[sungod000]

Hi there,
Aš pastebėjau, turėjau problemų, kai išgirdau muziką paslaptingai vaidina. Aš patikrino ir pamatė iš IEXPLORE.EXE krūva procesai veikia.

Išbėgau NAV, Ad-Aware, gynėjai, o po instrukcijas, kurį nurodėte. Iš anksto dėkojame už pagalbą. Čia yra žurnalai:



SUPERAntiSpyware Scan Prisijungti
http://www.superantispyware.com

At 08:53 01/19/2008 Generated AM

Application Version: 3.9.1008

Core Taisyklės Database Versija: 3.384
Sekti Taisyklės duomenų bazė Versija: 1.378

Scan Type: Complete Scan
Iš viso nuskaitymo laikas: 01:01:52

Atminties elementai nuskaityta: 576
Atminties grėsmių detected: 0
Registro objektų nuskaitomi: 7.837
Registras grėsmių detected: 0
Failo elementai nuskaityta: 66.011
Failo grėsmių aptikta: 60

Adware.Tracking Cookie
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ advertpro [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ revsci [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ cgi-bin [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@richmedia.yahoo [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ EyeWonder [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ HC [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@sales.liveperson [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ html [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@www.burstnet [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@www.crackpassword [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@umkxup22.unitedme dieną [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@click.mgg01 [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ adcentriconline [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ad1.soundpedia [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ Adbrite [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@iacas.adbureau [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ indiads [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@microsoftwga.112. 2o7 [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.cnn [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.monster [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@server.iad.livepe rson [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads3.blastro [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@mailtrack.rnm [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@track.bestbuy [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ atwola [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ 85084061 [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ party [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.as4x.tmcs [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ XITI [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ tribalfusion [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman Ager [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman Ager [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ Adbrite [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ adecn [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ads.128b [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@adserver.ea syad [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ apmebf [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ atdmt [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ Banner [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ clicksor [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ DoubleClick "[1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ stiprinti [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ euros4click [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ fastclick [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ FindWhat [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ party [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ pro-rinkoje [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ StatCounter [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@stats.adbri te [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ toseeka [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@tracker.aff istats [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.findit-quick [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goodcli ckz [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.kikclic k [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ Zedo [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system @ Zedo [3]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ burstnet [2]. Txt







# Version = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2806 (20080118)
# Vers_arch_module = 1,063 (20080117)
# Vers_adv_heur_module = 1,060 (20070601)
# EOSSerial = 5ac60436be4e8c4d8b34206de1ddeb01
# End = Baigta
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008-01-19 03:34:06
# Local_time = 2008-01-19 10:34:06 (-0500, Eastern Standard Time)
# Country = "United States"
# OSVer = 5.1.2600 NT Service Pack 2
# Nuskaityti = 394.948
# Iams = 14
# Scan_time = 2.493
C: \ MSInfnd.exe tikriausiai dėl Win32/Hupigon Trojan variantas (negalima valyti - išbraukta) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc kelis infiltracija (išbraukta) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc »ZIP» BlackBox.class variantas Java / classloader Trojan (klaida valymas - operacija nėra šio tipo objekto - klaida išbraukiant - veikla nėra tokio objekto tipas - buvo išbrauktas objekto dalis) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc »ZIP» VerifierBug.class JS / Trojan IEStart.G (klaida valymas - operacija nepasiekiamas tipas objektas - klaida išbraukiant - veikla nėra tokio objekto tipas - buvo išbrauktas objekto dalis) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc »ZIP» Dummy.class Java / NoCheat.B Trojan (klaida valymas - operacija nepasiekiamas tipas objektas - klaida išbraukiant - veikla nėra tokio objekto tipas - buvo išbrauktas objekto dalis) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-3f7c5e12 Java variantas / classloader Trojan (išbraukta) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-3f7c5e12 »ZIP» BlackBox.class Java variantas / classloader Trojan (klaida valymas - operacija nėra šio tipo objekto - klaida išbraukiant - veikla nėra tokio objekto tipas - buvo išbrauktas objekto dalis) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d kelis infiltracija (išbraukta) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d »ZIP» BlackBox.class Java variantas / classloader Trojan (klaida valymas - operacija nėra šio tipo objekto - klaida išbraukiant - veikla nėra tokio objekto tipas - buvo išbrauktas objekto dalis) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d »ZIP» VerifierBug.class JS / Trojan IEStart.G (klaida valymas - operacija nepasiekiamas tipas objektas - klaida išbraukiant - veikla nėra tokio objekto tipas - buvo išbrauktas objekto dalis) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d »ZIP» Dummy.class Java / NoCheat.B Trojan (klaida valymas - operacija nepasiekiamas tipas objektas - klaida išbraukiant - veikla nėra tokio objekto tipas - buvo išbrauktas objekto dalis) 00000000000000000000000000000000
C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MSInfnd.exe tikriausiai dėl Win32/Hupigon Trojan variantas (negalima valyti - išbraukta) 00000000000000000000000000000000
C: \ WINDOWS \ system32 \ _MSInfnd.exe tikriausiai dėl Win32/Hupigon Trojan variantas (negalima valyti - išbraukta) 00000000000000000000000000000000
D: \ MSInfnd.exe tikriausiai dėl Win32/Hupigon Trojan variantas (negalima valyti - išbraukta) 00000000000000000000000000000000








Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 10:55:08, on 01/19/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ "Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Yahoo! \ GAV \ navapsvc.exe
C: \ Program Files \ Yahoo! \ GAV \ IWP \ NPFMntor.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ CyberLink \ Shared files \ RichVideo.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ ifrmewrk.exe
C: \ Program Files \ dell \ Sodinukai \ quickset.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
C: \ Program Files \ Google \ Google Desktop \ GoogleDesktop.exe
C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ Dot1XCfg.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ DOCUME ~ 1 \ sundeep \ locals ~ 1 \ Temp \ clclean.0001
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ Program Files \ Google \ Google Desktop \ GoogleDesktop.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Hamachi \ hamachi.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ nscsrvce.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ System32 \ Msiexec.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = *. vietos
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Program Files \ Yahoo! \ GAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Program Files \ Intel \ Wireless \ Bin \ ifrmewrk.exe" / TF Intel PROSet / Wireless
O4 - HKLM \ .. \ Run: [Dell Sodinukai] C: \ Program Files \ dell \ Sodinukai \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop] "C: \ Program Files \ Google \ Google Desktop \ GoogleDesktop.exe" / startup
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe / R
O4 - HKLM \ .. \ Run: [mbmon] Rundll32 CTMBHA.DLL, mbmon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Patvarumas] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% SystemRoot% \ System32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel and Hardware abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra kontekstinio meniu punktą: Send to & Bluetooth Device ... - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)
O9 - Extra 'Tools' MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)
O9 - Extra button: @ btrez.dll, -4.015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12.650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O10 - Broken Interneto prieiga dėl LSP teikėjas "C: \ Program Files \ Bonjour \ mdnsnsp.dll" trūkstamą
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) ( "Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro "ActiveX" Scan Konsultantas 6,6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klasė) -- http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasė) -- http://www.update.microsoft.com/micr...?1192932290562
Ø20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatinė LIVEUPDATE Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec licencijavimo nustatyti Internet Connection (DJSNETCN) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: InstallDriver lentelė Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1.050 \ Intel 32 \ IDriverT.exe
O23 - Service: LIVEUPDATE - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSINFO Framework (MSInfoFrv) - Unknown owner - C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MSInfnd.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Yahoo! \ GAV \ navapsvc.exe
O23 - Service: Norton AntiVirus, Firewall Monitorius paslaugos (NPFMntor) - Symantec Corporation - C: \ Program Files \ Yahoo! \ GAV \ IWP \ NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ nscsrvce.exe
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Cyberlink RichVideo tarnybos (CRVS) (RichVideo) - Unknown owner - C: \ Program Files \ CyberLink \ Shared files \ RichVideo.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Program Files \ Yahoo! \ GAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) PROSet / Wireless SSO tarnybos (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 11.743 baitų

[evilfantasy]

Sveiki atvykę į TCF.


Atidaryti HJT ir pasirinkite Ar sistema nuskaito tik tada vieta žymės langelį:

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O9 - Extra button: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)
O9 - Extra 'Tools' MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)

Uždaryti visus išskyrus HJT ir spustelėkite Windows Fix patikrinta.

----------

• Dukart spustelėkite atsisiųstą failą, kad pradėtumėte diegimą.

Diegimo metu:

• Palikite visus išskyrus numatytuosius nustatymus TeaTimer (Įsitikinkite, kad jūs nuimkite parinktį diegimo metu)
• TeaTimer galima išteklių šernas ir blokuoti tam tikrų problemų, kenkėjiškų programų pašalinimas.
  • Jei jau turite TeaTimer įjungtas, pamatyti kaip šis, kaip jį išjungti po apačioje.
• Ar rekomenduojama registro atsarginę.
• Diegiant susitarti Ieškoti atnaujinimus Dabar įdiegti visus atnaujinimus.
• Sutinku Įdiegti sistemą.
• Įsitikinkite, kad turite palikti SDhelper (IE bloga atsisiųsti blokavimas) patikrinti įdiegti.

Įdiegus:

• Visada patikrinkite, ar atnaujinta prieš pradedant nuskaitymo.
• Jei Jums Bloga kontrolinė Klaida bandant atnaujinti, tiesiog pasirinkti įvairių serverių.
• Taip pat ieškoti Imunitetas funkcija Spybot ir jį naudoti.
  • Pirma, kairiajame stulpelyje spustelėkite Įdiegti ikona ir ji bus patikrinti, ką reikia skiepai.
  • Po to, kai baigia, palikite pagal nutylėjimą ir paspauskite žalias pliuso ženklas viršuje, kad sako Imunitetas.
• Uždaryti VISIlangus.
• Spauskite Search & Destroy piktograma. (viršuje kairėje)
  
• Tada ant viršutinio meniu spauskite Patikrinkite ar nėra problemų mygtuką, kad pradėti nuskaityti.
  
  • Būkite kantrūs, tai gali užtrukti paleisti.
    
  • Pažanga bus rodomas būsenos juostoje lango apačioje.
    
  • Ne vykdyti kitus nuskaito o Spybot veikia.
• Kai nuskaito baigia įsitikinti, kad pasirinkote viskas ir tada Nustatyti atrinkti klausimai viršutiniame meniu.

PASTABA Bet kuriuo metu galite įdiegti naujinimus, Spybot, ar yra naujų skiepai atlikdami šiuos veiksmus.

----------

Pradėti naują nuskaitymas su HJT ir rašyti žurnale po Spybot baigta.

[sungod000]

Ok, čia yra naujas žurnalas:

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 5:09:34 dėl 01/19/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
C: \ Program Files \ "Intel \ Wireless \ Bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Yahoo! \ GAV \ navapsvc.exe
C: \ Program Files \ Yahoo! \ GAV \ IWP \ NPFMntor.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
C: \ Program Files \ CyberLink \ Shared files \ RichVideo.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ ifrmewrk.exe
C: \ Program Files \ dell \ Sodinukai \ quickset.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
C: \ Program Files \ Google \ Google Desktop \ GoogleDesktop.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ Dot1XCfg.exe
C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ DOCUME ~ 1 \ sundeep \ locals ~ 1 \ Temp \ clclean.0001
C: \ Program Files \ Google \ Google Desktop \ GoogleDesktop.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Hamachi \ hamachi.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ nscsrvce.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = *. vietos
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Program Files \ Yahoo! \ GAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Program Files \ Intel \ Wireless \ Bin \ ifrmewrk.exe" / TF Intel PROSet / Wireless
O4 - HKLM \ .. \ Run: [Dell Sodinukai] C: \ Program Files \ dell \ Sodinukai \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop] "C: \ Program Files \ Google \ Google Desktop \ GoogleDesktop.exe" / startup
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe / R
O4 - HKLM \ .. \ Run: [mbmon] Rundll32 CTMBHA.DLL, mbmon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Patvarumas] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% SystemRoot% \ System32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel and Hardware abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O8 - Extra kontekstinio meniu punktą: Send to & Bluetooth Device ... - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: @ btrez.dll, -4.015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12.650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O10 - Broken Interneto prieiga dėl LSP teikėjas "C: \ Program Files \ Bonjour \ mdnsnsp.dll" trūkstamą
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) ( "Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro "ActiveX" Scan Konsultantas 6,6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klasė) -- http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasė) -- http://www.update.microsoft.com/micr...?1192932290562
Ø20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatinė LIVEUPDATE Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec licencijavimo nustatyti Internet Connection (DJSNETCN) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: InstallDriver lentelė Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1.050 \ Intel 32 \ IDriverT.exe
O23 - Service: LIVEUPDATE - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSINFO Framework (MSInfoFrv) - Unknown owner - C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MSInfnd.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Yahoo! \ GAV \ navapsvc.exe
O23 - Service: Norton AntiVirus, Firewall Monitorius paslaugos (NPFMntor) - Symantec Corporation - C: \ Program Files \ Yahoo! \ GAV \ IWP \ NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ nscsrvce.exe
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: Cyberlink RichVideo tarnybos (CRVS) (RichVideo) - Unknown owner - C: \ Program Files \ CyberLink \ Shared files \ RichVideo.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Program Files \ Yahoo! \ GAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) PROSet / Wireless SSO tarnybos (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ WLKeeper.exe

--
End of file - 11.469 baitų

[evilfantasy]

I messed up dalį nuo ankstesnio kryptys.

Prisijungti atrodo gerai, nors, kaip yra dabar kompiuterio?

[sungod000]

Jos dingo! Thanks so much for your help!

[evilfantasy]

Skamba gerai. Aš paliktas parsisiųsti nuorodą Post # 2 Spybot. Siūlyčiau įrengimo ir eksploatavimo skenavimas su juo. Atsisiųsti Spybot-S & D Naudokite iš Post # 2 instrukcijomis nustatykite ją teisingai.


Tai geras laikas išvalyti užkrėstų sistemos atkūrimo taškai ir sukurti naujų ekologiškų atkurti punktas:

• Pereiti į Pradžia > Visos programos > Priedai > Sistemos valdymo įrankiai > Sistemos atkūrimas
• Pasirinkite Sukurti atkūrimo taškąIr paspauskite Kitas.
• Tada eikite į Pradžia > Bėgti ir įveskite cleanmgr
• Pasirinkite Daugiau parinkčių Skirtuke
• Pirmyn Sistemos atkūrimas spustelėkite Clean up ...

Tai leis pašalinti visus atkūrimo taškus, išskyrus naują ką tik sukūrėte.


Išvykimo šį pranešimą nemokamai įrankiai ir patarimų, kaip išsaugoti kompiuteryje ir sau saugus ateityje.

Šis pranešimas turi nemokamus įrankius ir patarimų laikyti kompiuteryje, kuriame veikia sklandžiai ir ateityje.

[Localhost]

Jums buvo užsikrėtę RAT (Remote Administration Tool). Aš gi už Klog paiešką .* failą ir jį pašalinti, paprastai turėtų būti arba System32 ir Windows kataloge.

Žiurkės yra tikrai populiarus scenarijų kiddies ir naudoti cryptors užkirsti kelią V. aptikimo ir rišiklių, kad jie galėtų įpareigoti Trojan į Apps.

Kai aš sužinojau, I got hacked by RAT, parsisiųsdami warez, aš ne programa mane ieškoti ir ji šūdas apkrovos požymiai klaviatūros, webcam viewer, slaptažodį talpyklą. PK yra tikimybė, kai išgirdo muziką groti, buvo kažkas rankiniu išgyvena savo failus ir atverti jiems.

Jeigu jūs aptikote pačia veikla, pavyzdžiui, klausytis muzikos, slaptažodį pakeisti, ar net savo webcam įjungtas tada vietoj įrengimo ir nenaudingas A. programų ir kenkėjiškų programų šalinimo šūdas krūva. Patikrinkite savo Installed Components registre.

HKEY_LOCAL_MACHINE> Software> Microsoft> Active Setup> Installed Components ir tiesiog paspauskite ant kiekvienos iš aplankų ir ieškoti įrašas tik yra StubPath rodantys. Exe į system32 ar Windows kataloge.

Norėdami pamatyti, ar tai, kad. Exe į aktyvų paleisti, pereikite prie jos ir ją paleisti. Jei jis sako, kad ji yra naudojama kitos programos ir. Exe forget nurodant vardą savo procesas sąraše tada ji yra švirkščiamas į kitą procesas, pavyzdžiui, jūsų defualt broswer (IE). Tada galite naudoti HJT ištrinti šį failą iš naujo ir po akivaizdžiai ištrinti registro įrašą.

Žiurkės yra kaip IRCBot bet žiurkė tiesiog yra GUI pat norėčiau rekomenduoti ugniasienė, todėl, jei programa nori atsitiktinai prisijungti prie interneto, galite neigti ir toliau naudoti programą. Kadangi Are binded į įdiegimo failą, virusas nuskaito ir vykdo kai jūs einate įdiegti ir stengsis exteernal ryšį, ir jei ji blokuoti tada turite Trojan bet Arnt užkrėstų, nes ji tiesiog sėdi kataloge daro niekas.

Atsiprašome dėl Pala, tikiuosi, kad tai jums davė platesnį akiratį dėl galimo pavojaus dėl žiurkių ir IRCbots.

Brad

[sungod000]

Brad Hey, thanks for the info.
Aš ką pasakė ir visi. Exe referenced by stubpaths, kad aš du kartus paspausti nebuvo naudojama kitos programos. Taigi ... Ar tai reiškia aš ok?

Thanks for your help.

[evilfantasy]

Localhost Ar galėtumėte duoti man šiek tiek savo kenkėjiškų programų šalinimo fone nuorodomis? Kokiu Forumas jūs paprastai padeda kenkėjiškų programų pašalinimas.

[Localhost]

Citata:

Originally Posted by sungod000

Brad Hey, thanks for the info.
Aš ką pasakė ir visi. Exe referenced by stubpaths, kad aš du kartus paspausti nebuvo naudojama kitos programos. Taigi ... Ar tai reiškia aš ok?

Thanks for your help.

Ar tai tik rodo StubPath ir nieko daugiau? Jums gali pažvelgti klaidingą klavišą. Jis tiesiog sako StubPath ir tada tiesiog vietoje.