Kāds man es nevaru tikt vaļā TROJAN.VUNDO.H

**redsowwer** · #1 16 oktobris 2008, 09:51

Es esmu mēģinājis vairākas reizes ar Malwarebytes dzēst VUNDO.H vīrusu. Tā veicina atsāknēšana un palaist Malwarebytes atkal tikai atrast tā vēl par sistēmu. Es arī būtu izslēgta sistēmu atjaunot pirms sākt tiem.

Thanks for your help!

**evilfantasy** · #2 16 oktobris 2008, 11:27

Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai.

Vieta atzīme blakus šādiem ierakstiem: (ja ir)

O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - C: \ Windows \ system32 \ digestp.dll
Ø20 - Winlogon Paziņot: paubftzz - C: \ WINDOWS \ SYSTEM32 \ digestp.dll

Svarīgi: Aizveriet visus logus, izņemot HijackThis un pēc tam noklikšķiniet uz Fix pārbaudīja.

Iziet HijackThis.

----------

Lejupielādēt OTMoveIt2 ar oldtimer un saglabājiet to savā Desktop.

Piezīme: Ja jūs izmantojat uz Vista, ar peles labo pogu noklikšķiniet uz OTMoveIt2.exe un izvēlēties Run As Administrator.

1. Veiciet dubultklikšķi uz OTMoveIt2.exe lai tā varētu darboties.
2. Kopija ar codebox zem līnijas.

Kods:

[kill explorer] C: \ WINDOWS \ SYSTEM32 \ digestp.dll EmptyTemp [sākums Explorer]

3. Atgriezties OTMoveIt2 labo klikšķi Ielīmēt saraksts failus / mapes Pārvietot logu (ar dzeltenu joslu) un izvēlieties Ielīmēt
4. Click sarkans Moveit! pogu.
5. Kopija viss Rezultāti loga (zem zaļā josla) un ielīmējiet to savā nākamajā atbildi.
6. Aizvērt OTMoveIt2

Atzīmēt: Ja faila vai mapes nevar pārvietot tieši jums var lūgt pārstartēt datoru lai pabeigtu pārvietoties procesu. Ja lūdza reboot, izvēlieties Jā. Ja ne, reboot anyway.

**redsowwer** · #3 16 oktobris 2008, 12:39

Nu es ilga viss jums nosūtīts. Nolaupīt gāja naudas sodu un 2 faili.

OTMOVEIT2 programma - I kopēt 4 lines
[kill explorer]
C: \ WINDOWS \ SYSTEM32 \ digestp.dll
EmptyTemp
[sākums explorer

saskaņā ar dzelteno joslu un atlasa MOVEIT.

Saskaņā ar zaļās kastes programmas teica izpētīt bojā veiksmīgi tomēr es saņēmu kļūdu dialoglodziņu.

Said OTMOVEIT2 OTMOVEIT2.EXE - Bad image

Pieteikums vai DLL C: \ Windows \ rakxhfy.dll nav derīgs logi attēlu. Please check this pret jūsu installtion diska.

Man bija atsāknēšana un OTMOVEIT nāca klajā jauna un man nāca klajā ar pašu kļūdu dialoglodziņā, kā minēts iepriekš. Kā es varu atbrīvoties no šī OTMOVEIT2 kad reboots. Vai ir kaut kas cits, kas jāpaveic?

**evilfantasy** · #4 16 oktobris 2008, 12:45

Jā tur ir daudz ko darīt. Neuztraucieties par error message ...

Lejupielādēt izlases veidā ir sistēmas informācijas rīks (RSIT) izlases / izlases no un saglabājiet to savā datorā.

Divreiz uzklikšķiniet uz RSIT.exe darboties.
Click Turpināt pie disclaimer ekrānu.
Kad tas ir pabeigts, divas logs atvērsies.
log.txt <būs maksimizēts un info.txt <tiks minimizēta
Lūdzu, pēc satura abi Apaļkoku nākamo atbildi.

**redsowwer** · #5 16 oktobris 2008, 13:26

log.txt:
Jūsu fails par 28,7 KB bytes pārsniedz foruma robeža 19,5 KB no šī faila tipu. Man bija WinZip LOG failu, lai saņemtu to, kas jums jādara, lai cdonstraints no DATORU SULAS arestu failus.

**redsowwer** · #6 16 oktobris 2008, 13:34

LOG FILE

Logfile izlases ir sistēmas informācijas rīks 1,04 (rakstiska ar izlases / izlases veida)
Vada Īpašnieks at 2008/10/16 15:56:08
Microsoft Windows XP Home Edition Service Pack 3
Sistēma drive C: ir 136 GB (92%) bez 149 GB
Kopā RAM: 382 MB (30% bezmaksas)
Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 3:56:33 gada 10/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Canon \ DeviceDetector \ DevDtct2.exe
C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Documents and Settings \ Īpašnieks \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 6QBVSP54 \ RSIT [1]. Exe
C: \ Program Files \ Common Files \ Symantec Shared \ COH \ coh32.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Owner.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.emachines.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: NCO 2,0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ coIEPlg.dll
O2 - BHO: Symantec Ielaušanās novēršanas - (6D53EC84-6AAE-4.787-AEEE-F4628F01010C) - C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8.333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4.638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - C: \ Windows \ system32 \ digestp.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: Rādīt Norton Toolbar - (7FEBEFE3-6B19-4.349-98D2-FFB09D4B49CA) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ CoIEPlg.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [osCheck] "C: \ Program Files \ Norton 360 \ osCheck.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Global Startup: Device Detector 3.lnk = C: \ Program Files \ Canon \ DeviceDetector \ DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
Ø16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (ActiveScan 2,0 Installer klase) -- http://acs.pandasoftware.com/actives.../as2stubie.cab
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klase) -- http://www.update.microsoft.com/wind...?1211623928390
Ø16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klase) -- http://www.update.microsoft.com/micr...?1211630845500
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Paziņot: paubftzz - C: \ WINDOWS \ SYSTEM32 \ digestp.dll
O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect dienests (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - PRIEKŠU Software - C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc - C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown īpašnieks - C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe
--
End of failu - 7.993 bytes
====== Plānotais uzdevumu mapi ======
C: \ WINDOWS \ uzdevumus \ Automatic Full Backup.job
C: \ WINDOWS \ uzdevumus \ Daily mainīts Files.job
C: \ WINDOWS \ uzdevumus \ PEACTREE WEEKLY ATPAKAĻ UP.job
====== Registry dump ======
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)]
Adobe PDF Reader Link Helper - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll [2006/10/23 62.080]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3049C3E9-B461-4BC5-8870-4C09146192CA)]
RealPlayer Download and Record Plugin Internet Explorer - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll [2008/04/19 308.856]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)]
C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ coIEPlg.dll [2008/06/30 349.552]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (6D53EC84-6AAE-4.787-AEEE-F4628F01010C)]
Symantec Ielaušanās novēršanas - C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll [2008/10/16 116.088]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AA58ED58-01DD-4d91-8.333-CF10577473F7)]
Google Toolbar Helper - C: \ Program Files \ Google \ googletoolbar1.dll [2007/06/04 2.554.944]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AF69DE43-7D58-4.638-B6FA-CE66B5AD205D)]
Google Toolbar Notifier BHO - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll [2008/09/26 737.776]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
c: \ windows \ system32 \ digestp.dll [2004/08/04 105.984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll [2005/08/04 343.112]
(2318C2B1-4.965-11d4-9B18-009027A5CD4F) - un Google - c: \ Program Files \ Google \ googletoolbar1.dll [2007/06/04 2.554.944]
ID
(7FEBEFE3-6B19-4.349-98D2-FFB09D4B49CA) - Rādīt Norton rīkjosla - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ CoIEPlg.dll [2008/06/30 349.552]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = C: \ Program Files \ QuickTime \ qttask.exe [2005/01/28 98.304]
"Adobe Photo Downloader" = C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe [2005/06/06 57.344]
"Adobe Reader Speed Launcher" = C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe [2008/01/11 39.792]
"TkBellExe" = C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe [2008/04/19 185.896]
"ccApp" = C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008/02/18 51.048]
"osCheck" = C: \ Program Files \ Norton 360 \ osCheck.exe [2008/02/26 988.512]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"MSMSGS" = C: \ Program Files \ Messenger \ msmsgs.exe [2008/04/13 1.695.232]
"ctfmon.exe" = C: \ WINDOWS \ system32 \ ctfmon.exe [2008/04/13 15.360]
"SUPERAntiSpyware" = C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe [2008/05/28 1.506.544]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ ATIPTA]
C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [2004/11/12 344.064]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ ccApp]
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008/02/18 51.048]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ CHotkey]
C: \ WINDOWS \ zHotkey.exe [2004/05/17 543.232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ ctfmon.exe]
C: \ WINDOWS \ system32 \ ctfmon.exe [2008/04/13 15.360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ InCD]
C: \ Program Files \ Ahead \ InCD \ InCD.exe [2003/09/01 1.200.178]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ MSMSGS]
C: \ Program Files \ Messenger \ msmsgs.exe [2008/04/13 1.695.232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ NeroCheck]
C: \ WINDOWS \ system32 \ \ NeroCheck.exe [2001/07/09 155.648]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ NeroFilterCheck]
C: \ WINDOWS \ system32 \ NeroCheck.exe [2001/07/09 155.648]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Recguard]
C: \ WINDOWS \ SMINST \ RECGUARD.EXE [2002/09/13 212.992]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ RemoteControl]
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [2003/10/31 32.768]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ ShowWnd]
C: \ WINDOWS \ ShowWnd.exe [2003/09/19 36.864]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ SoundMan]
C: \ WINDOWS \ SOUNDMAN.EXE [2004/11/15 77.824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ SunKistEM]
C: \ Program Files \ Digital Media Reader \ shwiconem.exe [2004/11/15 135.168]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ UpdateManager]
C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe [2003/08/19 110.592]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ BigFix.lnk]
C: \ PROGRA ~ 1 \ BigFix \ BigFix.exe [2002/07/31 1.742.384]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Microsoft Office.lnk]
C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office \ OSA9.EXE [2000/01/21 65.588]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup
Device Detector 3.lnk - C: \ Program Files \ Canon \ DeviceDetector \ DevDtct2.exe
Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Paziņot \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [2007/04/19 294.912]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Paziņot \ AtiExtEvent]
C: \ WINDOWS \ system32 \ Ati2evxx.dll [2006/02/21 61.440]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Paziņot \ paubftzz]
C: \ WINDOWS \ system32 \ digestp.dll [2004/08/04 105.984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad]
UPnPMonitor - (e57ce738-33e8-4c51-8.354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008/04/13 239.616]
WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll [2006/10/18 133.632]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2008/05/13 77.824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Policies \ Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ standarta profils \ authorizedapplications \ list]
"% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22.019"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL"
"C: \ Program Files \ America Online 9,0 \ waol.exe" = "C: \ Program Files \ America Online 9,0 \ waol.exe: *: Enabled:" America Online "9.0"
"% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20.000"
"C: \ Program Files \ Internet Explorer \ iexplore.exe" = "C: \ Program Files \ Internet Explorer \ iexplore.exe: *: Disabled: Internet Explorer"
"C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe" = "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe: *: Enabled: LogMeIn Rescue"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22.019"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL"
"C: \ Program Files \ America Online 9,0 \ waol.exe" = "C: \ Program Files \ America Online 9,0 \ waol.exe: *: Enabled:" America Online "9.0"
"% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20.000"
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8.557-11d9-be24-806d6172696f)]
shell \ Autorun \ komandu - C: \ WINDOWS \ system32 \ RunDLL32.EXE shell32.dll, ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710.a-11d9-b301-806d6172696f)]
shell \ Autorun \ komandu - C: \ WINDOWS \ system32 \ RunDLL32.EXE shell32.dll, ShellExec_RunDLL Info.exe folder.htt 480 480

====== Saraksts failus / mapes izveidoti pēdējos 1 mēnesis ======
2008/10/16 15:56:08 ---- D ---- C: \ rsit
2008/10/16 15:19:05 ---- D ---- C: \ _OTMoveIt
2008/10/16 14:07:16 ---- D ---- C: \ Program Files \ Panda Security
2008/10/16 13:48:04 ---- ---- C: \ WINDOWS \ system32 \ CF23987.exe
2008/10/16 13:47:57 ---- ---- C: \ Bug.txt
2008/10/16 13:20:06 ---- D ---- C: \ VundoFix Backups
2008/10/16 13:20:06 ---- ---- C: \ VundoFix.txt
2008/10/16 12:26:25 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008/10/16 12:25:40 ---- D ---- C: \ Program Files \ SUPERAntiSpyware
2008/10/16 12:25:39 ---- D ---- C: \ Documents and Settings \ Īpašnieks \ Application Data \ SUPERAntiSpyware.com
2008/10/16 12:25:12 ---- D ---- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/10/16 11:20:45 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956803 $
2008/10/16 11:20:36 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956391 $
2008/10/16 11:20:27 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB957095 $
2008/10/16 11:17:11 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB954211 $
2008/10/16 11:16:54 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956841 $
2008/10/16 11:08:22 ---- D ---- C: \ WINDOWS \ system32 \ N360_BACKUP
2008/10/16 10:48:03 ---- DC ---- C: \ WINDOWS \ system32 \ DRVSTORE
2008/10/16 10:47:42 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008/10/16 10:24:37 ---- D ---- C: \ Program Files \ Windows Sidebar
2008/10/16 10:24:06 ---- D ---- C: \ Program Files \ Norton 360
2008/10/16 10:22:49 ---- ---- C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008/10/15 17:26:20 ---- D ---- C: \ Program Files \ NoNAV
2008/10/15 16:41:28 ---- D ---- C: \ SymNoNav
2008/10/15 16:22:38 ---- D ---- C: \ WINDOWS \ LMI42.tmp
2008/10/15 15:10:33 ---- D ---- C: \ Program Files \ Trend Micro
2008/10/11 12:25:41 ---- D ---- C: \ WINDOWS \ Sun
2008/10/11 12:25:41 ---- D ---- C: \ Documents and Settings \ Īpašnieks \ Application Data \ Sun
2008/10/11 12:00:57 ---- D ---- C: \ Program Files \ CCleaner
2008/10/11 11:38:42 ---- D ---- C: \ Documents and Settings \ Īpašnieks \ Application Data \ Malwarebytes
2008/10/11 11:38:37 ---- D ---- C: \ Program Files \ Malwarebytes "Anti-Malware
2008/10/11 11:38:37 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
====== Saraksts failus / mapes maina pēdējā 1 mēnesis ======
2008/10/16 15:44:12 ---- D ---- C: \ Program Files \ Common Files \ Symantec Shared
2008/10/16 15:43:38 ---- D ---- C: \ WINDOWS \ Temp
2008/10/16 15:27:24 ---- D ---- C: \ WINDOWS \ system32 \ CatRoot2
2008/10/16 15:25:42 ---- ---- C: \ WINDOWS \ SchedLgU.Txt
2008/10/16 15:12:27 ---- ---- C: \ WINDOWS \ hpbafd.ini
2008/10/16 15:12:19 ---- ---- C: \ WINDOWS \ system32 \ NTS5CSET.INI
2008/10/16 15:05:13 ---- D ---- C: \ WINDOWS
2008/10/16 14:13:35 ---- D ---- C: \ WINDOWS \ system32 \ drivers
2008/10/16 14:07:16 ---- RD ---- C: \ Program Files
2008/10/16 14:07:16 ---- HD ---- C: \ WINDOWS \ inf
2008/10/16 14:06:35 ---- SD ---- C: \ WINDOWS \ Downloaded Program Files
2008/10/16 13:49:56 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008/10/16 13:48:11 ---- D ---- C: \ WINDOWS \ system32
2008/10/16 12:26:10 ---- SHD ---- C: \ WINDOWS \ Installer
2008/10/16 12:25:12 ---- D ---- C: \ Program Files \ Common Files
2008/10/16 11:50:16 ---- D ---- C: \ WINDOWS \ Minidump
2008/10/16 11:50:16 ---- D ---- C: \ WINDOWS \ Debug
2008/10/16 11:20:47 ---- RSHDC ---- C: \ WINDOWS \ system32 \ dllcache
2008/10/16 11:20:43 ---- HD ---- C: \ WINDOWS \ $ hf_mig $
2008/10/16 11:20:07 ---- D ---- C: \ Program Files \ Internet Explorer
2008/10/16 11:19:54 ---- D ---- C: \ WINDOWS \ ie7updates
2008/10/16 11:19:07 ---- ---- C: \ WINDOWS \ WIN.INI
2008/10/16 11:08:11 ---- D ---- C: \ Documents and Settings \ Īpašnieks \ Application Data \ Symantec
2008/10/16 11:04:17 ---- D ---- C: \ Program Files \ Symantec
2008/10/16 11:01:12 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008/10/16 10:46:55 ---- D ---- C: \ WINDOWS \ Prefetch
2008/10/15 17:42:01 ---- D ---- C: \ Documents and Settings
2008/10/15 15:38:45 ---- D ---- C: \ WINDOWS \ WinSxS
2008/10/15 15:38:45 ---- D ---- C: \ Program Files \ Common Files \ Microsoft Shared
2008/10/15 14:55:27 ---- D ---- C: \ WINDOWS \ system32 \ Restore
2008/10/15 13:23:32 ---- ---- C: \ WINDOWS \ PCW120.ini
2008/10/15 13:23:22 ---- D ---- C: \ SHAREDAT
2008/10/14 14:58:10 ---- D ---- C: \ Shardata
2008/10/11 11:30:23 ---- SHD ---- C: \ System Volume Information
2008/10/07 15:19:40 ---- ---- C: \ WINDOWS \ system32 \ MRT.exe
2008/10/03 13:41:15 ---- ---- C: \ WINDOWS \ system32 \ ieframe.dll
2008/09/24 08:36:56 ---- D ---- C: \ Program Files \ Common Files \ Peach
====== Saraksts vadītāju (R = Skriešana, S = Apturēts, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======
R1 AmdPPM; AMD HwPState Processor Driver; C: \ WINDOWS \ system32 \ drivers \ AmdPPM.sys [2007/04/16 33.792]
R1 eeCtrl; Symantec Eraser Control vadītāja; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ eeCtrl.sys []
R1 InCDPass; InCDPass, C: \ WINDOWS \ System32 \ Drivers \ InCDPass.sys [2003/09/01 28.528]
R1 incdrm; InCD EasyWrite Reader, C: \ WINDOWS \ system32 \ drivers \ incdrm.sys [2003/08/21 25.520]
R1 SASDIFSV; SASDIFSV; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS []
R1 SASKUTIL; SASKUTIL; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.sys []
R1 SPBBCDrv; SPBBCDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCDrv.sys []
R1 SRTSPX; SRTSPX, C: \ WINDOWS \ System32 \ Drivers \ SRTSPX.SYS [2008/01/31 43.696]
R1 SYMTDI; SYMTDI, C: \ WINDOWS \ System32 \ Drivers \ SYMTDI.SYS [2008/06/13 184.240]
R2 CO_Mon; CO_Mon; \? \ C: \ WINDOWS \ system32 \ drivers \ CO_Mon.sys []
R2 mdmxsdk; mdmxsdk, C: \ WINDOWS \ system32 \ drivers \ mdmxsdk.sys [2004/03/17 13.059]
R2 tmcomm; tmcomm; \? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys []
R3 ALCXWDM; dienests Realtek AC97 Audio (WDM), C: \ WINDOWS \ system32 \ drivers \ ALCXWDM.SYS [2004/11/18 2.297.664]
R3 Arp1394; 1.394 ARP Client Protocol; C: \ WINDOWS \ system32 \ drivers \ arp1394.sys [2008/04/13 60.800]
R3 ati2mtag; ati2mtag, C: \ WINDOWS \ system32 \ drivers \ ati2mtag.sys [2006/02/21 1.505.792]
R3 COH_Mon; COH_Mon; \? \ C: \ WINDOWS \ System32 \ Drivers \ COH_Mon.sys []
R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ EraserUtilRebootDrv.sys []
R3 GEARAspiWDM; GEAR ASPI Filter Driver; C: \ WINDOWS \ System32 \ Drivers \ GEARAspiWDM.sys [2008/04/17 15.464]
R3 HSF_DP; HSF_DP, C: \ WINDOWS \ system32 \ drivers \ HSF_DP.sys [2004/06/17 1.041.536]
R3 HSFHWBS2; HSFHWBS2, C: \ WINDOWS \ system32 \ drivers \ HSFHWBS2.sys [2004/06/17 220.032]
R3 NAVENG; NAVENG; \? \ C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2.008.101 6,004 \ NAVENG.SYS []
R3 NAVEX15; NAVEX15; \? \ C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2.008.101 6,004 \ NAVEX15.SYS []
R3 NIC1394; 1.394 Net Driver; C: \ WINDOWS \ system32 \ drivers \ nic1394.sys [2008/04/13 61.824]
R3 rtl8139; Realtek RTL8139 (A / B / C) bāzes PCI Fast Ethernet Adapter NT Driver; C: \ WINDOWS \ system32 \ drivers \ RTL8139.SYS [2004/08/04 20.992]
R3 SASENUM; SASENUM; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS []
R3 SRTSP; SRTSP, C: \ WINDOWS \ System32 \ Drivers \ SRTSP.SYS [2008/01/31 279.088]
R3 SunkFilt; Alcor Micro Corp Reader; \? \ C: \ WINDOWS \ System32 \ Drivers \ sunkfilt.sys []
R3 SYMDNS; SYMDNS, C: \ WINDOWS \ System32 \ Drivers \ SYMDNS.SYS [2008/06/13 13.616]
R3 SymEvent; SymEvent; \? \ C: \ WINDOWS \ System32 \ Drivers \ SYMEVENT.SYS []
R3 SYMFW; SYMFW, C: \ WINDOWS \ System32 \ Drivers \ SYMFW.SYS [2008/06/13 96.432]
R3 SYMIDS; SYMIDS, C: \ WINDOWS \ System32 \ Drivers \ SYMIDS.SYS [2008/06/13 38.576]
R3 SYMIDSCO; SYMIDSCO; \? \ C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ SymcData \ ipsdefs \ 20081014,001 \ SymIDSCo.sys []
R3 SymIMMP; SymIMMP, C: \ WINDOWS \ system32 \ drivers \ SymIM.sys [2008/06/13 31.280]
R3 SYMNDIS; SYMNDIS, C: \ WINDOWS \ System32 \ Drivers \ SYMNDIS.SYS [2008/06/13 37.424]
R3 SYMREDRV; SYMREDRV, C: \ WINDOWS \ System32 \ Drivers \ SYMREDRV.SYS [2008/06/13 22.320]
R3 usbehci; Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ drivers \ usbehci.sys [2008/04/13 30.208]
R3 usbhub; USB2 Enabled Hub, C: \ WINDOWS \ system32 \ drivers \ Usbhub.sys [2008/04/13 59.520]
R3 usbohci; Microsoft USB Open Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ drivers \ usbohci.sys [2008/04/13 17.152]
R3 USBSTOR; USB Mass Storage Driver, C: \ WINDOWS \ system32 \ drivers \ USBSTOR.SYS [2008/04/13 26.368]
R3 winachsf; winachsf, C: \ WINDOWS \ system32 \ drivers \ HSF_CNXT.sys [2004/06/17 685.056]
R4 InCDfs; InCD File System, C: \ WINDOWS \ system32 \ drivers \ InCDfs.sys [2003/09/01 88.800]
S1 P3 Intel PentiumIII Processor Driver; C: \ WINDOWS \ system32 \ drivers \ p3.sys [2008/04/13 42.752]
S3 Bridge; MAC Bridge, C: \ WINDOWS \ system32 \ drivers \ bridge.sys [2008/04/13 71.552]
S3 BridgeMP; MAC Bridge Miniport, C: \ WINDOWS \ system32 \ drivers \ bridge.sys [2008/04/13 71.552]
S3 mxnic; Macronix MX987xx Family Fast Ethernet NT Driver; C: \ WINDOWS \ system32 \ drivers \ mxnic.sys [2001/08/17 19.968]
S3 nv, nv, C: \ WINDOWS \ system32 \ drivers \ nv4_mini.sys [2004/08/04 1.897.408]
S3 SRTSPL; SRTSPL, C: \ WINDOWS \ System32 \ Drivers \ SRTSPL.SYS [2008/01/31 317.616]
S3 SymIM; Symantec Network Security Intermediate Filter Service, C: \ WINDOWS \ system32 \ drivers \ SymIM.sys [2008/06/13 31.280]
S3 usbuhci; Microsoft USB Universal Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ drivers \ usbuhci.sys [2008/04/13 20.608]
S3 VNUSB; VN Series Device, C: \ WINDOWS \ system32 \ drivers \ VNUSB.sys [2003/12/15 38.448]
S3 wanatw; WAN Miniport (ATW), C: \ WINDOWS \ system32 \ drivers \ wanatw4.sys []
S3 WudfPf; Windows Driver Foundation - Lietotāja mode Driver Framework platforma Driver; C: \ WINDOWS \ system32 \ drivers \ WudfPf.sys [2006/09/28 77.568]
S3 WudfRd; Windows Driver Foundation - Lietotāja mode Driver Framework Reflector, C: \ WINDOWS \ system32 \ drivers \ wudfrd.sys [2006/09/28 82.944]
S4 sr; System Restore Filter Driver; C: \ WINDOWS \ system32 \ drivers \ sr.sys [2008/04/13 73.472]
====== Pakalpojumu sarakstu (R = Skriešana, S = Apturēts, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======
R2 Ati Hotkey Poller; Ati Hotkey Poller, C: \ WINDOWS \ system32 \ Ati2evxx.exe [2006/02/21 405.504]
R2 Automatic LiveUpdate Scheduler; Automatic LiveUpdate Scheduler, C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe [2008/02/21 238.968]
R2 ccEvtMgr; Symantec Event Manager, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008/02/18 149.352]
R2 ccSetMgr; Symantec Settings Manager, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008/02/18 149.352]
R2 CLTNetCnService; Symantec Lic NetConnect pakalpojumu; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008/02/18 149.352]
R2 gusvc; Google Updater Service, C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe [2007/06/04 138.680]
R2 InCDsrv; InCD File System Service, C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe [2003/09/01 798.772]
R2 LiveUpdate Notice; LiveUpdate Notice, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008/02/18 149.352]
R2 MDM; Machine Debug Manager, C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE [2003/06/19 322.120]
R2 PrismXL; PrismXL, C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS [2005/01/28 172.032]
S3 aspnet_state; ASP.NET Valsts dienests, C: \ WINDOWS \ Microsoft.NET \ Framework \ v1.1.4322 \ aspne t_state.exe [2004/07/15 32.768]
S3 comHost, COM Host; C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe [2007/08/22 55.640]
S3 LiveUpdate; LiveUpdate, C: \ Program Files \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE [2008/09/05 3.220.856]
S3 Ose; Office Source Engine, C: \ Program Files \ Common Files \ Microsoft Shared \ Source Engine \ OSE.EXE [2003/07/28 89.136]
S3 Symantec Core LC; Symantec Core LC, C: \ PROGRA ~ 1 \ Common ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe [2008/10/16 1.245.064]
S3 WMPNetworkSvc; Windows Media Player Network Sharing Service; C: \ Program Files \ Windows Media Player \ WMPNetwk.exe [2006/10/18 913.408]
S3 WudfSvc; Windows Driver Foundation - Lietotāja mode Driver Framework, C: \ WINDOWS \ system32 \ svchost.exe [2008/04/13 14.336]
----------------- EOF -----------------

**evilfantasy** · #7 16 oktobris 2008, 13:50

digestp.dll vēl nav pagājis.

Vispirms:

Lejupielādēt Disable / Remove Windows Messenger uz Darbvirsma, lai novērstu Windows Messenger.

Nejauciet Windows Messenger ar MSN Messenger jo tie nav vienādi. Windows Messenger ir bieži cēlonis logus.

Atarhivējiet failu uz darbvirsmas. Open MessengerDisable.exe un izvēlies apakšējā kaste -- Atinstalēt Windows Messenger un noklikšķiniet uz Lietot.

Iziet no MessengerDisable tad izdzēst divus failus, kas tika likts uz darbvirsmas.

----------

Piezīme: Instrukcijas turpmāk tika izveidota speciāli šim lietotājam. Ja Jums nav šī lietotāja, DO NOT ievērojiet šos norādījumus, jo tie varētu kaitēt jūsu sistēmas darbības principus

Doties uz Start> Run un tips notepad.exe noklikšķiniet uz OK

Nokopējiet un ielīmējiet tālāk vērā Notepad un saglabāt kā fixme.reg līdz Jūsu Desktop

Kods:

REGEDIT4 [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \ Software \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ MSMSGS] [-- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Paziņot \ paubftzz]

Atrodiet fixme.reg uz darbvirsmas un veiciet uz tā dubultklikšķi. Atbilde Jā kad tiek piedāvāts apvienot ar reģistru.

Pārliecinieties, ka jūs man pateikt, ja saņemat panākumus ziņu par pieskaitot iepriekš, lai reģistrā. Ja Jums nav iegūt panākumus ziņu, tā nestrādāja.

Dzēst fixme.reg no darbvirsmas.

----------

Java ir novecojis.

Vecākas versijas ir ievainojamības, ka ļaunprātīgas vietnes var izmantot, lai inficēt jūsu sistēmā.

Vispirms instalēt jaunu Sun Java Runtime Environment

Noteikti aizvērt visus pārlūkprogrammas logus, pirms sākt uzstādīšanu.

Noņemt veco versiju (s)

Lejupielādēt JavaRa

Atarhivējiet failu un atvērt JavaRa.exe
Click Remove Older Versions
JavaRa meklēs un novērstu novecojušu versiju Java un novērstu, ka tiek atrasti.
Click Papildu uzdevumi
Vietu pārbaude blakus Noņemt Useless JRE Faili un noklikšķiniet uz Iet
Iziet JavaRa
Dzēst JavaRa failus no darbvirsmas

----------

Aizdomīgus failus skenēt

Lūdzu, dodieties uz VirSCAN.org FREE on-line skenēšanas pakalpojumu
(Ja vairāk nekā vienu failu vajadzībām skenētas tie jāveic atsevišķi un žurnāliem ievietojis katram vienam)

1. Nokopējiet un ielīmējiet turpmāk faila ceļu stāšanās Aizdomīgus failus skenēt rūtiņu lapas augšpusē.

Kods:

C: \ WINDOWS \ system32 \ CF23987.exe

2. Pie augšupielādēt vietnē, noklikšķiniet vienreiz iekšpusē logu blakus Pārlūkot.
3. Prese Ctrl + V uz tastatūras (uz abiem vienlaicīgi), lai ielīmētu faila ceļu stājas logā.
4. Noklikšķiniet uz Upload pogu.
Tas būs veikt skenēšanu vairākiem dažādu vīrusu skenēšanas dzinēji.
Jūsu fails, iespējams, jāieraksta rindā, kas parasti aizņem mazāk nekā minūti, skaidrs.
Svarīgi: Jāgaida visiem skanēšanas dzinēju lai to pabeigtu.
5. Kad skenēšana ir pabeigta ritiniet uz leju un noklikšķiniet uz Kopēt uz starpliktuvi pogu. Tas būs kopija saikne atskaiti starpliktuvē.
6. Paste no starpliktuves saturu nākamo atbildi.

----------

Pēc nosūtīšanas VirSCAN.org rezultātus.

Lejupielādēt ATF Apkopēja ar Atribune uz Jūsu rakstāmgalda.

Alternate download link

Piezīme: Vista lietotājiem jāizmanto Run As Administrator

Zem Galvena: Izvēlieties faili Dzēst izvēlas: Atlasīt visu.
Click Empty Selected pogu.
Ja izmantojat Firefox pārlūkprogrammā noklikšķiniet uz Firefox uz augšu un izvēlieties: Atlasīt visu
Click Empty Selected pogu.
Ja vēlaties, lai jūsu saglabātās paroles klikšķi Nē par ātru.
Ja Jūs lietojat Opera pārlūku noklikšķiniet uz Opera uz augšu un izvēlieties: Atlasīt visu
Click Empty Selected pogu.
Ja vēlaties, lai jūsu saglabātās paroles klikšķi Nē par ātru.
Click Iziet uz Main menu lai aizvērtu programmu.

Ņemiet vērā, ka sistēma darbosies lēnāk par reboot vai divas pēc tam izmanto šo rīku, lai nav panika.

Svarīgi: Restartēt datoru, pirms turpināt.

**redsowwer** · #8 16 oktobris 2008, 14:39

1. Panākumu Fixme.reg

2. Tad šeit ir 2 log failus gribēja mani nosūtīt

A. JavaRa 1,11 Removal Žurnāls.
Ziņojums seko pēc līniju.
------------------------------------
JavaRa noņemšanas process tika uzsākta 16 Pir Okt 17:23:09 2.008
Atrasts un noņemt: C: \ Windows \ System32 \ jpicpl32.cpl
Atrasts un noņemt: C: \ Windows \ Installer \ (7148F0A8-6.813-11D6-A77B-00B0D0142000)
Atrasts un noņemt: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1,4
Atrasts un noņemt: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstal l \ (7148F0A8-6.813-11D6-A77B-00B0D0142000)
Atrasts un noņemt: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA)
Atrasts un noņemt: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB)
Atrasts un noņemt: SOFTWARE \ Classes \ Installer \ Produkti \ 8A0F841731866D 117AB7000B0D410200
Atrasts un noņemt: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installe r \ lietotāju datu \ S-1-5-18 \ Produkti \ 8A0F841731866D117AB7000B0D410200
Atrasts un noņemt: SOFTWARE \ Classes \ JavaPlugin.142
Atrasts un noņemt: SOFTWARE \ JavaSoft \ Java Plug-in \ 1.4.2
Atrasts un noņemt: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1.4.2
Atrasts un noņemt: SOFTWARE \ JavaSoft \ Java Web Start \ 1.4.2
Atrasts un noņemt: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1
Atrasts un noņemt: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_02
Atrasts un noņemt: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_03
Atrasts un noņemt: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_04
Atrasts un noņemt: SOFTWARE \ JavaSoft \ Java Web Start \ 1,2
Atrasts un noņemt: SOFTWARE \ JavaSoft \ Java Web Start \ 1.2.0_01
------------------------------------
Gatavo ziņojumus.

JavaRa 1,11 Removal Žurnāls.
Ziņojums seko pēc līniju.
------------------------------------
JavaRa noņemšanas process tika uzsākta 16 Pir Okt 17:23:18 2.008
------------------------------------
Gatavo ziņojumus.

B. VirSCAN. Org Skenēts Ziņojums:
Skenēts time: 2008/10/16 17:27:59 (EDT)
Skenera rezultātiem: Visi Scanners ziņots atrast malware!
Faila nosaukums: CF23987.exe
File Size: 389.120 baits
Lietas tips PE32 izpildāmā for MS Windows (konsole) Intel 80.386 32-bit
MD5: b65faf059812f22a1058ecfcb520e47b
SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f
Online ziņojums: http://virscan.org/report/36cd3be0f2...66947033e.html
Scanner Engine Ver Sig Ver Sig Datums Laiks Scan rezultāts
kvadrāta 4.0.0.16 2008.10.15 2008-10-15 1,54 --
AhnLab V3 ... .. - 0.18 --
AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 --
Antiy 2.0.18 20081016,1488960 2008-10-16 0,12 --
Arcavir 1.0.5 200.810.161.244 2008/10/16 1.23 --
Authentium 5.1.1 200.810.150.216 2008/10/15 1,17 --
AVAST! 3.0.1 081.015-0 2008/10/15 0,72 --
AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 --
BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 --
CA (VET) 9.0.0.143 31.6.6151 2008-10-16 5,37 --
ClamAV 0,94 8435 2008 -10-17 0,13 --
Comodo 2,11 2.0.0.678 2008-10-16 0,44 --
CP Secure 1.1.0.715 2008.10.17 2008-10-17 6,26 --
Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3,41 --
Ewido 4.0.0.2 2008.10.16 2008-10-16 2,90 --
F-Prot 4.4.4.56 20081016 2008-10-16 1,19 --
F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 --
Fortinet 2,81-3,113 9,647 2008/10/15 0,23 --
GData 19.1058/19.65 20081016 2008-10-16 2,65 --
ViRobot 20081016 2008/10/16 2008/10/16 0,40 --
Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 --
JiangMin 11.0.706 2008.10.16 2008-10-16 1,26 --
Kaspersky 5.5.10 2008.10.16 2008-10-16 0,04 --
KingSoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 --
McAfee 5.3.00 5406 2008-10-15 2,13 --
Microsoft 1,4005 2008/10/16 2008/10/16 3,93 --
MKS_VIR 2,01 2008/10/16 2008/10/16 2.75 --
Norman 5.93.01 5.93.00 2008-10-16 5,21 --
Panda 9.05.01 2008.10.16 2008-10-16 2,28 --
Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 --
Quick Heal 9,50 2008/10/16 2008/10/16 1,99 --
Rising 20,0 20.66.32.00 2008-10-16 0,77 --
Sophos 2.79.0 4,34 2008-10-17 1,86 --
Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 --
Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 --
nProtect 2008-10-16.00 2247055 2008-10-16 4,22 --
Hacker 6.3.1.0 v00116 2008/10/16 0.45 --
VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 --
VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 --

**evilfantasy** · #9 16 oktobris 2008, 14:41

Download ComboFix by subs no vienas no saitēm. Pārliecinieties top saglabājiet to Desktop.

Link # 1
Link # 2

** Piezīme: Ir svarīgi, ka tā ir saglabāta tieši jūsu Desktop

Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc) pirms uzsākt ComboFix.

Laiku sakropļot jūsu antivīruss, Un jebkuru antispyware reāllaika aizsardzību pirms veic skenēšanu. Click šo saiti redzēt sarakstu drošības programmas, kas ir invalīdi un to, kā pārtraukt to darbību.

Dubultklikšķi combofix.exe un sekojiet norādījumiem.
Kad pabeigts ComboFix ražos log for you.
Post ComboFix log Jūsu nākamo atbildi.

Svarīgi: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt to apstāsies.

Atcerieties, ka jauna aktivizētu jūsu antivīrusu un antispyware aizsardzību, ja ComboFix ir pabeigta.

**redsowwer** · #10 16 oktobris 2008, 15:11

ComboFix 08-10-16.01 - Īpašnieka 2008-10-16 17:52:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00]
Sākot no: C: \ Documents and Settings \ Īpašnieks \ Desktop \ ComboFix.exe
* Izveido jaunu atjaunošanas punktu
.
((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ jestertb.dll
D: \ Autorun.inf
.
((((((((((((((((((((((((( Faili Created no 2008-09-16 līdz 2008/10/16 ))))))))))) ))))))))))))))))))))
.
2008/10/16 16:16. 2008/10/16 16:17 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ WinZip
2008/10/16 15:56. 2008/10/16 16:23 <DIR> d -------- C: \ rsit
2008/10/16 15:19. 2008/10/16 15:19 <DIR> d -------- C: \ _OTMoveIt
2008/10/16 14:07. 2008/10/16 14:07 <DIR> d -------- C: \ Program Files \ Panda Security
2008/10/16 14:07. 2008/06/19 17:24 28.544 - ------ C: \ WINDOWS \ system32 \ drivers \ pavboot.sys
2008/10/16 13:20. 2008/10/16 13:20 <DIR> d -------- C: \ VundoFix Backups
2008/10/16 12:26. 2008/10/16 12:26 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008/10/16 12:25. 2008/10/16 13:40 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008/10/16 12:25. 2008/10/16 12:25 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/10/16 12:25. 2008/10/16 12:25 <DIR> d -------- C: \ Documents and Settings \ Īpašnieks \ Application Data \ SUPERAntiSpyware.com
2008/10/16 11:08. 2008/10/16 11:08 <DIR> d -------- C: \ WINDOWS \ system32 \ N360_BACKUP
2008/10/16 10:48. 2008/10/16 10:48 <DIR> d ---- C --- C: \ WINDOWS \ system32 \ DRVSTORE
2008/10/16 10:47. 2008/10/16 10:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008/10/16 10:24. 2008/10/16 10:24 <DIR> d -------- C: \ Program Files \ Windows Sidebar
2008/10/16 10:24. 2008/10/16 11:44 <DIR> d -------- C: \ Program Files \ Norton 360
2008/10/16 10:22. 2008/10/16 11:04 123.952 - ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS
2008/10/16 10:22. 2008/10/16 11:04 60.800 - ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008/10/16 10:22. 2008/10/16 11:04 10.671 - ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.CAT
2008/10/16 10:22. 2008/10/16 11:04 805 - ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.INF
2008/10/16 10:16. 2008/09/08 06:41 333.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ srv.sys
2008/10/16 10:15. 2008/08/14 06:11 2.189.184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe
2008/10/16 10:15. 2008/08/14 06:09 2.145.280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlmp.exe
2008/10/16 10:15. 2008/08/14 05:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe
2008/10/16 10:15. 2008/08/14 05:33 2.023.936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrpamp.exe
2008/10/16 10:15. 2008/09/15 08:12 1.846.400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ win32k.sys
2008/10/16 10:09. 2008/10/16 10:10 <DIR> d -------- C: \ Documents and Settings \ Administrator \. Housecall6.6
2008/10/15 17:42. 2004/08/27 05:54 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS
2008/10/15 17:42. 2005/01/28 05:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SampleView
2008/10/15 17:42. 2005/01/28 05:26 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ McAfee
2008/10/15 17:42. 2008/10/15 17:42 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008/10/15 17:42. 2008/10/16 10:09 <DIR> d -------- C: \ Documents and Settings \ Administrator
2008/10/15 17:26. 2008/10/15 17:26 <DIR> d -------- C: \ Program Files \ NoNAV
2008/10/15 16:41. 2008/10/15 17:26 <DIR> d -------- C: \ SymNoNav
2008/10/15 16:22. 2008/10/15 17:27 <DIR> d -------- C: \ WINDOWS \ LMI42.tmp
2008/10/15 15:10. 2008/10/15 15:10 <DIR> d -------- C: \ Program Files \ Trend Micro
2008/10/11 13:05. 2008/10/11 12:33 102.664 - ------ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys
2008/10/11 12:33. 2008/10/15 15:21 <DIR> d -------- C: \ Documents and Settings \ Īpašnieks \. Housecall6.6
2008/10/11 12:25. 2008/10/11 12:25 <DIR> d -------- C: \ WINDOWS \ Sun
2008/10/11 12:00. 2008/10/11 12:01 <DIR> d -------- C: \ Program Files \ CCleaner
2008/10/11 11:38. 2008/10/11 11:38 <DIR> d -------- C: \ Program Files \ Malwarebytes "Anti-Malware
2008/10/11 11:38. 2008/10/11 11:38 <DIR> d -------- C: \ Documents and Settings \ Īpašnieks \ Application Data \ Malwarebytes
2008/10/11 11:38. 2008/10/11 11:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008/10/11 11:38. 2008/09/10 00:04 38.528 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008/10/11 11:38. 2008/09/10 00:03 17.200 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008/09/23 13:17. 2008/09/23 13:17 133 - ------ C: \ Documents and Settings \ All Users \ Application Data \ ustore.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/10/16 21:53 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared
2008/10/16 17:49 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008/10/16 15:08 --------- d ----- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ Symantec
2008/10/16 15:04 --------- d ----- w C: \ Program Files \ Symantec
2008/10/16 15:01 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008/09/24 12:36 --------- d ----- w C: \ Program Files \ Common Files \ Peach
2008/09/08 10:41 333.824 ---- aw C: \ WINDOWS \ system32 \ drivers \ srv.sys
2008/08/19 10:32 --------- d ----- w C: \ Program Files \ Microsoft Silverlight
2005/10/20 18:06 76-c ---- w C: \ Documents and Settings \ Īpašnieks \ Application Data \ wklnhst.dat
2005/05/27 00:43 0-csha-w C: \ WINDOWS \ SMINST \ HPCD.sys
2008/05/24 13:39 32.768-csha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ Vēsture \ History.IE5 \ MSHist012008052420080 525 \ index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
2004/08/04 15:00 105.984 - ------ c: \ windows \ system32 \ digestp.dll
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayExcluded]
@ = "(4433A54A-1AC8-432F-90FC-85F045CF383C)"
[HKEY_CLASSES_ROOT \ CLSID \ (4433A54A-1AC8-432F-90FC-85F045CF383C)]
2008/02/26 04:34 576.352 - ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayPending]
@ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)"
[HKEY_CLASSES_ROOT \ CLSID \ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)]
2008/02/26 04:34 576.352 - ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayProtected]
@ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)"
[HKEY_CLASSES_ROOT \ CLSID \ (476D0EA3-80F9-48B5-B70B-05E677C9C148)]
2008/02/26 04:34 576.352 - ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2008/04/13 15.360]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2008/05/28 1.506.544]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2005/01/28 98.304]
"Adobe Photo Downloader" = "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3,0 \ Apps \ apdproxy.exe" [2005/06/06 57.344]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2008/01/11 39.792]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008/04/19 185.896]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2008/02/18 51.048]
"osCheck" = "C: \ Program Files \ Norton 360 \ osCheck.exe" [2008/02/26 988.512]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Device Detector 3.lnk - C: \ Program Files \ Canon \ DeviceDetector \ DevDtct2.exe [2007/06/27 114.688]
Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe [2007/06/04 125.624]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [2000/01/21 65.588]
WinZip Quick Pick.lnk - C: \ Program Files \ WinZip \ WZQKPICK.EXE [2008/09/11 525.664]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008/05/13 77.824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon]
2007/04/19 13:41 294.912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \ paubftzz]
2004/08/04 15:00 105.984 C: \ WINDOWS \ system32 \ digestp.dll
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ BigFix.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ BigFix.lnk
backup = C: \ WINDOWS \ PSS \ BigFix.lnkCommon Startup
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Microsoft Office.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk
backup = C: \ WINDOWS \ PSS \ Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ ATIPTA]
- - c --- 2004/11/12 01:10 344.064 C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ ccApp]
- ------ 2008/02/18 15:37 51.048 C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ ctfmon.exe]
- ------ 2008/04/13 20:12 15.360 C: \ WINDOWS \ system32 \ ctfmon.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ InCD]
- ------ 2003/09/01 09:32 1.200.178 C: \ Program Files \ Ahead \ InCD \ InCD.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ NeroCheck]
- ------ 2001/07/09 15:50 155.648 C: \ WINDOWS \ system32 \ NeroCheck.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ NeroFilterCheck]
- ------ 2001/07/09 15:50 155.648 C: \ WINDOWS \ system32 \ NeroCheck.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Recguard]
- - c --- 2002/09/13 16:42 212.992 C: \ WINDOWS \ SMINST \ Recguard.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ RemoteControl]
- - c --- 2003/10/31 23:42 32.768 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ SunKistEM]
- - c --- 2004/11/15 19:04 135.168 C: \ Program Files \ Digital Media Reader \ shwiconEM.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ UpdateManager]
- - c --- 2003/08/19 01:01 110.592 C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ CHotkey]
- - c --- 2004/05/17 22:30 543.232 C: \ WINDOWS \ zHotkey.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ ShowWnd]
- - c --- 2003/09/19 13:09 36.864 C: \ WINDOWS \ ShowWnd.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ SoundMan]
- - c --- 2004/11/15 23:20 77.824 C: \ WINDOWS \ SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring]
"DisableMonitoring" = DWORD: 00000001
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = DWORD: 00000001
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = DWORD: 00000001
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
R0 pavboot; pavboot, C: \ WINDOWS \ system32 \ drivers \ pavboo t.sys [2008/06/19 28.544]
R0 shsizubv; shsizubv, C: \ WINDOWS \ system32 \ drivers \ shsi zubv.sys [2004/08/04 23.424]
S3 COH_Mon; COH_Mon, C: \ WINDOWS \ System32 \ Drivers \ COH_Mo n.sys [2008/07/30 23.888]
S3 VNUSB; VN Series Device, C: \ WINDOWS \ system32 \ drivers \ VNUSB.sys [2003/12/15 38.448]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs
qfbydciq
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8.557-11d9-be24-806d6172696f)]
\ Shell \ Autorun \ komandu - C: \ WINDOWS \ system32 \ RunDLL32.EXE shell32.dll, ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710.a-11d9-b301-806d6172696f)]
\ Shell \ Autorun \ komandu - C: \ WINDOWS \ system32 \ RunDLL32.EXE shell32.dll, ShellExec_RunDLL Info.exe folder.htt 480 480
* Jaunizveidoto Service * - COMHOST
* Jaunizveidoto Service * - PROCEXP90
.
Saturs "Scheduled Tasks" mape
2008/10/12 C: \ WINDOWS \ Uzdevumi \ Automatic Full Backup.job
- C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003/10/30 04:10]
2008/10/15 C: \ WINDOWS \ Uzdevumi \ Daily mainīts Files.job
- C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003/10/30 04:10]
2008/10/11 C: \ WINDOWS \ Uzdevumi \ PEACTREE WEEKLY ATPAKAĻ UP.job
- C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003/10/30 04:10]
.
- - - - Bāreņiem likvidētas - - - --
Toolbar-ID - (no file)

.
------- Papildu Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.emachines.com/
R0 -: HKCU-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q = (searchTerms) & sourceid = ie7 & RLS = com.micros bieži: en-US & ie = utf8 & oe = utf8
R1 -: HKCU-SearchURL (Default) = hxxp: / / www.google.com/search?q =% s
Ø8 -: E & ksportēt uz Microsoft Excel - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/10/16 17:54:24
Windows 5.1.2600 Service Pack 3 NTFS
skenēšana slēptās procesi ...
skenēšana slēptās palaišana ieraksti ...
skenēšana slēptos failus ...
scan sekmīgi pabeigta
slēptos failus: 0
************************************************** ************************
.
Izpildes laiks: 2008-10-16 17:56:31
ComboFix-karantīnā-files.txt 2008/10/16 21:56:27
Pre-Run: 142.914.838.528 bytes free
Post-Run: 142.911.078.400 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[operating systems]
C: \ Cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = optin / fastdetect
208 --- EOF --- 2008/10/16 15:20:49