[Coolyxxx]

Čau,
Nu, manu mammu lejupielādēt kaut ko un ugunsmūra nāca klajā ar kādu ziņu. Kaut kā tā ieguva uzstādītas pirms viņa man stāstīja. Tātad, skenē darbojas tagad, tas var aizņemt kādu laiku, jo tas ir lēns dators. Es nezinu, ko tas sauc gan, tas viss ir dīvaini simboli, līdz nesalasamībai. Got HijackThis log gan, vismaz viena lieta, nav ilgs laiks ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 8:53:31 gada 31/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ SYSTEM32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ SYSTEM32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ Program Files \ DAP \ DAP.EXE
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Malwarebytes "Anti-Malware \ mbam.exe
C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Avast4 \ ashSimpl.exe
C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe
C: \ Program Files \ Avast4 \ setup \ avast.setup

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window title = Windows Internet Explorer, ko Administrator Kevin
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = vietējā
R3 - URLSearchHook: (no name) - (0A94B116-4.504-4e26-AB05-E61E474AA38B) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [Avast!] C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ RunOnce: [Malwarebytes "Anti-Malware] C: \ Program Files \ Malwarebytes" Anti-Malware \ mbamgui.exe / install / kluss
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: AEO ¶ ¯ · ÉËÙÍÁ ¶ ¹. LNK =?
Ø8 - ārpus konteksta menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
Ø8 - ārpus konteksta menu item: & Download ar & DAP - C: \ Program Files \ DAP \ dapextie.htm
Ø8 - ārpus konteksta menu item: Download & visi ar DAP - C: \ Program Files \ DAP \ dapextie2.htm
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
Ø9 - Extra 'Tools' MENUITEM:?? QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (17.492.023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
Ø16 - DPF: (4F1E5B1A-2A80-42CA-8.532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab
Ø16 - DPF: (5D6F45B3-9.043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
Ø16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klase) -- http://update.microsoft.com/microsof...?1133040258574
Ø16 - DPF: (8E0D4DE5-3.180-4.024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe
O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: Avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe
O23 - Service: Avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe
O23 - Service: Avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe

--
End of failu - 7.692 bytes
_______________________________________________
Any help is appreciated.
BTW. Es nevaru atrast ikona, kas izskatās kā "uninstall" uz mani, tāpēc atinstalēt nebūs iespēja ...

[Coolyxxx]

Labi. Es pa kreisi skenē braukt pa nakti, bet SuperAntiSpyware tur sastopas ar problēmām un slēgts ... Man ir Malwarebytes log šeit:

Malwarebytes "Anti-Malware 1,30
Database version: 1.343
Windows 5.1.2600 Service Pack 3

1/11/2008 9:19:03
mbam-log-2008-11-01 (09-19-03). txt

Scan type: Full Scan (C: \ | D: \ | E: \ |)
Objekti skenēts: 190.626
Laiks pagājis kopš: 3 stunda (s) 56 minūte (s), 28 second (s)

Memory Processes Inficētie: 0
Memory Modules Inficētie: 0
Registry Keys Inficētie: 0
Reģistra vērtības Inficētie: 0
Registry Data Items Infected: 0
Mapes Inficētie: 0
Faili Inficētie: 2

Atmiņas procesi Inficētie:
(No ļaunprātīgs preces konstatētas)

Memory Modules Inficētie:
(No ļaunprātīgs preces konstatētas)

Registry Keys Inficētie:
(No ļaunprātīgs preces konstatētas)

Reģistra vērtības Inficētie:
(No ļaunprātīgs preces konstatētas)

Registry Data Items Infected:
(No ļaunprātīgs preces konstatētas)

Mapes Inficētie:
(No ļaunprātīgs preces konstatētas)

Faili Inficētie:
C: \ WINDOWS \ system32 \ _005069_.tmp.dll (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ WINDOWS \ system32 \ _005101_.tmp.dll (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.

[Glaswegian]

Čau

Turpināt skenē jūs izmantojat, pēc tam izpildiet šos norādījumus.

Lejupielādēt ComboFix no vienas no šīm vietām:

Link 1
Link 2
Link 3

* SVARĪGI! Saglabāt ComboFix.exe jūsu Desktop

• Atslēgt antivīrusu un AntiSpyware programmas, parasti ar labo klikšķi uz sistēmas ikonu. Tie var citādi traucēt mūsu rīkus
• Divreiz uzklikšķiniet uz ComboFix.exe un sekojiet norādījumiem.
• Kā daļu no tā procesa, ComboFix pārbaudīs, vai Microsoft Windows atkopšanas konsole ir instalēta. Ar malware infekciju ir, jo tie ir šodien, ir ļoti ieteicams saņemt šo iepriekš instalēta jūsu datorā, pirms tam jebkurā malware izvešana. Tas ļaus jums boot augšup īpašu reģenerācijas uzņēmumiem / remonta veids, kas ļaus mums vieglāk palīdzēt jums jūsu datorā ir problēmas pēc tam, kad mēģināja novērst ļaunprātīgu programmatūru.
• Sekojiet, lai ComboFix lejupielādēt un instalēt Microsoft Windows atkopšanas konsoli, un ja tiek prasīts, piekrist Gala lietotāja licences līgumu, lai uzstādītu Microsoft Windows atkopšanas konsoli.

** Lūdzu, ņemiet vērā: ja Microsoft Windows atkopšanas konsole ir jau instalēta, ComboFix turpinās tas malware izraidīšanas procedūras.

Kad Microsoft Windows atkopšanas konsole ir instalēta, izmantojot ComboFix, jums vajadzētu redzēt sekojošu vēstījumu:




Noklikšķiniet uz JāTurpināt meklētu ļaunprātīgu programmatūru.

Kad pabeigts, ComboFix uzrāda log for you. Lūdzu, iekļaujiet C: \ ComboFix.txt Jūsu nākamo atbildi, alog ar citiem reģistriem.

[Coolyxxx]

Kāda iemesla dēļ ComboFix slēgts SuperAntiSpyware kamēr tā skenēšana, tāpēc ir jāatsāk tūlīt. Un Avast! neieslēdzas par saistību neizpildi vairs ... Atvērt programmu, bet tas vēl nav sistēmas teknē lieta ... Un programmā, kas manu mammu lejupielādēt ir iestatīts, lai darbotos ar starta ... Log šeit anyway:

ComboFix 08-10-30.13 - Vip 2008-11-01 9:36:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.732 [GMT 11:00]
Sākot no: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe
* Izveido jaunu atjaunošanas punktu
.

((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ Warcraft III \ _desktop.ini
C: \ WINDOWS \ system32 \ _005058_.tmp.dll
C: \ WINDOWS \ system32 \ _005059_.tmp.dll
C: \ WINDOWS \ system32 \ _005060_.tmp.dll
C: \ WINDOWS \ system32 \ _005061_.tmp.dll
C: \ WINDOWS \ system32 \ _005068_.tmp.dll
C: \ WINDOWS \ system32 \ _005070_.tmp.dll
C: \ WINDOWS \ system32 \ _005071_.tmp.dll
C: \ WINDOWS \ system32 \ _005072_.tmp.dll
C: \ WINDOWS \ system32 \ _005073_.tmp.dll
C: \ WINDOWS \ system32 \ _005074_.tmp.dll
C: \ WINDOWS \ system32 \ _005075_.tmp.dll
C: \ WINDOWS \ system32 \ _005076_.tmp.dll
C: \ WINDOWS \ system32 \ _005077_.tmp.dll
C: \ WINDOWS \ system32 \ _005078_.tmp.dll
C: \ WINDOWS \ system32 \ _005079_.tmp.dll
C: \ WINDOWS \ system32 \ _005080_.tmp.dll
C: \ WINDOWS \ system32 \ _005081_.tmp.dll
C: \ WINDOWS \ system32 \ _005082_.tmp.dll
C: \ WINDOWS \ system32 \ _005084_.tmp.dll
C: \ WINDOWS \ system32 \ _005087_.tmp.dll
C: \ WINDOWS \ system32 \ _005088_.tmp.dll
C: \ WINDOWS \ system32 \ _005092_.tmp.dll
C: \ WINDOWS \ system32 \ _005093_.tmp.dll
C: \ WINDOWS \ system32 \ _005094_.tmp.dll
C: \ WINDOWS \ system32 \ _005095_.tmp.dll
C: \ WINDOWS \ system32 \ _005096_.tmp.dll
C: \ WINDOWS \ system32 \ _005097_.tmp.dll
C: \ WINDOWS \ system32 \ _005098_.tmp.dll
C: \ WINDOWS \ system32 \ _005099_.tmp.dll
C: \ WINDOWS \ system32 \ _005100_.tmp.dll
C: \ WINDOWS \ system32 \ _005102_.tmp.dll
C: \ WINDOWS \ system32 \ _005103_.tmp.dll
C: \ WINDOWS \ system32 \ _005104_.tmp.dll
C: \ WINDOWS \ system32 \ _005106_.tmp.dll
C: \ WINDOWS \ system32 \ _005107_.tmp.dll
C: \ WINDOWS \ system32 \ _005108_.tmp.dll
C: \ WINDOWS \ system32 \ _005109_.tmp.dll
C: \ WINDOWS \ system32 \ _005110_.tmp.dll
C: \ WINDOWS \ system32 \ _005111_.tmp.dll
C: \ WINDOWS \ system32 \ _005112_.tmp.dll
C: \ WINDOWS \ system32 \ _005115_.tmp.dll
C: \ WINDOWS \ system32 \ _005116_.tmp.dll
C: \ WINDOWS \ system32 \ _005117_.tmp.dll
C: \ WINDOWS \ system32 \ _005118_.tmp.dll
C: \ WINDOWS \ system32 \ _005119_.tmp.dll
C: \ WINDOWS \ system32 \ _005121_.tmp.dll
C: \ WINDOWS \ system32 \ _005122_.tmp.dll
C: \ WINDOWS \ system32 \ _005123_.tmp.dll
C: \ WINDOWS \ system32 \ _005125_.tmp.dll
C: \ WINDOWS \ system32 \ _005128_.tmp.dll
C: \ WINDOWS \ system32 \ _005129_.tmp.dll
C: \ WINDOWS \ system32 \ _005133_.tmp.dll
C: \ WINDOWS \ system32 \ _005134_.tmp.dll
C: \ WINDOWS \ system32 \ _005136_.tmp.dll
C: \ WINDOWS \ system32 \ _005137_.tmp.dll
C: \ WINDOWS \ system32 \ _005139_.tmp.dll
C: \ WINDOWS \ system32 \ _005141_.tmp.dll
C: \ WINDOWS \ system32 \ _005142_.tmp.dll
C: \ WINDOWS \ system32 \ _005143_.tmp.dll
C: \ WINDOWS \ system32 \ _005144_.tmp.dll
C: \ WINDOWS \ system32 \ _005147_.tmp.dll
C: \ WINDOWS \ system32 \ _005148_.tmp.dll
C: \ WINDOWS \ system32 \ _005149_.tmp.dll
C: \ WINDOWS \ system32 \ _005150_.tmp.dll
C: \ WINDOWS \ system32 \ _005151_.tmp.dll
C: \ WINDOWS \ system32 \ _005156_.tmp.dll
C: \ WINDOWS \ system32 \ _005158_.tmp.dll
C: \ WINDOWS \ system32 \ Cache
C: \ WINDOWS \ system32 \ Cfx32.lic
C: \ WINDOWS \ system32 \ cfx32.ocx

.
((((((((((((((((((((((((((((((((((((((( Drivers / Pakalpojumi )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_NPF


((((((((((((((((((((((((( Faili Created no 2008/09/28 līdz 2008/10/31 ))))))))))) ))))))))))))))))))))
.

2008/10/31 20:45. 2008/10/31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com
2008/10/31 20:45. 2008/10/31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes
2008/10/31 20:33. 2008/10/31 20:33 <DIR> d -------- C: \ Program Files \ Tudou
2008/10/24 12:04. 2008/10/16 03:34 337.408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ netapi32.dll
2008/10/15 20:43. 2008/09/15 23:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ win32k.sys
2008/10/15 20:43. 2008/09/08 21:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ srv.sys
2008/10/15 20:42. 2008/08/14 21:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe
2008/10/15 20:42. 2008/08/14 21:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlmp.exe
2008/10/15 20:42. 2008/08/14 20:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe
2008/10/15 20:42. 2008/08/14 20:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrpamp.exe
2008/09/18 19:05. 2008/10/31 20:52 <DIR> d -------- C: \ Program Files \ Avast4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/10/31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III
2008/10/31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008/10/31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes "Anti-Malware
2008/10/31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008/10/22 05:10 38.496 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008/10/22 05:10 15.504 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008/10/09 06:46 --------- d ----- w C: \ Program Files \ PPStream
2008/10/09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2008/10/09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008/09/18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ Ahead
2008/09/08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2008/04/14 15.360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001/07/09 155.648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008/06/10 144.784]
"ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006/01/02 45.056]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2008/04/14 15.360]

C: \ Documents and Settings \ Vip \ Start Menu \ Programs \ Startup \
"" Ôîú ÓëÖμôû.lnk - C: \ Program Files \ Tudou \ ú ÓëTudou \ TudouVa.exe [2008/07/06 3.248.128]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ SYSTEM]
"DisableChangePassword" = 1 (0x1)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ Explorer]
"NoAutoUpdate" = 1 (0x1)
"MaxRecentDocs" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7.826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006/04/24 282.624]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008/05/13 77.824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon]
2008/10/09 14:31 352.256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.I420" = i420vfw.dll
"aux" = ctwdm32.dll
"VIDC.HFYU" = huffyuv.dll
"VIDC.X264" = x264vfw.dll
"VIDC.3iv2" = 3ivxVfWCodec.dll
"VIDC.VP31" = vp31vfw.dll
"msacm.l3fhg" = mp3fhg.acm
"msacm.ac3filter" = ac3filter.acm

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Adobe Reader Speed Launch.lnk]
backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Startup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Adobe Reader Synchronizer.lnk]
backup = C: \ WINDOWS \ PSS \ Adobe Reader Synchronizer.lnkCommon Startup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ WinZip Quick Pick.lnk]
backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Startup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ Azureus Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ Azureus Ultra Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ BitTorrent Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ BitTorrent Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ emule Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ emule Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ limewire On Startup.lnk]
backup = C: \ WINDOWS \ PSS \ limewire On Startup.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ limewire Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ limewire Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ PowerReg plānotājs V3.exe]
backup = C: \ WINDOWS \ PSS \ PowerReg plānotājs V3.exeStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ Reģistrācijas Tom Clancy's Rainbow Six]
backup = C: \ WINDOWS \ PSS \ Registration Tom Clancy's Rainbow SixStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ SpeedFan.lnk]
backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ Thoosje Sidebar.lnk]

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ WordWeb.lnk]
backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \! AVG Anti-Spyware
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ BitTorrent
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Boss Key
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ CmCardRun
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ CursorXP
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ EasyTuneVPro
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ iTunesHelper
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ LogonStudio
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ OrderReminder
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ RecordPadRun
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ SpeedOptimizer
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ SWG
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Veoh

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Adobe Photo Downloader]
- ------ 2005/09/09 01:18 57.344 C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)]
- ------ 2006/04/21 18:03 94.208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Daemon Tools]
- ------ 2005/12/11 01:57 133.016 C: \ Program Files \ Daemon Tools \ daemon.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ LanguageShortcut]
- ------ 2006/04/13 12:09 49.152 C: \ Program Files \ CyberLink \ PowerDVD \ Language \ Language.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ QuickTime Task]
- ------ 2008/03/29 00:37 413.696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ RemoteControl]
- ------ 2005/12/07 23:57 30.208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2008/09/16 12:16 1.833.296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Steam]
- ------ 2008/03/29 09:39 1.271.032 C: \ Valve \ Steam \ Steam.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Uniblue RegistryBooster 2]
- ------ 2007/12/05 16:06 1.885.464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Uniblue SpeedUpMyPC]
- ------ 2008/01/29 09:46 9.442.584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ WinampAgent]
- ------ 2008/04/02 05:49 36.352 C: \ Program Files \ Winamp \ winampa.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ BluetoothAuthenticationA Gent]
- ------ 2008/04/14 06:42 110.592 C: \ WINDOWS \ system32 \ bthprops.cpl

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ C-Media Mixer]
- ------ 2003/03/20 17:21 1.855.488 C: \ WINDOWS \ mixer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ pakalpojumi]
"WMPNetworkSvc" = 3 (0x3)
"gusvc" = 3 (0x3)
"RichVideo" = 2 (0x2)
"BthServ" = 2 (0x2)
"iPod Service" = 3 (0x3)
"Apple Mobile Device" = 2 (0x2)
"LiveUpdate Notice Service" = 2 (0x2)
"VideoAcceleratorEngine" = 3 (0x3)
"MDM" = 2 (0x2)
"IDriverT" = 3 (0x3)
"aawservice" = 3 (0x3)
"PDEngine" = 3 (0x3)
"PDAgent" = 3 (0x3)
"PML Driver HPZ12" = 3 (0x3)
"CPUCooLServer" = 2 (0x2)
"usnjsvc" = 3 (0x3)
"AdobeActiveFileMonitor4.0" = 2 (0x2)
"WLSetupSvc" = 3 (0x3)
"cmdAgent" = 2 (0x2)
"FLEXnet Licensing Service" = 3 (0x3)
"Bonjour Service" = 2 (0x2)
"OSE" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring]
"DisableMonitoring" = DWORD: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = DWORD: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = DWORD: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ DAP \ \ DAP.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"<Nav Nosaukums>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" =
"C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" =
"C: \ \ Program Files \ \ Tudou \ \ · ÉËÙTudou \ \ TudouVa.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3.389: TCP" = 3.389: TCP: *: Disabled: @ xpsp2res.dll, -22.009
"15.394: TCP" = 15.394: TCP: *: Disabled: BitComet 15.394 TCP
"15.394: UDP" = 15.394: UDP: *: Disabled: BitComet 15.394 UDP
"6.555: TCP" = 6.555: TCP: *: Disabled: BitComet 6.555 TCP
"6.555: UDP" = 6.555: UDP: *: Disabled: BitComet 6.555 UDP

R1 aswSP; Avast! Pašaizsardzībai, C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008/07/20 78.416]
R1 atitray; atitray, C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007/05/22 18.088]
R2 aswFsBlk; aswFsBlk, C: \ WINDOWS \ system32 \ drivers \ aswF sBlk.sys [2008/07/20 20.560]
R2 ROCKEYNT; ROCKEYNT, C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005/01/04 18.223]
R2 SBKUPNT; SBKUPNT, C: \ WINDOWS \ System32 \ Drivers \ SBKUPN T. SYS [2001/07/13 14.976]
S3 motccgp; Motorola USB Composite Device Driver, C: \ WINDOWS \ system32 \ drivers \ motccgp.sys [2007/06/18 17.920]
S3 motccgpfl; MotCcgpFlService, C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007/01/22 7.680]
S3 MotDev; Motorola Inc USB Device, C: \ WINDOWS \ system32 \ drivers \ motodrv.sys [2007/05/07 42.112]
S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ drivers \ wg111v2.sys [2006/03/16 167.808]
S3 XDva042; XDva042, C: \ WINDOWS \ system32 \ XDva042.sys []
.
Saturs "Scheduled Tasks" mape

2008/10/01 C: \ WINDOWS \ Uzdevumi \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007/08/29 14:57]

2008/10/27 C: \ WINDOWS \ Uzdevumi \ Uniblue SpeedUpMyPC Nag.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2007/05/14 C: \ WINDOWS \ Uzdevumi \ Uniblue SpeedUpMyPC.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2008/10/25 C: \ WINDOWS \ Uzdevumi \ Uniblue SpyEraser Nag.job
- C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe []
.
- - - - Bāreņiem likvidētas - - - --

URLSearchHooks-(0A94B116-4.504-4e26-AB05-E61E474AA38B) - (no file)
ShellIconOverlayIdentifiers-hex (2): 7b, 38,41,34,32,44,46,42,46,2 d, 37,38,36,38,2 d, 34,30,32,39,2 d, 39, 35,38, \ - (no file)
ShellExecuteHooks-(E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA) - (no file)
MSConfigStartUp-Comodo Firewall Pro - C: \ Program Files \ Comodo \ Firewall \ cfp.exe
MSConfigStartUp-EzPrint - C: \ Program Files \ Lexmark 4.300 Series \ ezprint.exe
MSConfigStartUp-FaxCenterServer - C: \ Program Files \ Lexmark Fakss Solutions \ fm3032.exe
MSConfigStartUp-TkBellExe - C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
MSConfigStartUp-Uniblue SpyEraser - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe


.
------- Papildu Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Vip \ Application Data \ Mozilla \ Firefox \ Profiles \ 19piaa5b.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / hk.yahoo.com /
.
.
------- File Associations -------
.
txtfile = C: \ WINDOWS \ NOTEPAD.EXE% 1
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/11/01 09:42:02
Windows 5.1.2600 Service Pack 3 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptos failus: 0

************************************************** ************************
.
------------------------ Citi Running Processes ----------------------- --
.
C: \ WINDOWS \ system32 \ ati2evxx.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ ati2evxx.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ system32 \ searchindexer.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ system32 \ imapi.exe
.
************************************************** ************************
.
Pabeigšanas laiks: 2008/11/01 9:47:03 - mašīna bija rebooted
ComboFix-karantīnā-files.txt 2008/10/31 22:46:53

Pre-Run: 17476198400 bytes free
Post-Run: 17429176320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[operating systems]
C: \ Cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = optin / fastdetect

335 --- EOF --- 2008/10/24 09:01:23
__________________________________________________ _________________________________________________

EDIT: Es biju noklikšķinot apkārt un es atklāju, ikona, kas izskatās kā atinstalēt. Es noklikšķinājis un tas sāka atinstalēt (vai vismaz es ceru, ka tā bija), jo tas bija dīvaini simboli.

[Coolyxxx]

SuperAntiSpyware log. Man bija jādara ātrs, jo tas vienmēr nāks klajā ar kļūdu, es darīju pilnu skenēšanu.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/01/2008 at 11:45

Application Version: 4.21.1004

Core Noteikumi Database Version: 3.618
Trace Noteikumi Database Version: 1603

Scan type: Quick Scan
Kopā Scan Time: 00:35:28

Atmiņas vienības skenēts: 490
Memory draudiem detected: 0
Reģistra vienības skenēts: 436
Reģistrs draudiem detected: 0
File preces skenēts: 33.788
File draudiem detected: 2

Trojan.Vundo-Variants / F
C: \ WINDOWS \ SYSTEM32 \ AZIPCONTMN.DLL
C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL

[Glaswegian]

Hi again

Lūdzu, klikšķiniet uz kaut vai darbināt vairāk skenē, ja es ieteiktu Jums darīt. Tas tikai padara lietas jauc man - Es redzu ierakstu kādā žurnālā, taču tas ir aizgājis no nākamā un tā tālāk - paldies.

Man ir aizdomas, šī ir problēma

C: \ Program Files \ Tudou

ja vien jūsu mammai ir ventilators ar ķīniešu valodā YouTube.

Es gribu būt apskatīt šos divus failus atrast ar SAS.


Lūdzu, apmeklējiet: VirusTotal

• In vidū lapā jūs atradīsiet "Pārlūkot"Button.
  
  
  
  Noklikšķiniet uz "Browse" pogu un atrodiet šo failu RED:
  
  C: \ WINDOWS \ SYSTEM32 \ AZIPCONTMN.DLL

• Noklikšķiniet uz "Atvērt".
• Pēc tam noklikšķiniet uz "Nosūtīt failu"Pogas apakšā VirusTotal lapā.
• Šajā skenēs failu. Lūdzu, esiet pacietīgi.
• Kad skenēts, kopējiet un ielīmējiet rezultātus nākamo atbildi.

Atkārtojiet iepriekš šo datni, kā labi.

C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL




Combofix

• Aizveriet visus atvērtos pārlūkprogrammas.
• Atvērt notepad un copy / paste teksta lodziņā zem vērā tā:

Kods:

  Mape::
  C: \ Program Files \ Tudou 

Aplūkojot attēlu zemāk kā piemērs



Saglabāt kā CFScript.txtJo tajā pašā vietā kā ComboFix.exe




Atsaucoties uz attēlu augstāk, velciet CFScript onto ComboFix.exe.

Kad pabeigts, tas rada žurnāls ar jums "C: \ ComboFix.txt"

Nav mouseclick combofix loga kamēr tas darbojas. Tas var izraisīt to apstāsies.

UZMANĪBU! Kāds cits domā izmantot iepriekšminēto skriptu dara to uz savu risku - Jums var nonākt no jauna instalēt Windows!


Lūdzu, sūtiet log C: \ ComboFix.txt , VirusTotal rezultātus un svaigu HijackThis Log par turpmāku pārskatīšanu.

[Coolyxxx]

Jā mans klusējošs pulkstenis Daži Ķīnas video ... Es nevarēju atrast failus, ja pārlūkošanu VirusTotal. Es pat devās uz tiem, explorer, un nevarēja atrast abas. Got logs:
ComboFix:

ComboFix 08-11-01.01 - Vip 2008-11-02 10:36:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.865 [GMT 11:00]
Sākot no: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe
Komandu slēdžus izmanto:: C: \ Documents and Settings \ Vip \ Desktop \ CFScript.txt
* Izveido jaunu atjaunošanas punktu
.

((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ Tudou

.
((((((((((((((((((((((((( Faili Created no 2008/10/01 līdz 2008/11/01 ))))))))))) ))))))))))))))))))))
.

2008/11/01 09:55. 2008/11/01 09:55 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Uniblue
2008/10/31 20:45. 2008/10/31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com
2008/10/31 20:45. 2008/10/31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes
2008/10/24 12:04. 2008/10/16 03:34 337.408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ netapi32.dll
2008/10/15 20:43. 2008/09/15 23:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ win32k.sys
2008/10/15 20:43. 2008/09/08 21:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ srv.sys
2008/10/15 20:42. 2008/08/14 21:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe
2008/10/15 20:42. 2008/08/14 21:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlmp.exe
2008/10/15 20:42. 2008/08/14 20:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe
2008/10/15 20:42. 2008/08/14 20:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/10/31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III
2008/10/31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008/10/31 09:52 --------- d ----- w C: \ Program Files \ Avast4
2008/10/31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes "Anti-Malware
2008/10/31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008/10/22 05:10 38.496 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008/10/22 05:10 15.504 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008/10/09 06:46 --------- d ----- w C: \ Program Files \ PPStream
2008/10/09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2008/10/09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008/09/18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ Ahead
2008/09/15 12:12 1.846.400 ---- aw C: \ WINDOWS \ system32 \ win32k.sys
2008/09/08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ srv.sys
2008/08/28 07:46 74.752 ---- aw C: \ WINDOWS \ system32 \ msw3prt.dll
2008/08/28 07:46 104.960 ---- aw C: \ WINDOWS \ system32 \ win32spl.dll
2008/08/26 07:24 826.368 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
2008/08/14 10:11 2.189.184 ---- aw C: \ WINDOWS \ system32 \ ntoskrnl.exe
2008/08/14 09:33 2.066.048 ---- aw C: \ WINDOWS \ system32 \ Ntkrnlpa.exe
2008/07/29 12:05 32.768 - SHA-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ Vēsture \ History.IE5 \ MSHist012008072920080 730 \ index.dat
.

((((((((((((((((((((((((((((( Momentuzņēmums @ 2008-11-01_ 9.46.14.14 ))))))))))) ))))))))))))))))))))))))))))))
.
- 2008/10/31 22:41:26 16.384 ---- Rokām un nagiem C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat
+ 2008/11/01 23:26:02 16.384 ---- Rokām un nagiem C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2008/04/14 15.360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001/07/09 155.648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008/06/10 144.784]
"ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006/01/02 45.056]
"Avast" = "C: \ Program Files \ Avast4 \ ashDisp.exe" [2008/07/20 78.008]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2008/04/14 15.360]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ SYSTEM]
"DisableChangePassword" = 1 (0x1)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ Explorer]
"NoAutoUpdate" = 1 (0x1)
"MaxRecentDocs" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7.826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006/04/24 282.624]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008/05/13 77.824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon]
2008/10/09 14:31 352.256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.I420" = i420vfw.dll
"aux" = ctwdm32.dll
"VIDC.HFYU" = huffyuv.dll
"VIDC.X264" = x264vfw.dll
"VIDC.3iv2" = 3ivxVfWCodec.dll
"VIDC.VP31" = vp31vfw.dll
"msacm.l3fhg" = mp3fhg.acm
"msacm.ac3filter" = ac3filter.acm

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Adobe Reader Speed Launch.lnk]
backup = C: \ WINDOWS \ PSS \ Adobe Reader Speed Launch.lnkCommon Startup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Adobe Reader Synchronizer.lnk]
backup = C: \ WINDOWS \ PSS \ Adobe Reader Synchronizer.lnkCommon Startup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ WinZip Quick Pick.lnk]
backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Startup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ Azureus Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ Azureus Ultra Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ BitTorrent Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ BitTorrent Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ emule Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ emule Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ limewire On Startup.lnk]
backup = C: \ WINDOWS \ PSS \ limewire On Startup.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ limewire Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ PSS \ limewire Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ PowerReg plānotājs V3.exe]
backup = C: \ WINDOWS \ PSS \ PowerReg plānotājs V3.exeStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ Reģistrācijas Tom Clancy's Rainbow Six]
backup = C: \ WINDOWS \ PSS \ Registration Tom Clancy's Rainbow SixStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ SpeedFan.lnk]
backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ Thoosje Sidebar.lnk]

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ Kevin ^ Start Menu Programs ^ ^ Startup ^ WordWeb.lnk]
backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \! AVG Anti-Spyware
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ BitTorrent
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Boss Key
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ CmCardRun
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ CursorXP
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ EasyTuneVPro
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ iTunesHelper
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ LogonStudio
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ OrderReminder
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ RecordPadRun
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ SpeedOptimizer
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ SWG
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Veoh

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Adobe Photo Downloader]
- ------ 2005/09/09 01:18 57.344 C: \ Program Files \ Adobe \ Photoshop Elements 4,0 \ apdproxy.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)]
- ------ 2006/04/21 18:03 94.208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Daemon Tools]
- ------ 2005/12/11 01:57 133.016 C: \ Program Files \ Daemon Tools \ daemon.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ LanguageShortcut]
- ------ 2006/04/13 12:09 49.152 C: \ Program Files \ CyberLink \ PowerDVD \ Language \ Language.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ QuickTime Task]
- ------ 2008/03/29 00:37 413.696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ RemoteControl]
- ------ 2005/12/07 23:57 30.208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2008/09/16 12:16 1.833.296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Steam]
- ------ 2008/03/29 09:39 1.271.032 C: \ Valve \ Steam \ Steam.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Uniblue RegistryBooster 2]
- ------ 2007/12/05 16:06 1.885.464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Uniblue SpeedUpMyPC]
- ------ 2008/01/29 09:46 9.442.584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ WinampAgent]
- ------ 2008/04/02 05:49 36.352 C: \ Program Files \ Winamp \ winampa.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ BluetoothAuthenticationA Gent]
- ------ 2008/04/14 06:42 110.592 C: \ WINDOWS \ system32 \ bthprops.cpl

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ C-Media Mixer]
- ------ 2003/03/20 17:21 1.855.488 C: \ WINDOWS \ mixer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ pakalpojumi]
"WMPNetworkSvc" = 3 (0x3)
"gusvc" = 3 (0x3)
"RichVideo" = 2 (0x2)
"BthServ" = 2 (0x2)
"iPod Service" = 3 (0x3)
"Apple Mobile Device" = 2 (0x2)
"LiveUpdate Notice Service" = 2 (0x2)
"VideoAcceleratorEngine" = 3 (0x3)
"MDM" = 2 (0x2)
"IDriverT" = 3 (0x3)
"aawservice" = 3 (0x3)
"PDEngine" = 3 (0x3)
"PDAgent" = 3 (0x3)
"PML Driver HPZ12" = 3 (0x3)
"CPUCooLServer" = 2 (0x2)
"usnjsvc" = 3 (0x3)
"AdobeActiveFileMonitor4.0" = 2 (0x2)
"WLSetupSvc" = 3 (0x3)
"cmdAgent" = 2 (0x2)
"FLEXnet Licensing Service" = 3 (0x3)
"Bonjour Service" = 2 (0x2)
"OSE" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring]
"DisableMonitoring" = DWORD: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = DWORD: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = DWORD: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ DAP \ \ DAP.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"<Nav Nosaukums>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" =
"C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3.389: TCP" = 3.389: TCP: *: Disabled: @ xpsp2res.dll, -22.009
"15.394: TCP" = 15.394: TCP: *: Disabled: BitComet 15.394 TCP
"15.394: UDP" = 15.394: UDP: *: Disabled: BitComet 15.394 UDP
"6.555: TCP" = 6.555: TCP: *: Disabled: BitComet 6.555 TCP
"6.555: UDP" = 6.555: UDP: *: Disabled: BitComet 6.555 UDP

R1 aswSP; Avast! Pašaizsardzībai, C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008/07/20 78.416]
R1 atitray; atitray, C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007/05/22 18.088]
R2 aswFsBlk; aswFsBlk, C: \ WINDOWS \ system32 \ drivers \ aswF sBlk.sys [2008/07/20 20.560]
R2 ROCKEYNT; ROCKEYNT, C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005/01/04 18.223]
R2 SBKUPNT; SBKUPNT, C: \ WINDOWS \ System32 \ Drivers \ SBKUPN T. SYS [2001/07/13 14.976]
S3 motccgp; Motorola USB Composite Device Driver, C: \ WINDOWS \ system32 \ drivers \ motccgp.sys [2007/06/18 17.920]
S3 motccgpfl; MotCcgpFlService, C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007/01/22 7.680]
S3 MotDev; Motorola Inc USB Device, C: \ WINDOWS \ system32 \ drivers \ motodrv.sys [2007/05/07 42.112]
S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ drivers \ wg111v2.sys [2006/03/16 167.808]
S3 XDva042; XDva042, C: \ WINDOWS \ system32 \ XDva042.sys []
.
Saturs "Scheduled Tasks" mape

2008/10/01 C: \ WINDOWS \ Uzdevumi \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007/08/29 14:57]

2008/10/27 C: \ WINDOWS \ Uzdevumi \ Uniblue SpeedUpMyPC Nag.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2007/05/14 C: \ WINDOWS \ Uzdevumi \ Uniblue SpeedUpMyPC.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2008/10/25 C: \ WINDOWS \ Uzdevumi \ Uniblue SpyEraser Nag.job
- C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe []
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/11/02 10:39:31
Windows 5.1.2600 Service Pack 3 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptos failus: 0

************************************************** ************************
.
Pabeigšanas laiks: 2008/11/02 10:41:44
ComboFix-karantīnā-files.txt 2008/11/01 23:41:32
ComboFix2.txt 2008/10/31 22:47:05

Pre-Run: 17222828032 bytes free
Post-Run: 17200967680 bytes free

233 --- EOF --- 2008/10/24 09:01:23
__________________________________________________ _________________________

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 10:50:19, uz 2/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Avast4 \ ashDisp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = vietējā
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [Avast] C: \ Program Files \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
Ø8 - ārpus konteksta menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
Ø8 - ārpus konteksta menu item: & Download ar & DAP - C: \ Program Files \ DAP \ dapextie.htm
Ø8 - ārpus konteksta menu item: Download & visi ar DAP - C: \ Program Files \ DAP \ dapextie2.htm
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
Ø9 - Extra 'Tools' MENUITEM:?? QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (17.492.023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
Ø16 - DPF: (4F1E5B1A-2A80-42CA-8.532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab
Ø16 - DPF: (5D6F45B3-9.043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
Ø16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klase) -- http://update.microsoft.com/microsof...?1133040258574
Ø16 - DPF: (8E0D4DE5-3.180-4.024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe
O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: Avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe
O23 - Service: Avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe
O23 - Service: Avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe

--
End of failu - 6.734 bytes

[Glaswegian]

Čau

Šie divi faili netika konstatējusi combofix, tāpēc man nav reāli sagaidīt, tos tur.

Kā sistēma darbojas tagad?

Let's palaist tiešsaistes skenēšanu.

Veikt online scan ar Panda ActiveScan

• Noklikšķiniet uz Scan Your PC Now
• "Pop up" logā parādīsies, vai jaunā cilnē atvērsies.
• Noklikšķiniet uz Reģistrēties
• Izvēlieties jūs izvēle tāpat kā lielākā daļa, taču mēs iesakām Bezmaksas reģistrācija.
• Noklikšķiniet uz Reģistrēties
• Ievadiet savu e-pasta adresi, un izveidot paroli.
• Izvēlieties "Es nevēlos, lai saņemtu jebkāda veida informāciju". (Ja vien vēlaties saņemt šāda informācija)
• Noklikšķiniet uz Sūtīt
• Apstipriniet reģistrāciju, un turpiniet, ievadot Jūsu lietotāja vārdu un paroli, pēc tam noklikšķiniet uz Enter
• Izvēlieties Full Scan, tad noklikšķiniet uz Scan Now
• Sagaidiet sastāvdaļām tikt ielādēta un uzstādīta. Neaizveriet šo logu vai dodieties uz citu lapu, kamēr tā ir lejupielādēt. Jūs varat turpināt izmantot internetu, atverot citu logu jūsu pārlūkprogrammā.
• Ja tā konstatē, ka kāds malware var dezinficēt, Dezinficējiet poga tiks aktivizēta. Noklikšķiniet uz Dezinficēt
• Lūdzu ignorēt piedāvājumu iegādāties programmu. Noklikšķiniet uz Eksportam uz
  
• Export log un saglabājiet to savā datorā.
• Lūdzu pievienot šo žurnālu, lai jūsu atbildes, kā arī jaunu HijackThis log saturu.

* Izslēdziet reālā laikā skenera jebkuru esošo antivīrusu programmu, veicot tiešsaistes skenēšanu.

[Coolyxxx]

Quote:

Originally Posted by Glaswegian

• Lūdzu pievienot šo žurnālu, lai jūsu atbildes, kā arī jaunu HijackThis log saturu.

Nu, jūs teikt pievienot, sarkanā krāsā, tāpēc es domāju, ka es piešķir. Nav pārliecināts, ko atšķirība ir starp nostiprinātas un copy / līmēšana, izņemot ilgāku post ... Panda Active Scan atrasti daži sīkumi, bet es varēju tikai dezinficēt vienu, tārps vienu, jo par citiem, tas teica man to iegādāties.

[Glaswegian]

Hi again

Atvainošanos par nesaņemu atpakaļ, lai jūs ātrāk - reālā dzīve ir diezgan aizņemts brīdī.

Kā sistēma darbojas tagad?


Vienīgais ir PowerRegScheduler - jūs varat noņemt, ja vēlaties.