Please help! Mans dators ir Running Multiple Vīrusi / malware.

**Mybabbits** · #1 Jūnijs 18, 2009, 11:46

Hello and thank you for reading. Es esmu mēģinājis noņemt nevēlamus malware no mana datora ilgāk par nedēļu tagad, un nekas, šķiet, ir darba. Atradu vairākus procesus, ieskaitot iexplorer.exe, winlogon.exe, Spoolsv.exe un citi nezināmi procesi, piemēram, PavPrSrv.exe un McciCMService.exe. Man bija jāmaina exe nosaukumu lielāko daļu programmu, lai saņemtu tās atvērt. Es parasti izmanto AVG Free, bet es atinstalējāt un mēģināja Panda, lai redzētu, kas palīdzētu (tā nebija). Kopš tā laika esmu noņemt Panda un pārinstalēta AVG.

Thank you in advance for your help!

Šeit ir log faili, kas man ir izgūt.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2009 at 01:15

Application Version: 4.26.1004

Core Noteikumi Database Version: 3.945
Trace Noteikumi Database Version: 1887

Scan type: Complete Scan
Kopā Scan Time: 01:11:18

Atmiņas vienības skenēts: 373
Memory draudiem detected: 1
Reģistra vienības skenēts: 4.431
Reģistrs draudiem detected: 86
File preces skenēts: 39.059
File draudiem detected: 11

Rootkit.Agent / Gen-UACFake
\? \ GLOBALROOT \ C: \ WINDOWS \ SYSTEM32 \ UACKPXJQWVUGNSPO KQ.DLL
\? \ GLOBALROOT \ C: \ WINDOWS \ SYSTEM32 \ UACKPXJQWVUGNSPO KQ.DLL

Unclassified.Unknown Izcelsme
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (2520BA45-3D97-4.864-82FF-F47F951727BA)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (9B053E00-78D3-47AE-B763-60FF36FF2886)
HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer sijas \ Ext \ statistika \ (2520BA45-3D97-4.864-82FF-F47F951727BA)
HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer sijas \ Ext \ statistika \ (9B053E00-78D3-47AE-B763-60FF36FF2886)
HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ statistika \ (2520BA45-3D97-4.864-82FF-F47F951727BA)
HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ statistika \ (9B053E00-78D3-47AE-B763-60FF36FF2886)
HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ S tats \ (2520BA45-3D97-4.864-82FF-F47F951727BA)
HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ S tats \ (9B053E00-78D3-47AE-B763-60FF36FF2886)

Trojan.Agent / Gen-AmblBE
HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer sijas \ Ext \ statistika \ (06F20C1A-4.811-4C73-A114-792ED70F2CAD)
HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ S tats \ (06F20C1A-4.811-4C73-A114-792ED70F2CAD)

Adware.TrustInCash
C: \ WINDOWS \ system32 \ tisa.cnf
C: \ WINDOWS \ REMOVEADWARE.ICO
C: \ WINDOWS \ VIDEOSLOTS.ICO

Rogue.Component / Trace
HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ FIAS4057

Rootkit.Agent / Gen
HKLM \ SOFTWARE \ UAC
HKLM \ SOFTWARE \ UAC # cmddelay
HKLM \ SOFTWARE \ UAC # LastBSOD
HKLM \ SOFTWARE \ UAC # affid
HKLM \ SOFTWARE \ UAC # tips
HKLM \ SOFTWARE \ UAC # celt
HKLM \ SOFTWARE \ UAC # subid
HKLM \ SOFTWARE \ UAC # ecaab67d-7d92-4ec1-ac32-3087345120a3
HKLM \ SOFTWARE \ UAC # val
HKLM \ SOFTWARE \ UAC # sval
HKLM \ SOFTWARE \ UAC # pval
HKLM \ SOFTWARE \ UAC \ savienojumi
HKLM \ SOFTWARE \ UAC \ savienojumi # 905b3008
HKLM \ SOFTWARE \ UAC \ savienojumi # 7d72e91c
HKLM \ SOFTWARE \ UAC \ savienojumi # a2674c18
HKLM \ SOFTWARE \ UAC \ savienojumi # b43dcf0f
HKLM \ SOFTWARE \ UAC \ savienojumi # f2065612
HKLM \ SOFTWARE \ UAC \ neattaisnot
HKLM \ SOFTWARE \ UAC \ neattaisnot # trsetup.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # ViewpointService.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # ViewMgr.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # SpySweeper.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # SUPERAntiSpyware.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # SpySub.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # SpywareTerminatorShie ld.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # SpyHunter3.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # XoftSpy.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # SpyEraser.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # combofix.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # otscanit.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # mbam.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # mbam-setup.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # flash_disinfector.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # otmoveit2.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # smitfraudfix.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # prevxcsifree.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # download_mbam-setup.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # cbo_setup.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # spywareblastersetup.e XE
HKLM \ SOFTWARE \ UAC \ neattaisnot # rminstall.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # sdsetup.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # vundofixsvc.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # daft.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # gmer.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # catchme.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # mcpr.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # sdfix.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # hjtinstall.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # fixpolicies.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # emergencyutil.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # techweb.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # GoogleUpdate.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # windowsdefender.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # spybotsd.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # winlognn.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # csrssc.exe
HKLM \ SOFTWARE \ UAC \ neattaisnot # klif.sys
HKLM \ SOFTWARE \ UAC \ neattaisnot # pctssvc.sys
HKLM \ SOFTWARE \ UAC \ neattaisnot # pctcore.sys
HKLM \ SOFTWARE \ UAC \ neattaisnot # mchinjdrv.sys
HKLM \ SOFTWARE \ UAC \ neattaisnot # szkg.sys
HKLM \ SOFTWARE \ UAC \ neattaisnot # sasdifsv.sys
HKLM \ SOFTWARE \ UAC \ neattaisnot # saskutil.sys
HKLM \ SOFTWARE \ UAC \ neattaisnot # sasenum.sys
HKLM \ SOFTWARE \ UAC \ neattaisnot # ccHPx86.sys
HKLM \ SOFTWARE \ UAC \ inžektors
HKLM \ SOFTWARE \ UAC \ inžektors # *
HKLM \ SOFTWARE \ UAC \ maska
HKLM \ SOFTWARE \ UAC \ maska # 6aed4b25
HKLM \ SOFTWARE \ UAC \ maska # e0ae8144
HKLM \ SOFTWARE \ UAC \ maska # 30910b28
HKLM \ SOFTWARE \ UAC \ maska # c6216721
HKLM \ SOFTWARE \ UAC \ maska # dd118673
HKLM \ SOFTWARE \ UAC \ versijas
HKLM \ SOFTWARE \ UAC \ redakcijas # / banner / crcmds / init

Adware.Tracking Cookie
C: \ Documents and Settings \ Guest \ Cookies \ guest@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Guest \ Cookies \ viesis @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Guest \ Cookies \ viesis @ myroitracking [1]. Txt
C: \ Documents and Settings \ Guest \ Cookies \ guest@serw.clicksor [1]. Txt
C: \ WINDOWS \ system32 \ config \ systemprofile \ Cookies \ s SISTĒMA @ ix-atrast [1]. Txt

Adware.180solutions/Seekmo/Zango
C: \ Program Files \ FASOFT \ N-TRACK STUDIO 6 \ setup.exe

Browser Hijacker.MS Web Search
C: \ WINDOWS \ LOCAL.HTML

Malwarebytes "Anti-Malware 1,37
Database version: 2.269
Windows 5.1.2600 Service Pack 2

6/18/2009 2:25:06
mbam-log-2009-06-18 (14-25-06). txt

Scan type: Quick Scan
Objekti skenēts: 28.750
Pagājušo laiku: 18 minūte (s), 54 second (s)

Memory Processes Inficētie: 0
Memory Modules Inficētie: 0
Registry Keys Inficētie: 0
Reģistra vērtības Inficētie: 0
Registry Data Items Infected: 0
Mapes Inficētie: 0
Faili Inficētie: 0

Atmiņas procesi Inficētie:
(No ļaunprātīgs preces konstatētas)

Memory Modules Inficētie:
(No ļaunprātīgs preces konstatētas)

Registry Keys Inficētie:
(No ļaunprātīgs preces konstatētas)

Reģistra vērtības Inficētie:
(No ļaunprātīgs preces konstatētas)

Registry Data Items Infected:
(No ļaunprātīgs preces konstatētas)

Mapes Inficētie:
(No ļaunprātīgs preces konstatētas)

Faili Inficētie:
(No ļaunprātīgs preces konstatētas)

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 2:28:36 gada 6/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ igfxtray.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ Program Files \ Common Files \ Motive \ McciCMService.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgrsx.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.att.net/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyServer = http = localhost: 7.171
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = *. local; <local>
O1 - Hosts::: 1 localhost
O1 - Hosts: 209.44.111.57 security.microsoft.com
O1 - Hosts: 209.44.111.57 inetavirus.com
O1 - Hosts: 209.44.111.57 www.inetavirus.com
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ izvietot \ jqs \ ti \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKUS \ S-1-5-19 \ .. \ Run: [pivafuniya] Rundll32.exe "C: \ WINDOWS \ system32 \ luruwono.dll" s (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [pivafuniya] Rundll32.exe "C: \ WINDOWS \ system32 \ luruwono.dll" s (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ IP \ MySpaceIM.exe (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ IP \ MySpaceIM.exe (User 'Default user')
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll
Ø20 - AppInit_DLLs: avgrsstx.dll C: \ WINDOWS \ system32 \ zuhagiye.dll c: \ windows \ system32 \ nulakili.dll
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe
O23 - Service: AVG8 Watchdog (avg8wd) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1c9c119864b630) (gupdate1c9c119864b630) - Google Inc - C: \ Program Files \ Google \ Update \ GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc - C: \ Program Files \ Common Files \ Motive \ McciCMService.exe
O23 - Service: Panda Process aizsardzības dienests (PavPrSrv) - Panda Security, SL - C: \ Program Files \ Common Files \ Panda Security \ PavShld \ pavprsrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe

--
End of failu - 4.735 bytes

**sjb007** · #2 Jūnijs 18, 2009, 15:35

Hi there Mybabbits

Lejupielādēt Combofix no jebkuras no saitēm. Tu vajag pārdēvēt to pirms saglabāšanas tā. Saglabājiet to savā darbvirsmā kā combo-fix.exe.

Link 1
Link 2
Link 3

Atslēgt antivīrusu un AntiSpyware programmas, parasti ar labo klikšķi uz sistēmas ikonu. Tie var citādi traucēt mūsu rīkus

Atvērt Task Manager, nospiežot Ctrl Alt un Del taustiņi tajā pašā laikā.

In izvēlnes augšdaļā, dialoglodziņā noklikšķiniet uz File> New Task (Palaist. ..)

Copy / paste (vai tipam) šādus Run lodziņā un noklikšķiniet uz Labi: (pieņemot ComboFix.exe ir uz darbvirsmas, kā bija norādīts)

"% userprofile% \ desktop \ combo-fix.exe" / killall

Sekojiet uz ekrāna insatructions un ļaujiet combofix pabeigt darboties, Pārliecinieties, ka instalējat atkopšanas konsoli, ja to pieprasa.

Post atpakaļ ar savu nākamo pēc rezultātiem.

Lejupielādēt GMER Rootkit Scanner no šeit vai šeit.

Izvilkums no zip faila saturu uz darbvirsmas.
Dubultklikšķi GMER.exe. Ja lūdza ļaut gmer.sys vadītāju slodzes, lūdzu piekrišanu.
Ja tas dod jums brīdinājums par rootkit darbību, un jautā, vai vēlaties palaist skenēšanu ... noklikšķiniet uz NĒ.

Noklikšķiniet uz attēla, lai palielinātu
Labajā panelī, jūs redzēsiet vairākas kārbas, kuras ir pārbaudītas. Neatķeksējiet pēc ...
- Sadaļas
- IAT / EAT
- Diskdziņi / Partition izņemot Systemdrive (parasti C: \)
- Rādīt visus (do garām vienu)
Tad noklikšķiniet Scan pogu un gaidīt, lai to pabeigtu.
Pēc tam, kad izdarīts, noklikšķiniet uz [Saglabāt ..] pogu, un jo Faila nosaukums jomā, ierakstiet "Gmer.txt" vai tas būs saglabāt kā. log failu
Saglabājiet to, kur var viegli atrast, piemēram, jūsu darbvirsmu un kopējiet un ielīmējiet to savā nākamajā atbildē

** Uzmanību **
Rootkit skenē bieži ir kļūdaini pozitīvi. Neveic nekādas darbības jebkurā "<--- ROOKIT "ieraksti

Nokopējiet un ielīmējiet gan baļķi savā nākamajā atbildē

**Mybabbits** · #3 Jūnijs 18, 2009, 18:36

Es lejupielādēt ComboFix uz darbvirsmas un maina nosaukumu, kā norādīts. Kad mēģinu palaist "% userprofile% \ desktop \ combo-fix.exe" / killall Man popup ekrāns, vispirms brīdina mani, ka programma ir no neidentificēta avota, tāpēc es izvēlētos palaist. Pēc tam šķiet, it kā combofix darbojas pareizi, tad man popup ekrāns, kas saka kaut ko līdzīgu "Windows nevar atrast" grpconv ". Pārliecinieties, ka ievadījāt nosaukumu pareizi ..." un tā uz ekrāna nebija uzturēšanās līdz pietiekami ilgi man panākt pārējo no tā. Es noklikšķinājis uz Labi tur, un tad es saņēmu vēl ekrānā no combofix, kas saka, ka tā ir konstatējusi, AVG antivirus joprojām darbojas. Man bija problēmas atspējošanas to, tāpēc es gāju uz priekšu un atinstalēta pilnībā. Es neesmu pārliecināts, kāpēc tā joprojām uzskata, ka darbojas. Man vajadzētu iet uz priekšu un noklikšķiniet uz Labi, lai gan tos ekrānus pārāk un redzētu, vai tas vēl darbojas?

Paldies!

**sjb007** · #4 Jūnijs 18, 2009, 23:48

Hi there

Noklikšķiniet uz Labi caur ekrāniem un redzēt, ja jūs varat saņemt combofix skenēšanu, lai pabeigtu

**Mybabbits** · #5 Jūnijs 19, 2009, 06:58

Man vēl bija dažas problēmas ar combofix. Kādā brīdī laikā process desktop gāja tukšu un combofix ekrāna pazuda. Vai tas ir paredzēts to darīt? Es gaidīju aptuveni 10 minūtes, lai redzētu, ja kaut kas notiks, un tad es rebooted datoru. Pēc šī combofix ekrāna atgriezās augšup un sacīja, ka radot log failu ...

Here's what I got:

ComboFix 09-06-18.02 - Owner 06/19/2009 9:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.286 [GMT -4:00]
Sākot no: c: \ Documents and Settings \ Īpašnieks \ desktop \ combo-fix.exe
Komandu slēdžus, ko izmanto: / killall
AV: AVG Anti-Virus Free * On-access skenēšana ļāva * (papildināts) (17DDD097-36FF-435F-9E1B-52D74245D6BF)
FW: F-Secure Anti-Virus 2.006 6,10 * invalīdiem * (D4747503-0.346-49EB-9.262-997542F79BF4)

WARNING, šī mašīna nav atkop Installed!
.

((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ Documents and Settings \ LocalService \ Application Data \ twain_32
c: \ Documents and Settings \ NetworkService \ Application Data \ twain_32
c: \ windows \ system32 \ komponenti
c: \ windows \ system32 \ drivers \ UACymttprqpphespir.sys
c: \ windows \ system32 \ UACakmovnkvlbejvsw.dll
c: \ windows \ system32 \ UACjqblgassmsyrtsd.log
c: \ windows \ system32 \ UACkpxjqwvugnspokq.dll
c: \ windows \ system32 \ UACllkyxudengakpfn.dll
c: \ windows \ system32 \ UACmxexwkuwcfyxylo.dll
c: \ windows \ system32 \ UACtdqoweywvrmpfuc.dat
c: \ windows \ system32 \ UACwixxvmnqlxbujns.log
c: \ windows \ system32 \ UACwqwjasvfplrvpdn.log
c: \ windows \ system32 \ UACxcvrjkwrnbmiqml.dll
C: \ bt.log
c: \ Documents and Settings \ LocalService \ Application Data \ twain_32 \ user.ds
c: \ Documents and Settings \ NetworkService \ Application Data \ twain_32 \ user.ds
c: \ windows \ system32 \ arosetud.ini
c: \ windows \ system32 \ barohozi.dll.tmp
c: \ windows \ system32 \ bavuvofi.dll.tmp
c: \ windows \ system32 \ sastāvdaļas \ flx0.dll
c: \ windows \ system32 \ diwovadu.dll.tmp
c: \ windows \ system32 \ drivers \ str.sys
c: \ windows \ system32 \ drivers \ UACymttprqpphespir.sys
c: \ windows \ system32 \ edurozoj.ini
c: \ windows \ system32 \ foyefolu.dll.tmp
c: \ windows \ system32 \ huboweri.dll.tmp
c: \ windows \ system32 \ ipepiyik.ini
c: \ windows \ system32 \ irawesak.ini
c: \ windows \ system32 \ jiyiduse.dll.tmp
c: \ windows \ system32 \ lcch.dat
c: \ windows \ system32 \ lut.dat
c: \ windows \ system32 \ nfr.assembly
c: \ windows \ system32 \ nfr.gpref
c: \ windows \ system32 \ obinunud.ini
c: \ windows \ system32 \ ofalonoy.ini
c: \ windows \ system32 \ ozejalir.ini
c: \ windows \ system32 \ srsut.bak1
c: \ windows \ system32 \ tconini.dat
c: \ windows \ system32 \ UACakmovnkvlbejvsw.dll
c: \ windows \ system32 \ uacinit.dll
c: \ windows \ system32 \ UACjqblgassmsyrtsd.log
c: \ windows \ system32 \ UACkpxjqwvugnspokq.dll
c: \ windows \ system32 \ UACllkyxudengakpfn.dll
c: \ windows \ system32 \ UACmxexwkuwcfyxylo.dll
c: \ windows \ system32 \ UACtdqoweywvrmpfuc.dat
c: \ windows \ system32 \ UACwixxvmnqlxbujns.log
c: \ windows \ system32 \ UACwqwjasvfplrvpdn.log
c: \ windows \ system32 \ UACxcvrjkwrnbmiqml.dll
c: \ windows \ system32 \ ugujasof.ini
c: \ windows \ system32 \ utodobah.ini

c: \ windows \ system32 \ grpconv.exe trūka
Renovēta kopiju no - c: \ windows \ ServicePackFiles \ i386 \ grpconv.exe

c: \ windows \ system32 \ proquota.exe trūka
Renovēta kopiju no - c: \ windows \ ServicePackFiles \ i386 \ proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers / Pakalpojumi )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Service_UACd.sys
------- \ Legacy_PODMENA
------- \ Legacy_PODMENADRV

((((((((((((((((((((((((( Faili Created no 2009/05/19 līdz 2009/06/19 ))))))))))) ))))))))))))))))))))
.

2009/06/19 13:09. 2004/08/04 07:56 50.176-c - aw-c: \ windows \ system32 \ dllcache \ proquota.exe
2009/06/19 13:09. 2004/08/04 07:56 50.176 ---- aw-c: \ windows \ system32 \ proquota.exe
2009/06/18 18:04. 2009/06/18 18:04 3.561.743 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes \ Malwarebytes "Anti-Malware \ mbam-setup.exe
2009/06/18 15:58. 2009/06/18 18:01 117.760 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009/06/18 15:57. 2009/06/18 15:57 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2009/06/18 15:54. 2009/06/18 15:57 -------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2009/06/18 15:54. 2009/06/18 15:54 -------- d ----- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ SUPERAntiSpyware.com
2009/06/18 15:53. 2009/06/18 15:53 -------- d ----- w C: \ Program Files \ Common Files \ Wise Installation Wizard
2009/06/18 15:42. 2009/06/18 15:42 -------- d ----- w C: \ Program Files \ CCleaner
2009/06/18 05:27. 2009/06/18 05:27 152.576 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Sun \ Java \ jre1.6.0_14 \ lzma.dll
2009/06/18 04:28. 2009/06/18 04:28 -------- d ----- w C: \ Program Files \ Trend Micro
2009/06/13 07:06. 2002/06/19 23:03 151.552 ---- aw-c: \ windows \ system32 \ igfxres.dll
2009/06/13 06:38. 2002/06/21 15:02 266.240 ---- aw-c: \ windows \ system32 \ shpshftr.dll
2009/06/13 06:00. 2009/06/13 06:00 444 ---- aw-c: \ windows \ system32 \ d3d8caps.dat
2009/06/13 05:01. 2009/06/13 05:01 -------- d ----- w C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Mozilla
2009/06/13 04:44. 2009/06/18 04:53 -------- d ----- w C: \ Program Files \ Startup Optimizer
2009/06/12 23:31. 2009/06/12 23:31 -------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2009/06/12 22:21. 2009/05/26 17:20 40.160 ---- aw-c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2009/06/12 22:21. 2009/06/12 22:23 -------- d ----- w C: \ Program Files \ Malwarebytes "Anti-Malware
2009/06/12 22:21. 2009/05/26 17:19 19.096 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys
2009/06/12 19:18. 2009/06/12 23:26 45 ---- aw-c: \ windows \ system32 \ ca.dat
2009/06/12 18:56. 2008/03/04 19:59 41.144 ---- aw-c: \ windows \ system32 \ drivers \ ShlDrv51.sys
2009/06/12 18:56. 2008/02/07 16:03 179.640 ---- aw-c: \ windows \ system32 \ drivers \ PavProc.sys
2009/06/12 18:21. 2009/06/12 18:56 -------- d ----- w C: \ Program Files \ Common Files \ Panda Security
2009/06/03 05:12. 2004/08/04 07:56 221.184 ---- aw-c: \ windows \ system32 \ wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009/06/19 01:27. 2008/05/23 05:13 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg8
2009/06/18 05:31. 2009/01/05 00:21 410.984 ---- aw-c: \ windows \ system32 \ deploytk.dll
2009/06/18 05:31. 2009/01/12 01:18 -------- d ----- w C: \ Program Files \ Java
2009/06/13 04:50. 2009/01/05 04:50 -------- d ----- w C: \ Program Files \ Web Publicēt
2009/06/13 04:49. 2008/08/20 22:26 -------- d ----- w C: \ Program Files \ Mozilla Thunderbird
2009/06/12 22:57. 2009/04/16 15:22 -------- d ----- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ U3
2009/06/12 18:22. 2006/05/02 03:43 -------- d - h - w-c: \ Program Files \ InstallShield Installation Information
2009/06/12 16:10. 2009/04/19 18:00 -------- d ----- w C: \ Program Files \ Google
2009/06/02 16:49. 2009/03/29 21:27 -------- d ----- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ n-Track Studio6
2009/05/15 13:30. 2006/07/15 14:36 -------- d ----- w C: \ Program Files \ QuickTime
2009/05/15 13:30. 2006/07/15 15:39 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2009/05/15 13:29. 2009/05/15 13:29 -------- d ----- w C: \ Program Files \ Apple Software Update
2009/05/15 13:29. 2009/05/15 13:29 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2009/05/12 19:53. 2009/05/12 19:53 16.141 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Help \ lego.exe
2009/05/12 19:53. 2009/05/12 19:53 11.410 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Identities \ msgdi.dll
2009/05/12 19:53. 2009/05/12 19:53 10.121 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Lavasoft \ kern.dll
2009/05/12 19:53. 2009/05/12 19:53 422 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Apple Computer \ socks1.exe
2009/05/12 19:53. 2009/05/12 19:53 145.131 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ DivX \ nomad.exe
2009/05/12 19:53. 2009/05/12 19:53 13.221 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Adobe \ rengo.dll
2009/05/12 19:53. 2009/05/12 19:53 11.232 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ acccore \ shalom.exe
2009/05/11 14:21. 2009/05/11 14:21 -------- d ----- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ Malwarebytes
2009/05/11 14:20. 2009/05/11 14:20 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2009/05/01 02:42. 2009/05/01 02:42 130.443 ---- aw-c: \ windows \ system32 \ rn.tmp
2009/04/22 16:14. 2006/05/03 02:44 -------- d ----- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ n-Track Studio
2009/04/21 07:27. 2006/05/03 02:44 12.024 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT
2009/04/15 20:25. 2009/04/19 18:01 43.528 ------ w-c: \ windows \ system32 \ drivers \ PxHelp20.sys
2009/04/15 20:25. 2009/04/19 18:01 9.464 ------ w-c: \ windows \ system32 \ drivers \ cdralw2k.sys
2009/04/15 20:25. 2009/04/19 18:01 9.336 ------ w-c: \ windows \ system32 \ drivers \ cdr4_xp.sys
2009/04/15 20:25. 2009/04/19 18:01 120.056 ------ w-c: \ windows \ system32 \ pxcpyi64.exe
2009/04/15 20:25. 2009/04/19 18:01 118.520 ------ w-c: \ windows \ system32 \ pxinsi64.exe
2009/04/15 20:25. 2009/04/19 18:01 129.784 ------ w-c: \ windows \ system32 \ pxafs.dll
2009/04/15 20:24. 2009/04/15 20:24 90.112 ---- aw-c: \ windows \ system32 \ dpl100.dll
2009/04/15 20:24. 2009/04/15 20:24 823.296 ---- aw-c: \ windows \ system32 \ divx_xx0c.dll
2009/04/15 20:24. 2009/04/15 20:24 823.296 ---- aw-c: \ windows \ system32 \ divx_xx07.dll
2009/04/15 20:24. 2009/04/15 20:24 815.104 ---- aw-c: \ windows \ system32 \ divx_xx0a.dll
2009/04/15 20:24. 2009/04/15 20:24 802.816 ---- aw-c: \ windows \ system32 \ divx_xx11.dll
2009/04/15 20:24. 2009/04/15 20:24 684.032 ---- aw-c: \ windows \ system32 \ DivX.dll
2009/04/01 16:35. 2009/04/01 16:34 7.040.776 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ MySpace \ IP \ Install \ MSIMClientSetup.1.0.789.0-static-A.exe
2009/04/01 16:33. 2009/04/01 16:33 300.800 ---- aw-C: \ MySpaceIM_Setup.exe
2009/03/31 23:24. 2009/03/31 23:23 16.494.272 ---- aw-C: \ nTrackSetup.exe
2009/03/30 22:38. 2009/03/30 22:38 25.214 ---- ar-C: \ Documents and Settings \ Īpašnieks \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _16496df1.exe
2009/03/30 22:38. 2009/03/30 22:38 2.998 ---- ar-C: \ Documents and Settings \ Īpašnieks \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _69525f90.exe
2009/03/30 22:38. 2009/03/30 22:38 2.998 ---- ar-c: \ dokumentus un uzstàdïjumi \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _294823.exe
2009/03/30 22:38. 2009/03/30 22:38 2.998 ---- ar-c: \ dokumentus un uzstàdïjumi \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _18be6784.exe
2009/03/30 22:38. 2009/03/30 22:38 25.214 ---- ar-C: \ Documents and Settings \ Īpašnieks \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _4ae13d6c.exe
2009/03/30 22:38. 2009/03/30 22:38 25.214 ---- ar-C: \ Documents and Settings \ Īpašnieks \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _2cd672ae.exe
2009/02/26 16:20. 2009/02/26 16:20 6.309.376 ---- aw-c: \ Program Files \ ntrack.exe
2009/02/26 16:05. 2009/02/26 16:05 126.976 ---- aw-c: \ Program Files \ AMGateway.ax
2009/02/26 16:05. 2009/02/26 16:05 63.168 ---- aw-c: \ Program Files \ RegisterComponents.exe
2009/02/26 16:05. 2009/02/26 16:05 163.520 ---- aw-c: \ Program Files \ ReportDump.exe
2009/02/26 16:04. 2009/02/26 16:04 86.016 ---- aw-c: \ Program Files \ vstscan.exe
2009/02/26 16:04. 2009/02/26 16:04 45.056 ---- aw-c: \ Program Files \ ball.ax
2009/02/26 16:01. 2009/02/26 16:01 78.848 ---- aw-c: \ Program Files \ EmptyProjectAction.dll
2009/02/26 16:01. 2009/02/26 16:01 147.456 ---- aw-c: \ Program Files \ nTrackDotControls.dll
2009/02/26 16:00. 2009/02/26 16:00 637.440 ---- aw-c: \ Program Files \ NativeControls6.dll
2009/02/26 15:59. 2009/02/26 15:59 99.328 ---- aw-c: \ Program Files \ SurroundVSTGui.dll
2009/02/26 15:59. 2009/02/26 15:59 45.056 ---- aw-c: \ Program Files \ yeti.mmedia.dll
2009/02/26 15:59. 2009/02/26 15:59 40.960 ---- aw-c: \ Program Files \ cdcopier.dll
2009/02/26 15:59. 2009/02/26 15:59 28.672 ---- aw-c: \ Program Files \ Ripper.dll
2009/02/26 15:59. 2009/02/26 15:59 8.704 ---- aw-c: \ Program Files \ ntrack3rdparty.dll
2009/02/26 15:59. 2009/02/26 15:59 5.120 ---- aw-c: \ Program Files \ WindowsFormsBase.dll
2009/02/26 15:59. 2009/02/26 15:59 36.864 ---- aw-c: \ Program Files \ nttest.dll
2009/02/26 15:59. 2009/02/26 15:59 32.768 ---- aw-c: \ Program Files \ nTrackDotNet.dll
2009/02/26 15:59. 2009/02/26 15:59 24.576 ---- aw-c: \ Program Files \ AVFader.dll
2009/02/26 15:59. 2009/02/26 15:59 6.656 ---- aw-c: \ Program Files \ nativecontrolsinterop.dll
2009/02/07 22:10. 2009/02/07 22:10 528.726 ---- aw-c: \ Program Files \ n-Track.htm
2009/02/06 00:15. 2009/02/06 00:15 225.792 ---- aw-c: \ Program Files \ AutoVol.dll
2009/02/06 00:14. 2009/02/06 00:14 228.352 ---- aw-c: \ Program Files \ Chorus.dll
2009/02/06 00:14. 2009/02/06 00:14 228.864 ---- aw-c: \ Program Files \ Echo.dll
2009/02/06 00:12. 2009/02/06 00:12 369.152 ---- aw-c: \ Program Files \ ntrck_PitchShift.dll
2009/02/06 00:11. 2009/02/06 00:11 176.128 ---- aw-c: \ Program Files \ Riverbero.dll
2009/02/06 00:09. 2009/02/06 00:09 434.688 ---- aw-c: \ Program Files \ facomp10.dll
2009/02/06 00:08. 2009/02/06 00:08 379.904 ---- aw-c: \ Program Files \ dxirewire.dll
2009/02/06 00:06. 2009/02/06 00:06 951.808 ---- aw-c: \ Program Files \ fa4bdeq.dll
2009/01/13 14:16. 2009/01/13 14:16 3.455 ---- aw-c: \ Program Files \ order.html
2008/11/28 00:23. 2008/11/28 00:23 642.840 ---- aw-c: \ Program Files \ n-track.cfg
2008/10/25 23:46. 2008/10/25 23:46 4.920 ---- aw-c: \ Program Files \ order_upgrade.html
2008/09/02 23:06. 2008/09/02 23:06 231.936 ---- aw-c: \ Program Files \ ShellCtl.dll
2008/08/31 13:20. 2008/08/31 13:20 105.056 ---- aw-c: \ program files \ Setup.bmp
2008/06/20 18:37. 2008/06/20 18:37 24.576 ---- aw-c: \ Program Files \ ScrollerAbout.dll
2008/06/20 18:18. 2008/06/20 18:18 831.058 ---- aw-c: \ Program Files \ banks_default.txt
2008/06/20 18:18. 2008/06/20 18:18 709 ---- aw-c: \ Program Files \ ntrack.exe.config
2008/06/20 18:18. 2008/06/20 18:18 22.124 ---- aw-c: \ Program Files \ us428_faders.dat
2008/06/20 18:18. 2008/06/20 18:18 22.124 ---- aw-c: \ Program Files \ us224_faders.dat
2008/06/20 18:17. 2008/06/20 18:17 4.035 ---- aw-c: \ Program Files \ n-track_help.cnt
2008/06/20 18:17. 2008/06/20 18:17 169.585 ---- aw-c: \ Program Files \ Drum Example.sng
2008/06/20 18:17. 2008/06/20 18:17 15.457 ---- aw-c: \ Program Files \ FACOMP10.HLP
2008/06/20 18:17. 2008/06/20 18:17 25.698 ---- aw-c: \ Program Files \ FA4BDEQ.HLP
2008/06/20 18:16. 2008/06/20 18:16 19.339 ---- aw-c: \ Program Files \ N-TRACK_EFX.HLP
2004/06/11 20:19. 2004/06/11 20:19 25.214 ---- aw-c: \ Program Files \ help_icon.ico
2004/06/07 13:23. 2004/06/07 13:23 25.214 ---- aw-c: \ Program Files \ link_icon.ico
2000/11/12 03:30. 2000/11/12 03:30 86 ---- aw-c: \ Program Files \ BUYIT!. URL
2000/11/12 03:28. 2000/11/12 03:28 73 ---- aw-c: \ Program Files \ n-Track.url
2009/04/15 20:24. 2009/04/15 20:24 1.044.480 ---- aw-c: \ Program Files \ Mozilla Firefox \ plugins \ libdivx.dll
2009/04/15 20:24. 2009/04/15 20:24 200.704 ---- aw-c: \ Program Files \ Mozilla Firefox \ plugins \ ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "C: \ Windows \ system32 \ igfxtray.exe" [2002/06/19 155.648]
"HotKeysCmds" = "C: \ Windows \ system32 \ hkcmd.exe" [2002/06/19 114.688]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009/06/18 148.888]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"MySpaceIM" = "C: \ Program Files \ MySpace \ IP \ MySpaceIM.exe" [2008/12/12 9.555.968]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008/05/13 77.824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon]
2008/12/22 16:05 356.352 ---- aw-c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = C: \ Windows \ system32 \ avgrsstx.dl l

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgupd.exe" =
"C: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgemc.exe" =
"C: \ \ Program Files \ \ ATT-HSI \ \ McciBrowser.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Program Files \ \ AIM6 \ \ aim6.exe" =
"c: \ \ WINDOWS \ \ system32 \ \ igfxtray.exe" =
"C: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgrsx.exe" =
"% windir% \ \ system32 \ \ drivers \ \ svchost.exe" =
"C: \ \ Program Files \ \ MySpace \ \ IP \ \ MySpaceIM.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"53: TCP" = 53: TCP: websrvx

R1 AvgLdx86; AVG AVI Loader Driver x86, c: \ windows \ system32 \ drivers \ avgldx86.sys [5/23/2008 1:13 96.520]
R1 SASDIFSV; SASDIFSV c: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/26/2009 10:05 9.968]
R1 SASKUTIL; SASKUTIL c: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/26/2009 10:05 72.944]
R1 ShldDrv; Panda File Shield Driver; c: \ windows \ system32 \ drivers \ ShlDrv51.sys [6/12/2009 2:56 41.144]
R2 avg8emc; AVG8 E-mail Scanner, c: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe [5/23/2008 1:13 902.424]
R2 avg8wd; AVG8 Watchdog, c: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [5/23/2008 1:13 282.904]
R2 AvgTdiX; AVG8 Network virzienmainītājs c: \ windows \ system32 \ drivers \ avgtdix.sys [5/23/2008 1:13 75.272]
R2 PavProc; Panda procesa aizsardzība Driver; c: \ windows \ system32 \ drivers \ PavProc.sys [6/12/2009 2:56 179.640]
R2 Viewpoint Manager Service; Viewpoint Manager dienests c: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2/5/2009 6:56 24.652]
R3 (A7E39B01-B403-11d4-BD18-00D0B7A1821E); AIM 3,0 daļas 01 Codec Driver VCH-c: \ windows \ system32 \ drivers \ Vch.sys [5/1/2006 11:58 20.023]
S2 gupdate1c9c119864b630; Google Update Service (gupdate1c9c119864b630), c: \ Program Files \ Google \ Update \ GoogleUpdate.exe [4/19/2009 2:02 133.104]
S2 sgejhlqxcrvoui; sgejhlqxcrvoui; \? \ C: \ windows \ syste M32 \ drivers \ ngaysfvqh.sys -> C: \ Windows \ system32 \ drivers \ ngaysfvqh.sys [?]
S2 vnoakhdmmnhfkc; vnoakhdmmnhfkc; \? \ C: \ windows \ syste M32 \ drivers \ ncjdccfwkwt.sys -> C: \ Windows \ system32 \ drivers \ ncjdccfwkwt.sys [?]
S3 SASENUM; SASENUM c: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/26/2009 10:05 7.408]
.
Saturs "Scheduled Tasks" mape

2009/06/19 c: \ windows \ Uzdevumi \ GoogleUpdateTaskMachine.job
- C: \ Program Files \ Google \ Update \ GoogleUpdate.exe [2009/04/19 18:00]
.
.
------- Papildu Scan -------
.
uStart Page = hxxp: / / www.att.net/
uInternet Connection Wizard, ShellNext = iexplore
uInternet iestatījumi ProxyServer = http = localhost: 7.171
uInternet iestatījumi ProxyOverride = *. local; <local>
uSearchURL, (Default) = hxxp: / / us.rd.yahoo.com / pielāgot / ycomp / nepildīšanas / su / *http://www.yahoo.com
IE: & Search
FF - ProfilePath - c: \ Documents and Settings \ Īpašnieks \ Application Data \ Mozilla \ Firefox \ Profiles \ a8c9lkqd.default \
FF - prefs.js: browser.search.defaulturl - hxxp: / / search.yahoo.com / search? Fr = ffsp1 & p =
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp: / / search.yahoo.com / search? Fr = ffds1 & p =
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7.171
FF - prefs.js: network.proxy.type - 4
FF - spraudnis: c: \ Program Files \ Mozilla Firefox \ plugins \ npViewpoint.dll
FF - spraudnis: c: \ Program Files \ Viewpoint \ Viewpoint Media Player \ npViewpoint.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2009/06/19 09:15
Windows 5.1.2600 Service Pack 2 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptos failus: 0

************************************************** ************************
.
--------------------- DLL Loaded Under Running Processes ---------------------

- - - - - - -> 'Winlogon.exe "(612)
c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
.
------------------------ Citi Running Processes ----------------------- --
.
c: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
c: \ Program Files \ Common Files \ Motive \ McciCMService.exe
c: \ Program Files \ Common Files \ Panda Security \ PavShld \ PavPrSrv.exe
c: \ windows \ system32 \ wscntfy.exe
c: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
c: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
c: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
c: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
c: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
.
************************************************** ************************
.
Izpildes laiks: 2009-06-19 9:20 - mašīna bija rebooted
ComboFix-karantīnā-files.txt 2009/06/19 13:20

Pre-Run: 6120624128 bytes free
Post-Run: 6057713664 bytes free

300

GMER 1.0.15.14972 -- http://www.gmer.net
Rootkit scan 2009/06/19 09:55:00
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

Kods \? \ C: \ DOCUME ~ 1 \ Īpašnieks \ Lokālie ~ 1 \ Temp \ catchme.sys pIofCallDriver

---- Devices - GMER 1.0.15 ----

Device \ FileSystem \ NTFS \ NTFS ShlDrv51.sys (PandaShield vadītāja / Panda Security, SL)
Device \ FileSystem \ Fastfat \ FatCdrom ShlDrv51.sys (PandaShield vadītāja / Panda Security, SL)
Device \ Driver \ Tcpip \ Device \ Ip avgtdix.sys (AVG Tīkla savienojuma Watcher / AVG Technologies CZ, sro)
Device \ Driver \ Tcpip \ Device \ TCP avgtdix.sys (AVG Tīkla savienojuma Watcher / AVG Technologies CZ, sro)
Device \ Driver \ Tcpip \ Device \ UDP avgtdix.sys (AVG Tīkla savienojuma Watcher / AVG Technologies CZ, sro)
Device \ Driver \ Tcpip \ Device \ RawIp avgtdix.sys (AVG Tīkla savienojuma Watcher / AVG Technologies CZ, sro)
Device \ Driver \ Tcpip \ Device \ IPMULTICAST avgtdix.sys (AVG Tīkla savienojuma Watcher / AVG Technologies CZ, sro)
Device \ FileSystem \ Fastfat \ Fat ShlDrv51.sys (PandaShield vadītāja / Panda Security, SL)

AttachedDevice \ FileSystem \ Fastfat \ Fat fltmgr.sys (Microsoft Filesystem Filter Manager / Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

**sjb007** · #6 Jūnijs 19, 2009, 15:36

Howdy tur

Labu darbu kļūst combofix pabeigt, combofix noteikti veica dažus junk no jūsu sistēmas! Vēl kādu darbu jāatstāj darīt vēl kaut ....

1. Aizveriet visus atvērtos pārlūkprogrammas.

2.Nodrošināt jums ir invalīds visi pret vīrusu un pret ļaunprātīgu programmatūru programmām, lai tās netraucē darbību ComboFix.

3. Open Notepad un copy / paste teksta quotebox zem vērā tā:

Kods:

File: C: \ WINDOWS \ system32 \ luruwono.dll c: \ windows \ system32 \ rn.tmp c: \ windows \ system32 \ drivers \ ngaysfvqh.sys c: \ windows \ system32 \ drivers \ ncjdccfwkwt.sys Driver:: sgejhlqxcrvoui vnoakhdmmnhfkc DDS: uInternet iestatījumi ProxyServer = http = localhost: 7.171 uInternet iestatījumi ProxyOverride = *. local; <local> FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy. http_port - 7.171 FF - prefs.js: network.proxy.type - 4

Saglabāt kā CFScript.txtJo tajā pašā vietā kā ComboFix.exe

Atsaucoties uz attēlu augstāk, velciet CFScript vērā ComboFix.exe

Kad pabeigts, tas sagatavo žurnāls ar jums C: \ ComboFix.txt ko es liks jūsu nākamo atbildi.

Lūdzu, download ATF Apkopēja by Atribune.
Šī programma ir XP un Windows tikai 2000

Veiciet dubultklikšķi uz ATF-Cleaner.exe palaist programmu.
Zem Galvenais izvēlas: Atlasīt visu
Click Empty Selected pogu.

Ja izmantojat Firefox pārlūkprogrammā
Click Firefox uz augšu un izvēlieties: Atlasīt visu
Click Empty Selected pogu.
PIEZĪME: Ja vēlaties, lai jūsu saglabātās paroles, lūdzu, noklikšķiniet uz Nē par ātru.

Ja Jūs lietojat Opera pārlūku
Click Opera uz augšu un izvēlieties: Atlasīt visu
Click Empty Selected pogu.
PIEZĪME: Ja vēlaties, lai jūsu saglabātās paroles, lūdzu, noklikšķiniet uz Nē par ātru.

Click Iziet uz Main menu lai aizvērtu programmu.
Dēļ Tehniskais atbalsts, Veiciet dubultklikšķi uz e-pasta adresi, kas atrodas apakšā katrā izvēlni.

Izveidotu interneta savienojumu un veikt online scan ar Internet Explorer pie Kaspersky Online Scanner.

** Vista lietotājiem - tiesības uz IE / Firefox ikonas un darbojas kā administrators

Click Accept, Kad tiek piedāvāts lejupielādēt un instalēt programmu failus un datu bāzes ļaunprātīgas programmatūras definīciju.

Click Skriet pie Security prompt.
Programma tam sāksies lejupielādējot un instalējot un arī atjauninātu datu bāzi.
Lūdzu, esiet pacietīgi, jo tas var ilgt vairākas minūtes.
Kad atjaunināšana ir pabeigta, noklikšķiniet uz My Computer saskaņā zaļš Scan joslu pa kreisi, lai sāktu skenēšanu.
Kad skenēšana ir pabeigta, tā parādīs, ja jūsu sistēma ir inficēta. Tā neparedz iespēju tīru / dezinficēt. Mēs tikai pieprasīt ziņojumu no tā.
Darīt NAV ir satraukts par to, ko redzat ziņojumā. Daudzi uzskata, ir iespējams turētiem karantīnā.
Click View scan ziņojums pie grunts.
Click Save Report As... pogu.
Click Saglabāt kā Teksts pogu, lai saglabātu failu darbvirsmā, lai jūs pēc tam lietojiet nākamo atbildi.

Šī animācija vadīs jūs cauri procesam:

** Piezīme **

Lai optimizētu skenēšanas laiku un uzrādīt saprātīgāku ziņojumu par pārskatu:
Aizveriet visas atvērtās programmas
Izslēgt reālā laikā skenera jebkuru esošo antivīrusu programmu, veicot tiešsaistes skenēšanu. Jūs varat atvienoties no interneta, kad jūs sākat skenēšanu.

Atzīmēt Internet Explorer 7 lietotāji: Ja kādā brīdī jums ir problēmas skatīšanās pieņemt pogu licenci, noklikšķiniet uz Tālummaiņa rīks, kas atrodas labajā apakšējā IE logu un noteikt palielinājumu 75%. Tiklīdz licence apstiprināta, reset līdz 100%.

Post atpakaļ ar no combofix rezultātiem un no kaspersky skenēšanu. Update man par to, kā lietas darbojas tagad

**Mybabbits** · #7 Jūnijs 21, 2009, 09:08

http://www.yahoo.com IE: & Search FF - ProfilePath -. ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net

**sjb007** · #8 Jūnijs 21, 2009, 14:54

Hi there

Log jums norīkoto ir nesalasāms, Vai jūs, lūdzu, nepārpublicējiet to, izmantojot notepad kā savu redaktoru, un jānodrošina, ka aplaušana ir izslēgts.

Ļauj izmēģināt dažādas skeneris ...

Veikt online scan ar Panda ActiveScan

Noklikšķiniet uz Scan Your PC Now
"Pop up" logā parādīsies, vai jaunā cilnē atvērsies.
Noklikšķiniet uz Reģistrēties
Izvēlieties jūs izvēle tāpat kā lielākā daļa, taču mēs iesakām Bezmaksas reģistrācija.
Noklikšķiniet uz Reģistrēties
Ievadiet savu e-pasta adresi, un izveidot paroli.
Izvēlieties "Es nevēlos, lai saņemtu jebkāda veida informāciju". (Ja vien vēlaties saņemt šāda informācija)
Noklikšķiniet uz Sūtīt
Apstipriniet reģistrāciju, un turpiniet, ievadot Jūsu lietotāja vārdu un paroli, pēc tam noklikšķiniet uz Enter
Izvēlieties Full Scan, tad noklikšķiniet uz Scan Now
Sagaidiet sastāvdaļām tikt ielādēta un uzstādīta. Neaizveriet šo logu vai dodieties uz citu lapu, kamēr tā ir lejupielādēt. Jūs varat turpināt izmantot internetu, atverot citu logu jūsu pārlūkprogrammā.
Ja tā konstatē, ka kāds malware var dezinficēt, Dezinficējiet poga tiks aktivizēta. Noklikšķiniet uz Dezinficēt
Lūdzu ignorēt piedāvājumu iegādāties programmu. Noklikšķiniet uz Eksportam uz
Export log un saglabājiet to savā datorā.
Lūdzu, pēc satura, ka žurnāla savu atbildi.

* Izslēdziet reālā laikā skenera jebkuru esošo antivīrusu programmu, veicot tiešsaistes skenēšanu.

Avast lietotājiem, ievērojiet:

Lūdzu, turpiniet online scan at Panda ja saņemat brīdinājumu. Tas ir viltus pozitīvi vērtējams no Avast jo Panda Antivirus nav šifrētu savu vīrusu datubāzi.

**Mybabbits** · #9 Jūnijs 22, 2009, 04:28

Wow. Jūs esat absolūti taisnība, ka pagājušajā post-Piedodiet par to. Man nav ne jausmas, kas ir noticis (tā izskatījās labi, kad es ielīmēt tā anyway), bet es centīšos vēlreiz. Aktīvā Scan strādāja, bet es nedomāju, ka tas tiešām dezinficē kaut ko, es noklikšķinājis uz pogas, un tas kļuva pelēks, bet nekas nenotika. Šeit ir žurnālus, gan ar:

ComboFix 09-06-20.04 - Owner 06/21/2009 11:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.123 [GMT -4:00]
Sākot no: c: \ Documents and Settings \ Īpašnieks \ Desktop \ Combo-Fix.exe
Komandu slēdžus izmanto:: c: \ Documents and Settings \ Īpašnieks \ Desktop \ CFScript.txt
AV: AVG Anti-Virus Free * On-access skenēšana ļāva * (papildināts) (17DDD097-36FF-435F-9E1B-52D74245D6BF)
FW: F-Secure Anti-Virus 2.006 6,10 * invalīdiem * (D4747503-0.346-49EB-9.262-997542F79BF4)

ATTĒLS:
"c: \ windows \ system32 \ drivers \ ncjdccfwkwt.sys"
"c: \ windows \ system32 \ drivers \ ngaysfvqh.sys"
"c: \ windows \ system32 \ luruwono.dll"
"c: \ windows \ system32 \ rn.tmp"
.

((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ windows \ system32 \ rn.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers / Pakalpojumi )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_SGEJHLQXCRVOUI
------- \ Legacy_VNOAKHDMMNHFKC
------- \ Service_sgejhlqxcrvoui
------- \ Service_vnoakhdmmnhfkc

((((((((((((((((((((((((( Faili Created no 2009/05/21 līdz 2009/06/21 ))))))))))) ))))))))))))))))))))
.

2009/06/19 13:09. 2004/08/04 07:56 50.176-c - aw-c: \ windows \ system32 \ dllcache \ proquota.exe
2009/06/19 13:09. 2004/08/04 07:56 50.176 ---- aw-c: \ windows \ system32 \ proquota.exe
2009/06/19 13:09. 2004/08/04 07:56 39.424-c - aw-c: \ windows \ system32 \ dllcache \ grpconv.exe
2009/06/19 13:09. 2004/08/04 07:56 39.424 ---- aw-c: \ windows \ system32 \ grpconv.exe
2009/06/18 18:04. 2009/06/18 18:04 3.561.743 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes \ Malwarebytes "Anti-Malware \ mbam-setup.exe
2009/06/18 15:58. 2009/06/18 18:01 117.760 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009/06/18 15:57. 2009/06/18 15:57 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2009/06/18 15:54. 2009/06/18 15:57 -------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2009/06/18 15:54. 2009/06/18 15:54 -------- d ----- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ SUPERAntiSpyware.com
2009/06/18 15:53. 2009/06/18 15:53 -------- d ----- w C: \ Program Files \ Common Files \ Wise Installation Wizard
2009/06/18 15:42. 2009/06/18 15:42 -------- d ----- w C: \ Program Files \ CCleaner
2009/06/18 05:27. 2009/06/18 05:27 152.576 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Sun \ Java \ jre1.6.0_14 \ lzma.dll
2009/06/18 04:28. 2009/06/18 04:28 -------- d ----- w C: \ Program Files \ Trend Micro
2009/06/13 07:06. 2002/06/19 23:03 151.552 ---- aw-c: \ windows \ system32 \ igfxres.dll
2009/06/13 06:38. 2002/06/21 15:02 266.240 ---- aw-c: \ windows \ system32 \ shpshftr.dll
2009/06/13 06:00. 2009/06/13 06:00 444 ---- aw-c: \ windows \ system32 \ d3d8caps.dat
2009/06/13 05:01. 2009/06/13 05:01 -------- d ----- w C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Mozilla
2009/06/13 04:44. 2009/06/18 04:53 -------- d ----- w C: \ Program Files \ Startup Optimizer
2009/06/12 23:31. 2009/06/12 23:31 -------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2009/06/12 22:21. 2009/05/26 17:20 40.160 ---- aw-c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2009/06/12 22:21. 2009/06/12 22:23 -------- d ----- w C: \ Program Files \ Malwarebytes "Anti-Malware
2009/06/12 22:21. 2009/05/26 17:19 19.096 ---- aw-c: \ windows \ system32 \ drivers \ mbam.sys
2009/06/12 19:18. 2009/06/12 23:26 45 ---- aw-c: \ windows \ system32 \ ca.dat
2009/06/12 18:56. 2008/03/04 19:59 41.144 ---- aw-c: \ windows \ system32 \ drivers \ ShlDrv51.sys
2009/06/12 18:56. 2008/02/07 16:03 179.640 ---- aw-c: \ windows \ system32 \ drivers \ PavProc.sys
2009/06/12 18:21. 2009/06/12 18:56 -------- d ----- w C: \ Program Files \ Common Files \ Panda Security
2009/06/03 05:12. 2004/08/04 07:56 221.184 ---- aw-c: \ windows \ system32 \ wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009/06/19 01:27. 2008/05/23 05:13 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg8
2009/06/18 05:31. 2009/01/05 00:21 410.984 ---- aw-c: \ windows \ system32 \ deploytk.dll
2009/06/18 05:31. 2009/01/12 01:18 -------- d ----- w C: \ Program Files \ Java
2009/06/13 04:50. 2009/01/05 04:50 -------- d ----- w C: \ Program Files \ Web Publicēt
2009/06/13 04:49. 2008/08/20 22:26 -------- d ----- w C: \ Program Files \ Mozilla Thunderbird
2009/06/12 22:57. 2009/04/16 15:22 -------- d ----- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ U3
2009/06/12 18:22. 2006/05/02 03:43 -------- d - h - w-c: \ Program Files \ InstallShield Installation Information
2009/06/12 16:10. 2009/04/19 18:00 -------- d ----- w C: \ Program Files \ Google
2009/06/02 16:49. 2009/03/29 21:27 -------- d ----- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ n-Track Studio6
2009/05/15 13:30. 2006/07/15 14:36 -------- d ----- w C: \ Program Files \ QuickTime
2009/05/15 13:30. 2006/07/15 15:39 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2009/05/15 13:29. 2009/05/15 13:29 -------- d ----- w C: \ Program Files \ Apple Software Update
2009/05/15 13:29. 2009/05/15 13:29 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2009/05/12 19:53. 2009/05/12 19:53 16.141 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Help \ lego.exe
2009/05/12 19:53. 2009/05/12 19:53 11.410 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Identities \ msgdi.dll
2009/05/12 19:53. 2009/05/12 19:53 10.121 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Lavasoft \ kern.dll
2009/05/12 19:53. 2009/05/12 19:53 422 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Apple Computer \ socks1.exe
2009/05/12 19:53. 2009/05/12 19:53 145.131 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ DivX \ nomad.exe
2009/05/12 19:53. 2009/05/12 19:53 13.221 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ Adobe \ rengo.dll
2009/05/12 19:53. 2009/05/12 19:53 11.232 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ acccore \ shalom.exe
2009/05/11 14:21. 2009/05/11 14:21 -------- d ----- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ Malwarebytes
2009/05/11 14:20. 2009/05/11 14:20 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2009/04/22 16:14. 2006/05/03 02:44 -------- d ----- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ n-Track Studio
2009/04/21 07:27. 2006/05/03 02:44 12.024 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT
2009/04/15 20:25. 2009/04/19 18:01 43.528 ------ w-c: \ windows \ system32 \ drivers \ PxHelp20.sys
2009/04/15 20:25. 2009/04/19 18:01 9.464 ------ w-c: \ windows \ system32 \ drivers \ cdralw2k.sys
2009/04/15 20:25. 2009/04/19 18:01 9.336 ------ w-c: \ windows \ system32 \ drivers \ cdr4_xp.sys
2009/04/15 20:25. 2009/04/19 18:01 120.056 ------ w-c: \ windows \ system32 \ pxcpyi64.exe
2009/04/15 20:25. 2009/04/19 18:01 118.520 ------ w-c: \ windows \ system32 \ pxinsi64.exe
2009/04/15 20:25. 2009/04/19 18:01 129.784 ------ w-c: \ windows \ system32 \ pxafs.dll
2009/04/15 20:24. 2009/04/15 20:24 90.112 ---- aw-c: \ windows \ system32 \ dpl100.dll
2009/04/15 20:24. 2009/04/15 20:24 823.296 ---- aw-c: \ windows \ system32 \ divx_xx0c.dll
2009/04/15 20:24. 2009/04/15 20:24 823.296 ---- aw-c: \ windows \ system32 \ divx_xx07.dll
2009/04/15 20:24. 2009/04/15 20:24 815.104 ---- aw-c: \ windows \ system32 \ divx_xx0a.dll
2009/04/15 20:24. 2009/04/15 20:24 802.816 ---- aw-c: \ windows \ system32 \ divx_xx11.dll
2009/04/15 20:24. 2009/04/15 20:24 684.032 ---- aw-c: \ windows \ system32 \ DivX.dll
2009/04/01 16:35. 2009/04/01 16:34 7.040.776 ---- aw-c: \ Documents and Settings \ Īpašnieks \ Application Data \ MySpace \ IP \ Install \ MSIMClientSetup.1.0.789.0-static-A.exe
2009/04/01 16:33. 2009/04/01 16:33 300.800 ---- aw-C: \ MySpaceIM_Setup.exe
2009/03/31 23:24. 2009/03/31 23:23 16.494.272 ---- aw-C: \ nTrackSetup.exe
2009/03/30 22:38. 2009/03/30 22:38 25.214 ---- ar-C: \ Documents and Settings \ Īpašnieks \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _16496df1.exe
2009/03/30 22:38. 2009/03/30 22:38 2.998 ---- ar-C: \ Documents and Settings \ Īpašnieks \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _69525f90.exe
2009/03/30 22:38. 2009/03/30 22:38 2.998 ---- ar-c: \ dokumentus un uzstàdïjumi \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _294823.exe
2009/03/30 22:38. 2009/03/30 22:38 2.998 ---- ar-c: \ dokumentus un uzstàdïjumi \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _18be6784.exe
2009/03/30 22:38. 2009/03/30 22:38 25.214 ---- ar-C: \ Documents and Settings \ Īpašnieks \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _4ae13d6c.exe
2009/03/30 22:38. 2009/03/30 22:38 25.214 ---- ar-C: \ Documents and Settings \ Īpašnieks \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _2cd672ae.exe
2009/02/26 16:20. 2009/02/26 16:20 6.309.376 ---- aw-c: \ Program Files \ ntrack.exe
2009/02/26 16:05. 2009/02/26 16:05 126.976 ---- aw-c: \ Program Files \ AMGateway.ax
2009/02/26 16:05. 2009/02/26 16:05 63.168 ---- aw-c: \ Program Files \ RegisterComponents.exe
2009/02/26 16:05. 2009/02/26 16:05 163.520 ---- aw-c: \ Program Files \ ReportDump.exe
2009/02/26 16:04. 2009/02/26 16:04 86.016 ---- aw-c: \ Program Files \ vstscan.exe
2009/02/26 16:04. 2009/02/26 16:04 45.056 ---- aw-c: \ Program Files \ ball.ax
2009/02/26 16:01. 2009/02/26 16:01 78.848 ---- aw-c: \ Program Files \ EmptyProjectAction.dll
2009/02/26 16:01. 2009/02/26 16:01 147.456 ---- aw-c: \ Program Files \ nTrackDotControls.dll
2009/02/26 16:00. 2009/02/26 16:00 637.440 ---- aw-c: \ Program Files \ NativeControls6.dll
2009/02/26 15:59. 2009/02/26 15:59 99.328 ---- aw-c: \ Program Files \ SurroundVSTGui.dll
2009/02/26 15:59. 2009/02/26 15:59 45.056 ---- aw-c: \ Program Files \ yeti.mmedia.dll
2009/02/26 15:59. 2009/02/26 15:59 40.960 ---- aw-c: \ Program Files \ cdcopier.dll
2009/02/26 15:59. 2009/02/26 15:59 28.672 ---- aw-c: \ Program Files \ Ripper.dll
2009/02/26 15:59. 2009/02/26 15:59 8.704 ---- aw-c: \ Program Files \ ntrack3rdparty.dll
2009/02/26 15:59. 2009/02/26 15:59 5.120 ---- aw-c: \ Program Files \ WindowsFormsBase.dll
2009/02/26 15:59. 2009/02/26 15:59 36.864 ---- aw-c: \ Program Files \ nttest.dll
2009/02/26 15:59. 2009/02/26 15:59 32.768 ---- aw-c: \ Program Files \ nTrackDotNet.dll
2009/02/26 15:59. 2009/02/26 15:59 24.576 ---- aw-c: \ Program Files \ AVFader.dll
2009/02/26 15:59. 2009/02/26 15:59 6.656 ---- aw-c: \ Program Files \ nativecontrolsinterop.dll
2009/02/07 22:10. 2009/02/07 22:10 528.726 ---- aw-c: \ Program Files \ n-Track.htm
2009/02/06 00:15. 2009/02/06 00:15 225.792 ---- aw-c: \ Program Files \ AutoVol.dll
2009/02/06 00:14. 2009/02/06 00:14 228.352 ---- aw-c: \ Program Files \ Chorus.dll
2009/02/06 00:14. 2009/02/06 00:14 228.864 ---- aw-c: \ Program Files \ Echo.dll
2009/02/06 00:12. 2009/02/06 00:12 369.152 ---- aw-c: \ Program Files \ ntrck_PitchShift.dll
2009/02/06 00:11. 2009/02/06 00:11 176.128 ---- aw-c: \ Program Files \ Riverbero.dll
2009/02/06 00:09. 2009/02/06 00:09 434.688 ---- aw-c: \ Program Files \ facomp10.dll
2009/02/06 00:08. 2009/02/06 00:08 379.904 ---- aw-c: \ Program Files \ dxirewire.dll
2009/02/06 00:06. 2009/02/06 00:06 951.808 ---- aw-c: \ Program Files \ fa4bdeq.dll
2009/01/13 14:16. 2009/01/13 14:16 3.455 ---- aw-c: \ Program Files \ order.html
2008/11/28 00:23. 2008/11/28 00:23 642.840 ---- aw-c: \ Program Files \ n-track.cfg
2008/10/25 23:46. 2008/10/25 23:46 4.920 ---- aw-c: \ Program Files \ order_upgrade.html
2008/09/02 23:06. 2008/09/02 23:06 231.936 ---- aw-c: \ Program Files \ ShellCtl.dll
2008/08/31 13:20. 2008/08/31 13:20 105.056 ---- aw-c: \ program files \ Setup.bmp
2008/06/20 18:37. 2008/06/20 18:37 24.576 ---- aw-c: \ Program Files \ ScrollerAbout.dll
2008/06/20 18:18. 2008/06/20 18:18 831.058 ---- aw-c: \ Program Files \ banks_default.txt
2008/06/20 18:18. 2008/06/20 18:18 709 ---- aw-c: \ Program Files \ ntrack.exe.config
2008/06/20 18:18. 2008/06/20 18:18 22.124 ---- aw-c: \ Program Files \ us428_faders.dat
2008/06/20 18:18. 2008/06/20 18:18 22.124 ---- aw-c: \ Program Files \ us224_faders.dat
2008/06/20 18:17. 2008/06/20 18:17 4.035 ---- aw-c: \ Program Files \ n-track_help.cnt
2008/06/20 18:17. 2008/06/20 18:17 169.585 ---- aw-c: \ Program Files \ Drum Example.sng
2008/06/20 18:17. 2008/06/20 18:17 15.457 ---- aw-c: \ Program Files \ FACOMP10.HLP
2008/06/20 18:17. 2008/06/20 18:17 25.698 ---- aw-c: \ Program Files \ FA4BDEQ.HLP
2008/06/20 18:16. 2008/06/20 18:16 19.339 ---- aw-c: \ Program Files \ N-TRACK_EFX.HLP
2004/06/11 20:19. 2004/06/11 20:19 25.214 ---- aw-c: \ Program Files \ help_icon.ico
2004/06/07 13:23. 2004/06/07 13:23 25.214 ---- aw-c: \ Program Files \ link_icon.ico
2000/11/12 03:30. 2000/11/12 03:30 86 ---- aw-c: \ Program Files \ BUYIT!. URL
2000/11/12 03:28. 2000/11/12 03:28 73 ---- aw-c: \ Program Files \ n-Track.url
2009/04/15 20:24. 2009/04/15 20:24 1.044.480 ---- aw-c: \ Program Files \ Mozilla Firefox \ plugins \ libdivx.dll
2009/04/15 20:24. 2009/04/15 20:24 200.704 ---- aw-c: \ Program Files \ Mozilla Firefox \ plugins \ ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-19_13.16.48 )))))))))))) )))))))))))))))))))))))))))))
.
+ 2009/06/21 15:41. 2009/06/21 15:41 16.384 c: \ windows \ temp \ Perflib_Perfdata_5b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"IgfxTray" = "C: \ Windows \ system32 \ igfxtray.exe" [2002/06/19 155.648]
"HotKeysCmds" = "C: \ Windows \ system32 \ hkcmd.exe" [2002/06/19 114.688]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009/06/18 148.888]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"MySpaceIM" = "C: \ Program Files \ MySpace \ IP \ MySpaceIM.exe" [2008/12/12 9.555.968]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008/05/13 77.824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon]
2008/12/22 16:05 356.352 ---- aw-c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = C: \ Windows \ system32 \ avgrsstx.dl l

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgupd.exe" =
"C: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgemc.exe" =
"C: \ \ Program Files \ \ ATT-HSI \ \ McciBrowser.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Program Files \ \ AIM6 \ \ aim6.exe" =
"c: \ \ WINDOWS \ \ system32 \ \ igfxtray.exe" =
"C: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgrsx.exe" =
"% windir% \ \ system32 \ \ drivers \ \ svchost.exe" =
"C: \ \ Program Files \ \ MySpace \ \ IP \ \ MySpaceIM.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"53: TCP" = 53: TCP: websrvx

R1 AvgLdx86; AVG AVI Loader Driver x86, c: \ windows \ system32 \ drivers \ avgldx86.sys [5/23/2008 1:13 96.520]
R1 SASDIFSV; SASDIFSV c: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/26/2009 10:05 9.968]
R1 SASKUTIL; SASKUTIL c: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/26/2009 10:05 72.944]
R1 ShldDrv; Panda File Shield Driver; c: \ windows \ system32 \ drivers \ ShlDrv51.sys [6/12/2009 2:56 41.144]
R2 avg8emc; AVG8 E-mail Scanner, c: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe [5/23/2008 1:13 902.424]
R2 avg8wd; AVG8 Watchdog, c: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [5/23/2008 1:13 282.904]
R2 AvgTdiX; AVG8 Network virzienmainītājs c: \ windows \ system32 \ drivers \ avgtdix.sys [5/23/2008 1:13 75.272]
R2 PavProc; Panda procesa aizsardzība Driver; c: \ windows \ system32 \ drivers \ PavProc.sys [6/12/2009 2:56 179.640]
R2 Viewpoint Manager Service; Viewpoint Manager dienests c: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2/5/2009 6:56 24.652]
R3 (A7E39B01-B403-11d4-BD18-00D0B7A1821E); AIM 3,0 daļas 01 Codec Driver VCH-c: \ windows \ system32 \ drivers \ Vch.sys [5/1/2006 11:58 20.023]
S2 gupdate1c9c119864b630; Google Update Service (gupdate1c9c119864b630), c: \ Program Files \ Google \ Update \ GoogleUpdate.exe [4/19/2009 2:02 133.104]
S3 SASENUM; SASENUM c: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/26/2009 10:05 7.408]
.
Saturs "Scheduled Tasks" mape

2009/06/21 c: \ windows \ Uzdevumi \ GoogleUpdateTaskMachine.job
- C: \ Program Files \ Google \ Update \ GoogleUpdate.exe [2009/04/19 18:00]
.
.
------- Papildu Scan -------
.
uStart Page = hxxp: / / www.att.net/
uInternet Connection Wizard, ShellNext = iexplore
uSearchURL, (Default) = hxxp: / / us.rd.yahoo.com / pielāgot / ycomp / nepildīšanas / su / *http://www.yahoo.com
IE: & Search
FF - ProfilePath --
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2009/06/21 11:42
Windows 5.1.2600 Service Pack 2 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptos failus: 0

************************************************** ************************
.
--------------------- DLL Loaded Under Running Processes ---------------------

- - - - - - -> 'Winlogon.exe "(612)
c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
.
------------------------ Citi Running Processes ----------------------- --
.
c: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
c: \ Program Files \ Common Files \ Motive \ McciCMService.exe
c: \ Program Files \ Common Files \ Panda Security \ PavShld \ PavPrSrv.exe
c: \ Program Files \ AVG \ AVG8 \ avgrsx.exe
c: \ windows \ system32 \ wscntfy.exe
.
************************************************** ************************
.
Pabeigšanas laiks: 2009/06/21 11:47 - mašīna bija rebooted
ComboFix-karantīnā-files.txt 2009/06/21 15:47
ComboFix2.txt 2009/06/19 13:20

Pre-Run: 4974522368 bytes free
Post-Run: 5621665792 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[operating systems]
c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Home Edition" / fastdetect / noexecute = OptIn

248

;************************************************* ************************************************** ************************************************** ******************************
ANALĪZE: 2009/06/22 07:16:51
Protections: 1
MalWare: 10
Aizdomās: 0
;************************************************* ************************************************** ************************************************** ******************************
Protections
Apraksts Version Active Updated
;================================================= ================================================== ================================================== =================
AVG Anti-Virus Free 8,0 Jā Jā
;================================================= ================================================== ================================================== =================
MalWare
Id Description Type Active Severity Disinfectable Dezinficēts Atrašanās vieta
;================================================= ================================================== ================================================== =================
00139061 Cookie / DoubleClick TrackingCookie No 0 Yes No C: \ Documents and Settings \ Īpašnieks \ Cookies \ īpašnieks @ DoubleClick [1]. Txt
00262020 Cookie / Atwola TrackingCookie No 0 Yes No C: \ Documents and Settings \ Īpašnieks \ Cookies \ īpašnieks @ atwola [2]. Txt
00590315 Rootkit / Agent.LNB HackTools No 0 Jā Nē C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP500 \ A0228202.sys
00590315 Rootkit / Agent.LNB HackTools No 0 Jā Nē C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP501 \ A0229224.sys
00590315 Rootkit / Agent.LNB HackTools No 0 Jā Nē C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP491 \ A0222017.sys
00590315 Rootkit / Agent.LNB HackTools No 0 Jā Nē C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP493 \ A0223098.sys
00674736 W32/Autorun.AFX Virus / Worm No 1 Jā Jā C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP491 \ A0221911.dll
00674736 W32/Autorun.AFX Virus / Worm No 1 Jā Jā C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP490 \ A0221821.dll
00950476 Bck / Tdss.AZ Virus / Trojan No 0 Yes Yes C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233263.dll
00950476 Bck / Tdss.AZ Virus / Trojan No 0 Yes Yes C: \ Qoobox \ Karantīnas \ C \ WINDOWS \ system32 \ UACakmovnk vlbejvsw.dll.vir
00950477 Bck / Tdss.AZ Virus / Trojan No 0 Yes Yes C: \ Qoobox \ Karantīnas \ C \ WINDOWS \ system32 \ UACllkyxud engakpfn.dll.vir
00950477 Bck / Tdss.AZ Virus / Trojan No 0 Yes Yes C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233264.dll
00966996 Bck / Tdss.BC Virus / Trojan No 0 Yes Yes C: \ Qoobox \ Karantīnas \ C \ WINDOWS \ system32 \ UACkpxjqwv ugnspokq.dll.vir
00966996 Bck / Tdss.BC Virus / Trojan No 0 Yes Yes C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233265.dll
01099605 Trj / Alureon.AL Virus / Trojan No 0 Yes Yes C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233262.dll
01099605 Trj / Alureon.AL Virus / Trojan No 0 Yes Yes C: \ Qoobox \ Karantīnas \ C \ WINDOWS \ system32 \ UACxcvrjkw rnbmiqml.dll.vir
01318562 Trj / Downloader.WAV Virus / Trojan No 0 Yes Yes C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223044.dll
01318562 Trj / Downloader.WAV Virus / Trojan No 0 Yes Yes C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223065.dll
01318562 Trj / Downloader.WAV Virus / Trojan No 0 Yes Yes C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223056.dll
01318562 Trj / Downloader.WAV Virus / Trojan No 0 Yes Yes C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223073.dll
02885963 Rootkit / Booto.C Virus / Worm No 0 Yes Yes C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0234260.sys
02885963 Rootkit / Booto.C Virus / Worm No 0 Yes Yes C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP505 \ A0235260.sys
02885963 Rootkit / Booto.C Virus / Worm No 0 Yes Yes C: \ System Volume Information \ _restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233266.sys
;================================================= ================================================== ================================================== =================
Aizdomas
Nosūtītās Location f
;================================================= ================================================== ================================================== =================
;================================================= ================================================== ================================================== =================
NEAIZSARGāTīBA
Id Severity Apraksts f
;================================================= ================================================== ================================================== =================
208.380 HIGH MS09-015 f
208.379 HIGH MS09-014 f
208.378 HIGH MS09-013 f
208.377 HIGH MS09-012 f
206.981 HIGH MS09-007 f
206.980 HIGH MS09-006 f
204.670 HIGH MS09-001 f
203.806 HIGH MS08-078 f
203.508 HIGH MS08-073 f
203.505 HIGH MS08-071 f
202.465 HIGH MS08-068 f
201.683 HIGH MS08-067 f
201.258 HIGH MS08-066 f
201.256 HIGH MS08-064 f
201.255 HIGH MS08-063 f
201.253 HIGH MS08-061 f
201.250 HIGH MS08-058 f
209.275 HIGH MS08-049 f
209.273 HIGH MS08-045 f
196.455 MEDIUM MS08-037 f
194.861 HIGH MS08-031 f
194.860 HIGH MS08-030 f
191.618 HIGH MS08-025 f
191.617 HIGH MS08-024 f
191.614 HIGH MS08-021 f
191.613 HIGH MS08-020 f
187.735 HIGH MS08-010 f
187.733 HIGH MS08-008 f
184.380 MEDIUM MS08-002 f
184.379 MEDIUM MS08-001 f
182.048 HIGH MS07-069 f
182.046 HIGH MS07-067 f
179.553 HIGH MS07-061 f
176.383 HIGH MS07-058 f
176.382 HIGH MS07-057 f
170.911 HIGH MS07-050 f
170.907 HIGH MS07-046 f
170.906 HIGH MS07-045 f
170.904 HIGH MS07-043 f
114.666 HIGH MS06-015 f
93.454 MEDIUM MS05-049 f
;================================================= ================================================== ================================================== =================

**sjb007** · #10 Jūnijs 22, 2009, 09:30

Howdy tur

Lūdzu, ņemiet vērā, - Šajā noteikt mēs stāšanās drošais režīms. Lūdzu, izdrukājiet šos jūsu interneta pieslēgšanas instrukcijas nebūs pieejami jums šajā laikā. Jūs varat arī kopēt un ielīmēt noteikt stājas teksta failu un saglabātu to viegli pieejamā vietā uz atsauci.

Quote:

Atvainojos par to. Man nav ne jausmas, kas ir noticis

Nav jāuztraucas, tikai vienu no šīm lietām!

Viena lieta, ko es darīju ir pieminēt, agrāk bija tā, ka jūs, šķiet, ir divas Antivīrusi uzstādītas, ar vienu atspējota. Es varu tikai jautāt ir F-Secure vecs AV, kur parakstīšanās ir beigušies?

Kaut Panda skenēšanas pacēla dažus priekšmetus - skenēšanas rezultātā faktiski izskatās labi. Lielākā daļa to, kas atrodas vai nu karantīnā ar combofix vai uztver jūsu sistēmas atjaunošanai, kuriem mēs varam vienā līmenī veic pēc beigām, noteikt, lai novērstu atkārtotu infekciju.

Es ievēroju, ka jums jau ir SUPERAntiSpyware uzstādīta ...

Es gribu palaist man scan drošajā režīmā.

Pirmais ļauj atjaunināt SAS un iestatiet iespējas pirms skanēšanas

atjaunināt definīcijas izvēloties "Pārbaudītu atjauninājumus". (Ja Jums rodas jebkādas problēmas, bet lejupielādēt atjauninājumus, manuāli lejupielādēt no šeit. Dubultklikšķi uz hipersaites lejupielādēt Installer un saglabāt SASDEFINITIONS.EXE uz Jūsu rakstāmgalda. Tad divreiz uzklikšķiniet uz SASDEFINITIONS.EXE uzstādīt definīcijas.)
Galvenajā izvēlnē noklikšķiniet uz Preferences ... pogu.
Click "Scanning Control"Tab, un saskaņā ar Skeneris Options, Pārliecinieties, ka šādi tiek pārbaudīti (atstājiet visiem pārējiem nekontrolētu):
- Aizveriet pārlūkprogrammu pirms skenēšanas.
- Meklēt uzskaites sīkdatnes.
- Pārtraukt atmiņa draudiem pirms quarantining.
Click "Aizvērt"Pogu atstāt kontroles panelis ekrānu un izceļošanas programmu.
Neskrien skenēšanu, tikai vēl nav.

Pārstartēt datoru "Safe Mode", Izmantojot F8 metodi. Lai to izdarītu, restartējiet datoru un uzklausot Jūsu datora skaņas signāls, kad startēšanas laikā (bet pirms Windows ikona), nospiediet taustiņu F8 atkārtoti. Izvēlne parādīsies ar vairākām opcijām. Izmantojiet bultiņu taustiņus, lai pārvietotos un izvēlētos iespēju palaist Windows "Safe Mode".

Scan ar SUPERAntiSpyware šādi:

Palaist programmu un atpakaļ uz galveno ekrānu, zem "Meklēt ļaunprātīgu programmatūru"Click Skenēt datoru.
Par kreisi, pārliecinieties, ka esat pārbaudījis C: \ Fiksētie Drive.
Par tiesībām, saskaņā ar "Complete Scan", Izvēlēties Veikt Complete Scan un noklikšķiniet uz "Nākamais".
Pēc skenēšanas pabeigšanas, Scan Summary lodziņš parādīsies ar potenciāli kaitīgas preces, kas tika atklāti. Noklikšķiniet uz "OK".
Pārliecinieties, ka viss ir atzīmes blakus tam un nospiediet "Nākamais".
Paziņojums būs redzams, ka "Karantīnas un izslēgšana tiek Complete". Noklikšķiniet uz"OK"Un tad noklikšķiniet uz"Apdare"Pogu, lai atgrieztos galvenajā izvēlnē.
Ja vaicāts, vai vēlaties pārstartēt, noklikšķiniet uz "Jā"Un reboot normāli.
Lai ielādētu atcelšanu informāciju pēc reboot, uzsāks SUPERAntispyware vēlreiz.
- Click Preferences, Tad noklikšķiniet uz Statistika / Logs tab.
- Saskaņā Scanner Baļķi, veiciet dubultklikšķi uz SUPERAntiSpyware Scan Log.
- Ja ir vairāki žurnāli, noklikšķiniet uz pašreizējā gada žurnāls un nospiediet Skatīt žurnālu. Teksta fails atvērsies noklusējuma teksta redaktoru.
- Lūdzu nokopējiet un ielīmējiet Scan Ieiet rezultātus savu nākamo atbildi.
Click Aizvērt lai izietu no programmas.

Post atpakaļ ar izriet žurnālā, arī jāatjaunina man par to, kā lietas darbojas tagad

Similar Threads
Pavediens	Thread Starter	Forums	Replies	Last Post
XP Running Lēnām, Ne Malware ...	mbonwick	Windows Operating Systems	3	24 augusts 2009 07:52
Multiple Svchost.exe 's Running	Paul4763	General Software Čats	2	24 jūlijs 2009 02:43
Datoram ir Problēma ar Running Multiple Programs	flamefrenzy56	General Software Čats	1	11 marts 2009 23:27
Multiple instances of iexplore darbojas bakground	walnav	Vīrusu, spiegprogrammatūru un drošība	1	13 jūlijs 2008 01:35
Dators izslēdzas, pirms es varu meklēt vīrusus vai formātā!	SgtJohnDoe	General Hardware Čats	6	21 septembris 2007 14:31