Lēnāk un lēnāk

**RB211** · #1 4 aprīlis 2008, 10:57

Pēc lejupielādes daži sīkumi mana datora kļūst lēnāks un lēnāks, kaitinošas spyware / malware pievienot popping up, ka nevaru tikt vaļā. Please help guys ..

**Hybr! D** · #2 4 aprīlis 2008, 11:02

Sāciet šeit: http://www.computer-juice.com/forums...-posting-7476/

**RB211** · #3 4 aprīlis 2008, 14:51

ok šis ir pirmais žurnāls. Es to es tikai turpināt?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2008 at 10:06
Application Version: 4.0.1154
Core Noteikumi Database Version: 3.431
Trace Noteikumi Database Version: 1423
Scan type: Complete Scan
Kopā Scan Time: 01:41:45
Atmiņas vienības skenēts: 703
Memory draudiem detected: 1
Reģistra vienības skenēts: 5.826
Reģistrs draudiem detected: 43
File preces skenēts: 289.779
File draudiem detected: 158
Adware.Vundo Variants / Resident
C: \ WINDOWS \ SYSTEM32 \ MLJJJ.DLL
C: \ WINDOWS \ SYSTEM32 \ MLJJJ.DLL
Trojan.WinFixer
HKLM \ Software \ Classes \ CLSID \ (09888678-51D6-42FC-9.437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9.437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9.437-CBBFDA0B86EA) \ InprocServer32
HKCR \ CLSID \ (09888678-51D6-42FC-9.437-CBBFDA0B86EA) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Classes \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ JKKLL.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (09888678-51D6-42FC-9.437-CBBFDA0B86EA)
Adware.Vundo Variant
HKLM \ Software \ Classes \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ TUVSQPQ.DLL
HKLM \ Software \ Classes \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ YAYWUVW.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (D85530E8-D39D-49D0-9F36-300D594556D2)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
Unclassified.Unknown Izcelsme
HKLM \ Software \ Classes \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ ProgId
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ Programmable
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ TypeLib
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ VersionIndependentProgID
C: \ PROGRA ~ 1 \ DAP \ SBSEARCH.DLL
HKU \ S-1-5-21-73586283-1326574676-839522115-1004 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ SearchHook.SrchHook.1
HKCR \ SearchHook.SrchHook
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6)
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1,0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0 \ Win32
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ KAROGI
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ HELPDIR
Adware.Tracking Cookie
C: \ Documents and Settings \ Denijs \ Cookies \ danny @ apkalpo-SYS [1]. Txt
C: \ Documents and Settings \ Denijs \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Denijs \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Denijs \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Denijs \ Cookies \ danny@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.zanox [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ adnetserver [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads1.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads2.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads3.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads4.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ adultfriendfinder [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ gostats [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ hornymatches [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ indexstats [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ indexstats [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ linksynergy [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@media2.mediafileshost [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ statcounter [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@tracking.summitmedia.co [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@webstats.wthosting.co [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.hxtrack [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Jaunāki Docs & Sets \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Jaunāki Docs & Sets \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Jaunāki Docs & Sets \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
Trojan.Unknown Izcelsme
C: \ WINDOWS \ system32 \ nGpxx01
HKLM \ Software \ xpre
HKLM \ Software \ xpre # execount
Adware.VXGame-Trace
HKU \ S-1-5-21-73586283-1326574676-839522115-1005 \ Software \ kernelexe
Adware.Vundo Variants / Rel
C: \ WINDOWS \ SYSTEM32 \ ACCDD.INI
C: \ WINDOWS \ SYSTEM32 \ ACCDD.INI2
C: \ WINDOWS \ SYSTEM32 \ ILKKJ.INI
C: \ WINDOWS \ SYSTEM32 \ ILKKJ.INI2
C: \ WINDOWS \ SYSTEM32 \ JJJLM.INI
C: \ WINDOWS \ SYSTEM32 \ JJJLM.INI2
C: \ WINDOWS \ SYSTEM32 \ LLKKJ.INI
C: \ WINDOWS \ SYSTEM32 \ LLKKJ.INI2
C: \ WINDOWS \ SYSTEM32 \ LNNMP.INI2
C: \ WINDOWS \ SYSTEM32 \ MCRH.TMP
C: \ WINDOWS \ SYSTEM32 \ RRQSS.INI
C: \ WINDOWS \ SYSTEM32 \ VVVWA.INI2
Adware.Vundo-Variants
C: \ WINDOWS \ SYSTEM32 \ DDCCA.DLL
C: \ WINDOWS \ SYSTEM32 \ SSQRR.DLL
Trace.Known Draudu avoti
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ indeksu [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ bottom [2]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_t1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CAXOO75T.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ xrest [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ verx [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ vadītāji [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_line2 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_boton1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ NIZ [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-features [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_cor-left-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_icon3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ kapenes [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ logs [1]. Js
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ "tīro" [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_bg1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ Top [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ SDWBGNOV \ main_02 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ CASL6F4X.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_line2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_cor-right-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ ieteikt [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_icon5 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stili [5]. Css
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ off_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_bg2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ attīstībai [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-pārskats [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ indekss [5]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_bg3 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ bottom_r_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ steidzami [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ AC_RunActiveContent [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ vidu [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ stili [2]. Css
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton4 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_btn iegādes [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ spacer [4]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ zīmi [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_r [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ kapenes [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ errsnd [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_l [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ kapenes [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ secpan [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_btn mājās [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CAUJABA1.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ AC_ActiveX [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ chec [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_icon1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn lejupielādēt [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ x [2]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CA3MKJZH.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_BG [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_line1 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_pc [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_bg4 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ vadītāji [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-updates [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ vadītāji [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ brīdinājumu [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ Flash [1]. Js
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_spacer [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ main_06 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ head_r_back [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ vairogs [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ flash_detect [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ spēlē [1]. Js
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ main_10 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_05 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ pāri [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ main_07 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ EJ23EDUF \ closebutton [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ main_03 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ ban_2 [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ logo2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ data [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ off_back [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ Download [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_04 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ popup [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ left_3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ bottom_l_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ Z81HJ8WK \ right_2 [1]. Gif

**evilfantasy** · #4 4 aprīlis 2008, 19:20

Jā lūdzu, turpiniet ar pārējo darbības. Katrā posmā meklē un nosaka dažādu apdraudējuma.

**RB211** · #5 5 aprīlis 2008, 00:13

OK Heres otrais log ..

Malwarebytes "Anti-Malware 1,10
Database versija: 592
Scan type: Full Scan (: \ | C: \ | D: \ | E: \ | H: \ | I: \ | J: \ |)
Objekti skenēts: 336.027
Pagājušo laiku: 1 stunda (s), 8 minūte (s), 1 second (s)
Memory Processes Inficētie: 5
Memory Modules Inficētie: 0
Registry Keys Inficētie: 10
Reģistra vērtības Inficētie: 7
Registry Data Items Infected: 0
Mapes Inficētie: 0
Faili Inficētie: 11
Atmiņas procesi Inficētie:
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Izkrautas process veiksmīgi.
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Izkrautas process veiksmīgi.
C: \ Documents and Settings \ Denijs \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Izkrautas process veiksmīgi.
C: \ Documents and Settings \ Denijs \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Izkrautas process veiksmīgi.
C: \ Documents and Settings \ Denijs \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Izkrautas process veiksmīgi.
Memory Modules Inficētie:
(No ļaunprātīgs preces konstatētas)
Registry Keys Inficētie:
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ s chedule (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ s chedule (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ grafiks (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi.
Reģistra vērtības Inficētie:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMafb2445c (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ ntuser (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ ntuser (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ ntuser (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ autoload (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ autoload (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ autoload (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
Registry Data Items Infected:
(No ļaunprātīgs preces konstatētas)
Mapes Inficētie:
(No ļaunprātīgs preces konstatētas)
Faili Inficētie:
C: \ Documents and Settings \ LocalService \ Local Settings \ Temporary Internet Files \ Content.IE5 \ GHIJKLMN \ kārtas [1]. Jpg (Trojan.Madcode) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ System Volume Information \ _restore (B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5) \ RP8 \ A0002994.exe (Trojan.Downloader) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ WINDOWS \ system32 \ iupdate.exe (Trojan.Madcode) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ WINDOWS \ system32 \ kchkioor.dll (Trojan.Agent) -> Delete par reboot.
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ WINDOWS \ system32 \ drivers \ spools.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ Documents and Settings \ Denijs \ cftmon.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ Documents and Settings \ Roz \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ Documents and Settings \ LocalService \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ Documents and Settings \ Denijs \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.

**RB211** · #6 5 aprīlis 2008, 00:51

Ak OK I didn't apzināties man bija pēc tām visām kopā. Sorry guys ... Lūk tās ir:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/04/2008 at 10:06
Application Version: 4.0.1154
Core Noteikumi Database Version: 3.431
Trace Noteikumi Database Version: 1423
Scan type: Complete Scan
Kopā Scan Time: 01:41:45
Atmiņas vienības skenēts: 703
Memory draudiem detected: 1
Reģistra vienības skenēts: 5.826
Reģistrs draudiem detected: 43
File preces skenēts: 289.779
File draudiem detected: 158
Adware.Vundo Variants / Resident
C: \ WINDOWS \ SYSTEM32 \ MLJJJ.DLL
C: \ WINDOWS \ SYSTEM32 \ MLJJJ.DLL
Trojan.WinFixer
HKLM \ Software \ Classes \ CLSID \ (09888678-51D6-42FC-9.437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9.437-CBBFDA0B86EA)
HKCR \ CLSID \ (09888678-51D6-42FC-9.437-CBBFDA0B86EA) \ InprocServer32
HKCR \ CLSID \ (09888678-51D6-42FC-9.437-CBBFDA0B86EA) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Classes \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B)
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32
HKCR \ CLSID \ (6800D574-80D6-4F0F-B6C9-E590AF2F999B) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ JKKLL.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (09888678-51D6-42FC-9.437-CBBFDA0B86EA)
Adware.Vundo Variant
HKLM \ Software \ Classes \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ TUVSQPQ.DLL
HKLM \ Software \ Classes \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ SYSTEM32 \ YAYWUVW.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (D85530E8-D39D-49D0-9F36-300D594556D2)
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9)
HKCR \ CLSID \ (D85530E8-D39D-49D0-9F36-300D594556D2)
Unclassified.Unknown Izcelsme
HKLM \ Software \ Classes \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ ProgId
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ Programmable
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ TypeLib
HKCR \ CLSID \ (F4F10C1D-87C7-404A-B4B3-000000000000) \ VersionIndependentProgID
C: \ PROGRA ~ 1 \ DAP \ SBSEARCH.DLL
HKU \ S-1-5-21-73586283-1326574676-839522115-1004 \ Software \ Microsoft \ Internet Explorer \ URLSearchHooks # (F4F10C1D-87C7-404A-B4B3-000000000000)
HKCR \ SearchHook.SrchHook.1
HKCR \ SearchHook.SrchHook
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6)
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1,0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ 0 \ Win32
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ KAROGI
HKCR \ TypeLib \ (95EFB171-F3DF-4BEC-9EF7-829A800203E6) \ 1.0 \ HELPDIR
Adware.Tracking Cookie
C: \ Documents and Settings \ Denijs \ Cookies \ danny @ apkalpo-SYS [1]. Txt
C: \ Documents and Settings \ Denijs \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Denijs \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Denijs \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Denijs \ Cookies \ danny@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ad.zanox [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ adnetserver [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads1.alpharooms [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads2.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads3.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@ads4.alpharooms [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ adultfriendfinder [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ gostats [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ hornymatches [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ indexstats [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ indexstats [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ linksynergy [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@media2.mediafileshost [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ ROZ @ statcounter [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@tracking.summitmedia.co [1]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@webstats.wthosting.co [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [2]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.admedia365 [3]. Txt
C: \ Documents and Settings \ Roz \ Cookies \ roz@www.hxtrack [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Jaunāki Docs & Sets \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Jaunāki Docs & Sets \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Jaunāki Docs & Sets \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie @ indexstats [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@pc-finder.co [2]. Txt
H: \ Rozzie \ Cookies \ rozzie@www.pc-finder.co [2]. Txt
Trojan.Unknown Izcelsme
C: \ WINDOWS \ system32 \ nGpxx01
HKLM \ Software \ xpre
HKLM \ Software \ xpre # execount
Adware.VXGame-Trace
HKU \ S-1-5-21-73586283-1326574676-839522115-1005 \ Software \ kernelexe
Adware.Vundo Variants / Rel
C: \ WINDOWS \ SYSTEM32 \ ACCDD.INI
C: \ WINDOWS \ SYSTEM32 \ ACCDD.INI2
C: \ WINDOWS \ SYSTEM32 \ ILKKJ.INI
C: \ WINDOWS \ SYSTEM32 \ ILKKJ.INI2
C: \ WINDOWS \ SYSTEM32 \ JJJLM.INI
C: \ WINDOWS \ SYSTEM32 \ JJJLM.INI2
C: \ WINDOWS \ SYSTEM32 \ LLKKJ.INI
C: \ WINDOWS \ SYSTEM32 \ LLKKJ.INI2
C: \ WINDOWS \ SYSTEM32 \ LNNMP.INI2
C: \ WINDOWS \ SYSTEM32 \ MCRH.TMP
C: \ WINDOWS \ SYSTEM32 \ RRQSS.INI
C: \ WINDOWS \ SYSTEM32 \ VVVWA.INI2
Adware.Vundo-Variants
C: \ WINDOWS \ SYSTEM32 \ DDCCA.DLL
C: \ WINDOWS \ SYSTEM32 \ SSQRR.DLL
Trace.Known Draudu avoti
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ indeksu [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ bottom [2]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_t1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ CAXOO75T.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ xrest [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ verx [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ vadītāji [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_line2 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_boton1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ NIZ [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-features [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_cor-left-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_icon3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ kapenes [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ logs [1]. Js
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ "tīro" [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_bg1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ Top [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ SDWBGNOV \ main_02 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ CASL6F4X.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_line2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_cor-right-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ ieteikt [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_icon5 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ stili [5]. Css
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ off_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_bg2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ attīstībai [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_btn-pārskats [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ indekss [5]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ stats [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_bg3 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ bottom_r_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ steidzami [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ errorhandler [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ AC_RunActiveContent [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ vidu [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ stili [2]. Css
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton4 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_btn iegādes [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ spacer [4]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ zīmi [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_r [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ kapenes [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ errsnd [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CX8VSB4B \ bottom_l [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i53b_brd-top-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ kapenes [2]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AHGZAXI5 \ secpan [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_btn mājās [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CAUJABA1.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ AC_ActiveX [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ chec [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i53b_icon1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ ajax [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn lejupielādēt [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ ZLGK0BFB \ x [2]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ CA3MKJZH.htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_BG [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_line1 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i701_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_pc [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ i53b_brd-bot-1 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_bg4 [1]. Jpg
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ vadītāji [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i53b_btn-updates [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ vadītāji [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ brīdinājumu [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ Flash [1]. Js
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 4P6RS5MF \ i701_spacer [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ main_06 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ head_r_back [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ vairogs [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ i701_line3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ i701_boton2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ flash_detect [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ spēlē [1]. Js
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ UR2NQ1UR \ main_10 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_05 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ pāri [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ G92ZKB2T \ main_07 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ EJ23EDUF \ closebutton [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 8NKJEV4R \ main_03 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ ban_2 [1]. Swf
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ logo2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ WTAN0PYF \ data [1]. Htm
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LO76ZR17 \ off_back [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ AL6HK9M7 \ Download [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ M1Q5EV4X \ main_04 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ W9AJSLIB \ popup [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ CTY381ER \ left_3 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ QX8BMXM5 \ bottom_l_2 [1]. Gif
C: \ Documents and Settings \ Roz \ Local Settings \ Temporary Internet Files \ Content.IE5 \ Z81HJ8WK \ right_2 [1]. Gif

Malwarebytes "Anti-Malware 1,10
Database versija: 592
Scan type: Full Scan (: \ | C: \ | D: \ | E: \ | H: \ | I: \ | J: \ |)
Objekti skenēts: 336.027
Pagājušo laiku: 1 stunda (s), 8 minūte (s), 1 second (s)
Memory Processes Inficētie: 5
Memory Modules Inficētie: 0
Registry Keys Inficētie: 10
Reģistra vērtības Inficētie: 7
Registry Data Items Infected: 0
Mapes Inficētie: 0
Faili Inficētie: 11
Atmiņas procesi Inficētie:
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Izkrautas process veiksmīgi.
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Izkrautas process veiksmīgi.
C: \ Documents and Settings \ Denijs \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Izkrautas process veiksmīgi.
C: \ Documents and Settings \ Denijs \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Izkrautas process veiksmīgi.
C: \ Documents and Settings \ Denijs \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Izkrautas process veiksmīgi.
Memory Modules Inficētie:
(No ļaunprātīgs preces konstatētas)
Registry Keys Inficētie:
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ s chedule (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ s chedule (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ grafiks (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_CURRENT_USER \ Software \ Microsoft \ affri (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_CURRENT_USER \ Software \ Microsoft \ affltid (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affltid (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ affri (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi.
Reģistra vērtības Inficētie:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ BMafb2445c (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ ntuser (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ ntuser (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ ntuser (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_USERS \. DEFAULT \ SOFTWARE \ Microsoft \ Windows \ Cur rentVersion \ Run \ autoload (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run \ autoload (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ autoload (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
Registry Data Items Infected:
(No ļaunprātīgs preces konstatētas)
Mapes Inficētie:
(No ļaunprātīgs preces konstatētas)
Faili Inficētie:
C: \ Documents and Settings \ LocalService \ Local Settings \ Temporary Internet Files \ Content.IE5 \ GHIJKLMN \ kārtas [1]. Jpg (Trojan.Madcode) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ System Volume Information \ _restore (B4EDD13F-A6F1-41A1-814E-E5C94DDA45B5) \ RP8 \ A0002994.exe (Trojan.Downloader) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ WINDOWS \ system32 \ iupdate.exe (Trojan.Madcode) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ WINDOWS \ system32 \ kchkioor.dll (Trojan.Agent) -> Delete par reboot.
C: \ WINDOWS \ system32 \ drivers \ ctfmon.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ WINDOWS \ system32 \ drivers \ spools.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ Documents and Settings \ Denijs \ cftmon.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ Documents and Settings \ Roz \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ Documents and Settings \ LocalService \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ Documents and Settings \ Denijs \ Local Settings \ Application Data \ spool.exe (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 08:45:34, uz 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ AMD \ RAIDXpert \ mols \ extra \ Win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ WINDOWS \ system32 \ RunDll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ Siemens \ LaserSMMgr \ ssmmgr.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ycommon.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Microsoft IntelliType Pro \ dpupdchk.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNS \ btdna.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ Msiexec.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ mpbtn.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = 127.0.0.1; *. vietējās
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: (no name) - (3CAB59B4-55A3-4.737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: Jautājiet Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] RunDll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Siemens \ LaserSMMgr \ ssmmgr.exe" / Autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe / palaišana
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" Update kavēšanās 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimāla
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNS \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: MP3 Rocket (Minimizēta). LNK = C: \ Program Files \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C: \ Program Files \ BT Broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
Ø8 - ārpus konteksta menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
Ø8 - ārpus konteksta menu item: & Download ar & DAP - C: \ Program Files \ DAP \ dapextie.htm
Ø8 - ārpus konteksta menu item: Download & visi ar DAP - C: \ Program Files \ DAP \ dapextie2.htm
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra button: BT Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (17.492.023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper20073151.dll
Ø16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
Ø16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Spēles Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Paziņot: tuvsqpq - tuvsqpq.dll (file missing)
Ø20 - Winlogon Paziņot: yaywuvw - yaywuvw.dll (file missing)
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown īpašnieks - C: \ Program Files \ AMD \ RAIDXpert \ mols \ extra \ Win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - Unknown īpašnieks - C: \ WINDOWS \ system32 \ HPZipm12.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown īpašnieks - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of failu - 10.856 bytes

Many thanks

**evilfantasy** · #7 5 aprīlis 2008, 01:27

Izskatās, ka bija daudz noņem, vēl joprojām pastāv daži apšaubāmi ieraksti HijackThis log tāpēc mums vajadzīga, lai palaistu dažus dažādus instrumentus.

Lejupielādēt Vundofix.exe uz Jūsu rakstāmgalda.

Veiciet dubultklikšķi uz VundoFix.exe lai tā varētu darboties.
Kad VundoFix atvērts, noklikšķiniet uz Meklēt Vundo pogu.
Kad tas ir izdarīts skenēšanai, noklikšķiniet uz Noņemt Vundo pogu.
Jūs saņemsiet ātru jautā, ja jūs vēlaties izņemt failus, noklikšķiniet uz JĀ
Kad jūs noklikšķiniet uz Jā, darbvirsmā būs iet tukšā, jo tas sāk likvidēt Vundo.
Kad pabeigts, tas liks, ka tas shutdown jūsu datorā, noklikšķiniet uz OK.
Pārvērtiet savu datoru atpakaļ.
Lūdzu, sūtiet C saturs: \vundofix.txt un jaunu HijackThis log.

Piezīme: Ir iespējams, ka VundoFix radās failu nevar noņemt. Šādā gadījumā VundoFix darbosies reboot, vienkārši izpildiet iepriekš instrukcijas, sākot no "Click Meklēt Vundo pogu", kad VundoFix parādās reboot.

Please let Vundo apdare, dažreiz to var veikt vairākas iet

----------

Lejupielādēt SDFix.exe un saglabājiet to savā datorā.

Dubultklikšķis SDFix.exe un tā izrakstu failus uz% systemdrive%
(Drive, kas satur Windows Direktoriju, parasti C: \ SDFix)

Lūdzu, tad pārstartējiet datoru Safe Mode darot šādi:

Restartējiet datoru
Noklausījusies datoru pīkstienu, kad startēšanas laikā, bet pirms Windows ikona, pieskarieties F8 taustiņu pastāvīgi;
Vietā Windows iekraušanas kā parasti, Advanced Options Menu vajadzētu parādīties;
Izvēlieties pirmo iespēju, lai palaistu Windows drošajā režīmā, nospiediet Enter.
Izvēlieties savu parasto kontu.
Open ekstrahē SDFix mapi un veiciet dubultklikšķi uz RunThis.bat sākt skriptu.
Veids Y sākt tīrīšanas procesu.
Tas novērstu jebkādus Trojas Pakalpojumi un reģistra ieraksti, kas konstatē, tad ātri jums nospiediet jebkuru taustiņu, lai Reboot.
Nospiediet jebkuru taustiņu, un tas restart PC.
Kad PC restartējas Fixtool darbosies atkal un pabeigt atcelšanas procesā, tad displejs PabeigtieNospiediet jebkuru taustiņu, lai beigtu skriptu un slodzes darbvirsmas ikonas.
Vienreiz darbvirsmas ikonas slodze SDFix ziņojums tiks atvērts uz ekrāna, kā arī ietaupīt vērā SDFix mapi Report.txt
(Report.txt tiks kopēts uz starpliktuvi).
Pievienošanas uz saturu Report.txt Jūsu nākamo post.

----------

Tagad sākas jauna HijackThis skenēšanu un pēc daudz log kopā ar citiem.

Arī ļaujiet man zināt, kāda ir tagad.

**RB211** · #8 5 aprīlis 2008, 02:23

OK Nākamie divi.

VundoFix V7.0.3
Scan started at 10:07:05 05/04/2008
Listing faili atrasti Skenējot ....
C: \ WINDOWS \ system32 \ anthkpru.dll
Sākums likvidēšanai ...
Mēģinot izdzēst C: \ WINDOWS \ system32 \ anthkpru.dll
C: \ WINDOWS \ system32 \ anthkpru.dll ir izdzēsts!
Performing Atjaunotie reģistrā.
Izdarīts!

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 10:18:53, uz 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ AMD \ RAIDXpert \ mols \ extra \ Win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ WINDOWS \ system32 \ RunDll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ycommon.exe
C: \ WINDOWS \ Siemens \ LaserSMMgr \ ssmmgr.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program Files \ Microsoft IntelliPoint \ dpupdchk.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNS \ btdna.exe
C: \ WINDOWS \ system32 \ Msiexec.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ mpbtn.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = 127.0.0.1; *. vietējās
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: (no name) - (3CAB59B4-55A3-4.737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: Jautājiet Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] RunDll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Siemens \ LaserSMMgr \ ssmmgr.exe" / Autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe / palaišana
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" Update kavēšanās 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimāla
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNS \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: MP3 Rocket (Minimizēta). LNK = C: \ Program Files \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C: \ Program Files \ BT Broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
Ø8 - ārpus konteksta menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
Ø8 - ārpus konteksta menu item: & Download ar & DAP - C: \ Program Files \ DAP \ dapextie.htm
Ø8 - ārpus konteksta menu item: Download & visi ar DAP - C: \ Program Files \ DAP \ dapextie2.htm
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra button: BT Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (17.492.023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper20073151.dll
Ø16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
Ø16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Spēles Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Paziņot: tuvsqpq - tuvsqpq.dll (file missing)
Ø20 - Winlogon Paziņot: yaywuvw - yaywuvw.dll (file missing)
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown īpašnieks - C: \ Program Files \ AMD \ RAIDXpert \ mols \ extra \ Win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - Unknown īpašnieks - C: \ WINDOWS \ system32 \ HPZipm12.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown īpašnieks - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of failu - 10.853 bytes

**evilfantasy** · #9 5 aprīlis 2008, 02:36

SDFix log?

**RB211** · #10 5 aprīlis 2008, 02:51

OK SDFix un jaunākās snaiperis:

Urravas

SDFix: Version 1,166
Vada Danny no 05/04/2008 at 10:38
Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ sdfix \ SDFix
Checking Pakalpojumi :

Atjaunot Windows Registry Vērtības
Atjaunot Windows noklusējuma Hosts fails
Rebooting

Checking Files :
Trojan Faili Atrasts:
C: \ WINDOWS \ Temp \ 1852.tmp.lst - Svītrots
C: \ WINDOWS \ Temp \ 2723.tmp.lst - Svītrots
C: \ WINDOWS \ Temp \ 2F76.tmp.lst - Svītrots
C: \ WINDOWS \ Temp \ 541A.tmp.lst - Svītrots
C: \ WINDOWS \ Temp \ 580D.tmp.lst - Svītrots
C: \ WINDOWS \ Temp \ 6E54.tmp.lst - Svītrots
C: \ WINDOWS \ fetchuserid.exe - Svītrots

Mapē C: \ Program Files \ drmupgds - aizvest

Noņemot Temp faili
ADS Pārbaudīt :

Galīgā pārbaude :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/04/05 10:44:19
Windows 5.1.2600 Service Pack 2 NTFS
skenēšana slēptās procesi ...
skenēšana slēptās pakalpojumi un sistēmas stropa ...
skenēšana slēptos reģistra ierakstus ...
skenēšana slēptos failus ...
scan sekmīgi pabeigta
slēptās procesiem: 0
slēptās pakalpojumi: 0
slēptos failus: 0

Remaining Pakalpojumi :

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ standarta profils \ authorizedapplications \ list]
"C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe" = "C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe: *: Enabled: BitTor īri"
"C: \ \ Program Files \ \ DNS \ \ btdna.exe" = "C: \ \ Program Files \ \ DNS \ \ btdna.exe: *: Enabled: DNS"
"C: \ \ Program Files \ \ ICQ \ \ Icq.exe" = "C: \ \ Program Files \ \ ICQ \ \ Icq.exe: *: Enabled: ICQ"
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" = "C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe: *: Ena bled: Yahoo! Messenger"
"C: \ \ Program Files \ \ limewire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ limewire \ \ LimeWire.exe: *: Enabled: limewire"
"D: \ \ Program Files \ \ Microsoft Games \ \ Flight Simulator 9 \ \ fs9.exe" = "D: \ \ Program Files \ \ Microsoft Games \ \ Flight Simulator 9 \ \ fs9.exe: *: Enabled: Microsoft Flight Simulator "
"C: \ \ WINDOWS \ \ system32 \ \ dpnsvr.exe" = "C: \ \ WINDOWS \ \ system32 \ \ dpnsvr.exe: *: Enabled: Microsoft DirectPlay8 Server"
"C: \ \ Program Files \ \ Kontiki \ \ KService.exe" = "C: \ \ Program Files \ \ Kontiki \ \ KService.exe: *: Enabled: Piegādes Manager Service"
"C: \ \ Program Files \ \ Ubisoft \ \ Ātrumkārba Software \ \ BrothersInArmsEiB \ \ System \ \ EiB.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Ātrumkārba Software \ \ BrothersInArmsEiB \ \ System \ \ EIB . exe: *: Ena bled: Brothers In Arms Nopelnītās In Blood "
"C: \ \ Valve \ \ Stāvoklis Zero \ \ czero.exe" = "C: \ \ Valve \ \ Stāvoklis Zero \ \ czero.exe: *: Enabled: nosacījums Zero Launcher"
"C: \ \ Program Files \ \ Java \ \ jre1.6.0_04 \ \ bin \ \ javaw.exe" = "C: \ \ Pro gram Files \ \ Java \ \ jre1.6.0_04 \ \ bin \ \ javaw. exe: *: Enabled: Java (TM) Platform SE binārā "
"C: \ \ Program Files \ \ DAP \ \ DAP.exe" = "C: \ \ Program Files \ \ DAP \ \ DAP.exe: *: Enabled: Download Accelerator Plus (DAP)"
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22.019"
"C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAccelerator.exe" = "C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAccelerator.exe: *: Enabled: VideoA ccelerator"
"C: \ \ Program Files \ \ SpeedBit Video Accelerator \ \ VideoAcceleratorEngine.exe" = "C: \ \ Prog ram Files \ \ SpeedBit Video Accelerator \ \ VideoAcceleratorEngine.exe: *: Enabled: VideoAcceleratorService"
"C: \ \ Program Files \ \ Java \ \ jre1.6.0_05 \ \ bin \ \ javaw.exe" = "C: \ \ Pro gram Files \ \ Java \ \ jre1.6.0_05 \ \ bin \ \ javaw. exe: *: Enabled: Java (TM) Platform SE binārā "
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22.019"
Remaining Faili :

File Backups: - C: \ sdfix \ SDFix \ backups \ backups.zip
Failus ar Slēpts Rekvizīti :
Otr 5 februāris 2008 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Pirm 28 janvāris 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Noslēgusies!

un

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 10:48:43, uz 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ csrss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ AMD \ RAIDXpert \ mols \ extra \ Win32 \ Wrapper.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ Program Files \ AMD \ RAIDXpert \ _jvm \ bin \ java.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ wltrysvc.exe
C: \ WINDOWS \ System32 \ bcmwltry.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ System32 \ alg.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ RunDll32.exe
C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ycommon.exe
C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe
C: \ WINDOWS \ Siemens \ LaserSMMgr \ ssmmgr.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ WINDOWS \ system32 \ Msiexec.exe
C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe
C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe
C: \ Program Files \ Microsoft IntelliType Pro \ dpupdchk.exe
C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ SSDK02.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ DNS \ btdna.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ BT Broadband Desktop Help \ bin \ mpbtn.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ javaw.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ wbem \ wmiprvse.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = 127.0.0.1; *. vietējās
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O2 - BHO: (no name) - (3CAB59B4-55A3-4.737-9FD5-B93C6430BF75) - C: \ WINDOWS \ system32 \ sjmxcfmu.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ cpn0 \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: Jautājiet Toolbar - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ AskSBar \ bar \ 1.bin \ ASKSBAR.DLL
O4 - HKLM \ .. \ Run: [C6501Sound] RunDll32 c6501.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [btbb_wcm_McciTrayApp] C: \ Program Files \ btbb_wcm \ McciTrayApp.exe
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Pārlūku \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [HPHUPD08] C: \ Program Files \ HP \ Digital Imaging \ (33D6CC28-9F75-4d1b-A11D-98895B3A3729) \ hphupd08.exe
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [MediaLifeService] "C: \ Program Files \ Logitech \ MediaLife \ MediaLifeService.exe"
O4 - HKLM \ .. \ Run: [Samsung LBP SM] "C: \ WINDOWS \ Siemens \ LaserSMMgr \ ssmmgr.exe" / Autorun
O4 - HKLM \ .. \ Run: [YOP] C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe / palaišana
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" Update kavēšanās 60
O4 - HKLM \ .. \ Run: [btbb_McciTrayApp] C: \ Program Files \ BT Broadband Desktop Help \ bin \ BTHelpNotifier.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [amd_dc_opt] C: \ Program Files \ AMD \ Dual-Core Optimizer \ amd_dc_opt.exe
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb0 4.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [SideWinderTrayV4] C: \ PROGRA ~ 1 \ MI948F ~ 1 \ GAMECO ~ 1 \ Common \ SWTrayV4.exe
O4 - HKLM \ .. \ Run: [itype] "C: \ Program Files \ Microsoft IntelliType Pro \ itype.exe"
O4 - HKLM \ .. \ Run: [IntelliPoint] "C: \ Program Files \ Microsoft IntelliPoint \ ipoint.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimāla
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNS \ btdna.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: MP3 Rocket (Minimizēta). LNK = C: \ Program Files \ MP3 Rocket \ MP3Rocket.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C: \ Program Files \ BT Broadband Desktop Help \ bin \ matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C: \ Program Files \ NETGEAR WG311v2 Adapter \ wlancfg5.exe
Ø8 - ārpus konteksta menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
Ø8 - ārpus konteksta menu item: & Download ar & DAP - C: \ Program Files \ DAP \ dapextie.htm
Ø8 - ārpus konteksta menu item: Download & visi ar DAP - C: \ Program Files \ DAP \ dapextie2.htm
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll
Ø9 - Extra button: BT Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (17.492.023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper20073151.dll
Ø16 - DPF: (6F15128C-E66A-490C-B848-5000B5ABEEAC) (HP Download Manager) -- https: / / h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
Ø16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Spēles Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...nt/swflash.cab
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Paziņot: tuvsqpq - tuvsqpq.dll (file missing)
Ø20 - Winlogon Paziņot: yaywuvw - yaywuvw.dll (file missing)
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown īpašnieks - C: \ Program Files \ AMD \ RAIDXpert \ mols \ extra \ Win32 \ Wrapper.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: PML Driver HPZ12 - Unknown īpašnieks - C: \ WINDOWS \ system32 \ HPZipm12.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
O23 - Service: WLTRYSVC - Unknown īpašnieks - C: \ WINDOWS \ System32 \ wltrysvc.exe
O23 - Service: YPCService - Yahoo! Inc - C: \ WINDOWS \ system32 \ YPCSER ~ 1.EXE
--
End of failu - 11.044 bytes

Similar Threads
Pavediens	Thread Starter	Forums	Replies	Last Post
Lēnāku interneta ātrumu vakaros uz kabeļu	kojowilliams	Networking, Modemi & VoIP	1	25 maijs 2009 14:18
Fast Moving spēles uzlabo prasmes lēnāk pārvietojas spēles!	NeuroDrive	PC & Console Gaming	1	4 februāris 2009 04:19
PC lēnāka nekā pasaules vislēnākais lieta!	gļotas	Vīrusu, spiegprogrammatūru un drošība	40	20 novembris 2008 06:35
Ir ārēji hardrives lēnāk nekā iekšējiem?	dubs89	Drives & Removable Media	3	29 decembris 2007 14:05