[icu222much]

Vakar vakarā, kad es booted up my datoru Windows XP, trīs kļūdas logi parādījās teica:
"Kļūda ielādējot C: \ WINDOWS \ system32 \ lwmela.dll"
"Kļūda ielādējot C: \ WINDOWS \ system32 \ logibeja.dll"
"Kļūda ielādējot C: \ WINDOWS \ system32 \ nebazifi.dll"

Esmu ievērojis, ka visi trīs no šīm kļūdām ir saistītas ar rundll32.exe. Es paskatījos Google, un ierosināja, ka man nevajadzētu dzēst šo failu.

Es domāju, ja kāds varētu man palīdzēt atrisināt manu problēmu. Esmu ievietojis manu HijackThis log. I hope this helps.

Kods:

[evilfantasy]

Lejupielādēt Malwarebytes "Anti-Malware (MBAM)

• Veiciet dubultklikšķi uz mbam-setup.exe un sekojiet norādījumiem, lai instalētu programmu.
• Gada beigās, pārliecinieties atzīmes atrodas blakus šādi:
  • Update Malwarebytes "Anti-Malware
  • Launch Malwarebytes "Anti-Malware
• Pēc tam noklikšķiniet uz Apdare.
• Ja atjaunināšana ir atrasts, tas lejupielādētu un instalētu jaunāko versiju.
• Kad programma ir piekrauts, izvēlieties Veikt quick scan, Tad noklikšķiniet uz Scan.
• Kad skenēšana ir pabeigta, noklikšķiniet uz OK, Tad Parādīt rezultātus apskatīt rezultātus.
• Pārliecinieties, ka viss ir pārbaudīts, un noklikšķiniet uz Noņemt atlasīto.
• Kad dezinfekcija ir pabeigta, log atvērsies Notepad un jums var tikt piedāvāts restartēt. (Skatīt Extra piezīmi)
• Log tiek automātiski saglabāts ar MBAM un to var apskatīt, noklikšķinot Baļķi cilnē MBAM.
• Kopēt un ielīmēt visu ziņojumu savā nākamajā atbildi.

Extra Piezīme: Ja MBAM sastopas failu, kas ir grūta, Jums tiks parādīts 1 of 2 uzvednes, noklikšķiniet uz Labi, lai nu un ļaujiet MBAM rīkoties ar dezinfekcijas procesu, ja prasīts restartēt datoru, lūdzu, dariet to nekavējoties.

----------

Lūdzu, instalējiet jauno versiju HijackThis un pasta jaunu žurnālu.

Lejupielādēt TrendMicro HijackThis.exe (HJT) uz Desktop.

• Double-click uz HJTInstall.
• Noklikšķiniet uz Install pogu.
• Tas automātiski novietot HJT in C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
• Pēc instalēšanas, HijackThis jāatver jums.
• Noklikšķiniet uz Vai sistēmas skenēšanu un saglabāt log failu poga
• HijackThis skenēs un tad log atvērsies notepad.
• Nokopējiet un ielīmējiet visu saturu no log in your post.
• Nav ir HijackThis noteikt kaut kas vēl. Lielākā daļa no tā konstatē, būs nekaitīgi vai pat nepieciešama.

[icu222much]

Paldies Evilfantasy. Pēc darbības MBAM un rebooting, pop-ups, šķiet, ir pārtraukta izpausmēm. Šeit ir manas apaļkokiem.



MBAM:

Malwarebytes "Anti-Malware 1,30
Database version: 1415
Windows 5.1.2600 Service Pack 3

21/11/2008 7:17:41
mbam-log-2008-11-21 (19-17-41). txt

Scan type: Quick Scan
Objekti skenēts: 53.708
Laiks pagājis kopš: 3 minūte (s), 24 second (s)

Memory Processes Inficētie: 0
Memory Modules Inficētie: 0
Registry Keys Inficētie: 3
Reģistra vērtības Inficētie: 5
Registry Data Items Infected: 2
Mapes Inficētie: 0
Faili Inficētie: 0

Atmiņas procesi Inficētie:
(No ļaunprātīgs preces konstatētas)

Memory Modules Inficētie:
(No ļaunprātīgs preces konstatētas)

Registry Keys Inficētie:
HKEY_CLASSES_ROOT \ CLSID \ (ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4) (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi.

Reģistra vērtības Inficētie:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ SharedTaskScheduler \ (ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4) (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad \ ssodl (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ cpm13d13c71 (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ vuzeparume (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ 10e20fed (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi.

Registry Data Items Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Laba: (1) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Laba: (1) -> Karantīnā ievietotie un svītrots veiksmīgi.

Mapes Inficētie:
(No ļaunprātīgs preces konstatētas)

Faili Inficētie:
(No ļaunprātīgs preces konstatētas)



HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 7:23:04 gada 21/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ LogMeIn \ x86 \ LogMeInSystray.exe
C: \ Program Files \ UltraMon \ UltraMon.exe
C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ Acrotray.exe
C: \ Program Files \ LogMeIn \ x86 \ LMIGuardian.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ UltraMon \ UltraMonTaskbar.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ WINDOWS \ SOUNDMAN.EXE
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Documents and Settings \ es \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe
C: \ Program Files \ Yahoo! \ Widgets \ YahooWidgets.exe
C: \ Program Files \ Yahoo! \ Widgets \ YahooWidgets.exe
C: \ Program Files \ Yahoo! \ Widgets \ YahooWidgets.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ GIGABYTE \ EnergySaver \ GSvr.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBService.exe
C: \ Program Files \ NVIDIA Corporation \ nTune \ nTuneService.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ Program Files \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe
C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = *. vietējo
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - (074C1DC5-9.320-4A9A-947D-C042949C6216) - C: \ Program Files \ Adobe \ / Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - (24e9d28a-8ed5-4d92-9.642-2fba5c8cacd9) - C: \ WINDOWS \ system32 \ jabupogu.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - (AE7CD045-E861-484f-8.273-0445EE161910) - C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4.638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 4.1.805.4472 \ sw g.dll
O2 - BHO: PDF-Xchange Viewer IE-Plugin - (C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F) - C: \ Program Files \ Tracker Software \ PDF Xchange 4 Pro \ PDF Xchange PDF Viewer \ pdf skatītāju \ PDFXCviewIEPlugin . dll
O3 - Toolbar: Adobe PDF - (47.833.539-D0C5-4125-9FA8-0819E2EAAC93) - C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll
O3 - Toolbar: veicināt Toolbar - (517BDDE4-E3A7-4.570-B21E-2B52B6139FC7) - C: \ Program Files \ Adobe \ / Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM \ .. \ Run: [GEST] m "| \ ü
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Program Files \ LogMeIn \ x86 \ LogMeInSystray.exe"
O4 - HKLM \ .. \ Run: [UltraMon] "C: \ Program Files \ UltraMon \ UltraMon.exe" / auto
O4 - HKLM \ .. \ Run: [Acrobat Assistant 8,0] "C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ Acrotray.exe"
O4 - HKLM \ .. \ Run: [Adobe_ID0EYTHM] C: \ PROGRA ~ 1 \ Common ~ 1 \ Adobe \ ADOBEV ~ 1 \ server \ bin \ VER SIO ~ 2.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [NBKeyScan] "C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBKeyScan.exe"
O4 - HKLM \ .. \ Run: [AVG8_TRAY] C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM \ .. \ Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU \ .. \ Run: [NVIDIA nTune] "C: \ Program Files \ NVIDIA Corporation \ nTune \ nTuneCmd.exe" skaidri
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [AlcoholAutomount] "C: \ Program Files \ Alcohol Soft \ Alcohol 120 \ axcmd.exe" / automount
O4 - HKCU \ .. \ Run: [labo] "C: \ Documents and Settings \ es \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [vuzeparume] Rundll32.exe "C: \ WINDOWS \ system32 \ lowumela.dll" s (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C: \ Program Files \ Yahoo! \ Widgets \ YahooWidgets.exe
Ø8 - ārpus konteksta izvēlnes vienums: Pievienot esošajiem PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIEAppend.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert saite mērķi Adobe PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIECapture.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert saišu mērķis esošo PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIEAppend.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert cikls saites uz Adobe PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIECaptureSelLinks.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert cikls saites ar esošajām PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIEAppendSelLinks.html
Ø8 - ārpus konteksta izvēlnes vienums: Pārvērst atlasi uz Adobe PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIECapture.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert izvēle esošajiem PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIEAppend.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert to Adobe PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIECapture.html
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
Ø16 - DPF: (77E32299-629F-43C6-AB77-6A1E6D7663F6) (Groove Control) -- http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll
Ø20 - AppInit_DLLs: avgrsstx.dll C: \ WINDOWS \ system32 \ gevabovo.dll c: \ windows \ system32 \ logibeja.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C: \ Program Files \ Common Files \ Adobe \ Adobe Version Cue CS3 \ server \ bin \ VersionCueCS3.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe
O23 - Service: AVG Free8 Watchdog (avg8wd) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) - Apple Computer, Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: FAH @ F: + Downloads + tālu 2 kreka 2 + [RAZOR1911] [Web SEED] FAR Cry 2 kreka - REAL 100% FULLY WORKING + FAH.exe - Unknown īpašnieks - C: \ Windows \
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: GEST dienesta programmu vadību. (GEST Service) - Unknown īpašnieks - C: \ Program Files \ GIGABYTE \ EnergySaver \ GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: Nero BackItUp plānotājs 3 - Nero AG - C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBService.exe
O23 - Service: NMIndexingService - Nero AG - C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C: \ Program Files \ NVIDIA Corporation \ nTune \ nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown īpašnieks - C: \ WINDOWS \ system32 \ PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown īpašnieks - C: \ WINDOWS \ system32 \ PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C: \ Program Files \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe

--
End of failu - 10.749 bytes

[evilfantasy]

Izskatās labāk, bet vēl ir dažas malware atstāt tīru.

Atinstalēt nekādas plaisas / warez now please. Tas nav labi tīrīt malware, kad tas ir gandrīz 100% varbūtība, ka ļaundabīgās programmas nāca no viena no tiem.

Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai tad vieta atzīmi blakus:

- O2 - BHO: (no name) - (24e9d28a-8ed5-4d92-9.642-2fba5c8cacd9) - C: \ WINDOWS \ system32 \ jabupogu.dll (file missing)
- O4 - HKLM \ .. \ Run: [GEST] m "| \ ü
- O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
- O4 - HKUS \ S-1-5-19 \ .. \ Run: [vuzeparume] Rundll32.exe \ "C: \ WINDOWS \ system32 \ lowumela.dll \", s (User \ 'LOCAL SERVICE \ ")
- Ø20 - AppInit_DLLs: avgrsstx.dll C: \ WINDOWS \ system32 \ gevabovo.dll c: \ windows \ system32 \ logibeja.dll
- O23 - Service: FAH @ F: + Downloads + tālu 2 kreka 2 + [RAZOR1911] [Web SEED] FAR Cry 2 kreka - REAL 100% FULLY WORKING + FAH.exe - Unknown īpašnieks - C: \ Windows \

Aizveriet visus logus, izņemot HijackThis un noklikšķiniet uz Fix pārbaudīja.

----------

Piezīme: Instrukcijas turpmāk tika izveidota speciāli šim lietotājam. Ja Jums nav šī lietotāja, DO NOT ievērojiet šos norādījumus, jo tie varētu kaitēt jūsu sistēmas darbības principus

Doties uz Start> Run un tips notepad.exe noklikšķiniet uz OK

Nokopējiet un ielīmējiet tālāk vērā Notepad un saglabāt kā fixme.reg līdz Jūsu Desktop

Kods:

REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] "GEST" =- "Alcmtr" =-

Atrodiet fixme.reg uz darbvirsmas un veiciet uz tā dubultklikšķi. Atbilde Jā kad tiek piedāvāts apvienot ar reģistru.

Pārliecinieties, ka jūs man pateikt, ja saņemat panākumus ziņu par pieskaitot iepriekš, lai reģistrā. Ja Jums nav iegūt panākumus ziņu, tā nestrādāja.

Dzēst fixme.reg no darbvirsmas.

----------

Lejupielādēt ATF Apkopēja ar Atribune un saglabājiet to savā datorā.
Vietnieks Download link

Windows Vista lietotājiem: ATF-Cleaner jābūt Palaist kā administratoram

Dubultklikšķis ATF-Cleaner.exe palaist programmu.
Pārbaudiet rūtiņas, lai pa kreisi no:

• Logi Temp
• Current User Temp
• Visi Lietotāji Temp
• Temporary Internet Files
• Prefetch
• Java Cache
• Recycle bin

Pārējie ir izvēles - ja vēlaties to noņemt visu pārbaudīt Atlasīt visu
Tagad noklikšķiniet Empty Selected
Kad jums Done tīrīšana Ziņojumā noklikšķiniet uz OK

Firefox lietotāji klikšķina Firefox par menu bar

Noklikšķiniet uz Atlasīt visu, Tad noklikšķiniet uz Tukšs
Piezīme: Ja jūs vēlaties, lai jūsu saglabātās paroles klikšķi Nē par ātru.

Opera lietotāji klikšķina Opera par menu bar

Noklikšķiniet uz Atlasīt visu, Tad noklikšķiniet uz Tukšs
Piezīme: Ja jūs vēlaties, lai jūsu saglabātās paroles klikšķi Nē par ātru

Svarīgi: Restartēt datoru, pirms turpināt.

Ņemiet vērā, ka sistēma darbosies lēnāk par reboot vai divas pēc tam izmanto šo rīku tā nav panikas

----------

Download ComboFix © by subs no vienas no saitēm. Pārliecinieties top saglabājiet to Desktop.

Link # 1
Link # 2

** Piezīme: Ir svarīgi, ka tā ir saglabāta tieši jūsu Desktop

Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc) pirms uzsākt ComboFix.

Laiku sakropļot jūsu antivīruss, Un jebkuru antispyware reāllaika aizsardzību pirms veic skenēšanu. Click šo saiti redzēt sarakstu drošības programmas, kas ir invalīdi un to, kā pārtraukt to darbību.

Dubultklikšķi combofix.exe un sekojiet norādījumiem.

Windows XP Systems instalēt Recovery Console:

- Ja lietojat Windows XP un nav jau Recovery Console uzstādītas, lūdzu, pārliecinieties, jūsu interneta savienojums ir aktīvs (ja iespējams) un noklikšķiniet uz Jā.
- Ja kaut kādu iemeslu dēļ interneta nedarbojas klikšķi Nē.
-- Ja nelietojat Windows XP, jums netiks piedāvāts.
- Kad mudināts piekrist EULA klikšķi OK.
- Pieņemt Microsoft EULA (Click Jā).
- Ja Jums ir teikts, ka RC ir uzstādīts pareizi klikšķi JĀ turpināt meklētu ļaunprātīgu programmatūru.

Kad pabeigts ComboFix ražos log for you.
Post ComboFix log un jaunu HijackThis log Jūsu nākamo atbildi.

Svarīgi: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt to apstāsies.

Atcerieties, ka jauna aktivizētu jūsu antivīrusu un antispyware aizsardzību, ja ComboFix ir pabeigta.

[icu222much]

Es veiksmīgi pievienots kodu manu reģistru. Es arī tikko aktivizēts mans AVG, un teica, ka atklāts Trojas zirgs "SHeur2.CWU" par atklātu. Šis atrodas uz C: \ System Volume Information \ _restore (437C89B8-7BDE-4F8B-A154-0070B533E200) \ RP137 \ A009106.dll.

Esmu arī noņemt dažas manas krekinga pieteikumu, ka es neesmu, izmantojot. Viens no tiem, ko es neatceļ bija Far Cry 2. Esmu ievērojis, ka apaļkoku šo spēli parādās diezgan bieži. Vai šo spēli var sekmēt problēmu?

Visbeidzot, HijackThis logs, kā jūs zināt, ko novērst? Vai jūs vienkārši noņemt vienumus, neizskatās pareizs, vai pastāv sistemātiskāka pieeja tai?


________________________________



ComboFix 08-11-21.05 - es 2008-11-22 8:12:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2252 [GMT -8:00]
Sākot no: c: \ Documents and Settings \ es \ Desktop \ ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
c: \ windows \ system32 \ aporanuz.ini
c: \ windows \ system32 \ ifizaben.ini
.
((((((((((((((((((((((((( Faili Created no 2008/10/22 līdz 2008/11/22 ))))))))))) ))))))))))))))))))))
.
2008/11/21 19:21. 2008/11/21 19:21 <DIR> d -------- C: \ Program Files \ Trend Micro
2008/11/21 19:03. 2008/11/21 19:03 <DIR> d -------- C: \ Program Files \ Malwarebytes "Anti-Malware
2008/11/21 19:03. 2008/11/21 19:03 <DIR> d -------- C: \ Documents and Settings \ es \ Application Data \ Malwarebytes
2008/11/21 19:03. 2008/11/21 19:03 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008/11/21 19:03. 2008/10/22 16:10 38.496 - ------ c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2008/11/21 19:03. 2008/10/22 16:10 15.504 - ------ c: \ windows \ system32 \ drivers \ mbam.sys
2008/11/21 08:25. 2008/11/21 08:25 69 - ------ c: \ windows \ NeroDigital.ini
2008/11/21 08:24. 2008/11/21 08:25 3.532 - ------ C: \ drmHeader.bin
2008/11/20 06:34. 2008/11/20 06:34 <DIR> d -------- C: \ Documents and Settings \ es \ Application Data \ Leadertech
2008/11/17 22:31. 2008/11/17 22:31 <DIR> d -------- C: \ Program Files \ MSECache
2008/11/13 20:26. 2008/08/07 11:38 9.728 - ------ c: \ windows \ system32 \ RtNicProp32.dll
2008/11/13 07:17. 2008/09/04 09:15 1.106.944 ----- c --- c: \ windows \ system32 \ dllcache \ msxml3.dll
2008/11/13 07:17. 2008/10/24 03:21 455.296 ----- c --- c: \ windows \ system32 \ dllcache \ mrxsmb.sys
2008/11/11 07:22. 2008/11/11 07:22 <DIR> d -------- C: \ Program Files \ Belarc
2008/11/11 07:22. 2008/02/27 13:49 3.840 - ------ c: \ windows \ system32 \ drivers \ BANTExt.sys
2008/11/09 08:13. 2008/11/09 08:13 <DIR> d -------- C: \ Program Files \ Virtools
2008/11/06 22:31. 2007/12/03 02:10 644.400 - ------ c: \ windows \ system32 \ MSCOMCT2.OCX
2008/11/06 20:58. 2008/11/06 20:58 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Fallout3
2008/11/06 20:57. 2008/11/06 20:57 <DIR> d -------- C: \ Program Files \ MSBuild
2008/11/06 20:55. 2008/11/06 20:55 <DIR> d -------- C: \ Windows \ system32 \ XPSViewer
2008/11/06 20:55. 2008/11/06 20:55 <DIR> d -------- C: \ Program Files \ Reference Assemblies
2008/11/06 20:54. 2008/11/06 20:54 <DIR> d -------- C: \ Windows \ system32 \ xlive
2008/11/06 20:54. 2006/06/29 13:07 14.048 --------- c: \ windows \ system32 \ spmsg2.dll
2008/11/05 07:49. 2008/11/22 07:51 <DIR> d -------- C: \ Windows \ system32 \ drivers \ Vid
2008/11/05 07:49. 2008/11/05 07:49 <DIR> d -------- C: \ Program Files \ AVG
2008/11/05 07:49. 2008/11/05 07:49 97.928 - ------ c: \ windows \ system32 \ drivers \ avgldx86.sys
2008/11/05 07:49. 2008/11/05 07:49 76.040 - ------ c: \ windows \ system32 \ drivers \ avgtdix.sys
2008/11/05 07:49. 2008/11/05 07:49 10.520 - ------ c: \ windows \ system32 \ avgrsstx.dll
2008/11/03 09:40. 2008/11/05 07:44 <DIR> d -------- C: \ Documents and Settings \ LogMeInRemoteUser
2008/10/29 07:59. 2008/10/29 07:59 <DIR> d -------- C: \ Program Files \ Microsoft Silverlight
2008/10/23 21:08. 2008/10/15 08:34 337.408 ----- c --- c: \ windows \ system32 \ dllcache \ netapi32.dll
2008/10/22 10:07. 2008/10/22 10:07 <DIR> d -------- C: \ Windows \. Jagex_cache_32
2008/10/22 10:07. 2008/10/22 10:08 30 - ------ c: \ Documents and Settings \ me \ jagex_runescape_preferences.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/11/22 16:15 16.608 ---- aw c: \ windows \ gdrv.sys
2008/11/22 04:36 183.112 ---- aw c: \ windows \ system32 \ PnkBstrB.exe
2008/11/22 04:36 138.184 ---- aw c: \ windows \ system32 \ drivers \ PnkBstrK.sys
2008/11/21 23:39 --------- d ----- wc: \ Documents and Settings \ es \ Application Data \ uTorrent
2008/11/21 18:44 66.872 ---- aw c: \ windows \ system32 \ PnkBstrA.exe
2008/11/21 16:12 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008/11/16 08:35 --------- d ----- wc: \ Program Files \ LogMeIn
2008/11/14 04:25 319.488 ---- aw c: \ windows \ HideWin.exe
2008/11/07 06:31 --------- d - h - wc: \ Program Files \ InstallShield Installation Information
2008/11/07 06:30 --------- d ----- wc: \ Program Files \ Google
2008/11/05 15:49 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ avg8
2008/11/03 15:05 87.352 ---- aw c: \ windows \ system32 \ LMIinit.dll
2008/11/03 15:05 83.288 ---- aw c: \ windows \ system32 \ LMIRfsClientNP.dll
2008/11/03 15:05 47.640 ---- aw c: \ windows \ system32 \ drivers \ LMIRfsDriver.sys
2008/11/03 15:05 28.984 ---- aw c: \ windows \ system32 \ LMIport.dll
2008/11/03 15:05 23.736 ---- aw c: \ windows \ system32 \ lmimirr.dll
2008/11/03 15:05 10.040 ---- aw c: \ windows \ system32 \ lmimirr2.dll
2008/10/29 10:02 --------- d ----- wc: \ Program Files \ Microsoft Works
2008/10/25 06:17 --------- d --- aw c: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008/10/24 11:21 455.296 ---- aw c: \ windows \ system32 \ drivers \ mrxsmb.sys
2008/10/20 05:28 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ FLEXnet
2008/10/19 22:44 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Ubisoft
2008/10/18 01:48 5.554 ---- aw c: \ windows \ system32 \ ealregsnapshot1.reg
2008/10/18 01:48 --------- d ----- wc: \ Program Files \ Electronic Arts
2008/10/17 09:16 --------- d ----- wc: \ Program Files \ Windows Live
2008/10/17 08:58 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2008/10/17 08:57 --------- dcsh - wc: \ Program Files \ Common Files \ WindowsLiveInstaller
2008/10/16 22:13 202.776 ---- aw c: \ windows \ system32 \ wuweb.dll
2008/10/16 22:13 1.809.944 ---- aw c: \ windows \ system32 \ wuaueng.dll
2008/10/16 22:12 561.688 ---- aw c: \ windows \ system32 \ wuapi.dll
2008/10/16 22:12 323.608 ---- aw c: \ windows \ system32 \ wucltui.dll
2008/10/16 22:09 92.696 ---- aw c: \ windows \ system32 \ cdm.dll
2008/10/16 22:09 51.224 ---- aw c: \ windows \ system32 \ wuauclt.exe
2008/10/16 22:09 43.544 ---- aw c: \ windows \ system32 \ wups2.dll
2008/10/16 22:08 34.328 ---- aw c: \ windows \ system32 \ wups.dll
2008/10/16 22:06 268.648 ---- aw c: \ windows \ system32 \ mucltui.dll
2008/10/16 22:06 208.744 ---- aw c: \ windows \ system32 \ muweb.dll
2008/10/14 02:05 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ nView_Profiles
2008/10/14 02:03 --------- d ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard
2008/10/14 02:03 --------- d ----- wc: \ Program Files \ AGEIA Technologies
2008/10/13 16:13 --------- d ----- wc: \ Program Files \ SystemRequirementsLab
2008/10/13 16:13 --------- d ----- wc: \ Documents and Settings \ es \ Application Data \ SystemRequirementsLab
2008/10/09 05:12 --------- d ----- wc: \ Documents and Settings \ es \ Application Data \ Nero
2008/10/09 05:11 --------- d ----- wc: \ Program Files \ Common Files \ Nero
2008/10/09 05:10 --------- d ----- wc: \ Program Files \ Nero
2008/10/09 05:10 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Nero
2008/10/09 04:34 --------- d ----- wc: \ Program Files \ Common Files \ Autodesk Shared
2008/10/09 04:34 --------- d ----- wc: \ Program Files \ Common Files \ Alias Shared
2008/10/09 04:33 6.656 ---- aw c: \ windows \ system32 \ haspvdd.dll
2008/10/09 04:33 47.616 ---- aw c: \ windows \ system32 \ drivers \ Haspnt.sys
2008/10/09 04:32 --------- d ----- wc: \ Program Files \ Autodesk
2008/10/05 06:52 94.208 ---- aw c: \ windows \ ScUnin.exe
2008/10/01 00:43 1.286.152 ---- aw c: \ windows \ system32 \ msxml4.dll
2008/09/27 06:16 --------- d ----- wc: \ Program Files \ 3DGroove
2008/09/22 05:57 --------- d ----- wc: \ Program Files \ Keyclone
2008/09/19 00:32 4 - SH - R c: \ WINOS.SYS
2008/09/17 16:55 453.152 ---- aw c: \ windows \ system32 \ nvudisp.exe
2008/09/17 04:27 453.152 ---- aw c: \ windows \ system32 \ NVUNINST.EXE
2008/09/16 04:35 107.888 ---- aw c: \ windows \ system32 \ CmdLineExt.dll
2008/09/15 12:12 1.846.400 ---- aw c: \ windows \ system32 \ win32k.sys
2008/09/10 01:14 1.307.648 ------ wc: \ windows \ system32 \ msxml6.dll
2008/09/04 17:15 1.106.944 ---- aw c: \ windows \ system32 \ msxml3.dll
2008/09/04 16:31 288.024 ---- aw c: \ windows \ system32 \ PhysXCplUI.exe
2008/08/29 15:57 70.936 ---- aw c: \ windows \ system32 \ PhysXLoader.dll
2008/08/26 07:24 826.368 ---- aw c: \ windows \ system32 \ Wininet.dll
2008/08/21 04:00 22.328 ---- aw c: \ Documents and Settings \ es \ Application Data \ PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"NVIDIA nTune" = "C: \ Program Files \ NVIDIA Corporation \ nTune \ nTuneCmd.exe" [2007/09/04 81.920]
"ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2008/04/14 15.360]
"AlcoholAutomount" = "C: \ Program Files \ Alcohol Soft \ Alcohol 120 \ axcmd.exe" [2007/07/02 220.544]
"Google Update" = "C: \ Documents and Settings \ es \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" [2008/10/11 133.104]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008/10/07 13.574.144]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008/06/10 144.784]
"LogMeIn GUI" = "C: \ Program Files \ LogMeIn \ x86 \ LogMeInSystray.exe" [2008/02/28 63.048]
"UltraMon" = "C: \ Program Files \ UltraMon \ UltraMon.exe" [2007/12/16 693.536]
"Acrobat Assistant 8,0" = "C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ Acrotray.exe" [2008/01/11 623.992]
"Adobe_ID0EYTHM" = "C: \ PROGRA ~ 1 \ Common ~ 1 \ Adobe \ Adobe pret ~ 1 \ server \ bin \ versio ~ 2.EXE" [2007/03/20 1.884.160]
"NeroFilterCheck" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe" [2007/03/01 153.136]
"NBKeyScan" = "C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBKeyScan.exe" [2007/12/03 2.213.160]
"AVG8_TRAY" = "C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe" [2008/11/05 1.234.712]
"NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008/10/07 86.016]
"nwiz" = "nwiz.exe" [2008/10/07 c: \ windows \ system32 \ nwiz.exe]
"RTHDCPL" = "RTHDCPL.EXE" [2008/07/23 c: \ windows \ RTHDCPL.exe]
"SoundMan" = "SOUNDMAN.EXE" [2008/06/18 c: \ windows \ SoundMan.exe]
"AlcWzrd" = "ALCWZRD.EXE" [2008/06/19 c: \ windows \ alcwzrd.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ Windows \ system32 \ CTFMON.EXE" [2008/04/14 15.360]
c: \ Documents and Settings \ es \ Start Menu \ Programs \ Startup \
Yahoo! Widgets.lnk - c: \ Program Files \ Yahoo! \ Widgets \ YahooWidgets.exe [2008/03/18 4.742.184]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \ LMIinit]
2008/11/03 07:05 87.352 c: \ windows \ system32 \ LMIinit.dll
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"msacm.ac3filter" = ac3filter.acm
"Sentinel" = snti386.dll
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ me ^ Start Menu Programs ^ ^ Startup ^ Adobe Media Player.lnk]
path = C: \ Documents and Settings \ es \ Start Menu \ Programs \ Startup \ Adobe Media Player.lnk
backup = c: \ windows \ PSS \ Adobe Media Player.lnkStartup
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)]
- ------ 2007/12/13 18:10 1.688.872 c: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center]
"UpdatesDisableNotify" = DWORD: 00000001
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" =
"g: \ \ Games \ \ Sierra \ \ FEARCombat \ \ fpupdate.exe" =
"g: \ \ Games \ \ Sierra \ \ FEARCombat \ \ FEARMP.exe" =
"c: \ \ WINDOWS \ \ system32 \ \ PnkBstrA.exe" =
"c: \ \ WINDOWS \ \ system32 \ \ PnkBstrB.exe" =
"C: \ \ Program Files \ \ Opera \ \ opera.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Program Files \ \ Common Files \ \ Adobe \ \ Adobe Version Cue CS3 \ \ Server \ \ bin \ \ VersionCueCS3.exe" =
"C: \ \ Program Files \ \ GIGABYTE \ \ EnergySaver \ \ run.exe" =
"C: \ \ Program Files \ \ Sony \ \ Station \ \ Launchpad \ \ LaunchPad.exe" =
"C: \ \ Program Files \ \ Keyclone \ \ keyclone.exe" =
"C: \ \ Program Files \ \ Autodesk \ \ Maya8.5 \ \ bin \ \ maya.exe" =
"g: \ \ Games \ \ Battlefield2 \ \ BF2.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ Electronic Arts \ \ EADM \ \ Core.exe" =
"g: \ \ Games \ \ FARCRY2 \ \ Far Cry 2 \ \ bin \ \ FarCry2.exe" =
"g: \ \ Games \ \ FARCRY2 \ \ Far Cry 2 \ \ bin \ \ FC2Launcher.exe" =
"g: \ \ Games \ \ FARCRY2 \ \ Far Cry 2 \ \ bin \ \ FC2Editor.exe" =
"C: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgemc.exe" =
"C: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgupd.exe" =
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3.703: TCP" = 3.703: TCP: Adobe Version Cue CS3 Server
"3.704: TCP" = 3.704: TCP: Adobe Version Cue CS3 Server
"50.900: TCP" = 50.900: TCP: Adobe Version Cue CS3 Server
"50.901: TCP" = 50.901: TCP: Adobe Version Cue CS3 Server
R1 AvgLdx86; AVG Free AVI Loader Driver x86, c: \ Windows \ System32 \ Drivers \ avgldx86.sys [2008/11/05 97.928]
R2 avg8emc; AVG Free8 E-mail Scanner, c: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe [2008/11/05 875.288]
R2 avg8wd; AVG Free8 Watchdog, c: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [2008/11/05 231.704]
R2 AvgTdiX; AVG Free8 Network virzienmainītājs c: \ Windows \ System32 \ Drivers \ avgtdix.sys [2008/11/05 76.040]
R2 GEST dienests; GEST dienesta programmu pārvaldībā. "; C: \ Program Files \ GIGABYTE \ EnergySaver \ GSvr.exe" [2008/08/16 80.392]
R2 LMIInfo; LogMeIn Kernel Information Provider; \? \ C: \ Program Files \ LogMeIn \ x86 \ RaInfo.sys [2008/02/28 12.856]
R2 LMIRfsDriver; LogMeIn Remote File System Driver; \? \ C: \ windows \ system32 \ drivers \ LMIRfsDrive r.sys [2008/08/17 47.640]
R2 UltraMonUtility; UltraMon Utility Driver; \? \ C: \ Program Files \ Common Files \ reālā Soft \ UltraMonMirrorDrv \ x32 \ UltraMonUtility.sys [2006/09/24 11.776]
R3 UltraMonMirror; UltraMonMirror c: \ windows \ system32 \ drivers \ UltraMonMirror.sys [2006/09/24 3.584]
S4 LMIRfsClientNP; LMIRfsClientNP; []
.
Saturs "Scheduled Tasks" mape
2008/11/22 c: \ windows \ Uzdevumi \ GoogleUpdateTaskUser.job
- C: \ Documents and Settings \ es \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe [2008/10/11 09:30]
.
.
------- Papildu Scan -------
.
FireFox -: Profile - c: \ Documents and Settings \ es \ Application Data \ Mozilla \ Firefox \ Profiles \ c4mu9u23.default \
FF -: Plugin - c: \ Documents and Settings \ es \ Local Settings \ Application Data \ Google \ Update \ 1.2.131.27 \ npGoogleOneClick6.dl l
FF -: Plugin - c: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ pārlūku \ nppdf32.dll
FF -: Plugin - c: \ Program Files \ DivX \ DivX Content Uploader \ npUpload.dll
FF -: Plugin - c: \ Program Files \ Google \ Google Updater \ 2.4.1368.5602 \ npCIDetect13.dll
FF -: Plugin - c: \ Program Files \ Microsoft Silverlight \ 2.0.31005.0 \ npctrl.dll
FF -: Plugin - c: \ Program Files \ Mozilla Firefox \ plugins \ npyaxmpb.dll
FF -: Plugin - c: \ Program Files \ Virtools \ 3D Life Player \ npvirtools.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/11/22 08:15:19
Windows 5.1.2600 Service Pack 3 NTFS
skenēšana slēptās procesi ...
skenēšana slēptās palaišana ieraksti ...
skenēšana slēptos failus ...

c: \ windows \ temp \ 828cd72f-2f04-46ff-bcad-0e3d727a9909.tmp 0 bytes
scan sekmīgi pabeigta
slēptos failus: 1
************************************************** ************************
"ServiceDll" = "C: \ Windows \ system32 \ es.dll"
[HKEY_LOCAL_MACHINE \ System \ ControlSet001 \ Services \ F AH @ F: + Downloads + tālu 2 kreka 2 + [RAZOR1911] [Web SEED] FAR Cry 2 kreka - REAL 100% FULLY WORKING + FAH.exe]
"ImagePath" = "f: \ Downloads \ tālu 2 kreka 2 \
[RAZOR1911] [Web SEED] FAR Cry 2 kreka - REAL 100% FULLY WORKING \ FAH.exe-svcstart "

[HKEY_LOCAL_MACHINE \ System \ ControlSet001 \ Services \ F AH @ F: + Downloads + tālu 2 kreka 2 + [RAZOR1911] [Web SEED] FAR Cry 2 kreka - REAL 100% FULLY WORKING + FAH.exe]
"ImagePath" = "f: \ Downloads \ tālu 2 kreka 2 \
.
------------------------ Citi Running Processes ----------------------- --
.
c: \ Program Files \ LogMeIn \ x86 \ LMIGuardian.exe
c: \ windows \ system32 \ rundll32.exe
c: \ Program Files \ Bonjour \ mDNSResponder.exe
c: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
c: \ Program Files \ UltraMon \ UltraMonTaskbar.exe
c: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
c: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBService.exe
c: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgrsx.exe
c: \ Program Files \ NVIDIA Corporation \ nTune \ nTuneService.exe
c: \ windows \ system32 \ nvsvc32.exe
c: \ windows \ system32 \ PnkBstrA.exe
c: \ Program Files \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe
c: \ windows \ system32 \ wdfmgr.exe
c: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
.
************************************************** ************************
.
Pabeigšanas laiks: 2008/11/22 8:18:54 - mašīna bija rebooted [es]
ComboFix-karantīnā-files.txt 2008/11/22 16:18:50
Pre-Run: 75917185024 bytes free
Post-Run: 76165115904 bytes free
252 --- EOF --- 2008/11/19 11:01:01




_______________________________________________




Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 8:51:17 gada 22/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ LogMeIn \ x86 \ LogMeInSystray.exe
C: \ Program Files \ UltraMon \ UltraMon.exe
C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ Acrotray.exe
C: \ Program Files \ LogMeIn \ x86 \ LMIGuardian.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ WINDOWS \ RTHDCPL.EXE
C: \ WINDOWS \ SOUNDMAN.EXE
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
C: \ Documents and Settings \ es \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe
C: \ Program Files \ Yahoo! \ Widgets \ YahooWidgets.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ GIGABYTE \ EnergySaver \ GSvr.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ UltraMon \ UltraMonTaskbar.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBService.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ NVIDIA Corporation \ nTune \ nTuneService.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ Program Files \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe
C: \ Program Files \ Yahoo! \ Widgets \ YahooWidgets.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe
C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Yahoo! \ Widgets \ YahooWidgets.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = *. vietējo
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - (074C1DC5-9.320-4A9A-947D-C042949C6216) - C: \ Program Files \ Adobe \ / Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - (AE7CD045-E861-484f-8.273-0445EE161910) - C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4.638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 4.1.805.4472 \ sw g.dll
O2 - BHO: PDF-Xchange Viewer IE-Plugin - (C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F) - C: \ Program Files \ Tracker Software \ PDF Xchange 4 Pro \ PDF Xchange PDF Viewer \ pdf skatītāju \ PDFXCviewIEPlugin . dll
O3 - Toolbar: Adobe PDF - (47.833.539-D0C5-4125-9FA8-0819E2EAAC93) - C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll
O3 - Toolbar: veicināt Toolbar - (517BDDE4-E3A7-4.570-B21E-2B52B6139FC7) - C: \ Program Files \ Adobe \ / Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Program Files \ LogMeIn \ x86 \ LogMeInSystray.exe"
O4 - HKLM \ .. \ Run: [UltraMon] "C: \ Program Files \ UltraMon \ UltraMon.exe" / auto
O4 - HKLM \ .. \ Run: [Acrobat Assistant 8,0] "C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ Acrotray.exe"
O4 - HKLM \ .. \ Run: [Adobe_ID0EYTHM] C: \ PROGRA ~ 1 \ Common ~ 1 \ Adobe \ ADOBEV ~ 1 \ server \ bin \ VER SIO ~ 2.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [NBKeyScan] "C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBKeyScan.exe"
O4 - HKLM \ .. \ Run: [AVG8_TRAY] C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM \ .. \ Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU \ .. \ Run: [NVIDIA nTune] "C: \ Program Files \ NVIDIA Corporation \ nTune \ nTuneCmd.exe" skaidri
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [AlcoholAutomount] "C: \ Program Files \ Alcohol Soft \ Alcohol 120 \ axcmd.exe" / automount
O4 - HKCU \ .. \ Run: [labo] "C: \ Documents and Settings \ es \ Local Settings \ Application Data \ Google \ Update \ GoogleUpdate.exe" / c
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C: \ Program Files \ Yahoo! \ Widgets \ YahooWidgets.exe
Ø8 - ārpus konteksta izvēlnes vienums: Pievienot esošajiem PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIEAppend.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert saite mērķi Adobe PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIECapture.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert saišu mērķis esošo PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIEAppend.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert cikls saites uz Adobe PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIECaptureSelLinks.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert cikls saites ar esošajām PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIEAppendSelLinks.html
Ø8 - ārpus konteksta izvēlnes vienums: Pārvērst atlasi uz Adobe PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIECapture.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert izvēle esošajiem PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIEAppend.html
Ø8 - ārpus konteksta izvēlnes vienums: Convert to Adobe PDF - res: / / C: \ Program Files \ Adobe \ Acrobat 8,0 \ Acrobat \ AcroIEFavClient.dll / AcroIECapture.html
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
Ø16 - DPF: (77E32299-629F-43C6-AB77-6A1E6D7663F6) (Groove Control) -- http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C: \ Program Files \ Common Files \ Adobe \ Adobe Version Cue CS3 \ server \ bin \ VersionCueCS3.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe
O23 - Service: AVG Free8 Watchdog (avg8wd) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) - Apple Computer, Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: FAH @ F: + Downloads + tālu 2 kreka 2 + [RAZOR1911] [Web SEED] FAR Cry 2 kreka - REAL 100% FULLY WORKING + FAH.exe - Unknown īpašnieks - C: \ Windows \
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: GEST dienesta programmu vadību. (GEST Service) - Unknown īpašnieks - C: \ Program Files \ GIGABYTE \ EnergySaver \ GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: Nero BackItUp plānotājs 3 - Nero AG - C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBService.exe
O23 - Service: NMIndexingService - Nero AG - C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C: \ Program Files \ NVIDIA Corporation \ nTune \ nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown īpašnieks - C: \ WINDOWS \ system32 \ PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C: \ Program Files \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe
--
End of failu - 10.115 bytes

[evilfantasy]

Quote:

Viens no tiem, ko es neatceļ bija Far Cry 2. Esmu ievērojis, ka apaļkoku šo spēli parādās diezgan bieži. Vai šo spēli var sekmēt problēmu?

Es varu tikai likt to šādā veidā. Nu noņemtu visas plaisas vai mēs pārtraukt palīdzību un jūs par savu.

Quote:

http://www.computer-juice.com/forums...-posting-7476/

Nelegālā programmatūra

Dators Sulu neatbalsta nelegālu darbību. Mēs neatbalstām izmantot jebkuru pirātiskas vai citādi nelegālu datorprogrammu ieskaitot Windows pati. Ja instalējat krekinga programmatūru, jūs izmantojat izpildāmos failus no nezināmiem avotiem. Jums ir patiešām dod nezināmiem avotiem pieejama informācija par jūsu cietā diska un potenciāli dod pilnīgu kontroli pār darbību datorā.

• Mēs NAV palīdzēt ikvienam pirāts kaut vai palīdzēt padarīt sistēmas darbu ar pirātisku programmatūru. Bet, ja jūs izjaukt datoru procesā, mēs Jums palīdzēsim salabot.
• Atinstalēt pieteikumus jebkurā krekinga Pirms ievietot ziņojumu palīdzību.
• Jūs var lūgt atinstalēt visus P2P vai File Sharing programmas laikā izraidīšanas procesu, ja tie tiek uzskatīti par avotu problēmu.
• Mēs pārtraukt palīdzību gadījumā, ja atsakās, lai atbrīvotos no sašķeltas (nelegālās) programmu.

Quote:

Visbeidzot, HijackThis logs, kā jūs zināt, ko novērst? Vai jūs vienkārši noņemt vienumus, neizskatās pareizs, vai pastāv sistemātiskāka pieeja tai?

Tas ir ļoti sistemātiski. Tikai novēršot to neizskatās pareizi būtu ļoti destruktīva turpmāko rīcību ar tautu īpašumu. Faktiski ir tiešsaistes forumiem, kur var mācīties. Bet tas nav q vienkāršs vai ātrs process.


Ļaujiet man zināt, kas jums izlemt likvidēt plaisas. Es neesmu dodas uz atkritumu manu laiku lejot pār baļķi un nāk klajā ar labojumu, ja jūs tos novērstu.

[icu222much]

Es varu noņemt visus manus krekinga spēles, bet es nevaru noņemt krekings programmatūras, piemēram, CS3/Maya kā man vajag tos manu darbu. Es arī nevar izņemt manu sašķeltās Windows: (

Atvainojiet par cienām Jūsu laiku evilfantasy. Es nezināju par šo politiku. Es joprojām esmu ļoti pateicīgs un dziļi pateicīgi par jūsu palīdzību.

[evilfantasy]

Kamēr jūs izmantojat tiesību Windows tas nav jādara daudz laba, lai mēģinātu novērst ļaunprātīgu programmatūru.

Man ir grūti noticēt, ka jebkurš darba devējs, vai klients varētu mudināt vai attaisnot ar pirātisko programmatūru lietošana ar savu informāciju. Ja Jums ir klienti informāciju par datoru, jūs nodot tos nopietnu risku. Pat ja tā ir jūsu pašu informāciju, kuru jūs sevi vai kāds jums nosūta e-pastu vai tūlītējo ziņojumu par nopietnu risku, kā arī. Drošības trūkums ir ļoti bīstama.

Tas ir ļoti patiess paziņojumu.

Quote:

Ja instalējat krekinga programmatūru, jūs izmantojat izpildāmos failus no nezināmiem avotiem. Jums ir patiešām dod nezināmiem avotiem pieejama informācija par jūsu cietā diska un potenciāli dod pilnīgu kontroli pār darbību datorā.

[icu222much]

Ak, es esmu pilna laika students. Es strādāju ar daudzām programmatūras, piemēram, CS3, Maya ... un citas patiešām dārgu programmatūru. Diemžēl es pavada lielāko daļu savas naudas mācību un grāmatas, lai man nav pietiekami daudz iegādei programmatūru.

[evilfantasy]

Pat ja mēs joprojām lielāko daļu līdzekļu mēs izmantojam nonāks novērst plaisu anyway.

Microsoft, kā arī daudzas programmatūras un aparatūras piegādātājiem ir noietu centienus pasaules mērogā, lai padarītu neiespējamu vai vismaz ļoti grūti palaist Windows un citas programmas, bez legit Windows taustiņu. Jums vajadzētu apsvērt iegūt vismaz Windows juridiskās pirms Jūs pēkšņi iestrēdzis bez OS strādāt ar vispār. Skatīt ŠEIT. Pirātisms = zagšana nav svarīgi, cik tas ir pamatoti.

Tas ir labākais, lai novērstu ComboFix. Tas nav drošs līdzeklis, lai vienkārši ir daļa, kas atrodas apkārt.

• Click START tad RUN
• Tagad tips Combofix / u in runbox
• Pārliecinieties, ka tur starp Combofix un telpas / u
• Tad hit Enter.

• Iepriekš minēto procedūru paredz:
• Dzēst tekstu:
• ComboFix un ar to saistītos failus un mapes.
• Reset pulksteņa uzstādījumus.
• Paslēpt failu paplašinājumus, ja nepieciešams.
• Paslēpt System / Hidden failus, ja nepieciešams.
• Uzstādīt jaunu, tīru Restore Point.