mazāku kapitāla

Magazine
Go Back   Computer Sulas > Computer Software > Vīrusu, spiegprogrammatūru un drošība
Reload this Page

Iexplore.exe vīrusu problēma

Reģistrēties Site Spy Member List Ziedot Meklēt Today's Posts Mark Forums Read Foruma Noteikumi

Register


 Default 

Iexplore.exe vīrusu problēma




Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old Janvāris 19, 2008, 09:02
Donors Group
  
Hi there,
Es pamanīju man bija problēma, kad izdzirdēju mūziku noslēpumaini spēlē. Piereģistrējos un ieraudzīja ķekars iexplore.exe procesi darbojas.

I ilga NAV, Ad-Aware, Defender un pēc tam sekoja instrukcijām, kuru jūs norādījāt. Paldies jau iepriekš par palīdzību. Šeit ir logs:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/19/2008 at 08:53

Application Version: 3.9.1008

Core Noteikumi Database Version: 3384
Trace Noteikumi Database Version: 1378

Scan type: Complete Scan
Kopā Scan Time: 01:01:52

Atmiņas vienības skenēts: 576
Memory draudiem detected: 0
Reģistra vienības skenēts: 7.837
Reģistrs draudiem detected: 0
File preces skenēts: 66.011
File draudiem detected: 60

Adware.Tracking Cookie
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ advertpro [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ revsci [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ cgi-bin [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@richmedia.yahoo [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ eyewonder [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ hc [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@sales.liveperson [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ html [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@www.burstnet [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@www.crackpassword [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@umkxup22.unitedme dia [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@click.mgg01 [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ adcentriconline [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ad1.soundpedia [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ adbrite [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@iacas.adbureau [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ indiads [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@microsoftwga.112. 2o7 [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.cnn [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.monster [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@server.iad.livepe rson [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads3.blastro [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@mailtrack.rnm [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@track.bestbuy [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ atwola [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ 85084061 [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ partypoker [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.as4x.tmcs [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ xiti [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ tribalfusion [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman pārvaldītāju [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman pārvaldītāju [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ adbrite [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ adecn [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ads.128b [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@adserver.ea syad [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ apmebf [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ atdmt [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ banner [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ clicksor [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ DoubleClick [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ palielināt [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ euros4click [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ fastclick [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ findwhat [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ partypoker [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ pro-tirgū [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ statcounter [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@stats.adbri te [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ toseeka [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@tracker.aff istats [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.findit-quick [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goodcli ckz [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.kikclic k [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ Zedo [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ Zedo [3]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ burstnet [2]. Txt







# Version = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2806 (20080118)
# Vers_arch_module = 1,063 (20.080.117)
# Vers_adv_heur_module = 1,060 (20.070.601)
# EOSSerial = 5ac60436be4e8c4d8b34206de1ddeb01
# End = pabeigts
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008/01/19 03:34:06
# Local_time = 2008/01/19 10:34:06 (-0.500, Eastern Standard Time)
# Country = "United States"
# Osver = 5.1.2600 NT Service Pack 2
# Skenēts = 394.948
# Atrasts = 14
# Scan_time = 2.493
C: \ MSInfnd.exe iespējams variants Win32/Hupigon Trojans (nespēj tīrīt - svītrots) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc vairāki infiltrācijas (svītrots) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc »ZIP» BlackBox.class variantu Java / ClassLoader Trojans (kļūda tīrīšana - darbība nav pieejams šāda veida objekta - Kļūda dzēšot - darbība nav pieejams šāda veida objekts - bija daļa svītrots objekts) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc »ZIP» VerifierBug.class JS / IEStart.G Trojans (kļūda tīrīšana - darbība nav pieejams šāda veida objekts - Kļūda dzēšot - darbība nav pieejams šāda veida objekts - bija daļa svītrots objekts) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-34ef6dbc »ZIP» Dummy.class Java / NoCheat.B Trojans (kļūda tīrīšana - darbība nav pieejams šāda veida objekts - Kļūda dzēšot - darbība nav pieejams šāda veida objekts - bija daļa svītrots objekts) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-3f7c5e12 variantu Java / ClassLoader Trojas (svītrots) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-3f7c5e12 »ZIP» BlackBox.class variantu Java / ClassLoader Trojans (kļūda tīrīšana - darbība nav pieejams šāda veida objekta - Kļūda dzēšot - darbība nav pieejams šāda veida objekts - bija daļa svītrots objekts) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d vairāki infiltrācijas (svītrots) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d »ZIP» BlackBox.class variantu Java / ClassLoader Trojans (kļūda tīrīšana - darbība nav pieejams šāda veida objekta - Kļūda dzēšot - darbība nav pieejams šāda veida objekts - bija daļa svītrots objekts) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d »ZIP» VerifierBug.class JS / IEStart.G Trojans (kļūda tīrīšana - darbība nav pieejams šāda veida objekts - Kļūda dzēšot - darbība nav pieejams šāda veida objekts - bija daļa svītrots objekts) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ Sun \ Java \ Deployment \ cache \ 6,0 \ 58 \ 7589253a-7685bc3d »ZIP» Dummy.class Java / NoCheat.B Trojans (kļūda tīrīšana - darbība nav pieejams šāda veida objekts - Kļūda dzēšot - darbība nav pieejams šāda veida objekts - bija daļa svītrots objekts) 00000000000000000000000000000000
C: \ Program Files \ Common Files \ Microsoft Shared \ MSInfo \ MSInfnd.exe iespējams variants Win32/Hupigon Trojans (nespēj tīrīt - svītrots) 00000000000000000000000000000000
C: \ WINDOWS \ system32 \ _MSInfnd.exe iespējams variants Win32/Hupigon Trojans (nespēj tīrīt - svītrots) 00000000000000000000000000000000
D: \ MSInfnd.exe iespējams variants Win32/Hupigon Trojans (nespēj tīrīt - svītrots) 00000000000000000000000000000000








Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 10:55:08, uz 01/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ EvtEng.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ WLKeeper.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ RegSrvc.exe
C: \ Program Files \ CyberLink \ Shared Files \ RichVideo.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ Intel \ Bezvadu \ bin \ ZCfgSvc.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ ifrmewrk.exe
C: \ Program Files \ Dell \ dzīvžogs \ quickset.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ Dot1XCfg.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ DOCUME ~ 1 \ sundeep \ Lokālie ~ 1 \ Temp \ clclean.0001
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Hamachi \ hamachi.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ Msiexec.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = *. vietējo
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Program Files \ Yahoo! \ NAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Program Files \ Intel \ Bezvadu \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Program Files \ Intel \ Bezvadu \ Bin \ ifrmewrk.exe" / tf Intel ProSet / Wireless
O4 - HKLM \ .. \ Run: [Dell dzīvžogs] C: \ Program Files \ Dell \ dzīvžogs \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe" / starta
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe / r
O4 - HKLM \ .. \ Run: [MBMon] Rundll32 CTMBHA.DLL, MBMon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [noturīgums] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel un Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø8 - ārpus konteksta menu item: Send to & Bluetooth Device ... - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)
Ø9 - Extra 'Tools' MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)
Ø9 - Extra button: @ btrez.dll, -4.015 - (CCA281CA-C863-46ef-9.331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
Ø9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12.650 - (CCA281CA-C863-46ef-9.331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
Ø10 - Broken interneta piekļuves dēļ LSP sniedzējs "c: \ Program Files \ Bonjour \ mdnsnsp.dll" trūkstošie
Ø16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
Ø16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
Ø16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klase) -- http://www.update.microsoft.com/micr...?1192932319484
Ø16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klase) -- http://www.update.microsoft.com/micr...?1192932290562
Ø20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ Google ~ 1 \ GOEC62 ~ 1.DLL
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) ProSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Bezvadu \ Bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1.050 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSInfo Framework Service (MSInfoFrv) - Unknown īpašnieks - C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MSInfnd.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
O23 - Service: Intel (R) ProSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Bezvadu \ Bin \ RegSrvc.exe
O23 - Service: CyberLink RichVideo Service (CRVS) (RichVideo) - Unknown īpašnieks - C: \ Program Files \ CyberLink \ Shared Files \ RichVideo.exe
O23 - Service: Intel (R) ProSet / Wireless dienests (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Bezvadu \ Bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) ProSet / Wireless SSO dienests (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Bezvadu \ Bin \ WLKeeper.exe

--
End of failu - 11.743 bytes
  #2  
Old Janvāris 19, 2008, 09:39
Moderator Group
  
Welcome to TCF.


Open HJT un izvēlieties Vai sistēmas skenēšanu tikai tad vieta atzīmi blakus:

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
Ø9 - Extra button: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)
Ø9 - Extra 'Tools' MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (file missing)

Aizveriet visus logus, izņemot HJT un noklikšķiniet uz Fix pārbaudīja.

----------
  • Dubultklikšķi uz lejupielādētā faila, lai palaistu instalāciju.
Instalēšanas laikā:
  • Atstāt visus noklusējuma iestatījumus, izņemot TeaTimer (pārliecinieties, vai noņemiet atzīmi izvēles instalēšanas laikā)
  • Teatimer var resurss vepris, kā arī bloķēt novērst dažas problēmas ļaunprātīgu programmatūru.
    • Ja jums jau ir TeaTimer aktivizēta, skat apakšā šo ziņu par to, kā atspējot.
  • Vai ieteicams reģistra backup.
  • Instalēšanas laikā vienojas meklēt atjauninājumus tagad instalēt atjauninājumus.
  • Piekrītu Imunizēt sistēmu.
  • Pārliecinieties, ka jūs atstājat SDhelper (IE bad download bloķētājs) jāpārbauda, lai instalētu.
Pēc uzstādīšanas:
  • Vienmēr pārbaudiet jāatjaunina pirms braukšanas skenēšanu.
  • Ja Jums bad kontrolsumma kļūda, mēģinot atjaunot, tikai izvēlēties dažādus servera atrašanās vietu.
  • Arī meklēt Imunizēt iezīme Spybot un lietot.
    • Pirmkārt, kreisajā kolonnā noklikšķiniet uz imunizēt ikonas un tā pārbauda, lai redzētu, kas nepieciešams imunizēt.
    • Pēc tam, kad pabeigta, atstājiet noklusējuma iestatījumus un noklikšķiniet uz zaļš plus zīmi uz augšu, ka saka Imunizēt.
  • Aizvērt ALLpārlūkprogrammas logus.
  • Tagad noklikšķiniet Search & Destroy ikona. (augšējā kreisajā pusē)
  • Tad uz Augšējā izvēlnē noklikšķiniet uz Check problēmām pogu, lai sāktu skenēšanu.
    • Esiet pacietīgi, tas var būt, bet darboties.
    • Progress tiks parādīts statusa joslā apakšā loga.
    • Nav vadīt citus skenē laikā Spybot darbojas.
  • Kad skenēšana pabeigta pārliecinieties, ka atlasāt visu un pēc tam noklikšķiniet uz Fix izvēlēto problēmas uz top menu bar.
PIEZĪME: Anytime instalējat atjauninājumus Spybot pārbaude attiecībā uz jaunu immunizations, ievērojot iepriekš minētās darbības.

----------

Palaist jaunu skenēšanu ar HJT un pēc log pēc Spybot ir pabeigta.
__________________
  #3  
Old Janvāris 19, 2008, 15:11
Donors Group
  
Ok, šeit ir jaunā žurnāla:

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 5:09:34 gada 01/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ EvtEng.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ WLKeeper.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ RegSrvc.exe
C: \ Program Files \ CyberLink \ Shared Files \ RichVideo.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ Intel \ Bezvadu \ bin \ ZCfgSvc.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ ifrmewrk.exe
C: \ Program Files \ Dell \ dzīvžogs \ quickset.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ Intel \ Bezvadu \ Bin \ Dot1XCfg.exe
C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe
C: \ WINDOWS \ system32 \ Rundll32.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxsrvc.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ DOCUME ~ 1 \ sundeep \ Lokālie ~ 1 \ Temp \ clclean.0001
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Hamachi \ hamachi.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = *. vietējo
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Program Files \ Yahoo! \ NAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Program Files \ Intel \ Bezvadu \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Program Files \ Intel \ Bezvadu \ Bin \ ifrmewrk.exe" / tf Intel ProSet / Wireless
O4 - HKLM \ .. \ Run: [Dell dzīvžogs] C: \ Program Files \ Dell \ dzīvžogs \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe" / starta
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe / r
O4 - HKLM \ .. \ Run: [MBMon] Rundll32 CTMBHA.DLL, MBMon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [noturīgums] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel un Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø8 - ārpus konteksta menu item: Send to & Bluetooth Device ... - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: @ btrez.dll, -4.015 - (CCA281CA-C863-46ef-9.331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
Ø9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12.650 - (CCA281CA-C863-46ef-9.331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø10 - Broken interneta piekļuves dēļ LSP sniedzējs "c: \ Program Files \ Bonjour \ mdnsnsp.dll" trūkstošie
Ø16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
Ø16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
Ø16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klase) -- http://www.update.microsoft.com/micr...?1192932319484
Ø16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klase) -- http://www.update.microsoft.com/micr...?1192932290562
Ø20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ Google ~ 1 \ GOEC62 ~ 1.DLL
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) ProSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Bezvadu \ Bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1.050 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSInfo Framework Service (MSInfoFrv) - Unknown īpašnieks - C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MSInfnd.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
O23 - Service: Intel (R) ProSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Bezvadu \ Bin \ RegSrvc.exe
O23 - Service: CyberLink RichVideo Service (CRVS) (RichVideo) - Unknown īpašnieks - C: \ Program Files \ CyberLink \ Shared Files \ RichVideo.exe
O23 - Service: Intel (R) ProSet / Wireless dienests (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Bezvadu \ Bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) ProSet / Wireless SSO dienests (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Bezvadu \ Bin \ WLKeeper.exe

--
End of failu - 11.469 bytes
  #4  
Old Janvāris 19, 2008, 15:24
Moderator Group
  
I messed up daļu no iepriekšējos virzienos.

Log izskatās naudas sodu, lai gan, kā ir dators tagad?
__________________
  #5  
Old Janvāris 20, 2008, 07:40
Donors Group
  
Tā aizgāja! Thanks so much for your help!
  #6  
Old Janvāris 20, 2008, 09:48
Moderator Group
  
Izklausās labi. Es pa kreisi no download saiti no # 2 amata Spybot. Es ieteiktu ierīkošanas un ekspluatācijas skenēšanu ar to. Lejupielādēt Spybot-S & D Izmantot no # 2 amata instrukcijām, kas ir izveidota pareizi.


Tas ir labs laiks, lai notīrītu savu inficēto sistēmu atjaunošanas punktus un izveidot jaunu tīru atjaunošanas punktu:
  • Doties uz Sākums > All Programs > Piederumi > System Tools > System Restore
  • Izvēlēties Izveidot atjaunošanas punktuUn noklikšķiniet uz Nākamais.
  • Blakus, iet uz Sākums > Skriet un ievadiet cleanmgr
  • Izvēlieties Vairāk iespēju tab
  • Blakus System Restore klikšķi Clean up ...
Tas noņems punktus visu atjaunot, izņemot jaunu tikko izveidojāt.


Izbraukšana šo ziņu bezmaksas rīkus un padomus, kā uzturēt datoru un pats droši nākotnē.

Šo ziņu ir bezmaksas rīkus un padomus, lai saglabātu PC darbību netraucētu kas nākotnē.
__________________
  #7  
Old Janvāris 21, 2008, 04:57
Banned Group
  
Jums bija inficēti ar žurkām (Remote Administration Tool). Es do meklēt klog .* failu vai dzēst to, parasti vai nu system32 vai Windows mapē.

RAT's ir ļoti populāras script kiddies un izmantot cryptors novērstu AV atklāšanas un saistvielas, lai viņi var saistīt Trojas ar progr.

Kad es uzzināju, I got hacked by žurkām, lejupielādējot warez, man bija apskatīt programmu sevi, un tas bija crap slodzes funkciju keylog, webcam skatītājs, paroli cache. SO iespējas ir, kad esi dzirdējis mūziku spēlē, bija kāds manuāli iziet caur jūsu failus un atverot tos.

Ja Jums nākas sastapties ar pašu darbu, piemēram, mūzikas atskaņošanas laikā, parole mainīt vai pat savu webcam ieslēgts, tad tā vietā, uzstādot ķekars bezjēdzīgi AV programmu un Malware pārcelšanās crap. Pārbaudiet savu Installed Components šajā reģistrā.

HKEY_LOCAL_MACHINE> SOFTWARE> Microsoft> Active Setup> Installed Komponenti un vienkārši noklikšķiniet uz katras mapes un meklēt ierakstu tikai ir STUBPATH norāda uz. exe in system32 vai Windows mapē.

Lai redzētu, vai tas, ka. Exe ir aktīvas startēšanas, vadīt to un palaist to. Ja ir teikts, ka to izmanto cita programma un nosaukums. Exe isn't norādot savu procesu sarakstu, tad tas tiek injicēts citā procesā, piemēram, jūsu defualt broswer (IE). Tad jūs varat izmantot HJT svītrot šo failu pēc restart un acīmredzot izdzēst reģistra ierakstu.

RAT's ir tāds pats kā IRCBOT bet RAT tikko ir GUI, es ieteiktu Firewall, tāpēc, ja programma vēlas nejauši savienojumu ar internetu varat noliegt to un vēl lietojat programmu. Jo Trojas ir binded uz instalācijas failu, Trojas ekstrakti un izpilda, kad dodaties instalēt un mēģinās exteernal savienojumu un, ja jūs to bloķēt, tad jums ir Trojas bet Arnt inficēti, jo tas vienkārši sēdēt directory darot nekas.

Žēl tenkotājs on, ceru, ka tas jums ir devis plašāku redzesloku par apdraudējumu ar žurkām un IRCbots.

Brad
  #8  
Old Janvāris 21, 2008, 08:49
Donors Group
  
Hey Brad, paldies par info.
Es tā, ko tu teici un visus. Exe atsauces ar stubpaths ka es divreiz noklikšķinot nebija izmanto cita programma. So ... tas nozīmē es esmu ok?

Thanks for your help.
  #9  
Old Janvāris 21, 2008, 09:52
Moderator Group
  
Localhost jūs prātā, kas man kā jūsu ļaunprātīgas programmatūras noņemšanas atsauces materiāli? Kādā forumā jūs parasti palīdz malware izvešana.
__________________
  #10  
Old Janvāris 21, 2008, 10:57
Banned Group
  
Quote:
Originally Posted by sungod000 View Post
Hey Brad, paldies par info.
Es tā, ko tu teici un visus. Exe atsauces ar stubpaths ka es divreiz noklikšķinot nebija izmanto cita programma. So ... tas nozīmē es esmu ok?

Thanks for your help.
Vai tas vienkārši parāda stubpath un nekas cits? Jūs varētu būt apskatot nepareizu taustiņu. Tā tikai saka stubpath un tad vienkārši vietā.
Reply
Page 1 of 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Sulas.
Kontaktpersona -- Privacy -- Sitemap -- Augša

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO līdz 2009 vBSEO ©, Crawlability, Inc