Noņemot iexplore.exe vīruss / nolaupīt log

**xalice15x** · #1 Novembris 10, 2008, 18:14

Hey guys,
Um. Katru reizi, kad es sāku manu datoru, iexplore.exe (In uzdevums manger) nāk līdzi visiem ar sevi. Man nav nekad lietot Internet Explorer, I use Firefox. bet tas nāk līdzi pati. Tas izmanto arī lielākā daļa manu atmiņu. Es esmu arī kļūst miljardu logus, kuru es esmu gatavs bet ir no šā. kad es end process tas nāk atpakaļ līdz 3 vai 4 reizes, tad tas parasti dodas prom pēc 5. laikā man izbeigt. bet tas attiecas tikai apmēram 5min pēc tam tās atkal atpakaļ. nav kāds zina Kas notiek? Esmu palaist skanē ar Ad-Aware, Norton, utt, bet viņi nav atraduši neko.
Additional Info:
Man ir loga XP
& & Tāpat pastāv balsis fcoming no reklāmas. Es centos visu. Thanks in advance ^ __ ^

Es esmu veida jaunu šeit. So erm. Vai kāds man pastāstīt, kā to noņemt? Kas viegli ish veidā? = P

Logfile of HijackThis v1.99.1
Scan saglabāts 6:14:25 gada 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ Windows \ System \ hpsysdrv.exe
C: \ Program Files \ HP \ Digital Imaging \ Izlādēt \ hpqcmon.exe
C: \ WINDOWS \ System32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Atjauninājumi no HP \ 137.903 \ Program \ BackWeb-137903.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ 0LFlxR4x.exe
C: \ Program Files \ Lavasoft \ Ad-Aware SE Professional \ Ad-Aware.exe
C: \ PROGRA ~ 1 \ WinZip \ winzip32.exe
C: \ DOCUME ~ 1 \ admini ~ 1 \ Lokālie ~ 1 \ Temp \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (3615EE58-6F38-47BA-9DD9-C99BD611C6A6) - C: \ WINDOWS \ system32 \ efcdbxx.dll (file missing)
O2 - BHO: (no name) - (4715C8BC-0.204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - (72.853.161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing)
O2 - BHO: (684a8728-dd11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] C: \ Windows \ System \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] C: \ Program Files \ HP \ Digital Imaging \ Izlādēt \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] C: \ Program Files \ HP \ (45B6180B-DCAB-4.093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ System32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ HP \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ RunOnce: [Index Washer] C: \ Program Files \ Webroot \ Washer \ WashIdx.exe "administrators"
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Washer] C: \ Program Files \ Webroot \ Washer \ wwDisp.exe
O4 - HKCU \ .. \ RunOnce: [Index Washer] C: \ Program Files \ Webroot \ Washer \ WashIdx.exe "administrators"
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: Quicken Plānotais Updates.lnk = C: \ Program Files \ Quicken \ bagent.exe
O4 - Global Startup: Updates no HP.lnk = C: \ Program Files \ Atjauninājumi no HP \ 137.903 \ Program \ BackWeb-137903.exe
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
Ø9 - Extra button: Nosūtīt OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
Ø9 - Extra 'Tools' MENUITEM: S & galu OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
Ø9 - Extra button: MusicMatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø11 - grupā Opcijas: [INTERNATIONAL] International *
Ø16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4.636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL
O18 - Protocol: ms-help - (314111C7-A502-11D2-BBCA-00C04F8EC294) - C: \ Program Files \ Common Files \ Microsoft Shared \ Help \ hxds.dll
O18 - Filter nolaupīt: text / xml - (807563E5-5.146-11D5-A672-00B0D022E945) - C: \ PROGRA ~ 1 \ Common ~ 1 \ Micros ~ 1 \ Office12 \ MSOXMLMF.DL L
Ø20 - Winlogon Paziņot: dimsntfy -% SystemRoot% \ System32 \ dimsntfy.dll (file missing)
Ø20 - Winlogon Paziņot: efcdbxx - efcdbxx.dll (file missing)
Ø20 - Winlogon Paziņot: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxsrvc.dll
Ø20 - Winlogon Paziņot: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
O23 - Service: Adobe LM Service - Unknown īpašnieks - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Ati Hotkey Poller - Unknown īpašnieks - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Unknown īpašnieks - C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Antivirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe

**evilfantasy** · #2 Novembris 10, 2008, 20:23

Welcome to CJ.

Lūdzu drukāt šos norādījumus, jo tās būs vajadzīgas vēlāk, kad Interneta pieslēgums nav pieejams.

Lejupielādēt SDFix ar AndyManchesta un saglabājiet to savā datorā.

Izmantojot šo līdzekli, jums jālieto Administratora kontu vai kontu ar Administratīvās tiesības

Dubultklikšķis SDFix.exe un tā izrakstu failus uz% systemdrive%
(tas ir disks, kurā ir Windows Direktoriju, parasti C: \ SDFix).
Nelietojiet to, tikai vēl nav.

Pārstartēt datoru Safe Mode izmantojot F8 metodi. Lai to izdarītu, restartējiet datoru un uzklausot Jūsu datora skaņas signāls, kad startēšanas laikā (bet pirms Windows ikona), nospiediet taustiņu F8 atkārtoti. Izvēlne parādīsies ar vairākām opcijām. Izmantojiet bultiņu taustiņus, lai pārvietotos un izvēlētos iespēju palaist Windows "Safe Mode".

Open SDFix mapi un veiciet dubultklikšķi uz RunThis.bat sākt skriptu.

Veids Y sākt tīrīšanas procesu.
Tas novērstu jebkādus Trojan Services vai Reģistra ieraksti atrasti, tad ātri jums nospiediet jebkuru taustiņu, lai Reboot.
Nospiediet jebkuru taustiņu, un tas restart PC.
Kad PC restartējas, Fixtool darbosies atkal un pabeigt atcelšanas procesā, tad displejs PabeigtieNospiediet jebkuru taustiņu, lai beigtu skriptu un slodzes darbvirsmas ikonas.
Vienreiz darbvirsmas ikonas slodze SDFix ziņojums tiks atvērts uz ekrāna, kā arī ietaupīt vērā SDFix mapi Report.txt.
Kopēt un ielīmēt no rezultātiem saturu failu Report.txt Jūsu nākamo atbildi.

----------

Instalēt arī jauno versiju HijackThis un pasta jaunu log no tā Normal boot režīmā pēc SDFix ir pabeigta.

Lejupielādēt TrendMicro HijackThis.exe (HJT) uz Desktop.

Double-click uz HJTInstall.
Noklikšķiniet uz Install pogu.
Tas automātiski novietot HJT in C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Pēc instalēšanas, HijackThis jāatver jums.
Noklikšķiniet uz Vai sistēmas skenēšanu un saglabāt log failu poga
HijackThis skenēs un tad log atvērsies notepad.
Nokopējiet un ielīmējiet visu saturu no log in your post.
Nav ir HijackThis noteikt kaut kas vēl. Lielākā daļa no tā konstatē, būs nekaitīgi vai pat nepieciešama.

**xalice15x** · #3 Novembris 11, 2008, 08:55

SDFix Ziņojums

SDFix: Version 1,240
Vada Administrator on 11/11/2008 Ot at 08:39

Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ SDFix

Checking Pakalpojumi :

Atjaunot noklusējuma drošības Vērtības
Atjaunot Default Hosts fails

Rebooting

Checking Files :

Trojan Faili Atrasts:

C: \ Program Files \ nvcoi \ mst.stt - Svītrots

Mapē C: \ Program Files \ nvcoi - aizvest
Mapē C: \ Program Files \ Temporary - aizvest
Mapē C: \ Temp \ sanR24 - aizvest

Noņemot Temp faili

ADS Pārbaudīt :

Galīgā pārbaude :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/11/11 08:47:19
Windows 5.1.2600 Service Pack 3 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās pakalpojumi un sistēmas stropa ...

skenēšana slēptos reģistra ierakstus ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptās procesiem: 0
slēptās pakalpojumi: 0
slēptos failus: 0

Remaining Pakalpojumi :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ standarta profils \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22.019"
"C: \ \ Program Files \ \ Updates no HP \ \ 137.903 \ \ Program \ \ BackWeb-137903.exe" = "C: \ \ Program Files \ \ Updates no HP \ \ 137.903 \ \ Program \ \ BackWeb-137.903 . exe: *: Disabled: BackWeb-137.903 "
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe: *: Enabled: Microsoft Office Outlook"
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE: *: Enabled: Microsoft Office Groove"
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OneNote.exe" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OneNote.exe: *: Enabled: Microsoft Office OneNote"
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe: *: Enabled : AOL Loader "
"C: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ \ Program Files \ \ AIM6 \ \ aim6.exe: *: Enabled: AIM"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20.000"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22.019"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20.000"

Remaining Faili :

File Backups: - C: \ SDFix \ backups \ backups.zip

Failus ar Slēpts Rekvizīti :

Wed novembris 14, 2007 204 A. SHR --- "C: \ BOOT.BAK"
Fri 22 augusts 2008 635.848 A.SH. --- "C: \ Program Files \ Internet Explorer \ iexplore.exe"
Cet 15 jūlijs 2004 0 A.SH. --- "C: \ WINDOWS \ SMINST \ HPCD.SYS"
Thu 10 janvāris 2008 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Thu 10 janvāris 2008 401 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv19.bak"
Treš 29 oktobris 2008 3.442 A.SH. --- "C: \ Documents and Settings \ All Users \ Documents \ Ierakstīts TV \ TempRec \ TempSBE \ SBE3.tmp"

Noslēgusies!

------------------------------------------

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 8:55:16 gada 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ Windows \ System \ hpsysdrv.exe
C: \ Program Files \ HP \ Digital Imaging \ Izlādēt \ hpqcmon.exe
C: \ WINDOWS \ System32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Webroot \ Washer \ wwDisp.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Atjauninājumi no HP \ 137.903 \ Program \ BackWeb-137903.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = aptuveni: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (4715C8BC-0.204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - (72.853.161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing)
O2 - BHO: (684a8728-dd11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] C: \ Windows \ System \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] C: \ Program Files \ HP \ Digital Imaging \ Izlādēt \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] C: \ Program Files \ HP \ (45B6180B-DCAB-4.093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ System32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ HP \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Washer] C: \ Program Files \ Webroot \ Washer \ wwDisp.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: Quicken Plānotais Updates.lnk = C: \ Program Files \ Quicken \ bagent.exe
O4 - Global Startup: Updates no HP.lnk = C: \ Program Files \ Atjauninājumi no HP \ 137.903 \ Program \ BackWeb-137903.exe
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
Ø9 - Extra button: Nosūtīt OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
Ø9 - Extra 'Tools' MENUITEM: S & galu OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
Ø9 - Extra button: MusicMatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing)
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing)
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4.636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: Adobe LM Service - Unknown īpašnieks - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Ati Hotkey Poller - Unknown īpašnieks - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Unknown īpašnieks - C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Antivirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe

--
End of failu - 9.268 bytes

**evilfantasy** · #4 Novembris 11, 2008, 11:07

Lejupielādēt Disable / Remove Windows Messenger uz Darbvirsma, lai novērstu Windows Messenger.

Nejauciet Windows Messenger ar MSN Messenger jo tie nav vienādi. Windows Messenger ir bieži cēlonis logus.

Atarhivējiet failu uz darbvirsmas. Open MessengerDisable.exe un izvēlies apakšējā kaste -- Atinstalēt Windows Messenger un noklikšķiniet uz Lietot.

Iziet no MessengerDisable tad izdzēst divus failus, kas tika likts uz darbvirsmas.

----------

Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai.

Vieta atzīme blakus šādiem ierakstiem: (ja ir)

- O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
- O2 - BHO: (no name) - (4715C8BC-0.204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing)
- O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing)
- O2 - BHO: (684a8728-dd11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing)
- O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE

Svarīgi: Aizveriet visus logus, izņemot HijackThis un pēc tam noklikšķiniet uz Fix pārbaudīja.

Iziet HijackThis.

----------

Piezīme: Instrukcijas turpmāk tika izveidota speciāli šim lietotājam. Ja Jums nav šī lietotāja, DO NOT ievērojiet šos norādījumus, jo tie varētu kaitēt jūsu sistēmas darbības principus

Doties uz Start> Run un tips notepad.exe noklikšķiniet uz OK

Nokopējiet un ielīmējiet tālāk vērā Notepad un saglabāt kā fixme.reg līdz Jūsu Desktop

Kods:

REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] "AlcxMonitor" =-

Atrodiet fixme.reg uz darbvirsmas un veiciet uz tā dubultklikšķi. Atbilde Jā kad tiek piedāvāts apvienot ar reģistru.

Pārliecinieties, ka jūs man pateikt, ja saņemat panākumus ziņu par pieskaitot iepriekš, lai reģistrā. Ja Jums nav iegūt panākumus ziņu, tā nestrādāja.

Dzēst fixme.reg no darbvirsmas.

----------

Download ComboFix by subs no vienas no saitēm. Pārliecinieties top saglabājiet to Desktop.

Link # 1
Link # 2

** Piezīme: Ir svarīgi, ka tā ir saglabāta tieši jūsu Desktop

Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc) pirms uzsākt ComboFix.

Laiku sakropļot jūsu antivīruss, Un jebkuru antispyware reāllaika aizsardzību pirms veic skenēšanu. Click šo saiti redzēt sarakstu drošības programmas, kas ir invalīdi un to, kā pārtraukt to darbību.

Dubultklikšķi combofix.exe un sekojiet norādījumiem.

Windows XP Systems instalēt Recovery Console:

- Ja lietojat Windows XP un nav jau Recovery Console uzstādītas, lūdzu, pārliecinieties, jūsu interneta savienojums ir aktīvs (ja iespējams) un noklikšķiniet uz Jā.
- Ja kaut kādu iemeslu dēļ interneta nedarbojas klikšķi Nē.
-- Ja nelietojat Windows XP, jums netiks piedāvāts.
- Kad mudināts piekrist EULA klikšķi OK.
- Pieņemt Microsoft EULA (Click Jā).
- Ja Jums ir teikts, ka RC ir uzstādīts pareizi klikšķi JĀ turpināt meklētu ļaunprātīgu programmatūru.

Kad pabeigts ComboFix ražos log for you.
Post ComboFix log Jūsu nākamo atbildi.

Svarīgi: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt to apstāsies.

Atcerieties, ka jauna aktivizētu jūsu antivīrusu un antispyware aizsardzību, ja ComboFix ir pabeigta.

Arī ļaujiet man zināt, kā dators darbojas tagad.

**xalice15x** · #5 Novembris 11, 2008, 11:55

ComboFix log

ComboFix 08-11-10.01 - Administrator 2008-11-11 11:39:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.176 [GMT -7:00]
Sākot no: c: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Izveido jaunu atjaunošanas punktu
.

((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ Documents and Settings \ Administrator \ My Documents \ TSKS ~ 1
c: \ Program Files \ Common Files \ racle ~ 1
c: \ Program Files \ stem32 ~ 1
c: \ Program Files \ wnsxs ~ 1
c: \ windows \ BMf3ec611b.txt
c: \ windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ epljwqgq.ini
c: \ windows \ system32 \ fj8wNOvc.exe.a_a
c: \ windows \ system32 \ icidbcft.ini
c: \ windows \ system32 \ iDlo01
c: \ windows \ system32 \ jrjvfibu.ini
c: \ windows \ system32 \ jryeuaqx.ini
c: \ windows \ system32 \ mcrh.tmp
c: \ windows \ system32 \ MSINET.oca
c: \ windows \ system32 \ mvmqocpc.ini
c: \ windows \ system32 \ oqstv.ini
c: \ windows \ system32 \ oqstv.ini2
D: \ Autorun.inf

.
((((((((((((((((((((((((( Faili Created no 2008/10/11 līdz 2008/11/11 ))))))))))) ))))))))))))))))))))
.

2008/11/11 08:54. 2008/11/11 08:54 <DIR> d -------- C: \ Program Files \ Trend Micro
2008/11/11 08:38. 2008/11/11 08:38 578.560 - - c --- C: \ Windows \ system32 \ dllcache \ user32.dll
2008/11/11 08:29. 2008/11/11 08:29 <DIR> d -------- C: \ Windows \ ERUNT
2008/11/11 08:23. 2008/11/11 08:51 <DIR> d -------- C: \ SDFix
2008/11/02 09:12. 2008/11/10 14:10 41.474 - ------ c: \ windows \ system32 \0LFlxR4x.exe_
2008/11/02 09:12. 2008/11/11 09:12 40.450 - ------ c: \ windows \ system32 \0LFlxR4x.exe
2008/10/31 18:00. 2008/10/31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ Yahoo!
2008/10/31 16:40. 2008/10/31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo!
2008/10/31 16:39. 2008/11/10 17:27 <DIR> d -------- C: \ Program Files \ Yahoo!
2008/10/29 17:23. 2008/10/29 17:23 <DIR> d -------- C: \ Windows \ system32 \ CatRoot_bak
2008/10/29 17:23. 2008/09/08 03:41 333.824 ----- c --- c: \ windows \ system32 \ dllcache \ srv.sys
2008/10/29 17:23. 2008/06/13 04:05 272.128 ----- c --- c: \ windows \ system32 \ dllcache \ bthport.sys
2008/10/29 17:23. 2008/08/14 03:04 138.496 ----- c --- c: \ windows \ system32 \ dllcache \ afd.sys
2008/10/29 17:22. 2008/08/14 03:11 2.189.184 ----- c --- c: \ windows \ system32 \ dllcache \ ntoskrnl.exe
2008/10/29 17:22. 2008/08/14 03:09 2.145.280 ----- c --- c: \ windows \ system32 \ dllcache \ ntkrnlmp.exe
2008/10/29 17:22. 2008/08/14 02:33 2.066.048 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrnlpa.exe
2008/10/29 17:22. 2008/08/14 02:33 2.023.936 ----- c --- c: \ windows \ system32 \ dllcache \ ntkrpamp.exe
2008/10/29 17:22. 2008/09/15 05:12 1.846.400 ----- c --- c: \ windows \ system32 \ dllcache \ win32k.sys
2008/10/29 17:22. 2008/04/11 12:04 691.712 ----- c --- c: \ windows \ system32 \ dllcache \ inetcomm.dll
2008/10/29 17:22. 2008/05/08 07:02 203.136 ----- c --- c: \ windows \ system32 \ dllcache \ rmcast.sys
2008/10/28 18:39. 2008/10/28 18:39 10 - ------ c: \ windows \ WININIT.INI
2008/10/23 14:45. 2008/10/15 09:34 337.408 ----- c --- c: \ windows \ system32 \ dllcache \ netapi32.dll
2008/10/15 18:38. 2008/10/29 15:26 <DIR> d -------- C: \ Windows \ system32 \ scripting
2008/10/15 18:38. 2008/10/29 15:26 <DIR> d -------- C: \ Windows \ system32 \ LV
2008/10/15 18:38. 2008/10/29 15:26 <DIR> d -------- C: \ Windows \ system32 \ bits
2008/10/15 18:38. 2008/10/29 15:26 <DIR> d -------- C: \ Windows \ l2schemas
2008/10/15 18:23. 2007/06/13 03:23 1.033.216 - ------ c: \ windows \ SET25A.tmp
2008/10/15 18:22. 2008/08/14 03:09 2.145.280 - ------ c: \ windows \ system32 \ ntoskrnl.exe
2008/10/15 16:09. 2008/10/15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Motive
2008/10/12 17:26. 2008/10/12 17:25 30.272 - ------ c: \ windows \ system32 \ fj8wNOvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/11/11 18:38 --------- d ----- wc: \ Program Files \ Symantec AntiVirus
2008/11/10 22:05 --------- d ----- wc: \ Program Files \ DivX
2008/11/10 22:03 --------- d ----- wc: \ Program Files \ Java
2008/11/10 01:37 --------- d ----- wc: \ Program Files \ Microsoft Plus! Digital Media Edition
2008/11/10 01:35 --------- d ----- wc: \ Program Files \ Microsoft Works
2008/11/08 02:37 90.112 ---- aw c: \ windows \ DUMP3a98.tmp
2008/11/08 01:26 30 ---- aw c: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. Dat
2008/10/29 22:21 77.824 ---- aw c: \ windows \ pchealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ FDIWrapper.dll
2008/10/29 22:21 69.632 ---- aw c: \ windows \ pchealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ msxmlwrapper.dll
2008/10/29 22:21 5.632 ---- aw c: \ windows \ pchealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ GUI.dll
2008/10/29 22:21 49.152 ---- aw c: \ windows \ pchealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ PCHI18N.dll
2008/10/29 22:21 32.768 ---- aw c: \ windows \ pchealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ pchapi.dll
2008/10/29 22:21 26.572 ---- aw c: \ windows \ pchealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ INV16.dll
2008/10/29 22:21 213.089 ---- aw c: \ windows \ pchealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ motive.zip
2008/10/29 22:21 139.264 ---- aw c: \ windows \ pchealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ ContentUpdater.exe
2008/10/29 22:21 114.688 ---- aw c: \ windows \ pchealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ ZipLib.dll
2008/10/29 22:21 114.688 ---- aw c: \ windows \ pchealth \ helpctr \ Vendors \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ asst_ui.dll
2008/10/29 22:11 --------- d - h - wc: \ Program Files \ InstallShield Installation Information
2008/10/29 22:11 --------- d ----- wc: \ Program Files \ ATI Technologies
2008/10/25 01:16 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Move Networks
2008/10/16 22:05 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Viewpoint
2008/10/16 01:06 --------- d ----- wc: \ Program Files \ Google
2008/09/28 22:59 --------- d ----- wc: \ Program Files \ Common Files \ AOL
2008/09/22 21:29 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL OCP
2008/09/22 21:29 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ acccore
2008/09/22 21:27 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008/09/17 01:24 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ vso
2008/09/15 12:12 1.846.400 ---- aw c: \ windows \ system32 \ win32k.sys
2008/08/26 07:24 826.368 ---- aw c: \ windows \ system32 \ Wininet.dll
2008/08/14 09:33 2.023.936 ---- aw c: \ windows \ system32 \ Ntkrnlpa.exe
2007/12/28 00:53 79.738 ---- aw c: \ Documents and Settings \ Fonts \ broken_ghost.zip
2007/11/23 01:25 81.920 ---- aw c: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe
2007/11/23 01:25 47.360 ---- aw c: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2008/04/13 15.360]
"Window Washer" = "C: \ Program Files \ Webroot \ Washer \ wwDisp.exe" [2005/03/08 910.336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ehTray" = "c: \ windows \ ehome \ ehtray.exe" [2004/08/04 50.176]
"hpsysdrv" = "C: \ Windows \ System \ hpsysdrv.exe" [1998/05/07 52.736]
"HotKeysCmds" = "C: \ Windows \ System32 \ hkcmd.exe" [2003/10/02 118.784]
"CamMonitor" = "C: \ Program Files \ HP \ Digital Imaging \ Izlādēt \ hpqcmon.exe" [2002/10/07 90.112]
"HPHmon05" = "C: \ Windows \ System32 \ hphmon05.exe" [2003/05/23 483.328]
"KBD" = "c: \ HP \ KBD \ KBD.EXE" [2003/02/11 61.440]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2003/12/17 151.597]
"Recguard" = "c: \ windows \ SMINST \ RECGUARD.EXE" [2002/09/13 212.992]
"PS2" = "C: \ Windows \ system32 \ ps2.exe" [2002/10/16 81.920]
"Sunkist2k" = "C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe" [2003/08/14 139.264]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2005/06/02 48.752]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2005/06/23 85.696]
"RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004/11/02 32.768]
"NeroFilterCheck" = "C: \ Windows \ system32 \ NeroCheck.e XE" [2001/07/09 155.648]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006/10/27 31.016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2007/10/10 39.792]
"ATIModeChange" = "Ati2mdxx.exe" [2001/09/05 c: \ windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "LTMSG.exe" [2003/07/14 c: \ windows \ ltmsg.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007/03/01 2.321.600]

c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Gamma Loader.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007/11/22 113.664]
HP Digital Imaging Monitor.lnk - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003/09/16 237.568]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = DWORD: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ Updates no HP \ \ 137.903 \ \ Program \ \ BackWeb-137903.exe" =
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OneNote.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Crossbar Dual Input; c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003/12/10 7.040]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ D]
\ Shell \ Autorun \ komandu - D: \ Info.exe folder.htt 480 480

* Jaunizveidoto Service * - PROCEXP90
.
Saturs "Scheduled Tasks" mape

2008/10/30 c: \ windows \ Uzdevumi \ At1.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/11 c: \ windows \ Uzdevumi \ At10.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/02 c: \ windows \ Uzdevumi \ At100.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/02 c: \ windows \ Uzdevumi \ At101.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/02 c: \ windows \ Uzdevumi \ At102.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/02 c: \ windows \ Uzdevumi \ At103.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/02 c: \ windows \ Uzdevumi \ At104.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/02 c: \ windows \ Uzdevumi \ At105.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/11 c: \ windows \ Uzdevumi \ At106.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/11 c: \ windows \ Uzdevumi \ At107.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/09 c: \ windows \ Uzdevumi \ At108.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/09 c: \ windows \ Uzdevumi \ At109.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/11 c: \ windows \ Uzdevumi \ At11.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/09 c: \ windows \ Uzdevumi \ At110.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/10 c: \ windows \ Uzdevumi \ At111.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/10 c: \ windows \ Uzdevumi \ At112.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/06 c: \ windows \ Uzdevumi \ At113.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/09 c: \ windows \ Uzdevumi \ At114.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/11 c: \ windows \ Uzdevumi \ At115.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/11 c: \ windows \ Uzdevumi \ At116.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/09 c: \ windows \ Uzdevumi \ At117.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/02 c: \ windows \ Uzdevumi \ At118.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/02 c: \ windows \ Uzdevumi \ At119.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/09 c: \ windows \ Uzdevumi \ At12.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/02 c: \ windows \ Uzdevumi \ At120.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/09 c: \ windows \ Uzdevumi \ At13.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/09 c: \ windows \ Uzdevumi \ At14.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/10 c: \ windows \ Uzdevumi \ At15.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/10 c: \ windows \ Uzdevumi \ At16.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/06 c: \ windows \ Uzdevumi \ At17.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/09 c: \ windows \ Uzdevumi \ At18.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/11 c: \ windows \ Uzdevumi \ At19.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/10/30 c: \ windows \ Uzdevumi \ At2.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/11 c: \ windows \ Uzdevumi \ At20.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/09 c: \ windows \ Uzdevumi \ At21.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/10/30 c: \ windows \ Uzdevumi \ At22.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/10/30 c: \ windows \ Uzdevumi \ At23.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/10/30 c: \ windows \ Uzdevumi \ At24.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/10/30 c: \ windows \ Uzdevumi \ At3.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/10/30 c: \ windows \ Uzdevumi \ At4.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/10/30 c: \ windows \ Uzdevumi \ At5.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/10/30 c: \ windows \ Uzdevumi \ At6.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/10/31 c: \ windows \ Uzdevumi \ At7.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/10/30 c: \ windows \ Uzdevumi \ At8.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/01 c: \ windows \ Uzdevumi \ At9.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008/10/12 17:25]

2008/11/02 c: \ windows \ Uzdevumi \ At97.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/02 c: \ windows \ Uzdevumi \ At98.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]

2008/11/02 c: \ windows \ Uzdevumi \ At99.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008/11/11 09:12]
.
- - - - Bāreņiem likvidētas - - - --

HKCU-Run-SWG - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
HKCU-Run-RecordNow! - (No file)
HKLM-Run-HPHUPD05 - C: \ Program Files \ HP \ (45B6180B-DCAB-4.093-8EE8-6164457517F0) \ hphupd05.exe
HKLM-Run-AutoTKit - c: \ HP \ bin \ AUTOTKIT.EXE
HKLM-Run-UpdateManager - C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
HKLM-Run-ATIPTA - C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe

.
------- Papildu Scan -------
.
FireFox -: Profile - c: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - par: blank
FF -: Plugin - c: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \ Extensions \ moveplayer @ movenetworks. com \ platforma \ WINNT_x86-MSVC \ plugins \ npmnqmp07076007.dll
FF -: Plugin - c: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ plugins \ npPxPlay.dll
FF -: Plugin - c: \ Program Files \ Mozilla Firefox \ plugins \ npmozax.dll
FF -: Plugin - c: \ Program Files \ Mozilla Firefox \ plugins \ npsnapfish.dll
FF -: Plugin - c: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nppl3260.dll
FF -: Plugin - c: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nprjplug.dll
FF -: Plugin - c: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nprpjplug.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/11/11 11:44:13
Windows 5.1.2600 Service Pack 3 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

************************************************** ************************
.
Pabeigšanas laiks: 2008/11/11 11:47:43
ComboFix-karantīnā-files.txt 2008/11/11 18:46:39

Pre-Run: 89004101632 bytes free
Post-Run: 89081098240 bytes free

272 --- EOF --- 2008/10/30 03:01:59

~ ~
Līdz šim iexplore.exe hasn't popped up ^ _ ^
Vai ir vienalga, lai pārliecinātos, ka's it's gone?
& & Vai alright ja varu izdzēst lietas, ko es lejupielādēt?

**evilfantasy** · #6 Novembris 11, 2008, 12:04

Mums būs tīra visu, lai mēs darīts. Joprojām ir daudz darāmā, bet man jāskrien uz laiku. Be back later.

**xalice15x** · #7 Novembris 11, 2008, 12:19

Papildu pasākumus? Es domāju, ka mums tika veikti D:
Quick jautājums; Vai kāds no tiem saņēma ietekmēt programmas, kas ir uzstādīta manā datorā?
Alrightie, man iet mazliet, kā arī XP

**xalice15x** · #8 Novembris 11, 2008, 13:07

iexplore.exe 's vēl šeit; -;

**evilfantasy** · #9 Novembris 11, 2008, 16:28

Neviens mēs neesam darīts. I'll give skaidrs, kad tas ir vairāk nekā

Piezīme: Instrukcijas turpmāk tika izveidota speciāli šim lietotājam. Ja Jums nav šī lietotāja, DO NOT ievērojiet šos norādījumus, jo tie varētu kaitēt jūsu sistēmas darbības principus

Izdzēst šos failus / mapes, tas ir:

1. Doties uz Sākums > Skriet > Type Notepad.exe un noklikšķiniet uz OK atvērt Notepad.
Tas vajag ir Notepad, nevis Wordpad.
2. Kopēt tekstu tālāk kodu ailē, uzsverot visu tekstu un nospiediet Ctrl + C

Kods:

3. Go to Notepad logu un noklikšķiniet uz Rediģēt > Ielīmēt
4. Pēc tam noklikšķiniet uz Fails > Glābt
5. Nosaukums failu CFScript.txt - Saglabāt failu darbvirsmā
6. Velciet CFScript (turiet peles kreiso pogu un velkot failu) un nometiet to (izlaide peles kreiso pogu) pārnes ComboFix.exe kā redzat attēlā zemāk. Svarīgi: Veic šo instrukciju uzmanīgi!

ComboFix sāks izpildīt, vienkārši sekojiet instrukcijām.
Pēc reboot (ja tā lūdz atsāknēšana), tā sagatavos log for you.
Post (Combofix.txt), kas ieiet jūsu nākamo atbildi.

Piezīme: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt sistēmas iesaldēt

**xalice15x** · #10 Novembris 11, 2008, 17:36

Labi ^ __ ^

Combofix Log

ComboFix 08-11-10.01 - Administrator 2008-11-11 17:21:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.153 [GMT -7:00]
Sākot no: c: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
Komandu slēdžus izmanto:: c: \ Documents and Settings \ Administrator \ Desktop \ CFScript.txt
* Izveido jaunu atjaunošanas punktu

ATTĒLS:
c: \ windows \ SET25A.tmp
c: \ windows \ system32 \0LFlxR4x.exe
c: \ windows \ system32 \0LFlxR4x.exe_
c: \ windows \ system32 \ fj8wNOvc.exe
c: \ windows \ Uzdevumi \ At1.job
c: \ windows \ Uzdevumi \ At10.job
c: \ windows \ Uzdevumi \ At100.job
c: \ windows \ Uzdevumi \ At101.job
c: \ windows \ Uzdevumi \ At102.job
c: \ windows \ Uzdevumi \ At103.job
c: \ windows \ Uzdevumi \ At104.job
c: \ windows \ Uzdevumi \ At105.job
c: \ windows \ Uzdevumi \ At106.job
c: \ windows \ Uzdevumi \ At107.job
c: \ windows \ Uzdevumi \ At108.job
c: \ windows \ Uzdevumi \ At109.job
c: \ windows \ Uzdevumi \ At11.job
c: \ windows \ Uzdevumi \ At110.job
c: \ windows \ Uzdevumi \ At111.job
c: \ windows \ Uzdevumi \ At112.job
c: \ windows \ Uzdevumi \ At113.job
c: \ windows \ Uzdevumi \ At114.job
c: \ windows \ Uzdevumi \ At115.job
c: \ windows \ Uzdevumi \ At116.job
c: \ windows \ Uzdevumi \ At117.job
c: \ windows \ Uzdevumi \ At118.job
c: \ windows \ Uzdevumi \ At119.job
c: \ windows \ Uzdevumi \ At12.job
c: \ windows \ Uzdevumi \ At120.job
c: \ windows \ Uzdevumi \ At13.job
c: \ windows \ Uzdevumi \ At14.job
c: \ windows \ Uzdevumi \ At15.job
c: \ windows \ Uzdevumi \ At16.job
c: \ windows \ Uzdevumi \ At17.job
c: \ windows \ Uzdevumi \ At18.job
c: \ windows \ Uzdevumi \ At19.job
c: \ windows \ Uzdevumi \ At2.job
c: \ windows \ Uzdevumi \ At20.job
c: \ windows \ Uzdevumi \ At21.job
c: \ windows \ Uzdevumi \ At22.job
c: \ windows \ Uzdevumi \ At23.job
c: \ windows \ Uzdevumi \ At24.job
c: \ windows \ Uzdevumi \ At3.job
c: \ windows \ Uzdevumi \ At4.job
c: \ windows \ Uzdevumi \ At5.job
c: \ windows \ Uzdevumi \ At6.job
c: \ windows \ Uzdevumi \ At7.job
c: \ windows \ Uzdevumi \ At8.job
c: \ windows \ Uzdevumi \ At9.job
c: \ windows \ Uzdevumi \ At97.job
c: \ windows \ Uzdevumi \ At98.job
c: \ windows \ Uzdevumi \ At99.job
.

((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ windows \ SET25A.tmp
c: \ windows \ system32 \0LFlxR4x.exe
c: \ windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ fj8wNOvc.exe
c: \ windows \ Uzdevumi \ At1.job
c: \ windows \ Uzdevumi \ At10.job
c: \ windows \ Uzdevumi \ At100.job
c: \ windows \ Uzdevumi \ At101.job
c: \ windows \ Uzdevumi \ At102.job
c: \ windows \ Uzdevumi \ At103.job
c: \ windows \ Uzdevumi \ At104.job
c: \ windows \ Uzdevumi \ At105.job
c: \ windows \ Uzdevumi \ At106.job
c: \ windows \ Uzdevumi \ At107.job
c: \ windows \ Uzdevumi \ At108.job
c: \ windows \ Uzdevumi \ At109.job
c: \ windows \ Uzdevumi \ At11.job
c: \ windows \ Uzdevumi \ At110.job
c: \ windows \ Uzdevumi \ At111.job
c: \ windows \ Uzdevumi \ At112.job
c: \ windows \ Uzdevumi \ At113.job
c: \ windows \ Uzdevumi \ At114.job
c: \ windows \ Uzdevumi \ At115.job
c: \ windows \ Uzdevumi \ At116.job
c: \ windows \ Uzdevumi \ At117.job
c: \ windows \ Uzdevumi \ At118.job
c: \ windows \ Uzdevumi \ At119.job
c: \ windows \ Uzdevumi \ At12.job
c: \ windows \ Uzdevumi \ At120.job
c: \ windows \ Uzdevumi \ At13.job
c: \ windows \ Uzdevumi \ At14.job
c: \ windows \ Uzdevumi \ At15.job
c: \ windows \ Uzdevumi \ At16.job
c: \ windows \ Uzdevumi \ At17.job
c: \ windows \ Uzdevumi \ At18.job
c: \ windows \ Uzdevumi \ At19.job
c: \ windows \ Uzdevumi \ At2.job
c: \ windows \ Uzdevumi \ At20.job
c: \ windows \ Uzdevumi \ At21.job
c: \ windows \ Uzdevumi \ At22.job
c: \ windows \ Uzdevumi \ At23.job
c: \ windows \ Uzdevumi \ At24.job
c: \ windows \ Uzdevumi \ At3.job
c: \ windows \ Uzdevumi \ At4.job
c: \ windows \ Uzdevumi \ At5.job
c: \ windows \ Uzdevumi \ At6.job
c: \ windows \ Uzdevumi \ At7.job
c: \ windows \ Uzdevumi \ At8.job
c: \ windows \ Uzdevumi \ At9.job
c: \ windows \ Uzdevumi \ At97.job
c: \ windows \ Uzdevumi \ At98.job
c: \ windows \ Uzdevumi \ At99.job

.
((((((((((((((((((((((((( Faili Created no 2008/10/12 līdz 2008/11/12 ))))))))))) ))))))))))))))))))))
.

2008/11/11 08:54. 2008/11/11 08:54 <DIR> d -------- C: \ Program Files \ Trend Micro
2008/11/11 08:38. 2008/11/11 08:38 578.560 - - c --- C: \ Windows \ system32 \ dllcache \ user32.dll
2008/11/11 08:29. 2008/11/11 08:29 <DIR> d -------- C: \ Windows \ ERUNT
2008/11/11 08:23. 2008/11/11 08:51 <DIR> d -------- C: \ SDFix
2008/10/31 18:00. 2008/10/31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ Yahoo!
2008/10/31 16:40. 2008/10/31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo!
2008/10/31 16:39. 2008/11/10 17:27 <DIR> d -------- C: \ Program Files \ Yahoo!
2008/10/29 17:23. 2008/10/29 17:23 <DIR> d -------- C: \ Windows \ system32 \ CatRoot_bak
2008/10/29 17:23. 2008/09/08 03:41 333.824 ----- c --- c: \ windows \ system32 \ dllcache \ srv.sys
2008/10/29 17:23. 2008/06/13 04:05 272.128 ----- c --- c: \ windows \ system32 \ dllcache \ bthport.sys
2008/10/29 17:23. 2008/08/14 03:04 138.496 ----- c --- c: \ windows \ system32 \ dllcache \ afd.sys
2008/10/29 17:22. 2008/08/14 03:11 2.189.184 ----- c --- c: \ windows \ system32 \ dllcache \ ntoskrnl.exe
2008/10/29 17:22. 2008/08/14 03:09 2.145.280 ----- c --- c: \ windows \ system32 \ dllcache \ ntkrnlmp.exe
2008/10/29 17:22. 2008/08/14 02:33 2.066.048 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrnlpa.exe
2008/10/29 17:22. 2008/08/14 02:33 2.023.936 ----- c --- c: \ windows \ system32 \ dllcache \ ntkrpamp.exe
2008/10/29 17:22. 2008/09/15 05:12 1.846.400 ----- c --- c: \ windows \ system32 \ dllcache \ win32k.sys
2008/10/29 17:22. 2008/04/11 12:04 691.712 ----- c --- c: \ windows \ system32 \ dllcache \ inetcomm.dll
2008/10/29 17:22. 2008/05/08 07:02 203.136 ----- c --- c: \ windows \ system32 \ dllcache \ rmcast.sys
2008/10/28 18:39. 2008/10/28 18:39 10 - ------ c: \ windows \ WININIT.INI
2008/10/23 14:45. 2008/10/15 09:34 337.408 ----- c --- c: \ windows \ system32 \ dllcache \ netapi32.dll
2008/10/15 18:38. 2008/10/29 15:26 <DIR> d -------- C: \ Windows \ system32 \ scripting
2008/10/15 18:38. 2008/10/29 15:26 <DIR> d -------- C: \ Windows \ system32 \ LV
2008/10/15 18:38. 2008/10/29 15:26 <DIR> d -------- C: \ Windows \ system32 \ bits
2008/10/15 18:38. 2008/10/29 15:26 <DIR> d -------- C: \ Windows \ l2schemas
2008/10/15 18:23. 2006/09/23 14:12 1.022.976 - ------ c: \ windows \ system32 \ SETA0B.tmp
2008/10/15 18:22. 2008/08/14 03:09 2.145.280 - ------ c: \ windows \ system32 \ ntoskrnl.exe
2008/10/15 16:09. 2008/10/15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/11/12 00:29 --------- d ----- wc: \ Program Files \ Symantec AntiVirus
2008/11/10 22:05 --------- d ----- wc: \ Program Files \ DivX
2008/11/10 22:03 --------- d ----- wc: \ Program Files \ Java
2008/11/10 01:37 --------- d ----- wc: \ Program Files \ Microsoft Plus! Digital Media Edition
2008/11/10 01:35 --------- d ----- wc: \ Program Files \ Microsoft Works
2008/11/08 02:37 90.112 ---- aw c: \ windows \ DUMP3a98.tmp
2008/11/08 01:26 30 ---- aw c: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. Dat
2008/10/29 22:11 --------- d - h - wc: \ Program Files \ InstallShield Installation Information
2008/10/29 22:11 --------- d ----- wc: \ Program Files \ ATI Technologies
2008/10/25 01:16 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Move Networks
2008/10/16 22:05 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ Viewpoint
2008/10/16 01:06 --------- d ----- wc: \ Program Files \ Google
2008/09/28 22:59 --------- d ----- wc: \ Program Files \ Common Files \ AOL
2008/09/22 21:29 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL OCP
2008/09/22 21:29 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ acccore
2008/09/22 21:27 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008/09/17 01:24 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ vso
2007/12/28 00:53 79.738 ---- aw c: \ Documents and Settings \ Fonts \ broken_ghost.zip
2007/11/23 01:25 81.920 ---- aw c: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe
2007/11/23 01:25 47.360 ---- aw c: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2008/04/13 15.360]
"Window Washer" = "C: \ Program Files \ Webroot \ Washer \ wwDisp.exe" [2005/03/08 910.336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ehTray" = "c: \ windows \ ehome \ ehtray.exe" [2004/08/04 50.176]
"hpsysdrv" = "C: \ Windows \ System \ hpsysdrv.exe" [1998/05/07 52.736]
"HotKeysCmds" = "C: \ Windows \ System32 \ hkcmd.exe" [2003/10/02 118.784]
"CamMonitor" = "C: \ Program Files \ HP \ Digital Imaging \ Izlādēt \ hpqcmon.exe" [2002/10/07 90.112]
"HPHmon05" = "C: \ Windows \ System32 \ hphmon05.exe" [2003/05/23 483.328]
"KBD" = "c: \ HP \ KBD \ KBD.EXE" [2003/02/11 61.440]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2003/12/17 151.597]
"Recguard" = "c: \ windows \ SMINST \ RECGUARD.EXE" [2002/09/13 212.992]
"PS2" = "C: \ Windows \ system32 \ ps2.exe" [2002/10/16 81.920]
"Sunkist2k" = "C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe" [2003/08/14 139.264]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2005/06/02 48.752]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2005/06/23 85.696]
"RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004/11/02 32.768]
"NeroFilterCheck" = "C: \ Windows \ system32 \ NeroCheck.e XE" [2001/07/09 155.648]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006/10/27 31.016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2007/10/10 39.792]
"ATIModeChange" = "Ati2mdxx.exe" [2001/09/05 c: \ windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "LTMSG.exe" [2003/07/14 c: \ windows \ ltmsg.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007/03/01 2.321.600]

c: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Gamma Loader.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007/11/22 113.664]
HP Digital Imaging Monitor.lnk - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003/09/16 237.568]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = DWORD: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ Updates no HP \ \ 137.903 \ \ Program \ \ BackWeb-137903.exe" =
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OneNote.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Crossbar Dual Input; c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003/12/10 7.040]
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/11/11 17:26:59
Windows 5.1.2600 Service Pack 3 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptos failus: 0

************************************************** ************************
.
------------------------ Citi Running Processes ----------------------- --
.
c: \ windows \ system32 \ ati2evxx.exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
c: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
c: \ Program Files \ Photodex \ ProShowGold \ scsiaccess.exe
c: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
c: \ Program Files \ Updates no HP \ 137.903 \ Program \ BackWeb-137903.exe
c: \ windows \ system32 \ hpzipm12.exe
.
************************************************** ************************
.
Pabeigšanas laiks: 2008/11/11 17:34:29 - mašīna bija rebooted
ComboFix-karantīnā-files.txt 2008/11/12 00:34:22
ComboFix2.txt 2008/11/11 18:47:44

Pre-Run: 89064681472 bytes free
Post-Run: 89055629312 bytes free

239 --- EOF --- 2008/10/30 03:01:59

Similar Threads
Pavediens	Thread Starter	Forums	Replies	Last Post
Re: iexplore.exe vīruss	mpenney	Vīrusu, spiegprogrammatūru un drošība	6	3 novembris, 2008 14:11
Iexplore vīrusu, un dažas vairāk?	rreiss	Vīrusu, spiegprogrammatūru un drošība	1	19 oktobris 2008 18:46
Iexplore.exe vīruss atkal!	davejess00	Vīrusu, spiegprogrammatūru un drošība	18	13 oktobris 2008 10:16
IEXPLORER.EXE vīruss pls pārskats HiJack log	nitingaur	Vīrusu, spiegprogrammatūru un drošība	15	22 septembris 2008 16:40
Iexplore.exe vīruss	kfarns00	Vīrusu, spiegprogrammatūru un drošība	9	4 decembris 2007 14:26