mazāku kapitāla

Magazine
Go Back   Computer Sulas > Computer Software > Vīrusu, spiegprogrammatūru un drošība
Reload this Page

Iexplore.exe

Reģistrēties Site Spy Member List Ziedot Meklēt Today's Posts Mark Forums Read Foruma Noteikumi

Register


 Default 

Iexplore.exe




Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old Janvāris 15, 2008, 11:50
Loceklis
  
Default Iexplore.exe

Esmu lasījusi, ka tas ir slikti, man nav Internet Explorer atvērtāka, bet tas joprojām darbojas savu uzdevumu menedžeris (I dont domāju, ka ir būtu jābūt ar lielajiem burtiem), ir palēnina manu datoru. Vai tas ir vīruss? spyware utt?

Kā es varu noņemt?
  #2  
Old Janvāris 15, 2008, 11:59
Moderator Group
  
Default Iexplore.exe

Ļauj veikt ātru skatienu.
Lejupielādējiet un pārdēvēt HijackThis (HJT)
  • Double-click uz HJTInstall.
  • Noklikšķiniet uz Install pogu.
  • Tas automātiski novietot HJT in C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
  • Pēc instalēšanas, HijackThis jāatver jums.
    • Aizvērt HijackThis un pārdēvēt to.
    • Iet uz C: \ Program Files \ Trend Micro \HijackThis.exe
    • Tiesības, noklikšķiniet uz HijackThis.exe un izvēlieties Pārdēvēt.
    • Tips sniper.exe un nospiediet Enter.
    • Right-click uz sniper.exe un izvēlieties Sūtīt > Desktop (izveidot īsceļu)
  • No darbvirsmas atvērts HiackThis.
  • Ja lietojat Windows Vista, pārliecinieties, ka Run As Administrator
  • Noklikšķiniet uz Vai sistēmas skenēšanu un saglabāt log failu poga
  • HijackThis skenēs un tad log atvērsies notepad.
  • Nokopējiet un ielīmējiet log in your post.
    • Nav ir HijackThis noteikt kaut kas vēl. Lielākā daļa no tā konstatē, būs nekaitīgi, vai pat ir.
Pat ja mums ir pārdēvēta HijackThis ir snaiperis, mēs vēl aizvien norādīs uz to, HijackThis vai HJT.
__________________
  #3  
Old Janvāris 15, 2008, 12:08
Loceklis
  
Default Iexplore.exe

Kādu iemeslu dēļ nevaru redzēt iexplore.exe šeit, bet tas noteikti ir ar tm

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 7:02:55 gada 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Live \ Messenger \ usnsvc.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ DNS \ btdna.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Windows Media Player \ wmplayer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72.853.161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Otrais sikspārnis radošs maksimālā] C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ miris lite.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNS \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb vairāk noun.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: Nosūtīt OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
Ø9 - Extra 'Tools' MENUITEM: S & galu OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ REFIEBAR.DLL
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klase) -- http://www.update.microsoft.com/wind...?1197308803562
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient klase) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4.636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown īpašnieks - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of failu - 7.104 bytes
  #4  
Old Janvāris 15, 2008, 12:29
Moderator Group
  
Default Iexplore.exe

Jā jums ir daži slikti infekcijas.

Step 1

Lūdzu, download NoLop.exe līdz Desktop:
  • Aizveriet visas programmas, ir darbojusies kopš reboot ir vajadzīga
  • Dubultklikšķis NoLop.exe lai tā varētu darboties
  • Pēc tam noklikšķiniet uz pogas ar nosaukumu: Search and Destroy
    <<your dators tagad būs skenēti inficēto files>>
  • Kad skenēšana ir pabeigta, ja inficēti, jums tiek piedāvāts atsāknēšana
  • Noklikšķiniet uz OK
  • Tagad noklikšķiniet: Reboot
  • Message vajadzētu popup no NoLop. Ja ne, divreiz uzklikšķiniet programmu vēlreiz, un tā beigsies.
  • Post saturs C: \ NoLop.log ar nākamo atbildi.
Piezīme: Ja saņemat kļūdas, "mscomctl.ocx vai vienā no tās atkarības nav pareizi reģistrēta," lūdzu, lejupielādējiet mscomctl.ocx jūsu system32 mapē pēc tam atkārto programmu.

---------------

Step 2
Lejupielādēt SUPERAntispyware Free Edition (SAS)
  • Veiciet dubultklikšķi uz ikonas uz darbvirsmas, lai palaistu uzstādītājam.
  • Kad mums jautā, Atjaunot programma definīcijas, noklikšķiniet uz
  • Next klikšķi Preferences pogu.
  • Click Scanning Control tab.
  • Zem Skeneris Options pārliecināties tikai šādas pārbaudes:
    • Aizveriet pārlūkprogrammu pirms skanēšanas
    • Scan izsekošanai cookies
    • Pārtraukt atmiņa draudiem pirms quarantining
    • Lūdzu atstājiet citiem nekontrolētu.
    • Noklikšķiniet uz pogas Aizvērt atstāt kontroles centrs ekrānu.
  • Click Aizvērt poga atstāt kontroles centrs ekrānu.
  • Uz galvenā ekrāna klikšķi Skenēt datoru
  • Par kreisi pārbaude C: \ Fiksētie Drive
  • Par tiesībām izvēlēties Veikt Complete Scan
  • Click Nākamais , lai sāktu skenēšanu. Lūdzu, esiet pacietīgi kamēr skenē datoru.
  • Pēc skenēšanas pabeigšanas kopsavilkums lodziņā parādīsies. Click OK
  • Pārliecinieties, ka viss baltā kaste ir pārbaude tam blakus, tad noklikšķiniet uz Nākamais
  • Tas karantīnas ko tā konstatējusi, un, ja tā jautā, vai vēlaties reboot, noklikšķiniet uz
  • Lai ielādētu pārcelšanās informāciju, lūdzu, rīkojieties šādi:
    • Pēc reboot, veiciet dubultklikšķi uz SUPERAntiSpyware ikonas uz darbvirsmas.
    • Click Preferences. Click Statistika / Logs tab.
    • Saskaņā Scanner Baļķi, veiciet dubultklikšķi uz SUPERAntiSpyware Scan Žurnālā.
    • Tā tiks atvērta noklusējuma teksta redaktoru (piemēram, Notepad / Wordpad).
    • Saglabāt notepad failu darbvirsmā noklikšķinot uz (iekš Notepad) "Fails""Save As"
  • Saglabāt log kaut kur var viegli atrast. (parasti desktop)
  • Noklikšķiniet uz Aizvērt un gandrīz no jauna, lai izietu no programmas.
  • Lūdzu nokopējiet un ielīmējiet log in your post.
----------

Step 3

Palaist jaunu HijackThis skenēšanas un pēc log

----------

Next post please add.
C saturs: \ NoLop.log
SuperAntispyware log
New HijackThis log

Tas var aizņemt vairāk nekā vienu pastu, lai saņemtu visu apaļkoku nosūtīts. Tas ir naudas sods, ja nepieciešams.
__________________
  #5  
Old Janvāris 15, 2008, 13:41
Loceklis
  
Default Iexplore.exe

Nolop žurnāls:

NoLop! Log by Skate_Punk_21

Fix sākot no: C: \ Program Files \ Mozilla Firefox
[1/15/2008]
[7:34:10]

--- Infection Faili Found/Removed---
C: \ WINDOWS \ uzdevumus \ ADB7C425918477B9.job

Sākums Removal ...
Rebooting ...
Noņemot Lop's atliekas failus / mapes ...
Editing Registry ...
** Fix Complete! **

--- Listing AppData sub katalogi ---

C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ Apple
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Avg7
C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat
C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus! - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft palīdzība
C: \ Documents and Settings \ All Users \ Application Data \ Nvidia - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Sony
C: \ Documents and Settings \ All Users \ Application Data \ Temp - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ Wlinstaller
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ Localservice \ Application Data \ Avg7 - EMPTY Directory
C: \ Documents and Settings \ Localservice \ Application Data \ Microsoft
C: \ Documents and Settings \ Localservice \ Application Data \ Xfire - EMPTY Directory
C: \ Documents and Settings \ Networkservice \ Application Data \ Microsoft
C: \ Documents and Settings \ Networkservice \ Application Data \ Xfire - EMPTY Directory
C: \ Documents and Settings \ Richard \ Application Data \ Adobe
C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
C: \ Documents and Settings \ Richard \ Application Data \ Avg7
C: \ Documents and Settings \ Richard \ Application Data \ Bittorrent
C: \ Documents and Settings \ Richard \ Application Data \ DivX
C: \ Documents and Settings \ Richard \ Application Data \ Dňa
C: \ Documents and Settings \ Richard \ Application Data \ Dvdcss
C: \ Documents and Settings \ Richard \ Application Data \ Fotowire
C: \ Documents and Settings \ Richard \ Application Data \ Gtk-2.0
C: \ Documents and Settings \ Richard \ Application Data \ Identities
C: \ Documents and Settings \ Richard \ Application Data \ InstallShield
C: \ Documents and Settings \ Richard \ Application Data \ Macromedia
C: \ Documents and Settings \ Richard \ Application Data \ Microsoft
C: \ Documents and Settings \ Richard \ Application Data \ Monkeyjam
C: \ Documents and Settings \ Richard \ Application Data \ Mozilla
C: \ Documents and Settings \ Richard \ Application Data \ Publicēt sniedzējiem - EMPTY Directory
C: \ Documents and Settings \ Richard \ Application Data \ Real
C: \ Documents and Settings \ Richard \ Application Data \ Smartftp
C: \ Documents and Settings \ Richard \ Application Data \ Sony
C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
C: \ Documents and Settings \ Richard \ Application Data \ Sun
C: \ Documents and Settings \ Richard \ Application Data \ Systemrequirementslab
C: \ Documents and Settings \ Richard \ Application Data \ vlc
C: \ Documents and Settings \ Richard \ Application Data \ Waybowsreal
C: \ Documents and Settings \ Richard \ Application Data \ Xfire


Super anti spyware žurnāls:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/15/2008 at 08:32

Application Version: 3.9.1008

Core Noteikumi Database Version: 3380
Trace Noteikumi Database Version: 1374

Scan type: Complete Scan
Kopā Scan Time: 00:46:41

Atmiņas vienības skenēts: 385
Memory draudiem detected: 0
Reģistra vienības skenēts: 5.574
Reģistrs draudiem detected: 0
File preces skenēts: 40.825
File draudiem detected: 66

Adware.Tracking Cookie
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ cassava [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ fastclick [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ casalemedia [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.ppctracking [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ apkalpo-SYS [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.adserver5 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ .112.2 o7 carphonewarehouse [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@m1.webstats.motig o [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.vlaze [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@reduxads.valuead [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 888 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ uk [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 247realmedia [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adfarm1.adition [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@login.tracking101 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@stats.channel4 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ azjmp [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@partygaming.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ reklāmu [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ bluestreak [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anad.tacoda [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ehg-youtube.hitbox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.carnavalca Ķīnas [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 60915153 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@tracking.foxnews [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.veoh [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.clash-media [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@a.websponsors [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.casino.bla ckpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@prospect.adbureau [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ adrevolver [3]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.bingo.blac kpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ p [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ Lycos-de [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@eas.apm.emediate [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.zanox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ net-ieņēmumiem [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ hitbox [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ revsci [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@statse.webtrendsl IVE [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ questionmarket [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 2o7 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ pacificpoker [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ mediaplex [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.xfire [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ atdmt [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ apmebf [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ partypoker [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ Zedo [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adserver.filefron t [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ [1]. Txt

Adware.180solutions/ZangoSearch
C: \ SYSTEM apjoma informācija \ _RESTORE (39B7D61A-C471-441E-B6D4-5930E1D582CD) \ RP37 \ A0003673.EXE

Hi jack žurnāls:

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 8:38:58 gada 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ DNS \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72.853.161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Otrais sikspārnis radošs maksimālā] C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ miris lite.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNS \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb vairāk noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: Nosūtīt OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
Ø9 - Extra 'Tools' MENUITEM: S & galu OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ REFIEBAR.DLL
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klase) -- http://www.update.microsoft.com/wind...?1197308803562
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient klase) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4.636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown īpašnieks - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of failu - 7.041 bytes


Es ceru, ka tas ir pietiekami
  #6  
Old Janvāris 15, 2008, 13:57
Moderator Group
  
Default Iexplore.exe

Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai tad vieta atzīmi blakus:

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)


Aizveriet visus logus, izņemot HijackThis un noklikšķiniet uz Fix pārbaudīja

Iziet HijackThis.

----------

Lūdzu, lejupielādējiet Combofix ar subs no vienas no saitēm.
(Try visi trīs, ja nepieciešams)SVARĪGI - Combofix.exe Jābūt saglabāta jūsu savu Desktop.
  • Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc)
  • Aizvērt / izslēgt visi pret vīrusu un pret ļaunprātīgu programmatūru programmas lai viņi netraucē Combofix. <- IMPORTANT
    • Noklikšķiniet uz šo saiti redzēt programmu sarakstu, kas ir atspējota. Ja jūsu valsts nav sarakstā, un jūs nezināt, kā atspējot, lūdzu, jautājiet.
  • Dubultklikšķi combofix.exe un sekojiet norādījumiem.
    • No tastatūras izvēlētos 1 un nospiediet Enter
  • Kad pabeigts, tas rada log for you.
  • Dienests, log jūsu nākamo atbildi.
Nav mouseclick combofix loga kamēr tas darbojas.
Skenēšana uz laiku apturēt jūsu darbvirsmas.
Ja pārtraukta tā var atstāt datoru iesaldēti.
Ja tā notiek, lūdzu pārstartējiet atjaunošanai darbvirsmas.


----------

Next post
Combofix log
__________________
  #7  
Old Janvāris 15, 2008, 14:06
Loceklis
  
Default Iexplore.exe

ComboFix 08-01-15.4 - Richard 2008-01-15 21:03:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.587 [GMT 0:00]
Sākot no: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe
* Izveido jaunu atjaunošanas punktu

WARNING, šī mašīna nav atkop Installed!
.

((((((((((((((((((((((((( Faili Created no 2007/12/15 līdz 2008/01/15 ))))))))))) ))))))))))))))))))))
.

2008/01/15 21:03. 2000/08/31 08:00 51.200 - ------ C: \ WINDOWS \ NirCmd.exe
2008/01/15 19:41. 2008/01/15 20:38 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008/01/15 19:41. 2008/01/15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/01/15 19:41. 2008/01/15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SUPERAntiSpyware.com
2008/01/15 19:41. 2008/01/15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008/01/15 19:34. 2008/01/15 19:36 <DIR> d -------- C: \ NoLopBackups
2008/01/15 19:01. 2008/01/15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008/01/15 16:32. 2008/01/15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008/01/11 10:27. 2005/05/26 15:34 2.297.552 - ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008/01/11 10:26. 2008/01/11 10:26 22.328 - ------ C: \ Documents and Settings \ Richard \ Application Data \ PnkBstrK.sys
2008/01/11 10:25. 2008/01/11 10:25 319 - ------ C: \ WINDOWS \ game.ini
2008/01/11 10:15. 2008/01/11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008/01/11 10:14. 2008/01/11 10:14 <DIR> d - hs ---- C: \ WINDOWS \ ftpcache
2008/01/11 00:29. 2008/01/11 00:29 54.608 - ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008/01/05 21:00. 2008/01/05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ hf_mig $
2008/01/03 18:41. 2008/01/03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2008/01/03 18:00. 2008/01/03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Dzīvot
2008/01/03 18:00. 2008/01/15 19:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ WayBowsReal
2008/01/03 18:00. 2008/01/15 16:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat
2007/12/30 16:54. 2007/12/30 16:54 <DIR> d -------- C: \ Program Files \ Whisper Technology
2007/12/30 16:36. 2007/12/30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client 2,5 Setup Files
2007/12/30 16:36. 2007/12/30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007/12/30 16:36. 2007/12/30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SmartFTP
2007/12/30 07:48. 2007/12/30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony
2007/12/30 07:48. 2007/12/30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Publicēt Providers
2007/12/30 07:45. 2007/12/30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007/12/30 07:45. 2007/12/30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007/12/30 07:45. 2007/12/30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007/12/30 07:39. 2007/12/30 07:39 <DIR> d -------- C: \ Program Files \ Sony Setup
2007/12/30 07:39. 2007/12/30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
2007/12/29 23:30. 2008/01/15 17:00 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007/12/29 23:30. 2007/12/29 23:30 1.409 - ------ C: \ WINDOWS \ QTFont.for
2007/12/29 15:45. 2007/12/29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007/12/29 15:45. 2007/12/29 15:45 286.720 --------- C: \ WINDOWS \ Setup1.exe
2007/12/29 15:45. 2007/12/29 15:45 73.216 - ------ C: \ WINDOWS \ ST6UNST.EXE
2007/12/29 12:08. 2004/08/03 23:10 10.880 - ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007/12/29 12:08. 2004/08/03 23:10 10.880 - - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007/12/29 12:08. 2004/08/03 22:58 5.504 - ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007/12/29 12:08. 2004/08/03 22:58 5.504 - - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007/12/29 12:04. 2007/12/29 12:04 <DIR> d -------- C: \ SXS
2007/12/29 12:04. 2007/12/29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007/12/29 12:04. 2007/12/29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007/12/29 12:04. 2007/12/29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ FotoWire
2007/12/29 12:03. 2007/12/29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007/12/28 19:09. 2007/12/28 19:46 <DIR> d -------- C: \ Program Files \ emule
2007/12/28 17:29. 2007/12/28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DivX
2007/12/27 00:05. 2007/12/27 00:05 <DIR> d -------- C: \ Fraps
2007/12/27 00:05. 2007/12/27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2007/12/24 17:11. 2007/07/30 19:19 271.224 - ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007/12/24 17:11. 2007/07/30 19:19 207.736 - ------ C: \ WINDOWS \ system32 \ muweb.dll
2007/12/24 17:11. 2007/07/30 19:19 30.072 - ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007/12/23 21:01. 2008/01/03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ gtk-2.0
2007/12/23 21:01. 2007/12/23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Sīktēli
2007/12/23 21:00. 2007/12/23 21:00 <DIR> d -------- C: \ Program Files \ GIMP-2.0
2007/12/23 21:00. 2008/01/03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. GIMP-2,4
2007/12/22 15:39. 2007/12/22 15:39 <DIR> d -------- C: \ Program Files \ DNS
2007/12/22 15:39. 2008/01/15 20:56 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DNS
2007/12/22 15:39. 2007/12/28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ BitTorrent
2007/12/22 15:22. 2007/12/22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007/12/22 15:21. 2007/12/22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007/12/22 15:21. 2007/12/22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ MonkeyJam
2007/12/22 15:21. 2005/02/27 17:11 424.960 - ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007/12/21 15:27. 2007/12/21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007/12/21 15:27. 2006/10/26 19:56 32.592 - ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007/12/21 15:26. 2007/12/21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007/12/21 15:23. 2007/12/21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007/12/21 15:22. 2007/12/21 15:22 <DIR> dr-h ----- C: \ MSOCache
2007/12/21 15:22. 2007/12/21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft palīdzība
2007/12/19 19:56. 2007/12/28 13:01 <DIR> d -------- C: \ Program Files \ DivX
2007/12/15 23:51. 2007/12/15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007/12/15 23:51. 2007/12/15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ vlc
2007/12/15 23:51. 2007/12/15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ dvdcss
2007/12/15 23:36. 2007/12/22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007/12/15 23:36. 2007/12/15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ xing dalītas
2007/12/15 23:36. 2007/12/15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/01/15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008/01/15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ AVG7
2008/01/15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008/01/15 17:46 22.328 ---- aw C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008/01/15 17:46 107.832 ---- aw C: \ WINDOWS \ system32 \ PnkBstrB.exe
2008/01/15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Xfire
2008/01/11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008/01/11 22:26 5.615 ---- aw C: \ Program Files \ install.log
2008/01/11 19:06 66.872 ---- aw C: \ WINDOWS \ system32 \ PnkBstrA.exe
2008/01/11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2007/12/22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007/12/21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007/12/12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007/12/12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007/12/12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007/12/12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
2007/12/12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007/12/12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007/12/12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007/12/12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007/12/12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007/12/10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007/12/10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007/12/10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007/12/10 18:02 --------- d ----- w C: \ Program Files \ Java
2007/12/10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ SystemRequirementsLab
2007/12/10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007/12/10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007/12/10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007/12/10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007/12/10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007/12/08 22:50 12.464 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007/12/07 18:43 499.712 ---- aw C: \ WINDOWS \ system32 \ msvcp71.dll
2007/12/07 18:43 348.160 ---- aw C: \ WINDOWS \ system32 \ msvcr71.dll
2007/12/07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007/12/07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007/12/07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007/12/07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007/12/07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ InstallShield
2007/12/07 17:44 4.716 ---- aw C: \ WINDOWS \ gdrv.sys
2007/12/07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007/12/07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007/12/07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007/12/04 01:33 823.296 ---- aw C: \ WINDOWS \ system32 \ divx_xx0c.dll
2007/12/04 01:33 823.296 ---- aw C: \ WINDOWS \ system32 \ divx_xx07.dll
2007/12/04 01:33 802.816 ---- aw C: \ WINDOWS \ system32 \ divx_xx11.dll
2007/12/04 01:33 682.496 ---- aw C: \ WINDOWS \ system32 \ DivX.dll
2007/11/29 22:30 524.288 ---- aw C: \ WINDOWS \ system32 \ DivXsm.exe
2007/11/29 22:30 3.596.288 ---- aw C: \ WINDOWS \ system32 \ qt-dx331.dll
2007/11/29 22:30 200.704 ---- aw C: \ WINDOWS \ system32 \ ssldivx.dll
2007/11/29 22:30 1.044.480 ---- aw C: \ WINDOWS \ system32 \ libdivx.dll
2007/11/29 22:28 81.920 ---- aw C: \ WINDOWS \ system32 \ dpl100.dll
2007/11/29 22:28 196.608 ---- aw C: \ WINDOWS \ system32 \ dtu100.dll
2007/11/28 21:55 156.992 ---- aw C: \ WINDOWS \ system32 \ DivXCodecVersionChecker.exe
2007/11/28 21:53 593.920 ---- aw C: \ WINDOWS \ system32 \ dpuGUI11.dll
2007/11/28 21:53 57.344 ---- aw C: \ WINDOWS \ system32 \ dpv11.dll
2007/11/28 21:53 53.248 ---- aw C: \ WINDOWS \ system32 \ dpuGUI10.dll
2007/11/28 21:53 344.064 ---- aw C: \ WINDOWS \ system32 \ dpus11.dll
2007/11/28 21:53 294.912 ---- aw C: \ WINDOWS \ system32 \ dpu11.dll
2007/11/28 21:53 294.912 ---- aw C: \ WINDOWS \ system32 \ dpu10.dll
2007/11/28 21:52 12.288 ---- aw C: \ WINDOWS \ system32 \ DivXWMPExtType.dll
2007/11/21 18:23 81.920 ---- aw C: \ WINDOWS \ system32 \ frapsvid.dll
2007/10/18 11:31 51.224 ---- aw C: \ WINDOWS \ system32 \ sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004/08/04 12:00 15.360]
"BitTorrent DNA" = "C: \ Program Files \ DNS \ btdna.exe" [2007/12/22 15:39 290.112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb vairāk noun.exe" [2008/01/15 16:32 443.904]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007/06/21 14:06 1.318.912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006/11/14 09:21 16.270.848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006/05/16 10:04 2.879.488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007/12/20 16:29 579.072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007/09/25 01:11 132.496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007/10/19 20:16 286.720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2007/10/10 19:51 39.792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007/09/17 01:07 8.491.008]
"nwiz" = "nwiz.exe" [2007/09/17 01:07 1.626.112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007/09/17 01:07 81.920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007/12/15 23:36 185.896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006/10/27 00:47 31.016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004/02/25 16:15 221.184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004/02/25 17:15 454.656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004/02/25 17:06 212.992]
"Second bat radošs pīķa" = "C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ miris lite.exe" [2008/01/15 20:37 1.348.608]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007/12/07 18:42 219.136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006/12/20 13:55 77.824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007/04/19 13:41 294.912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv, C: \ WINDOWS \ gdrv.sys [2007/12/07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0), C: \ WINDOWS \ system32 \ drivers \ CamDrL2 1.sys [2004/02/14 04:09]

* Jaunizveidoto Service * - PROCEXP90
.
Saturs "Scheduled Tasks" mape
"2007/12/12 20:03:45 C: \ WINDOWS \ Uzdevumi \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/01/15 21:04:58
Windows 5.1.2600 Service Pack 2 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptos failus: 0

************************************************** ************************
.
Pabeigšanas laiks: 2008/01/15 21:05:11
.
2008/01/05 21:00:15 --- EOF ---
  #8  
Old Janvāris 15, 2008, 14:58
Moderator Group
  
Default Iexplore.exe

Izdzēst šos failus / mapes, tas ir:

1. Doties uz Sākums > Skriet > Type Notepad.exe un noklikšķiniet uz OK atvērt Notepad.
Tas vajag ir Notepad, nevis Wordpad.
  • Click Sākums , Tad Skriet
  • Veids notepad.exe in Run Box.
2. Kopēt bold tekstu tālāk, uzsverot visu tekstu un nospiediet Ctrl + C


File::
C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ miris lite.exe
C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb vairāk noun.exe

Reģistrs:
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"curblicense" =-
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Second bat radošs pīķa" =-


3. Go to Notepad logu un noklikšķiniet uz Rediģēt > Ielīmēt
4. Pēc tam noklikšķiniet uz Fails > Glābt
5. Nosaukums failu CFScript.txt - Saglabāt failu darbvirsmā
6. Velciet CFScript (turiet peles kreiso pogu un velkot failu) un nometiet to (izlaide peles kreiso pogu) pārnes ComboFix.exe kā redzat attēlā zemāk. Svarīgi: Veic šo instrukciju uzmanīgi!



ComboFix sāks izpildīt, vienkārši sekojiet instrukcijām.
Pēc reboot (ja tā lūdz atsāknēšana), tā sagatavos log for you.
Post (Combofix.txt), kas ieiet jūsu nākamo atbildi.

Piezīme: Nav mouseclick combofix loga kamēr tas darbojas. Tas var izraisīt sistēmas iesaldēt

----------

Palaist jaunu HijackThis skenēšanas un pasta žurnālā.

----------

Next post
Combofix log
New HijackThis log
__________________
  #9  
Old Janvāris 15, 2008, 15:07
Loceklis
  
Default Iexplore.exe

ComboFix 08-01-15.4 - Richard 2008-01-15 22:03:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.560 [GMT 0:00]
Sākot no: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe
Komandu slēdžus izmanto:: C: \ Documents and Settings \ Richard \ Desktop \ CFScript.txt
* Izveido jaunu atjaunošanas punktu

WARNING, šī mašīna nav atkop Installed!

FILE
C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb vairāk noun.exe
C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ miris lite.exe
.

((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb vairāk noun.exe
C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ miris lite.exe

.
((((((((((((((((((((((((( Faili Created no 2007/12/15 līdz 2008/01/15 ))))))))))) ))))))))))))))))))))
.

2008/01/15 21:03. 2000/08/31 08:00 51.200 - ------ C: \ WINDOWS \ NirCmd.exe
2008/01/15 19:41. 2008/01/15 20:38 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008/01/15 19:41. 2008/01/15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/01/15 19:41. 2008/01/15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SUPERAntiSpyware.com
2008/01/15 19:41. 2008/01/15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008/01/15 19:34. 2008/01/15 19:36 <DIR> d -------- C: \ NoLopBackups
2008/01/15 19:01. 2008/01/15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008/01/15 16:32. 2008/01/15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008/01/11 10:27. 2005/05/26 15:34 2.297.552 - ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008/01/11 10:26. 2008/01/11 10:26 22.328 - ------ C: \ Documents and Settings \ Richard \ Application Data \ PnkBstrK.sys
2008/01/11 10:25. 2008/01/11 10:25 319 - ------ C: \ WINDOWS \ game.ini
2008/01/11 10:15. 2008/01/11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008/01/11 10:14. 2008/01/11 10:14 <DIR> d - hs ---- C: \ WINDOWS \ ftpcache
2008/01/11 00:29. 2008/01/11 00:29 54.608 - ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008/01/05 21:00. 2008/01/05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ hf_mig $
2008/01/03 18:41. 2008/01/03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2008/01/03 18:00. 2008/01/03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Dzīvot
2008/01/03 18:00. 2008/01/15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ WayBowsReal
2008/01/03 18:00. 2008/01/15 22:03 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat
2007/12/30 16:54. 2007/12/30 16:54 <DIR> d -------- C: \ Program Files \ Whisper Technology
2007/12/30 16:36. 2007/12/30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client 2,5 Setup Files
2007/12/30 16:36. 2007/12/30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007/12/30 16:36. 2007/12/30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SmartFTP
2007/12/30 07:48. 2007/12/30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony
2007/12/30 07:48. 2007/12/30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Publicēt Providers
2007/12/30 07:45. 2007/12/30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007/12/30 07:45. 2007/12/30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007/12/30 07:45. 2007/12/30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007/12/30 07:39. 2007/12/30 07:39 <DIR> d -------- C: \ Program Files \ Sony Setup
2007/12/30 07:39. 2007/12/30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
2007/12/29 23:30. 2008/01/15 17:00 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007/12/29 23:30. 2007/12/29 23:30 1.409 - ------ C: \ WINDOWS \ QTFont.for
2007/12/29 15:45. 2007/12/29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007/12/29 15:45. 2007/12/29 15:45 286.720 --------- C: \ WINDOWS \ Setup1.exe
2007/12/29 15:45. 2007/12/29 15:45 73.216 - ------ C: \ WINDOWS \ ST6UNST.EXE
2007/12/29 12:08. 2004/08/03 23:10 10.880 - ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007/12/29 12:08. 2004/08/03 23:10 10.880 - - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007/12/29 12:08. 2004/08/03 22:58 5.504 - ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007/12/29 12:08. 2004/08/03 22:58 5.504 - - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007/12/29 12:04. 2007/12/29 12:04 <DIR> d -------- C: \ SXS
2007/12/29 12:04. 2007/12/29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007/12/29 12:04. 2007/12/29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007/12/29 12:04. 2007/12/29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ FotoWire
2007/12/29 12:03. 2007/12/29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007/12/28 19:09. 2007/12/28 19:46 <DIR> d -------- C: \ Program Files \ emule
2007/12/28 17:29. 2007/12/28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DivX
2007/12/27 00:05. 2007/12/27 00:05 <DIR> d -------- C: \ Fraps
2007/12/27 00:05. 2007/12/27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2007/12/24 17:11. 2007/07/30 19:19 271.224 - ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007/12/24 17:11. 2007/07/30 19:19 207.736 - ------ C: \ WINDOWS \ system32 \ muweb.dll
2007/12/24 17:11. 2007/07/30 19:19 30.072 - ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007/12/23 21:01. 2008/01/03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ gtk-2.0
2007/12/23 21:01. 2007/12/23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Sīktēli
2007/12/23 21:00. 2007/12/23 21:00 <DIR> d -------- C: \ Program Files \ GIMP-2.0
2007/12/23 21:00. 2008/01/03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. GIMP-2,4
2007/12/22 15:39. 2007/12/22 15:39 <DIR> d -------- C: \ Program Files \ DNS
2007/12/22 15:39. 2008/01/15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DNS
2007/12/22 15:39. 2007/12/28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ BitTorrent
2007/12/22 15:22. 2007/12/22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007/12/22 15:21. 2007/12/22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007/12/22 15:21. 2007/12/22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ MonkeyJam
2007/12/22 15:21. 2005/02/27 17:11 424.960 - ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007/12/21 15:27. 2007/12/21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007/12/21 15:27. 2006/10/26 19:56 32.592 - ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007/12/21 15:26. 2007/12/21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007/12/21 15:23. 2007/12/21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007/12/21 15:22. 2007/12/21 15:22 <DIR> dr-h ----- C: \ MSOCache
2007/12/21 15:22. 2007/12/21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft palīdzība
2007/12/19 19:56. 2007/12/28 13:01 <DIR> d -------- C: \ Program Files \ DivX
2007/12/15 23:51. 2007/12/15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007/12/15 23:51. 2007/12/15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ vlc
2007/12/15 23:51. 2007/12/15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ dvdcss
2007/12/15 23:36. 2007/12/22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007/12/15 23:36. 2007/12/15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ xing dalītas
2007/12/15 23:36. 2007/12/15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/01/15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008/01/15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ AVG7
2008/01/15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008/01/15 17:46 22.328 ---- aw C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008/01/15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Xfire
2008/01/11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008/01/11 22:26 5.615 ---- aw C: \ Program Files \ install.log
2008/01/11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2007/12/22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007/12/21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007/12/12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007/12/12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007/12/12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007/12/12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
2007/12/12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007/12/12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007/12/12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007/12/12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007/12/12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007/12/10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007/12/10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007/12/10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007/12/10 18:02 --------- d ----- w C: \ Program Files \ Java
2007/12/10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ SystemRequirementsLab
2007/12/10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007/12/10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007/12/10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007/12/10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007/12/10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007/12/08 22:50 12.464 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007/12/07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007/12/07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007/12/07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007/12/07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007/12/07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ InstallShield
2007/12/07 17:44 4.716 ---- aw C: \ WINDOWS \ gdrv.sys
2007/12/07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007/12/07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007/12/07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
.

((((((((((((((((((((((((((((( Snapshot@2008-01-15_21.05.00.95 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008/01/15 21:03:50 225.280 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000001 \ NTUSER.DAT
+ 2008/01/15 22:03:02 225.280 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000001 \ NTUSER.DAT
- 2008/01/15 21:03:50 8.192 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000002 \ UsrClass.dat
+ 2008/01/15 22:03:02 8.192 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000002 \ UsrClass.dat
- 2008/01/15 21:03:50 229.376 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000003 \ NTUSER.DAT
+ 2008/01/15 22:03:02 229.376 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000003 \ NTUSER.DAT
- 2008/01/15 21:03:50 8.192 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000004 \ UsrClass.dat
+ 2008/01/15 22:03:02 8.192 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000004 \ UsrClass.dat
- 2008/01/15 21:03:50 3.670.016 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000005 \ NTUSER.DAT
+ 2008/01/15 22:03:02 3.670.016 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000005 \ NTUSER.DAT
- 2008/01/15 21:03:50 208.896 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000006 \ UsrClass.dat
+ 2008/01/15 22:03:02 208.896 ---- aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000006 \ UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004/08/04 12:00 15.360]
"BitTorrent DNA" = "C: \ Program Files \ DNS \ btdna.exe" [2007/12/22 15:39 290.112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb vairāk noun.exe" []
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007/06/21 14:06 1.318.912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006/11/14 09:21 16.270.848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006/05/16 10:04 2.879.488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007/12/20 16:29 579.072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007/09/25 01:11 132.496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007/10/19 20:16 286.720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2007/10/10 19:51 39.792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007/09/17 01:07 8.491.008]
"nwiz" = "nwiz.exe" [2007/09/17 01:07 1.626.112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007/09/17 01:07 81.920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007/12/15 23:36 185.896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006/10/27 00:47 31.016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004/02/25 16:15 221.184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004/02/25 17:15 454.656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004/02/25 17:06 212.992]
"Second bat radošs pīķa" = "C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ miris lite.exe" []

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007/12/07 18:42 219.136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006/12/20 13:55 77.824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007/04/19 13:41 294.912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv, C: \ WINDOWS \ gdrv.sys [2007/12/07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0), C: \ WINDOWS \ system32 \ drivers \ CamDrL2 1.sys [2004/02/14 04:09]

.
Saturs "Scheduled Tasks" mape
"2007/12/12 20:03:45 C: \ WINDOWS \ Uzdevumi \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/01/15 22:05:20
Windows 5.1.2600 Service Pack 2 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptos failus: 0

************************************************** ************************
.
Pabeigšanas laiks: 2008/01/15 22:06:11 - mašīna bija rebooted
ComboFix-karantīnā-files.txt 2008/01/15 22:06:09
ComboFix2.txt 2008/01/15 21:05:12
.
2008/01/05 21:00:15 --- EOF ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 10:07:19, uz 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ DNS \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72.853.161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Otrais sikspārnis radošs maksimālā] C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ miris lite.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNS \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb vairāk noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: Nosūtīt OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
Ø9 - Extra 'Tools' MENUITEM: S & galu OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ REFIEBAR.DLL
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klase) -- http://www.update.microsoft.com/wind...?1197308803562
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient klase) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4.636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown īpašnieks - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of failu - 6.716 bytes
  #10  
Old Janvāris 15, 2008, 15:29
Moderator Group
  
Default Iexplore.exe

Doties uz My Computer-> Tools-> Folder Options-> View Tab:
  • Zem Slēptie faili un mapes pozīcijā:
  • Izvēlēties Rādīt slēptos failus un mapes.
  • Neatķeksējiet Paslēpt aizsargātos operētājsistēmas failus (ieteicams) iespēju.
  • Tāpat pārliecinieties, vai nav atzīmes blakus Paslēpt failu paplašinājumus zināmo failu tipu.
  • Click OK

----------

Nospiediet CTRL + ALT + DELETE audzināt Process Monitor. Noklikšķiniet uz cilnes Procesi un nogalināt procesu

lite.exe <<Vai miris Lite.exe
noun.exe <<Vai Nurb vairāk noun.exe

----------

Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai tad vieta atzīmi blakus: (ja atrasts)

O4 - HKLM \ .. \ Run: [Otrais sikspārnis radošs maksimālā] C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \ miris lite.exe
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb vairāk noun.exe

Aizveriet visus logus, izņemot HijackThis un noklikšķiniet uz Fix pārbaudīja

Iziet HijackThis.

----------

Open My Computer no darbvirsmas un locathe un dzēst šos attēli. (ja atrasts)

C: \ Documents and Settings \ All Users \ Application Data \ Axis Readme Second Bat \miris lite.exe

C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \Nurb vairāk noun.exe

----------

Lūdzu, apskatiet F-Secure Online Scanner

Piezīme: Šajā Scanner darbojas ar Internet Explorer Tikai!
  • Ritiniet līdz apakšā lapu un noklikšķiniet uz Sākt skenēšanu pogu. Logs pop up.
  • Ļauj ActiveX kontrole ir instalēta jūsu datorā, noklikšķiniet uz Akceptēt pogas
  • Click Full System Scan un ļauj komponentu lejupielādēt un skenēšanu, lai to pabeigtu.
  • Ja malware tiek konstatēts, pārbaudiet Iesniegt paraugu F-Secure pēc tam izvēlieties Automātiskā tīrīšana
  • Tīrot ir finitished, noklikšķiniet uz Parādīt ziņojumu (tas atvērs Internet Explorer logu, kas satur ziņojumu)
  • Izcelt un Copy (CTRL + C) pilnīgs ziņojums, un Paste (CTRL + V), jaunu atbildi uz šo ziņu
    • Ja automātiskā tīrīšana ar iesniegtu paraugus uzkaras, noklikšķiniet uz Atcelt, Tad New Scan
  • Kad tīrīšana opcija ir iesniegts Neatķeksējiet Iesniegt paraugu F-Secure
  • Click Automātiskā tīrīšana
  • Tīrot ir finitished, noklikšķiniet uz Rādīt ziņojumu (tas būs atvērts Internet Explorer logu, kas satur ziņojumu)
  • Izcelt un Copy (CTRL + C) pilnīgs ziņojums, un Paste (CTRL + V), jaunu atbildi uz šo ziņu
  • Šī scan var būt ilgu laiku, tāpēc, lūdzu, esiet pacietīgi

----------

Next Iesniegt sludinājumu
F-Secure log
New HijackThis log
__________________
Reply
Page 1 of 2 1 2

Register

Bookmarks

Similar Threads
Pavediens Thread Starter Forums Replies Last Post
Iexplore.exe electra369 Vīrusu, spiegprogrammatūru un drošība 1 12 janvāris 2009 00:16
Iexplore vīrusu, un dažas vairāk? rreiss Vīrusu, spiegprogrammatūru un drošība 1 19 oktobris 2008 18:46
Iexplore.exe # 3 jman8700 Vīrusu, spiegprogrammatūru un drošība 8 29 maijs 2008 10:39
Iexplore.exe # 2 opetke Vīrusu, spiegprogrammatūru un drošība 3 3 februāris 2008 16:18
Vēl viens iexplore>. < sajūta Vīrusu, spiegprogrammatūru un drošība 20 18 janvāris 2008 08:15
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Sulas.
Kontaktpersona -- Privacy -- Sitemap -- Augša

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO līdz 2009 vBSEO ©, Crawlability, Inc