[evilfantasy]

Download ComboFix by subs no vienas no saitēm. Pārliecinieties top saglabājiet to Desktop.

Link # 1
Link # 2

** Piezīme: Ir svarīgi, ka tā ir saglabāta tieši jūsu Desktop

Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc) pirms uzsākt ComboFix.

Laiku sakropļot jūsu antivīruss, Un jebkuru antispyware reāllaika aizsardzību pirms veic skenēšanu. Click šo saiti redzēt sarakstu drošības programmas, kas ir invalīdi un to, kā pārtraukt to darbību.

Dubultklikšķi combofix.exe un sekojiet norādījumiem.

Windows XP Systems instalēt Recovery Console:

- Ja lietojat Windows XP un nav jau Recovery Console uzstādītas, lūdzu, pārliecinieties, jūsu interneta savienojums ir aktīvs (ja iespējams) un noklikšķiniet uz Jā.
- Ja kaut kādu iemeslu dēļ interneta nedarbojas klikšķi Nē.
-- Ja nelietojat Windows XP, jums netiks piedāvāts.
- Kad mudināts piekrist EULA klikšķi OK.
- Pieņemt Microsoft EULA (Click Jā).
- Ja Jums ir teikts, ka RC ir uzstādīts pareizi klikšķi JĀ turpināt meklētu ļaunprātīgu programmatūru.

Kad pabeigts ComboFix ražos log for you.
Post ComboFix log un jaunu HijackThis log Jūsu nākamo atbildi.

Svarīgi: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt to apstāsies.

Atcerieties, ka jauna aktivizētu jūsu antivīrusu un antispyware aizsardzību, ja ComboFix ir pabeigta.

[lolli_pop]

ComboFix 08-10-28.01 - komēta 2008-10-28 16:45:41.2 -- FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.200 [GMT 0:00]
Sākot no: C: \ Documents and Settings \ Comet \ Desktop \ ComboFix.exe
* Izveido jaunu atjaunošanas punktu
.

((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ WINDOWS \ Downloaded Program Files \ setup.inf
C: \ WINDOWS \ system32 \ dao350.dll
C: \ WINDOWS \ system32 \ spptfqyx.ini
C: \ WINDOWS \ system32 \ xhqmppgy.ini

.
((((((((((((((((((((((((( Faili Created no 2008/09/28 līdz 2008/10/28 ))))))))))) ))))))))))))))))))))
.

2008/10/26 23:17. 2008/10/26 23:16 410.976 - ------ C: \ WINDOWS \ system32 \ deploytk.dll
2008/10/26 23:02. 2008/10/26 23:02 <DIR> d -------- C: \ Program Files \ Malwarebytes "Anti-Malware
2008/10/26 23:02. 2008/10/26 23:02 <DIR> d -------- C: \ Documents and Settings \ Comet \ Application Data \ Malwarebytes
2008/10/26 23:02. 2008/10/26 23:02 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008/10/26 23:02. 2008/10/22 16:10 38.496 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008/10/26 23:02. 2008/10/22 16:10 15.504 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008/10/26 19:27. 2008/10/26 19:27 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008/10/26 19:27. 2008/10/26 19:27 <DIR> d -------- C: \ Documents and Settings \ Comet \ Application Data \ SUPERAntiSpyware.com
2008/10/26 19:27. 2008/10/26 19:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008/10/18 15:04. 2008/10/18 15:04 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ qfkhglkl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/10/15 17:57 332.800 ---- aw C: \ WINDOWS \ system32 \ dllcache \ netapi32.dll
2008/10/03 18:41 6.066.176 ------ w C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll
2008/09/15 12:57 1.846.016 ---- aw C: \ WINDOWS \ system32 \ win32k.sys
2008/09/15 12:57 1.846.016 ---- aw C: \ WINDOWS \ system32 \ dllcache \ win32k.sys
2008/08/31 13:51 97.928 ---- aw C: \ WINDOWS \ system32 \ drivers \ avgldx86.sys
2008/08/28 11:04 333.056 ---- aw C: \ WINDOWS \ system32 \ drivers \ srv.sys
2008/08/28 11:04 333.056 ---- aw C: \ WINDOWS \ system32 \ dllcache \ srv.sys
2008/08/27 09:24 3.593.216 ------ w C: \ WINDOWS \ system32 \ dllcache \ mshtml.dll
2008/08/25 09:38 70.656 ------ w C: \ WINDOWS \ system32 \ dllcache \ ie4uinit.exe
2008/08/25 09:38 13.824 ------ w C: \ WINDOWS \ system32 \ dllcache \ ieudinit.exe
2008/08/23 06:56 635.848 ------ w C: \ WINDOWS \ system32 \ dllcache \ iexplore.exe
2008/08/23 06:54 161.792 ------ w C: \ WINDOWS \ system32 \ dllcache \ ieakui.dll
2008/08/14 11:00 2.180.352 ------ w C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe
2008/08/14 10:58 2.136.064 ---- aw C: \ WINDOWS \ system32 \ ntoskrnl.exe
2008/08/14 10:58 2.136.064 ------ w C: \ WINDOWS \ system32 \ dllcache \ ntkrnlmp.exe
2008/08/14 10:51 138.368 ---- aw C: \ WINDOWS \ system32 \ dllcache \ afd.sys
2008/08/14 10:22 2.057.728 ------ w C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe
2008/08/14 10:22 2.015.744 ---- aw C: \ WINDOWS \ system32 \ Ntkrnlpa.exe
2008/08/14 10:22 2.015.744 ------ w C: \ WINDOWS \ system32 \ dllcache \ ntkrpamp.exe
2007/07/21 23:46 2.244 ---- aw C: \ Documents and Settings \ Comet \ Application Data \ filterclsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"MsnMsgr" = "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" [2007/01/19 5.674.352]
"SWG" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007/06/17 68.856]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004/08/04 15.360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"LaunchApp" = "Alaunch" [X]
"ntiMUI" = "C: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe" [2005/05/11 45.056]
"RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004/11/02 32.768]
"IMJPMIG8.1" = "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.E XE" [2004/08/04 208.952]
"MSPY2002" = "C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScI nst.exe" [2004/08/04 59.392]
"PHIME2002ASync" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE" [2004/08/04 455.168]
"PHIME2002A" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TIN TSETP.EXE" [2004/08/04 455.168]
"eRecoveryService" = "C: \ Acer \ Empowering Technology \ eRecovery \ Monitor.exe" [2005/11/16 397.312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2008/10/26 136.600]
"BJCFD" = "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe" [2003/01/27 376.912]
"Broadbandadvisor.exe" = "C: \ Program Files \ Virgin Broadband \ padomnieks \ Broadbandadvisor.exe" [2007/01/24 2.037.240]
"InstantAccess" = "C: \ Program Files \ TextBridge Pro Millennium \ Bin \ InstantAccess.exe" [2001/10/04 49.152]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007/10/11 185.632]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008/03/28 413.696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008/03/30 267.048]
"AVG8_TRAY" = "C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe" [2008/09/29 1.234.712]
"SiSPower" = "SiSPower.dll" [2005/07/13 C: \ WINDOWS \ system32 \ SiSPower.dll]
"SoundMan" = "SOUNDMAN.EXE" [2005/08/17 C: \ WINDOWS \ soundman.exe]
"SMSERIAL" = "sm56hlpr.exe" [2005/06/06 C: \ WINDOWS \ sm56hlpr.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2004/08/04 15.360]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe [2004/12/14 29.696]
Utility Tray.lnk - C: \ WINDOWS \ system32 \ sistray.exe [2006/08/01 262.144]
Bluetooth.lnk - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ BTTray.exe [2006/06/07 553.021]
Ulead Photo Express 3,0 SE Calendar Checker.lnk - C: \ Program Files \ Ulead Systems \ Ulead Photo Express 3,0 SE \ CalCheck.exe [2007/05/19 61.440]
ScanPanel.lnk - C: \ Program Files \ Trust \ Easy Webscan 19.200 \ ScanPanel \ ScnPanel.exe [2007/06/06 3.043.409]
Exif Launcher S.lnk - C: \ Program Files \ FinePixViewerS \ QuickDCF2.exe [2007/10/27 303.104]
Adobe Gamma Loader.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2008/08/05 113.664]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008/05/13 77.824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon]
2008/07/23 16:28 352.256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = avgrsstx.dll

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ MSN Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ uTorrent \ \ utorrent.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =
"C: \ \ Program Files \ \ AVG \ \ AVG8 \ \ avgupd.exe" =

R1 AvgLdx86; AVG AVI Loader Driver x86, C: \ WINDOWS \ System32 \ Drivers \ avgldx86.sys [2008/08/31 97.928]
R2 avg8wd; AVG8 Watchdog, C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [2008/08/31 231.704]
R2 int15.sys; int15.sys, C: \ Acer \ Empowering Technology \ eRecovery \ int15.sys [2005/01/13 69.632]
R2 JavaQuickStarterService; Java Quick Starter, C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe [2008/10/26 152.984]
S3 ss_bus; Samsung Mobile USB Device 1,0 vadītājs (WDM), C: \ WINDOWS \ system32 \ drivers \ ss_bus.sys [2005/01/24 52.384]
S3 ss_mdfl; SAMSUNG Mobile USB Modem 1,0 Filter, C: \ WINDOWS \ system32 \ drivers \ ss_mdfl.sys [2005/01/24 6.064]
S3 ss_mdm; SAMSUNG Mobile USB Modem 1,0 Drivers, C: \ WINDOWS \ system32 \ drivers \ ss_mdm.sys [2005/01/24 84.512]

* Jaunizveidoto Service * - INT15.SYS
.
Saturs "Scheduled Tasks" mape

2008/10/22 C: \ WINDOWS \ Uzdevumi \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008/04/11 17:57]
.
.
------- Papildu Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Comet \ Application Data \ Mozilla \ Firefox \ Profiles \ mrpo7rd4.default \
FireFox -: prefs.js - SEARCH.DEFAULTURL - 1
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.co.uk |www.google.co.uk
FF -: Plugin - C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ pārlūku \ nppdf32.dll
FF -: Plugin - C: \ Program Files \ iTunes \ Mozilla Plugins \ npitunes.dll
FF -: Plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npdeploytk.dll
FF -: Plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npjp2.dll
FF -: Plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ npdeploytk.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/10/28 16:47:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI

skenēšana slēptās procesi ...

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptos failus: 0

************************************************** ************************
.
Pabeigšanas laiks: 2008-10-28 16:48:32
ComboFix2.txt 2007/11/12 22:53:46
ComboFix-karantīnā-files.txt 2008/10/28 16:48:30

Pre-Run: 7665582080 bytes free
Post-Run: 7917305856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (2) \ WINDOW S
[operating systems]
C: \ Cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (2) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = optin / fastdetect

148 --- EOF --- 2008/10/24 23:26:39



Nolaupīt Šis žurnāls:


Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 16:49:55, uz 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgrsx.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Acer \ Empowering Technology \ eRecovery \ Monitor.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ Virgin Broadband \ padomnieks \ Broadbandadvisor.exe
C: \ Program Files \ TextBridge Pro Millennium \ Bin \ InstantAccess.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ sm56hlpr.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program Files \ WIDCOMM \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Ulead Systems \ Ulead Photo Express 3,0 SE \ CalCheck.exe
C: \ Program Files \ Trust \ Easy Webscan 19.200 \ ScanPanel \ ScnPanel.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ FinePixViewerS \ QuickDCF2.exe
C: \ PROGRA ~ 1 \ WIDCOMM \ BLUETO ~ 1 \ BTSTAC ~ 1.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ HijackThis \ Analyse.exe.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = *. vietējo
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7,0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - (145B29F4-A56B-4b90-BBAC-45784EBEBBB7) - C: \ Program Files \ StumbleUpon \ StumbleUponIEBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9.990-79A187E2698E) - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8.333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4.638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ izvietot \ jqs \ ti \ jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - (E99421FB-68DD-40F0-B4AC-B7027CAE2F1A) - C: \ Program Files \ EPSON \ EPSON Web-To-Page \ EPSON Web-To-Page.dll
O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - (EE5D279F-081B-4.404-994D-C6B60AAEBA6D) - C: \ Program Files \ EPSON \ EPSON Web-To-Page \ EPSON Web-To-Page.dll
O3 - Toolbar: StumbleUpon Toolbar - (5093EB4C-3E93-40AB-9.266-B607BA87BDC8) - C: \ Program Files \ StumbleUpon \ StumbleUponIEBar.dll
O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9.990-79A187E2698E) - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [ntiMUI] C: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ Empowering Technology \ eRecovery \ Monitor.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [BJCFD] C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe
O4 - HKLM \ .. \ Run: [Broadbandadvisor.exe] "C: \ Program Files \ Virgin Broadband \ padomnieks \ Broadbandadvisor.exe" / Autorun
O4 - HKLM \ .. \ Run: [InstantAccess] C: \ Program Files \ TextBridge Pro Millennium \ Bin \ InstantAccess.exe / h
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AVG8_TRAY] C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe
O4 - HKLM \ .. \ Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: Comet Screensaver.lnk = C: \ Program Files \ Comet Screensaver \ Comet Screensaver.exe
O4 - Startup: IMVU.lnk = C: \ Program Files \ IMVU \ IMVUClient.exe
O4 - Startup: Aksesuāri
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Bluetooth.lnk =?
O4 - Global Startup: Ulead Photo Express 3,0 SE Calendar Checker.lnk = C: \ Program Files \ Ulead Systems \ Ulead Photo Express 3,0 SE \ CalCheck.exe
O4 - Global Startup: ScanPanel.lnk = C: \ Program Files \ Trust \ Easy Webscan 19.200 \ ScanPanel \ ScnPanel.exe
O4 - Global Startup: Exif Launcher S.lnk =?
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
Ø8 - ārpus konteksta izvēlnes vienums: Pievienot Windows & Live favorīti -- http://favorites.live.com/quickadd.aspx
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø8 - ārpus konteksta menu item: Send To & Bluetooth - C: \ Program Files \ Belkin \ Bluetooth Software \ btsendto_ie_ctx.htm
Ø8 - ārpus konteksta menu item: Send to & Bluetooth Device ... - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie_ctx.htm
Ø8 - ārpus konteksta izvēlnes vienums: StumbleUpon Photoblog It! - Res: / / StumbleUponIEBar.dll / blogimage
Ø9 - Extra button: StumbleUpon - (75C9223A-409A-4795-A3CA-08DE6B075B4B) - C: \ Program Files \ StumbleUpon \ StumbleUponIEBar.dll
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: @ btrez.dll, -4.015 - (CCA281CA-C863-46ef-9.331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
Ø9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12.650 - (CCA281CA-C863-46ef-9.331-5C8D4460577F) - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ btsendto_ie.htm
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (20A60F0D-9AFA-4.515-A0FD-83BD84642501) (Dambrete klase) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter klase) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
Ø16 - DPF: (48DD0448-9.209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1006.cab
Ø16 - DPF: (4F1E5B1A-2A80-42CA-8.532-2D05CB959537) (MSN Photo Upload Tool) -- http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
Ø16 - DPF: (5C051655-FCD5-4.969-9.182-770EA5AA5565) (Solitaire Showdown klase) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
Ø16 - DPF: (5D6F45B3-9.043-443D-A792-115447494D24) (UnoCtrl klase) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klase) -- http://update.microsoft.com/windowsu...?1177956484625
Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient klase) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
Ø16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Karogi klase) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll
Ø20 - AppInit_DLLs: avgrsstx.dll
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: AVG8 Watchdog (avg8wd) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program Files \ WIDCOMM \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe

--
End of failu - 10.971 bytes

[evilfantasy]

• Click START tad RUN
• Tagad tips Combofix / u in runbox
• Pārliecinieties, ka tur starp Combofix un telpas / u
• Tad hit Enter.

• Iepriekš minēto procedūru paredz:
• Dzēst tekstu:
• ComboFix un ar to saistītos failus un mapes.
• Reset pulksteņa uzstādījumus.
• Paslēpt failu paplašinājumus, ja nepieciešams.
• Paslēpt System / Hidden failus, ja nepieciešams.
• Uzstādīt jaunu, tīru Restore Point.

----------

Run CCleaner.

----------

Palaist šo online scan.

Šis skeneris pieprasa Internet Explorer

Lietošanai ESET Nod32 Online Scanner

1. Pārbaudiet lodziņu blakus Jā, es piekrītu Lietošanas noteikumi.
2. Click Sākums
3. Jautāti, ļauj ActiveX kontroli, lai instalētu
4. Click Sākums
5. Pārliecinieties, ka opcija Noņemt atrasts draudi un izvēle Scan nevēlamas programmas tikai jāpārbauda marked.
6. Click Scan
7. Sagaidiet scan pabeigt
8. Lietot notepad atvērt logfile atrodas C: \ Program Files \ EsetOnlineScanner \ log.txt
9. Pievienot C: \ Program Files \ EsetOnlineScanner \ log.txt Ieejiet savā nākamajā atbildi.

Kā datorā, kurā darbojas tagad?

[lolli_pop]

Tā saka man nepieciešams instalēt ActiveX, bet nav nāk klajā ar pop up vai tūlītējas jebkādu man instalēt.

[evilfantasy]

Vai jūs izmantojat Internet Explorer?

[lolli_pop]

# Version = 4
# OnlineScanner.ocx = 1.0.0.635
# OnlineScannerDLLA.dll = 1, 0, 0, 79
# OnlineScannerDLLW.dll = 1, 0, 0, 78
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 3563 (20081028)
# Vers_arch_module = 1,064 (20.080.214)
# Vers_adv_heur_module = 1,064 (20.070.717)
# EOSSerial = 930ac3d49230114ab36d54f68f5299bf
# End = pabeigts
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008/10/28 10:37:29
# Local_time = 2008/10/28 10:37:29 (0.000, GMT Standard Time)
# Country = "Apvienotā Karaliste"
# Osver = 5.1.2600 NT Service Pack 2
# Skenēts = 283.640
# Atrasts = 0
# Scan_time = 2.537

[evilfantasy]

Izskatās labi.

Dariet man zināmu, ja jums ir kādi jautājumi.

Disable System Restore Utility, lai novērstu atkārtotu inficēšanos no vecā

1) Tiesības uz My Computer ikonas uz darbvirsmas un noklikšķiniet uz Properties.
2) Noklikšķiniet uz System Restore tab.
3) Ielieciet atzīmi blakus Turn off System Restore uz visiem Drives
4) Click OK pogu.
5) Jums tiks piedāvāts restartēt datoru. Click Jā pogu.

Tagad atkal iespējotu System Restore

Lai no jauna aktivizētu System Restore Utility, veiciet viens līdz piecām, un par soli trīs noņemiet atzīmi blakus "Turn off System Restore uz visiem diski".

1) Tiesības uz My Computer ikonas uz darbvirsmas un noklikšķiniet uz Properties.
2) Noklikšķiniet uz System Restore tab.
3) Noņemiet atzīmi blakus Turn off System Restore uz visiem Drives
4) Click OK pogu.

----------

Lietošanai Secunia Software Inspector lai pārbaudītu novecojis programmatūru.
Novecojis programmatūra ir drošības ievainojamības, ka ļaundabīgās programmas var izmantot.

• Click Start Now
• Pārbaudiet lodziņu blakus Enable pilnīgu sistēmu pārbaudi.
• Click Sākums
• Ļaut skenēt pabeigt un ritiniet uz leju, lai redzētu, vai jebkādu šo ziņu atjauninājumu, ir nepieciešama.
• Update kaut kas uzskaitīti.

----------

Doties uz Microsoft Windows Update un saņemt visus kritiskos atjauninājumus.

----------

Pārliecinieties, ka visas jūsu drošības programmas ir atjauninātas un vadīt skenē ar viņiem regulāri.

Šeit ir daži lielu bezmaksas rīki, kas palīdz jums uzturēt no nokļūst inficētas vēlreiz. Šos instrumentus izmantot gandrīz nemaz vai resursus, lai nepalēninātu datoru.

Pauž bažas par Pārlūka drošība? Jāapsver iespēja izmantot Mozilla Firefox 3.0.

Lai novērstu nezināms pieteikumi tiek instalēta datorā instalēt WinPatrol 2.008
* Izmantojot Winpatrol, lai aizsargātu Jūsu datoru no ļaunprātīgas programmatūras

Es gribētu ierosināt, izmantojot SiteAdvisor. SiteAdvisor likmes vietās uzņēmējdarbības prakses un surogātpastu. Drošības reitingu no McAfee SiteAdvisor ir balstīti uz automatizētu drošības testus Web vietu.

SpywareBlaster - Nodrošināt programmas Internet Explorer apgrūtina šo ActiveX programmām darboties datorā. Arī pārtraukt dažu sīkdatnes no kuras tiek pievienotas datoram, braucot Mozilla pamatā pārlūkprogrammās, piemēram, Firefox.
* Izmantojot SpywareBlaster, lai aizsargātu datoru pret spiegprogrammatūru un ļaunprātīgu programmatūru
* Ja jūs nezināt, kas ActiveX vadīklas ir sk šeit

Izbraukšana Uzturētu sevi droši On Web par padomiem un bezmaksas rīki, lai saglabātu jums droši nākotnē.

Apskatiet arī Lēns dators? To nedrīkst Malware bezmaksas tīrīšanas / uzkopšanas līdzekļus, lai palīdzētu saglabāt jūsu datorā, kurā darbojas gluda.

[lolli_pop]

Es tā viss jūs teicāt, bet šodien, kad es ilga AVG, Trojans joprojām tur kā ir Adaware Generic lietas, kādi tie ir. : (

[evilfantasy]

Vai tu flush Jūsu atjaunošanas punktus?

Quote:

Disable System Restore Utility, lai novērstu atkārtotu inficēšanos no vecā

1) Tiesības uz My Computer ikonas uz darbvirsmas un noklikšķiniet uz Properties.
2) Noklikšķiniet uz System Restore tab.
3) Ielieciet atzīmi blakus Turn off System Restore uz visiem Drives
4) Click OK pogu.
5) Jums tiks piedāvāts restartēt datoru. Click Jā pogu.

Tagad atkal iespējotu System Restore

Lai no jauna aktivizētu System Restore Utility, veiciet viens līdz piecām, un par soli trīs noņemiet atzīmi blakus "Turn off System Restore uz visiem diski".

1) Tiesības uz My Computer ikonas uz darbvirsmas un noklikšķiniet uz Properties.
2) Noklikšķiniet uz System Restore tab.
3) Noņemiet atzīmi blakus Turn off System Restore uz visiem Drives
4) Click OK pogu.

[lolli_pop]

Jā, es to, ka pirmo reizi, kad man stāstīja, un es ilga AVG atkal kas ražoti no malware bet šodien, kad es to darīja, tie tur vēlreiz.