe" =
"D: \ \ Program Files \ \ Opera \ \ Opera.exe" =
"D: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" =
"D: \ \ Program Files \ \ Google \ \ Google Talk \ \ googletalk.exe" =
"D: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"5000: TCP" = 5000: TCP: AresChatServer

R2 dmsmbios; dmsmbios, D: \ WINDOWS \ system32 \ dmsmbios.sys [2001/05/31 16.480]
R3 XIRLINK; IBM PC Camera, D: \ WINDOWS \ system32 \ drivers \ C-itnt.sys [1999/10/19 435.655]
S0 SBHR; SBHR, D: \ WINDOWS \ system32 \ drivers \ sbhr.sys []
S1 b88b9e8e; b88b9e8e, D: \ WINDOWS \ system32 \ drivers \ b88b 9e8e.sys [2008/08/05 109.150]
S3 AvFlt; Antivirus Filter Driver; D: \ WINDOWS \ system32 \ drivers \ av5flt.sys []
S3 SBRE, SBRE, D: \ WINDOWS \ system32 \ drivers \ SBREdrv.sys []

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (7bd71c60-e76a-11dc-a790-00065b298742)]
\ Shell \ Autorun \ komanda - ntde1ect.com
\ Shell \ izpētīt \ Command - ntde1ect.com
\ Shell \ atvērt \ Command - ntde1ect.com

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (9dd929e0-69d0-11dd-a9b5-00065b298742)]
\ Shell \ Autorun \ komandu - H: \ ntde1ect.com
\ Shell \ izpētīt \ Command - H: \ ntde1ect.com
\ Shell \ atvērt \ Command - H: \ ntde1ect.com

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (def7f600-a9a1-11dc-A733-00065b298742)]
\ Shell \ Autorun \ komandu - H: \ ntde1ect.com
\ Shell \ izpētīt \ Command - H: \ ntde1ect.com
\ Shell \ atvērt \ Command - H: \ ntde1ect.com
.
Saturs "Scheduled Tasks" mape
.
.
------- Papildu Scan -------
.
FireFox -: Profile - D: \ Documents and Settings \ Burhan \ Application Data \ Mozilla \ Firefox \ Profiles \ 419o3i2e.default \
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp: / / www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q =
FireFox -: prefs.js - STARTUP.HOMEPAGE - par: blank
FF -: Plugin - D: \ Program Files \ Yahoo! \ Shared \ npYState.dll
.
.
------- File Associations (Beta) -------
.
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/09/07 13:48:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenēšana slēptās procesi ...

D: \ Program Files \ Internet Explorer \ iexplor.exe [492] 0xFF7A8620
D: \ WINDOWS \ system32 \ LSASSMGR.EXE [1.872] 0xFF832D60
D: \ WINDOWS \ system32 \ LSASSMGR.EXE [524] 0xFF8FD600

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptos failus: 0

************************************************** ************************
.
------------------------ Citi Running Processes ----------------------- --
.
D: \ WINDOWS \ system32 \ wdfmgr.exe
D: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
D: \ WINDOWS \ system32 \ wscntfy.exe
D: \ Program Files \ Internet Explorer \ iexplore.exe
.
************************************************** ************************
.
Izpildes laiks: 2008-09-07 13:52:17 - mašīna bija rebooted
ComboFix-karantīnā-files.txt 2008/09/07 08:51:54

Pre-Run: 253.583.360 bytes free
Post-Run: 537.141.248 bytes free

216


Šeit ir nolaupīt log


Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 12:59:52, ar 9/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running procesiem:
D: \ WINDOWS \ System32 \ Smss.exe
D: \ WINDOWS \ system32 \ winlogon.exe
D: \ WINDOWS \ system32 \ services.exe
D: \ WINDOWS \ system32 \ lsass.exe
D: \ WINDOWS \ system32 \ svchost.exe
D: \ WINDOWS \ System32 \ svchost.exe
D: \ WINDOWS \ system32 \ wscntfy.exe
D: \ WINDOWS \ explorer.exe
D: \ WINDOWS \ system32 \ taskmgr.exe
E: \ ALL Programmatūra \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = aptuveni: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: DAPHelper Class - (0000CC75-ACF3-4cac-A0A9-DD3868E06852) - D: \ Program Files \ DAP \ DAPBHO.dll
O2 - BHO: IDM Helper - (0055C089-8.582-441B-A0BF-17B458C2A3A8) - D: \ Program Files \ Internet Download Manager \ IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - D: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8.333-CF10577473F7) - D: \ Program Files \ Google \ googletoolbar2.dll
O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - D: \ Program Files \ Google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "D: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [PCSuiteTrayApplication] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe-starta
O4 - HKLM \ .. \ Run: [googletalk] D: \ Program Files \ Google \ Google Talk \ googletalk.exe / palaišana
O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] D: \ WINDOWS \ system32 \ LSSMON.EXE
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [Nokia.PCSync] D: \ Program Files \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
Ø8 - ārpus konteksta menu item: & Download ar & DAP - D: \ PROGRA ~ 1 \ DAP \ dapextie.htm
Ø8 - ārpus konteksta menu item: Download & visi ar DAP - D: \ PROGRA ~ 1 \ DAP \ dapextie2.htm
Ø8 - ārpus konteksta menu item: Download visas saites ar IDM - D: \ Program Files \ Internet Download Manager \ IEGetAll.htm
Ø8 - ārpus konteksta menu item: Download FLV video saturu IDM - D: \ Program Files \ Internet Download Manager \ IEGetVL.htm
Ø8 - ārpus konteksta menu item: Download ar IDM - D: \ Program Files \ Internet Download Manager \ IEExt.htm
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / D: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
Ø9 - Extra button: Run DAP - (669695BC-A811-4A9D-8CDF-BA8C795F261C) - D: \ PROGRA ~ 1 \ DAP \ DAP.EXE
Ø9 - Extra button: Skype - (77BF5300-1.474-4EC7-9.980-D32B190E9B07) - D: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
Ø9 - Extra button: AIM - (AC9E2541-2.814-11d5-BC6D-00B0D0A1DE45) - D: \ Program Files \ AIM \ aim.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - D: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - D: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9.458-1830C7DD7F5D) - D: \ PROGRA ~ 1 \ Common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Ares tērzētavu serveri (AresChatServer) - Ares Development Group - D: \ Program Files \ Ares \ chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - D: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown īpašnieks - D: \ Program Files \ Sunbelt Software \ CounterSpy \ SBCSSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - D: \ Program Files \ PC Connectivity Solution \ ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D: \ WINDOWS \ SYSTEM32 \ slserv.exe

--
End of failu - 4.350 bytes

[evilfantasy]

Piezīme: Instrukcijas turpmāk tika izveidota speciāli šim lietotājam. Ja Jums nav šī lietotāja, DO NOT ievērojiet šos norādījumus, jo tie varētu kaitēt jūsu sistēmas darbības principus

Izdzēst šos failus / mapes, tas ir:

1. Doties uz Sākums > Skriet > Type Notepad.exe un noklikšķiniet uz OK atvērt Notepad.
Tas vajag ir Notepad, nevis Wordpad.
2. Kopēt tekstu tālāk kodu ailē, uzsverot visu tekstu un nospiediet Ctrl + C

Kods:

3. Go to Notepad logu un noklikšķiniet uz Rediģēt > Ielīmēt
4. Pēc tam noklikšķiniet uz Fails > Glābt
5. Nosaukums failu CFScript.txt - Saglabāt failu darbvirsmā
6. Velciet CFScript (turiet peles kreiso pogu un velkot failu) un nometiet to (izlaide peles kreiso pogu) pārnes ComboFix.exe kā redzat attēlā zemāk. Svarīgi: Veic šo instrukciju uzmanīgi!



ComboFix sāks izpildīt, vienkārši sekojiet instrukcijām.
Pēc reboot (ja tā lūdz atsāknēšana), tā sagatavos log for you.
Post (Combofix.txt), kas ieiet jūsu nākamo atbildi.

Piezīme: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt sistēmas iesaldēt

[Mohi212]

Piedodiet man, bet Combofix rezultāts fails 725 kb tik wasn't var ielīmēt nekā šeit un tā bija augšupielādēt to. Zip. cerību Thats okay.

[evilfantasy]

Lejupielādēt OTMoveIt2 ar oldtimer

• Glābt to savam desktop.

Piezīme: Ja jūs izmantojat uz Vista, ar peles labo pogu noklikšķiniet uz OTMoveIt2.exe un izvēlēties Run As Administrator.

• Veiciet dubultklikšķi uz OTMoveIt2.exe lai tā varētu darboties.
• Kopija ar codebox zem līnijas.

Kods:

[kill explorer] D: \ FOUND.145 D: \ FOUND.144 D: \ FOUND.143 D: \ FOUND.142 D: \ FOUND.141 D: \ FOUND.140 D: \ FOUND.139 D: \ FOUND ,138 D: \ FOUND.137 D: \ FOUND.136 D: \ FOUND.135 D: \ FOUND.134 D: \ FOUND.133 D: \ FOUND.132 D: \ FOUND.131 D: \ FOUND.130 D: \ FOUND.129 D: \ FOUND.128 D: \ FOUND.127 D: \ FOUND.126 D: \ FOUND.125 D: \ FOUND.124 D: \ FOUND.123 D: \ FOUND.122 D: \ FOUND.121 D: \ FOUND.120 D: \ FOUND.119 D: \ spoolerlogs D: \ FOUND.118 D: \ FOUND.117 D: \ FOUND.116 D: \ FOUND.115 D: \ FOUND.114 D: \ FOUND.113 D: \ FOUND.112 D: \ FOUND.111 D: \ FOUND.110 D: \ FOUND.109 D: \ FOUND.108 EmptyTemp [sākums Explorer]

• Atgriezties OTMoveIt2 labo klikšķi Ielīmēt saraksts failus / mapes Pārvietot logu (ar dzeltenu joslu) un izvēlieties Ielīmēt

• Click sarkans Moveit! pogu.
• Kopija viss Rezultāti loga (zem zaļā josla) un ielīmējiet to savā nākamajā atbildi.
• Aizvērt OTMoveIt2

----------

Arī ļaujiet man zināt, kāda ir tagad.