|
| |||||||
| Registruotis | Svetainės spy | Narių sąrašas | Donate | Ieškoti | Šiandien Žinutės | Pažymėti forumus kaip skaitytus | Forumo taisyklės |
 |
 |
| | Temos įrankiai |
|
#1
Gegužė 23, 2009, 09:33
| |||
| |||
| "Windows Vista" neatnaujins I'm on draugų kompiuterį, Vista ir Windows nebus atnaujinta. Iki šiol turiu rasti ir pašalinti Internet Anti-Virus, Win32Adload.r ir video.exe. Jie taip pat turėjo, kad kuponas šnipinėjimo ir jų sūnus nuolat pakrovimo LimeWire. Aš pašalinti tiek (lol Limewire įdiegia save į 400 vietų, man teko eiti per kiekvieną katalogą ir failą atsikratyti to). Bet dar langus ne atnaujinti. Gaunu kodas 80072efd kurie sako, kad yra ugniasienė neleidžia langą atnaujinti. Aš negaliu rasti bet ugniasienės, išskyrus "Windows" ir turiu atrodė kas aplanko. Čia yra tris žurnalus, I can't find anything, kad aš praleidau ką nors? PASTABA: I can't open bet tris žurnalus. Gaunu negaliojančius failą iš svetainės. What's up su tuo? Ar aš per daug čia nuotraukos? leiskite pabandyti kopiją įterpti: SUPERAntiSpyware Scan Prisijungti http://www.superantispyware.com At 04:42 05/23/2009 Generated AM Prašymas Versija: 4.26.1002 Core Taisyklės Database Versija: 3.908 Sekti Taisyklės duomenų bazė Versija: 1.852 Scan Type: Complete Scan Iš viso nuskaitymo laikas: 03:45:40 Atminties elementai nuskaityta: 831 Atminties grėsmių detected: 0 Registro objektų nuskaitomi: 6407 Registras grėsmių detected: 0 Failo elementai nuskaityta: 326.608 Failo grėsmių aptikta: 78 Adware.Tracking Cookie C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ REALMEDIA [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ REALMEDIA [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman Ager [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre ES [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ REALMEDIA [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli CK [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio N [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@adopt.specificcli CK [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnservices.112.2 o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ REALMEDIA [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman Ager [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre ES [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ REALMEDIA [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli CK [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio N [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ Cookies \ shirley@adopt.specificcli CK [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley@msnservices.112.2 o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ REALMEDIA [2]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt Malwarebytes 'Anti-Malware 1,36 Duomenų bazės versija: 2150 Windows 6.0.6001 Service Pack 1 5/19/2009 8:40:58 mbam-log-2009-05-19 (08-40-58). Txt Scan Type: Quick Scan Objektai nuskaitomi: 71.524 Praėjo: 3 minute (s) 23 second (s) Atminties procesai Infected: 0 Atminties moduliai Infected: 0 Registro raktus Infected: 13 Vertybių registrą Infected: 0 Registro duomenų elementų Infected: 3 Katalogai Infected: 3 Infected files: 11 Atminties procesai Infected: (Nr. kenksminga daiktų aptikti) Atminties moduliai Infected: (Nr. kenksminga daiktų aptikti) Registro raktus Infected: HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> Karantinas ir sėkmingai ištrintas. HKEY_CLASSES_ROOT \ CLSID \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> Karantinas ir sėkmingai ištrintas. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> Karantinas ir sėkmingai ištrintas. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> Karantinas ir sėkmingai ištrintas. HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> Karantinas ir sėkmingai ištrintas. HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> Karantinas ir sėkmingai ištrintas. HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> Karantinas ir sėkmingai ištrintas. HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> Karantinas ir sėkmingai ištrintas. HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> Karantinas ir sėkmingai ištrintas. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> Karantinas ir sėkmingai ištrintas. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> Karantinas ir sėkmingai ištrintas. HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> Karantinas ir sėkmingai ištrintas. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet Antivirus pro_is1 (Rogue.InternetAntivirus) -> Karantinas ir sėkmingai ištrintas. Vertybių registrą Infected: (Nr. kenksminga daiktų aptikti) Registro duomenų elementų Infected: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Gera: (0) -> Karantinas ir sėkmingai ištrintas. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Gera: (0) -> Karantinas ir sėkmingai ištrintas. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Gera: (0) -> Karantinas ir sėkmingai ištrintas. Katalogai Infected: C: \ Windows \ System32 \ 199638 (Trojan.FakeAlert) -> Karantinas ir sėkmingai ištrintas. C: \ Program Files \ websrvx (Trojan.Downloader) -> Karantinas ir sėkmingai ištrintas. C: \ Windows \ System32 \ 796525 (Trojan.BHO) -> Karantinas ir sėkmingai ištrintas. Failai Infected: C: \ Windows \ System32 \ 199.638 \ 199638.dll (Trojan.FakeAlert) -> Karantinas ir sėkmingai ištrintas. C: \ Windows \ System32 \ 796.525 \ 796525.dll (Trojan.BHO) -> Karantinas ir sėkmingai ištrintas. C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> Karantinas ir sėkmingai ištrintas. C: \ Program Files \ Common Files \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> Karantinas ir sėkmingai ištrintas. C: \ Windows \ msmark2.dat (Worm.KoobFace) -> Karantinas ir sėkmingai ištrintas. C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> Karantinas ir sėkmingai ištrintas. C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> Karantinas ir sėkmingai ištrintas. C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> Karantinas ir sėkmingai ištrintas. C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Karantinas ir sėkmingai ištrintas. C: \ Windows \ f5087.dat (Worm.KoobFace) -> Karantinas ir sėkmingai ištrintas. C: \ Windows \ f23567.dat (Worm.KoobFace) -> Karantinas ir sėkmingai ištrintas. (anksčiau buvo pirmasis žurnalas, žemiau dabartinio) Malwarebytes 'Anti-Malware 1,36 Duomenų bazės versija: 2150 Windows 6.0.6001 Service Pack 1 5/23/2009 9:03:23 mbam-log-2009-05-23 (09-03-23). Txt Scan Type: Quick Scan Objektai nuskaitomi: 70.234 Praėjęs laikas: 2 minutės (-ai), 28 second (s) Atminties procesai Infected: 0 Atminties moduliai Infected: 0 Registro raktus Infected: 0 Vertybių registrą Infected: 0 Registro duomenų elementų Infected: 0 Katalogai Infected: 0 Failai Infected: 0 Atminties procesai Infected: (Nr. kenksminga daiktų aptikti) Atminties moduliai Infected: (Nr. kenksminga daiktų aptikti) Registro raktus Infected: (Nr. kenksminga daiktų aptikti) Vertybių registrą Infected: (Nr. kenksminga daiktų aptikti) Registro duomenų elementų Infected: (Nr. kenksminga daiktų aptikti) Katalogai Infected: (Nr. kenksminga daiktų aptikti) Failai Infected: (Nr. kenksminga daiktų aptikti) Logfile Trend Micro HijackThis v2.0.2 Skaitymo išsaugotas 9:09:09 dėl 5/23/2009 Platforma: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Veikia procesus: C: \ Windows \ system32 \ Dwm.exe C: \ Windows \ system32 \ taskeng.exe C: \ Windows \ explorer.exe C: \ Program Files \ Windows Media Player \ wmpnscfg.exe C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ Windows \ RtHDVCpl.exe C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ BkupTray.exe C: \ Acer \ Empowering Technology \ SysMonitor.exe C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe C: \ Windows \ System32 \ nvraidservice.exe C: \ Program Files \ Lexmark 4.300 serija \ lxcemon.exe C: \ Program Files \ Lexmark 4.300 serija \ ezprint.exe C: \ Program Files \ Common Files \ "ArcSoft \ ryšio paslaugą \ bin \ ACDaemon.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe C: \ Windows \ System32 \ rundll32.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe C: \ Windows \ eHoMe \ ehtray.exe C: \ Program Files \ OLYMPUS \ Olympus Master 2 \ MMonitor.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Program Files \ Eraser \ Eraser.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe C: \ Windows \ system32 \ wbem \ unsecapp.exe C: \ Acer \ Empowering Technology \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E C: \ Acer \ Empowering Technology \ eRecovery \ ERAGENT.EXE C: \ Windows \ eHoMe \ ehmsas.exe C: \ Users \ Shirley \ Desktop \ HiJackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyServer = http = localhost: 7171 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = O1 - Hosts::: 1 localhost O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file) O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: (no name) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (no file) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll O2 - BHO: (no name) - (83A2F9B1-01A2-87D1-4AA5-45B6B8505E96) - (no file) O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll O2 - BHO: Google Dictionary Compression sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Program Files \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ BkupTray.exe" O4 - HKLM \ .. \ Run: [Acer Empowering Technology Monitor] C: \ Acer \ Empowering Technology \ SysMonitor.exe O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe O4 - HKLM \ .. \ Run: [Acer Registracija] "C: \ Program Files \ Acer Registracijos \ ACE1.exe" / startup O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ spool \ drivers \ W32x86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4.300 serija \ lxcemon.exe" O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4.300 serija \ ezprint.exe" O4 - HKLM \ .. \ Run: [ "ArcSoft ryšio paslaugą] C: \ Program Files \ Common Files \" ArcSoft \ ryšio paslaugą \ bin \ ACDaemon.exe O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ eHoMe \ ehTray.exe O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Program Files \ OLYMPUS \ Olympus Master 2 \ MMonitor.exe" O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - HKCU \ .. \ Run: [Eraser] C: \ Program Files \ Eraser \ Eraser.exe-hide O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Empowering Technology Launcher.lnk =? O4 - Global Startup: Kodak EasyShare software.lnk = C: \ Program Files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll O9 - Extra 'Tools' MENUITEM: S & end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ REFIEBAR.DLL O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O13 - Gopher Prefix: O16 - DPF: (3860DD98-0549-4D50-AA72-5D17D200EE10) -- O18 - Filter: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Program Files \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: "ArcSoft Connect Daemon (ACDaemon) -" ArcSoft Inc - C: \ Program Files \ Common Files \ "ArcSoft \ ryšio paslaugą \ bin \ ACService.exe O23 - Service: ePerformance tarnybos (AcerMemUsageCheckService) - Unknown owner - C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 kontrolės tarnybos (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NEWTECH Infosystems, Inc - C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe O23 - Service: eRecovery tarnybos (eRecoveryService) - Acer Inc - C: \ Acer \ Empowering Technology \ eRecovery \ eRecoveryService.exe O23 - Service: eSettings tarnybos (eSettingsService) - Unknown owner - C: \ Acer \ Empowering Technology \ eSettings \ Service \ capuserv.exe O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NEWTECH InfoSystems, Inc - C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Saugesnis Networking Ltd - C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe -- End of file - 9.919 baitų |
|
#2
Gegužė 23, 2009, 23:45
| ||||||||||||
| ||||||||||||
| "Windows Vista" neatnaujins Hi Bubba .... Mums reikia išjungti savo TeaTimer, nes tai gali trukdyti nustato, kad turime padaryti. 1) Paleiskite programą Spybot-S & D 2) Pereiti prie režimo meniu, ir įsitikinkite, kad "Advanced Mode" yra pasirinktas 3) kairėje pusėje pasirinkite Tools -> Resident 4) Nuimkite "Resident TeaTimer" ir OK bet verčia 5) Paleiskite kompiuterį. Atsisiųsti ResetTeaTimer.bat dešiniuoju pelės klavišu ant nuorodos ir pasirinkti Save As. * Išsaugokite jį darbalaukyje. * Du kartus spustelėkite ResetTeaTimer.zip * Du kartus spustelėkite ResetTeaTimer.bat ir spustelėkite Vykdyti, kad pašalinti visus įrašus nustatytą TeaTimer. Po to visi pataisymai yra pilnas labai svarbu, kad jums leistų TeaTimer vėl, aš jus, kai ji yra saugu. Arbatos Laikmatis Susipažinkite galima rasti čia -> http://russelltexas.com/malware/teatimer.htm ==========================================\u0 Atsisiųskite ir nuskaityti su ComboFix.exe. Apsilankykite šiame Atsisiųsti Nuorodos tinklalapį, ir instrukcijas eksploatuoti priemonė: http://www.bleepingcomputer.com/comb...o-use-combofix Užtikrinti turite neįgaliesiems visi antivirusinę ir kovos kenkėjiškų programų, įskaitant winpatrol kad jie netrukdytų su ComboFix veikia. Prašome įtraukti C: \ ComboFix.txt Jūsų kitą Atsakyti papildoma peržiūra. ==========================================\u0 Pereiti į Start meniu > Rinktis Bėgti ir copy / paste taip į Run laukelį ir spustelėkite Gerai: C: \ Qoobox \ Pridėti arba šalinti Programs.txt Tekstinis failas, turėtų būti atvira. Prašome įvesti, kad kitas jūsų atsakymo failo turinį.
__________________
__________________
Didžiuotis narys ASAP & UNITE Mano sistema: Steves Rig
|
|
#3
Gegužė 24, 2009, 02:33
| |||
| |||
| "Windows Vista" neatnaujins Keletas dalykų, kol aš po Įrašai: 1. Be Arbata laikmatis pamoka jums susietas, tai pasakė taip pat išjungti gyventojas SDHelper tai aš. 2. ComboFix nesielgė iki regisdtry ekrane atgal, jeigu jis yra greitas ekrano ir Aš praleidau jį žiūrėdami mano kompiuterio (prisiminkite šį yra draugai). Jis ne atsijungti nuo interneto, nei aš pastebėti keisti laiko. Abi piktogramas buvo matomas, o combo nustatyti buvo pradėtas. Ar tai problema? Taip pat, paleidus Combofix, tapetai buvo iškreipta, taigi aš paleistas. Kai computerstarted atsargines kopijas, tapetai buvo perregistruotas, Firefox nebėra numatytoji naršyklė ir pranešimą popped up, kad IE pagrindinis puslapis buvo pakeistas į "MSN (manau). Ar tai normalu? Be to, Winpatrol pažymėjo, kad nauja paslauga buvo pridėta: appmgmts.dll. 3. Kas žinotina reagavo į tai, aš atsikratyti "Google" įrankių juostą. Keletas HJT įrašų atrodė keista. Iš 018 Pavyzdžiui, jis buvo vadinamas x-sdCH vietoj x SDHC .......... Be to lol, I hate įrankių juostas ir jie visada gali pridėti jį grąžinti, jei jie to nori. Nepaisant to, kad pasikeitė HJT žurnalas. Aš taip pat atsikratė 2-02's, jog neturėjo jokių failų susijusių su jais. 4. Ką mes ieškome į Combofix? LOL aš pradėjau parsisiųsti ir paleisti jį prieš aš Posted šio pokalbio, bet nusprendė, aš tiesiog žinau žinau pakankamai dar bėdų su ja. Ir be jokių papildomų ADO: ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Veikia nuo: C: \ Users \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy * neįgaliesiems * (Pasenusios) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware * neįgaliesiems * (Atnaujinta) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: "Windows Defender * * įjungti (Atnaujinta) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( Failus, sukurtus nuo 2009/04/24 iki 2009/05/24 ))))))))))) )))))))))))))))))))) . 2009-05-22 23:57. 2009-05-24 08:40 117760 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. Ru \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-05-22 23:56. 2009-05-22 23:56 -------- ----- WC d: \ Programdata \ SUPERAntiSpyware.com 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- WC: \ Program Files \ SUPERAntiSpyware 2009-05-22 23:52. 2009-05-22 23:52 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. Ru 2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- WC: \ Program Files \ Common Files \ Wise Installation Wizard 2009-05-22 15:06. 2009-02-05 20:06 51376 ---- AW C: \ Windows \ system32 \ drivers \ aswTdi.sys 2009-05-22 15:06. 2009-02-05 20:06 23152 ---- AW C: \ Windows \ system32 \ drivers \ aswRdr.sys 2009-05-22 15:06. 2009-02-05 20:07 114768 ---- AW C: \ Windows \ system32 \ drivers \ aswSP.sys 2009-05-22 15:06. 2009-02-05 20:07 20560 ---- AW C: \ Windows \ system32 \ drivers \ aswFsBlk.sys 2009-05-22 15:06. 2009-02-05 20:04 97480 ---- AW C: \ Windows \ system32 \ AvastSS.scr 2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- AW C: \ Windows \ system32 \ aswBoot.exe 2009-05-22 15:06. 2009-02-05 20:06 51792 ---- AW C: \ Windows \ system32 \ drivers \ aswMonFlt.sys 2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- WC: \ Program Files \ Alwil Software 2009-05-22 04:38. 2009-05-22 04:38 738120 AW ---- C: \ Programdata \ Microsoft \ eHome \ programos \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll 2009-05-20 12:43. 2008-06-20 01:14 97800 ---- AW C: \ Windows \ system32 \ infocardapi.dll 2009-05-20 12:43. 2008-06-20 01:14 105016 ---- AW C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 11264 ---- AW C: \ Windows \ system32 \ icardres.dll 2009-05-20 12:43. 2008-06-20 01:14 622080 ---- AW C: \ Windows \ system32 \ icardagt.exe 2009-05-20 12:43. 2008-06-20 01:14 43544 ---- AW C: \ Windows \ system32 \ PresentationHostProxy.dll 2009-05-20 12:43. 2008-06-20 01:14 781344 ---- AW C: \ Windows \ system32 \ PresentationNative_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 326160 ---- AW C: \ Windows \ system32 \ PresentationHost.exe 2009-05-20 12:33. 2008-07-27 18:03 96760 ---- AW C: \ Windows \ system32 \ dfshim.dll 2009-05-20 12:33. 2008-07-27 18:03 282112 ---- AW C: \ Windows \ system32 \ failo Mscoree.dll 2009-05-20 12:33. 2008-07-27 18:03 41984 ---- AW C: \ Windows \ system32 \ netfxperf.dll 2009-05-20 12:32. 2008-07-27 18:03 158720 ---- AW C: \ Windows \ system32 \ mscorier.dll 2009-05-20 12:32. 2008-07-27 18:03 83968 ---- AW C: \ Windows \ system32 \ mscories.dll 2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- WC: \ Program Files \ Microsoft Silverlight 2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- WC: \ Program Files \ Windows Live "saugos centras 2009-05-19 23:20. 2009-05-19 23:20 -------- ----- WC d: \ Users \ Shirley \ AppData \ Local \ Acer DV Magician 2009-05-19 23:10. 2009-05-19 23:10 -------- ----- WC d: \ Windows \ Sek 2009-05-19 20:40. 2009-05-19 20:40 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-19 20:40. 2009-05-19 11:41 38200 ---- AW C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe 2009-05-19 18:24. 2009-05-24 08:38 -------- ----- WC d: \ Users \ Shirley \ AppData \ Local \ Eraser 2009-05-19 18:24. 2009-05-19 18:24 -------- D - h - WC: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009-05-19 18:24. 2009-05-19 18:24 -------- ----- WC d: \ Program Files \ Eraser 2009-05-19 17:20. 2009-05-19 17:20 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ eSobi 2009-05-19 17:11. 2008-07-10 06:32 538 ---- AW C: \ Windows \ system32 \ RegRaidSedona.bat 2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- WC: \ Program Files \ Spybot - Search & Destroy 2009-05-19 14:04. 2009-05-19 14:05 -------- ----- WC d: \ Programdata \ Spybot - Search & Destroy 2009-05-19 13:01. 2009-05-19 13:01 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol 2009-05-19 13:01. 2006-09-18 21:43 10 ---- AW C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. SYS 2009-05-19 13:01. 2006-09-18 21:43 24 ---- AW C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009-05-19 13:01. 2009-05-19 13:01 -------- ----- WC d: \ Program Files \ BillP Studios 2009-05-19 12:26. 2009-05-19 12:26 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes 2009-05-19 12:26. 2009-04-06 19:32 15504 ---- AW C: \ Windows \ system32 \ drivers \ mbam.sys 2009-05-19 12:26. 2009-04-06 19:32 38496 ---- AW C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys 2009-05-19 12:26. 2009-05-19 13:22 -------- ----- WC d: \ Program Files \ Malwarebytes 'Anti-Malware 2009-05-19 12:26. 2009-05-19 12:26 -------- ----- WC d: \ Programdata \ Malwarebytes 2009-05-19 11:53. 2009-05-19 11:53 0 ---- o C: \ Windows \ nsreg.dat 2009-05-19 11:53. 2009-05-19 11:53 -------- ----- WC d: \ Users \ Shirley \ AppData \ Local \ Mozilla 2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- WC: \ Program Files \ Common Files \ Adobe AIR " 2009-05-19 11:38. 2009-05-19 12:45 -------- ----- WC d: \ Programdata \ NOS 2009-05-19 11:29. 2009-05-19 11:29 -------- ----- WC d: \ Users \ Shirley \ AppData \ Local \ Septyni Zip 2009-05-19 10:41. 2009-03-19 20:32 23400 ---- AW C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys 2009-05-19 10:41. 2008-04-17 16:12 107368 ---- AW C: \ Windows \ system32 \ GEARAspi.dll 2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- WC: \ Program Files \ iPod 2009-05-19 10:41. 2009-05-19 10:41 -------- ----- WC d: \ Programdata \ (8CD7F5AF-ECFA-4793-bf40-D8F42DBFF906) 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- WC: \ Program Files \ iTunes 2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- WC: \ Program Files \ QuickTime 2009-05-19 10:34. 2009-05-19 10:34 75048 ---- AW C: \ Programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- WC: \ Program Files \ Bonjour 2009-05-19 10:33. 2009-05-19 10:33 416128 AW ---- C: \ Programdata \ Microsoft \ eHome \ programos \ NetTV \ brow se \ NetTVResources.dll 2009-05-19 10:29. 2009-05-19 10:29 410984 ---- AW C: \ Windows \ system32 \ deploytk.dll 2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - WC: \ Windows \ ms49f4d98.dat 2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- AW C: \ Programdata \ Microsoft \ Windows Defender \ Apibrėžimas Atnaujinimai \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 08:39. 2009-02-17 13:54 602 ---- AW C: \ Programdata \ "ArcSoft \ Kodak-printcreations-22-080812-OEM \ acforall.dll 2009-05-24 04:22. 2008-09-12 01:46 -------- ----- WC d: \ Program Files \ Google 2009-05-20 11:55. 2008-09-11 17:01 104472 AW ---- C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009-05-20 11:51. 2008-02-05 19:30 -------- ----- WC d: \ Programdata \ Microsoft Pagalba 2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- WC: \ Program Files \ Microsoft Works 2009-05-20 03:54. 2008-09-12 14:01 -------- ----- WC d: \ Program Files \ Lx_cats 2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- WC: \ Program Files \ Common Files \ Adobe 2009-05-19 23:28. 2008-02-05 19:26 -------- D - h - WC: \ Program Files \ InstallShield įrengimas Informacija 2009-05-19 23:27. 2008-02-05 19:49 -------- ----- WC d: \ Program Files \ Acer Arcade Live 2009-05-19 23:20. 2008-09-15 23:24 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ CyberLink 2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- WC: \ Program Files \ Common Files \ SureThing Bendri 2009-05-19 21:04. 2008-09-12 14:09 1664 ---- o C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009-05-19 17:29. 2009-03-04 15:55 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ Sony 2009-05-19 17:20. 2008-02-05 19:22 -------- ----- WC d: \ Programdata \ NVIDIA 2009-05-19 16:54. 2008-02-05 18:03 36864 ---- AW C: \ Windows \ system32 \ nvcod100.dll 2009-05-19 16:54. 2007-10-25 11:02 147456 ---- AW C: \ Windows \ system32 \ nvcolor.exe 2009-05-19 16:13. 2008-09-12 01:47 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ LimeWire 2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- WC: \ Program Files \ Yahoo! 2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- WC: \ Program Files \ Java 2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- WC: \ Program Files \ Common Files \ Apple 2009-05-19 10:38. 2008-09-13 03:15 -------- ----- WC d: \ Programdata \ "Apple Computer 2009-05-11 12:10. 2009-05-11 12:10 78260 ---- AW C: \ Programdata \ SPL23D4.tmp 2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- WC: \ Program Files \ Windows Mail 2009-04-02 22:13. 2009-04-02 22:13 702127 AW ---- C: \ Programdata \ SPLFB91.tmp 2009-03-19 20:32. 2009-03-19 20:32 23400 ---- AW C: \ Programdata \ (8CD7F5AF-ECFA-4793-bf40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009-03-17 03:38. 2009-04-17 05:22 13824 ---- AW C: \ Windows \ system32 \ apilogen.dll 2009-03-17 03:38. 2009-04-17 05:22 24064 ---- AW C: \ Windows \ system32 \ amxread.dll 2009-03-08 11:34. 2009-05-20 03:47 914944 AW ---- C: \ Windows \ system32 \ wininet.dll 2009-03-08 11:34. 2009-05-20 03:47 43008 ---- AW C: \ Windows \ system32 \ licmgr10.dll 2009-03-08 11:33. 2009-05-20 03:47 18944 ---- AW C: \ Windows \ system32 \ corpol.dll 2009-03-08 11:33. 2009-05-20 03:47 109056 ---- AW C: \ Windows \ system32 \ iesysprep.dll 2009-03-08 11:33. 2009-05-20 03:47 109568 ---- AW C: \ Windows \ system32 \ PDMSetup.exe 2009-03-08 11:33. 2009-05-20 03:47 107520 ---- AW C: \ Windows \ system32 \ RegisterIEPKEYs.exe 2009-03-08 11:33. 2009-05-20 03:47 103936 ---- AW C: \ Windows \ system32 \ SetDepNx.exe 2009-03-08 11:33. 2009-05-20 03:47 132608 ---- AW C: \ Windows \ system32 \ ieUnatt.exe 2009-03-08 11:33. 2009-05-20 03:47 107008 ---- AW C: \ Windows \ system32 \ SetIEInstalledDate.exe 2009-03-08 11:33. 2009-05-20 03:47 420352 AW ---- C: \ Windows \ system32 \ vbscript.dll 2009-03-08 11:32. 2009-05-20 03:47 72704 ---- AW C: \ Windows \ system32 \ admparse.dll 2009-03-08 11:32. 2009-05-20 03:47 71680 ---- AW C: \ Windows \ system32 \ iesetup.dll 2009-03-08 11:32. 2009-05-20 03:47 66560 ---- AW C: \ Windows \ system32 \ wextract.exe 2009-03-08 11:32. 2009-05-20 03:47 169472 ---- AW C: \ Windows \ system32 \ iexpress.exe 2009-03-08 11:31. 2009-05-20 03:47 34816 ---- AW C: \ Windows \ system32 \ imgutil.dll 2009-03-08 11:31. 2009-05-20 03:47 48128 ---- AW C: \ Windows \ system32 \ mshtmler.dll 2009-03-08 11:31. 2009-05-20 03:47 45568 ---- AW C: \ Windows \ system32 \ Mshta.exe 2009-03-08 11:22. 2009-05-20 03:47 156160 ---- AW C: \ Windows \ system32 \ msls31.dll 2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- AW C: \ Windows \ system32 \ Ntkrnlpa.exe 2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- AW C: \ Windows \ System32 \ Ntoskrnl.exe 2009-03-03 04:39. 2009-04-17 05:22 183296 ---- AW C: \ Windows \ system32 \ sdohlp.dll 2009-03-03 04:39. 2009-04-17 05:22 551424 ---- AW C: \ Windows \ system32 \ Rpcss.dll 2009-03-03 04:39. 2009-04-17 05:22 26112 ---- AW C: \ Windows \ system32 \ printfilterpipelineprxy.dll 2009-03-03 04:37. 2009-04-17 05:22 98304 ---- AW C: \ Windows \ system32 \ iasrecst.dll 2009-03-03 04:37. 2009-04-17 05:22 54784 ---- AW C: \ Windows \ system32 \ iasads.dll 2009-03-03 04:37. 2009-04-17 05:22 44032 ---- AW C: \ Windows \ system32 \ iasdatastore.dll 2009-03-03 03:04. 2009-04-17 05:22 666624 ---- AW C: \ Windows \ system32 \ printfilterpipelinesvc.exe 2009-03-03 02:38. 2009-04-17 05:22 17408 ---- AW C: \ Windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "C: \ Windows \ eHoMe \ ehTray.exe" [2008-01-21 125952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ Olympus Master 2 \ MMonitor.exe" [2008-11-07 95536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240] "Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "BkupTray" = "C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552] "Acer Empowering Technology Monitor" = "C: \ Acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784] "Acer Produkto registravimas" = "C: \ Program Files \ Acer Registracijos \ ACE1.exe" [2007-10-15 3387392] "NVRaidService" = "C: \ Windows \ system32 \ nvraidservice. Exe [2008-11-12 203296] "LXCECATS" = "C: \ Windows \ system32 \ spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4.300 serija \ lxcemon.exe" [2007-05-17 205744] "EzPrint" = "C: \ Program Files \ Lexmark 4.300 serija \ ezprint.exe" [2007-05-17 103344] "" ArcSoft ryšio paslaugą "=" C: \ Program Files \ Common Files \ "ArcSoft \ ryšio paslaugą \ bin \ ACDaemon.exe" [2009-04-29 188728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696] "WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2009-01-16 13683232] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704] "Avast!" = "C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. Exe" [2009-02-05 81000] "RtHDVCpl" = "RtHDVCpl.exe" - C: \ Windows \ RtHDVCpl.exe [2007-10-11 4702208] C: \ Programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ Empowering Technology Launcher.lnk - C: \ Acer \ Empowering Technology \ eAPLauncher.exe [2008-2-5 535336] Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe [2008-10-30 282624] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Policies \ System] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] (5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "=" C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL "[2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-12-22 16:05 356352 AW ---- C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ safeboot \ Minimal \ WinDefend] @ = "Paslaugos" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ FirewallRules] (2E9A4533-1359-46B6-B326-2B899D73FD10) "= UDP: C: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote (ADE9CF49-7A0E-4076-9B85-7648EC5E7736) "= TCP: C: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote (6299EEE5-1856-4B10-9916-798B1C1AEF89) "= UDP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe (F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5) "= UDP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe (D430641B-178B-4C39-B53C-F6B3221DB01A) "= TCP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe (948000F3-8719-4206-B4C5-6506B663184F) "= TCP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe (8BCD640B-594A-465F-8A9E-E5A6C07DC081) "= UDP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe (7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A) "= TCP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe (CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B) "= UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark ryšio sistemos (61DAEE1D-D19E-4F1A-B41E-603246AF524C) "= TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark ryšio sistemos (EB8798E6-4DDA-358B-A219-21BBC5D3C79A) "= UDP: C: \ Windows \ System32 \ spool \ drivers \ W32x86 \ 3 \ lxc epswx.exe: Spausdintuvas Statusas langas (C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0) "= TCP: C: \ Windows \ System32 \ spool \ drivers \ W32x86 \ 3 \ lxc epswx.exe: Spausdintuvas Statusas langas "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = "c: \ program files \ Acer Arcade Live \ Acer Arcade Live titulinis \ Acer Arcade Live.exe: Acer Arcade Live (7A37205C-E643-4464-8C27-FAFCC859102D) "= UDP: C: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote (1DF156D1-94E3-4B3D-A91E-724DFC89819E) "= TCP: C: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote (B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D) "= UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour (D7D156E3-7B84-41F2-9FD8-CF9860453F65) "= TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour (F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB) "= UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes (F6A110DE-6630-4823-B892-60950EB9ED71) "= TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes (8640BFAB-1B85-48CC-95D5-9AABB44E4D95) "= UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol (6CC4A3BE-8F00-4983-B199-3050D54509B8) "= TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol (1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F) "= UDP: C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware (DDDCF108-71DF-48CD-AD53-71D17C3F2C5C) "= TCP: C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware (F98C3B13-2099-40EC-B504-2445C9C5B1B0) "= UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy (3DB81CCD-4E96-40B3-8CA9-0089C89C294B) "= TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy (918FE1A4-6957-4640-97D9-C85BED212614) "= UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Atnaujinti Spybot-S & D (877DB07F-9298-486A-BB5B-930AF3A683AA) "= TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Atnaujinti Spybot-S & D (5A664831-D250-4805-BB75-32612C9742F8) "= UDP: C: \ Windows \ eHoMe \ ehshell.exe: Windows Media Center (2A157C0E-5966-4B7E-8D49-178D75EA6009) "= TCP: C: \ Windows \ eHoMe \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP; Avast! Savigynai; c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 114.768] R1 FAMv4; FAMv4; c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 132.120] R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 9.968] R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 72.944] R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 20.560] R2 aswMonFlt; aswMonFlt; c: \ windows \ system32 \ drivers \ kaip wMonFlt.sys [5/22/2009 11:06 51.792] R2 BUNAgentSvc; NTI Backup Now 5 agento paslaugos; C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 21.752] R2 NTIBackupSvc; NTI Backup Now 5 Backup Service, C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 54.520] R2 NTISchedulerSvc; NTI Backup Now 5 grafikas Paslaugos, C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 136.440] R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 1.153.368] R3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 7.408] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)] "C: \ Windows \ System32 \ rundll32.exe" "C: \ Windows \ System32 \ iedkcs32.dll" BrandIEActiveSe Baba REGISTRUOKIS . - - - - Orphans nuimti - - - -- Safeboot-procexp90.Sys . ------- Papildomos Scan ------- . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet Nustatymai, ProxyOverride = <local>, *. vietos uInternet Parametrai ProxyServer = http = localhost: 7171 IE: E & Eksportuoti į "Microsoft Excel - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000 Patikimas Zona: microsoft.com \ update Patikimas Zona: microsoft.com \ WindowsUpdate FF - ProfilePath - C: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net Rootkit scan 2009-05-24 04:54 Windows 6.0.6001 Service Pack 1 NTFS skenavimo paslėptus procesus ... skenavimo paslėptas autostart entries ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ drivers \ W32x86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? skenavimo paslėptus failus ... skenavimas baigtas sėkmingai paslėptus failus: 0 ************************************************** ************************ . --------------------- LOCKED registro raktus --------------------- [HKEY_LOCAL_MACHINE \ SYSTEM \ controlset001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Uždrausta: () (vartotojai) @ Uždrausta: () (Visi) Leidžiami @: (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = dword: 00000000 . Atlikimo laikas: 2009-05-24 4:55 ComboFix-karantine-files.txt 2009-05-24 08:55 Pre-Rida: 173.756.547.072 baitų nemokamai Post-Rida: 173.859.581.952 baitų nemokamai 269 --- EOF --- 2009-05-17 10:04 Pridėti arba šalinti programas Microsoft Office Bendri MUI (anglų) 2007 Microsoft Office Bendri parametrai Duomenys MUI (anglų) 2007 Microsoft Office Word MUI (anglų) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 Speakerphone Modem Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser SDK ir Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Now 5 NTI Backup Now Standartinis NTI Media Maker 8 KOVOS Open File Manager (pašalinti tik) NVidia OfotoXMI OLYMPUS Master 2 Olympus muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Naujinimas, skirtas "Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition patarimus Turbo Pizza Naujinimas skirtas "Microsoft Office System 2007 (KB967642) Naujinimas skirtas "Microsoft Office 2007" žinynas ir bendrų bruožų (KB963673) Naujinimas skirtas "Microsoft Office Excel 2007" žinynas (KB963678) Naujinimas skirtas "Microsoft Office OneNote 2007" žinynas (KB963670) Naujinimas skirtas "Microsoft Office PowerPoint 2007" žinynas (KB963669) Naujinimas skirtas "Microsoft Office Script Editor Help (KB963671) Naujinimas skirtas "Microsoft Office Word 2007" žinynas (KB963665) VPRINTOL "Windows Live OneCare saugos skaitytuvas WinPatrol 2.009 WIRELESS Zuma Deluxe EDIT: dar trys klausimai: "Aš pastebėjau, Limewire DLL, mes galime žudyti, kad? Nors LTI yra teisėtas programą, ar reikia? Manau, kad tai buvo siejama su šiuo kvailas kompiuteris Acer (man jie apkrova šių dalykų iki junk) ir atleistus iš pastatyta Microsoft programa. LT Katės, yra pastatytas šnipinėjimo iš lprinter gamintojas, Lenmark. Maniau, kad aš tai susiję dalys iš bet nebuvo tikras, kiek daug kirvis be išjungti spausdintuvą. Ar daugiau eiti ar tai, kas liko gerai? |
|
#4
Gegužė 24, 2009, 04:03
| |||
| |||
| "Windows Vista" neatnaujins Hi Bubba Please dont play with HJT nebent jūs suprantate jo darbą. Jūs turite prisiminti, kad HJT yra poveikis registro redaktoriaus įrankių kitame kontekste. Aš nekenčiu jums paversti PC brangus slenksčio! Du 02 įrašai, kurie buvo pašalinti, yra teisėtas, tačiau ataskaitas, kaip trūksta šio failo yra ne visada. HJT žinoma misreport tam tikrų įrašų. Dėl LimeWire, jūs pašalinta per Control Panel? Jei taip, tada mes galime nuleisti daugiau nereikalingų daiktų, kurie liko pora. Matau keletą bitų, kurie yra susiję su Norton, tai buvo siejama su kompiuteriu vienu metu? Prašome paleisti Norton Removal Tool į kuopti reminants. Jūs galite ieškoti įrankis čia: Norton Removal Tool Kai daroma ...... Combofix
Citata:
 Išsaugoti kaip CFScript.txt, Toje pačioje vietoje kaip ComboFix.exe  Atsižvelgdamas į pirmiau, vilkite nuotrauką CFScript ant ComboFix.exe. Kai bus baigta, bus pateikti žurnale jums "C: \ ComboFix.txt" Don't mouseclick combofix lango, o tai veikia. Tai gali privesti prie to gardo. DĖMESIO! Visi kiti galvoja, naudojant aukščiau scenarijų tai daro savo rizika - Jums gali baigtis iš naujo įdiegti "Windows"! Prašome rašyti žurnalą C: \ ComboFix.txt papildoma peržiūra. ===================================== Aš pastebėjau, kad pašalinti Prisijungti buvo atkirsta viršuje, galite repost it for me please. Pat Keep me updated kaip kas yra sistema Wise
__________________ Didžiuotis narys ASAP & UNITE |
|
#5
Gegužė 24, 2009, 04:53
| |||
| |||
| "Windows Vista" neatnaujins Limewire nebus rodomos programos ir funkcijos Panel pašalinti. failus "paleisti", tai aš rasiu buvo APP failus, o ne exe, todėl aš trudged per diską C ir ištrinti viską, ką gali rasti. Matau Aš pavėlavau į registrą, bent viena nors. Kaip Norton ........ Yeah, Acer įkelti bandomasis variantas. Aš pašalinta ją per valdymo skydą ir ten naudojama Norton Removal Tool. (Tai buvo pirmas dalykas, kurį aš padariau, dar prieš man įkelti Spybot, Winpatrol bei Daiktai poilsio.) Kai buvau išgyvena C diske failus, aš nuolat rasti daugiau likučių Norton ir sunaikinti juos, kaip aš. Jis niekada nebuvo man jį paleisti iš naujo, bet aš tai padaryti dabar. LOL Šios trys failai Combofix buvo trys man buvo labiausiai įdomu. Neturėtų būti tarpinio serverio adresas, nei aš manau apibūdinimai turėtų būti uždarytas visiems. Bet aš ne studijavo Combofix dar yra, kodėl aš ne ją naudoti save, kaip, pavyzdžiui, buvau Clueless, ką daryti su šiomis trimis ar net jei jie iš tiesų buvo "blogai". Atsiprašome pjaustymo off pašalinkite šį puslapį per galvą, kas yra kvailas aš mačiau bent du kartus, nes jis neturėjo nustatymas ir praleistų mano klaida abu kartus. EDIT: Ir aš vis dar pamiršau po to: "2007 Microsoft Office Suite" Service Pack 2 (SP2) Acer Arcade Live Pagrindinis puslapis Acer Empowering Technology Acer ePerformance Management Acer eSettings Management Acer GameZone konsolės DTV 2.0.1.1 Acer Registracija Acrobat.com Adobe AIR Adobe Flash Player 10 "ActiveX Adobe Flash Player Plugin 10 Adobe Reader 9.1.1 Macromedia Shockwave Player 11,5 Agatha Christie Mirtis ant Nilo Alice Greenfingers Apple Mobile Device Support Apple Software Update "ArcSoft Spausdinti Creations "ArcSoft Spausdinti Creations - Albumas puslapis "ArcSoft Spausdinti Creations - Funhouse "ArcSoft Spausdinti Creations - Sveikinimo atvirukas "ArcSoft Spausdinti Creations - Foto knyga "ArcSoft Spausdinti Creations - Fotokalendarz "ArcSoft Spausdinti Creations - Scrapbook "ArcSoft Spausdinti Creations - Plonas kortelė Avast! Antivirus Azada Backspin Biliardas Big Kahuna Reef Bonjour Bookworm Deluxe Bricks of Egypt Cake Mania CCScore Chicken Invaders 3 GPCat Diner Dash Flo on the Go Eraser ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSTOOLS essvatgt Flip Words 2 HijackThis 2.0.2 Karštųjų Microsoft. NET Framework 3.5 Service Pack 1 (KB953595) Karštųjų Microsoft. NET Framework 3.5 Service Pack 1 (KB958484) iTunes Java (TM) 6 Update 13 Jewel Quest Solitaire kgcbaby kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday Kick N Rush Kodak EasyShare programinės įrangos Kodak Galerija Įkelti įranga Lexmark 4.300 serija Mahjong Escape Senovės Kinija Mahjongg Daiktai Malwarebytes 'Anti-Malware Memorex exPressit etiketės dizaino studija Microsoft. NET Framework 3.5 SP1 Microsoft Office Excel MUI (anglų) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (anglų) 2007 Microsoft Office PowerPoint MUI (anglų) 2007 Microsoft Office "Proof (anglų) 2007 Microsoft Office "Proof (prancūzų kalba) 2007 Microsoft Office įrodymas (Ispanija) 2007 Microsoft Office Proofing (anglų) 2007 Microsoft Office Bendri MUI (anglų) 2007 Microsoft Office Bendri parametrai Duomenys MUI (anglų) 2007 Microsoft Office Word MUI (anglų) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 Speakerphone Modem Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser SDK ir Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Now 5 NTI Backup Now Standartinis NTI Media Maker 8 KOVOS Open File Manager (pašalinti tik) NVidia OfotoXMI OLYMPUS Master 2 Olympus muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Naujinimas, skirtas "Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition patarimus Turbo Pizza Naujinimas skirtas "Microsoft Office System 2007 (KB967642) Naujinimas skirtas "Microsoft Office 2007" žinynas ir bendrų bruožų (KB963673) Naujinimas skirtas "Microsoft Office Excel 2007" žinynas (KB963678) Naujinimas skirtas "Microsoft Office OneNote 2007" žinynas (KB963670) Naujinimas skirtas "Microsoft Office PowerPoint 2007" žinynas (KB963669) Naujinimas skirtas "Microsoft Office Script Editor Help (KB963671) Naujinimas skirtas "Microsoft Office Word 2007" žinynas (KB963665) VPRINTOL "Windows Live OneCare saugos skaitytuvas WinPatrol 2.009 WIRELESS Zuma Deluxe |
|
#6
Gegužė 24, 2009, 05:58
| |||
| |||
| "Windows Vista" neatnaujins Hi there Bubba Ačiū už atnaujintą pašalinti sąrašas - galite rašyti naujus combofix žurnale man, kaip prašoma. Citata:
Dėl LTCats: Iš to, ką aš galiu pasakyti tai yra galiojančių atvykimo, bet klasifikuojama kaip "Vartotojų pasirinkimas", ar ji veikia pradėti Kalbant Limewire: Matau, įrašai, kurie vis dar ten, bet mes galime GE juos šalia rida combofix pora
__________________ Didžiuotis narys ASAP & UNITE |
|
#7
Gegužė 24, 2009, 07:03
| |||
| |||
| "Windows Vista" neatnaujins Ouch, kompiuteris užrakintas ir išjungti, nes ji atrodė Combofix buvo ketinama užbaigti. Jis perleist ir aš eiga safemode. Nemanau, kad ji sukūrė žurnale, bet nežinau tikrai. Čia yra "Microsoft Iššokantis langas. Windows atsigavo nuo netikėto išjungimo. Problem parašas: Problem Event Name: Blue Screen OS Version: 6.0.6001.2.1.0.768.3 Locale ID: 1033 Papildoma informacija apie problemos: BCCode: 50 BCP1: E0858E9B BCP2: 00000000 BCP3: 9B9D2D10 BCP4: 00000002 OS Version: 6_6_6001 Service Pack: 1_0 PRODUKTO: 768_1 BYLŲ kurie apibūdina problemą: C \ Windows \ minidump \ mini052409-01.dmp C \ Users \ Shirley \ AppData \ Temp \ VVER-85644-0.systemdata.xml C \ Users \ Shirley \ AppData \ Local \ Temp \ WERC6C7.tmp.ver sion.txt Man liko, kad kompiuteryje, kad safemode ekrane. Ką tu nori man daryti su juo? I'm leaving jį safemode kol aš išgirsti kažką, aš turiu eiti filmas dabar bus dar apie 3 valandas. Man it's nice dirba kažkieno kito kompiuterio, kad aš vis dar mano, kad gauti pagalbą čia. EDIT: aš ne bandė, bet aš tikiu, kad galiu gauti tuos safemode failus, jei jūs turite žinoti, ką jie sako, tačiau aš nežinau, kaip atidaryti XML failo. |
|
#8
Gegužė 24, 2009, 07:11
| |||
| |||
| "Windows Vista" neatnaujins Hi Bubba Pabandykite perkrauti, ir patikrinti, ar tai batai sėkmingai dar kartą, jei ne bandykite paspausti F8, kad patekti įkrovos ekrane pradėti ir pasirinksite už paskutinės žinomos geros konfigūracijos parinktį.
__________________ Didžiuotis narys ASAP & UNITE |
|
#9
Gegužė 24, 2009, 07:50
| |||
| |||
| "Windows Vista" neatnaujins Jis atsisiunčia ir ten buvo ComboFix2 Prisijungti nėra, jis yra gana vienodos į pirmąjį, bet yra 10:04 timestamp nuoroda į karantiną prisijunkite. Quarentine žurnale yra tuščias. Čia yra byla, aš nežinau, ar ji išsami, ar tai, ką norite. Dabar aš turiu padalinti. ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Veikia nuo: C: \ Users \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy * neįgaliesiems * (Pasenusios) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware * neįgaliesiems * (Atnaujinta) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: "Windows Defender * * įjungti (Atnaujinta) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( Failus, sukurtus nuo 2009/04/24 iki 2009/05/24 ))))))))))) )))))))))))))))))))) . 2009-05-22 23:57. 2009-05-24 08:40 117760 AW ---- C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. Ru \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-05-22 23:56. 2009-05-22 23:56 -------- ----- WC d: \ Programdata \ SUPERAntiSpyware.com 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- WC: \ Program Files \ SUPERAntiSpyware 2009-05-22 23:52. 2009-05-22 23:52 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. Ru 2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- WC: \ Program Files \ Common Files \ Wise Installation Wizard 2009-05-22 15:06. 2009-02-05 20:06 51376 ---- AW C: \ Windows \ system32 \ drivers \ aswTdi.sys 2009-05-22 15:06. 2009-02-05 20:06 23152 ---- AW C: \ Windows \ system32 \ drivers \ aswRdr.sys 2009-05-22 15:06. 2009-02-05 20:07 114768 ---- AW C: \ Windows \ system32 \ drivers \ aswSP.sys 2009-05-22 15:06. 2009-02-05 20:07 20560 ---- AW C: \ Windows \ system32 \ drivers \ aswFsBlk.sys 2009-05-22 15:06. 2009-02-05 20:04 97480 ---- AW C: \ Windows \ system32 \ AvastSS.scr 2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- AW C: \ Windows \ system32 \ aswBoot.exe 2009-05-22 15:06. 2009-02-05 20:06 51792 ---- AW C: \ Windows \ system32 \ drivers \ aswMonFlt.sys 2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- WC: \ Program Files \ Alwil Software 2009-05-22 04:38. 2009-05-22 04:38 738120 AW ---- C: \ Programdata \ Microsoft \ eHome \ programos \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll 2009-05-20 12:43. 2008-06-20 01:14 97800 ---- AW C: \ Windows \ system32 \ infocardapi.dll 2009-05-20 12:43. 2008-06-20 01:14 105016 ---- AW C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 11264 ---- AW C: \ Windows \ system32 \ icardres.dll 2009-05-20 12:43. 2008-06-20 01:14 622080 ---- AW C: \ Windows \ system32 \ icardagt.exe 2009-05-20 12:43. 2008-06-20 01:14 43544 ---- AW C: \ Windows \ system32 \ PresentationHostProxy.dll 2009-05-20 12:43. 2008-06-20 01:14 781344 ---- AW C: \ Windows \ system32 \ PresentationNative_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 326160 ---- AW C: \ Windows \ system32 \ PresentationHost.exe 2009-05-20 12:33. 2008-07-27 18:03 96760 ---- AW C: \ Windows \ system32 \ dfshim.dll 2009-05-20 12:33. 2008-07-27 18:03 282112 ---- AW C: \ Windows \ system32 \ failo Mscoree.dll 2009-05-20 12:33. 2008-07-27 18:03 41984 ---- AW C: \ Windows \ system32 \ netfxperf.dll 2009-05-20 12:32. 2008-07-27 18:03 158720 ---- AW C: \ Windows \ system32 \ mscorier.dll 2009-05-20 12:32. 2008-07-27 18:03 83968 ---- AW C: \ Windows \ system32 \ mscories.dll 2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- WC: \ Program Files \ Microsoft Silverlight 2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- WC: \ Program Files \ Windows Live "saugos centras 2009-05-19 23:20. 2009-05-19 23:20 -------- ----- WC d: \ Users \ Shirley \ AppData \ Local \ Acer DV Magician 2009-05-19 23:10. 2009-05-19 23:10 -------- ----- WC d: \ Windows \ Sek 2009-05-19 20:40. 2009-05-19 20:40 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-19 20:40. 2009-05-19 11:41 38200 ---- AW C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ bin \ airapp ... pinstaller.exe 2009-05-19 18:24. 2009-05-24 08:38 -------- ----- WC d: \ Users \ Shirley \ AppData \ Local \ Eraser 2009-05-19 18:24. 2009-05-19 18:24 -------- D - h - WC: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009-05-19 18:24. 2009-05-19 18:24 -------- ----- WC d: \ Program Files \ Eraser 2009-05-19 17:20. 2009-05-19 17:20 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ eSobi 2009-05-19 17:11. 2008-07-10 06:32 538 ---- AW C: \ Windows \ system32 \ RegRaidSedona.bat 2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- WC: \ Program Files \ Spybot - Search & Destroy 2009-05-19 14:04. 2009-05-19 14:05 -------- ----- WC d: \ Programdata \ Spybot - Search & Destroy 2009-05-19 13:01. 2009-05-19 13:01 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol 2009-05-19 13:01. 2006-09-18 21:43 10 ---- AW C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. SYS 2009-05-19 13:01. 2006-09-18 21:43 24 ---- AW C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009-05-19 13:01. 2009-05-19 13:01 -------- ----- WC d: \ Program Files \ BillP Studios 2009-05-19 12:26. 2009-05-19 12:26 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes 2009-05-19 12:26. 2009-04-06 19:32 15504 ---- AW C: \ Windows \ system32 \ drivers \ mbam.sys 2009-05-19 12:26. 2009-04-06 19:32 38496 ---- AW C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys 2009-05-19 12:26. 2009-05-19 13:22 -------- ----- WC d: \ Program Files \ Malwarebytes 'Anti-Malware 2009-05-19 12:26. 2009-05-19 12:26 -------- ----- WC d: \ Programdata \ Malwarebytes 2009-05-19 11:53. 2009-05-19 11:53 0 ---- o C: \ Windows \ nsreg.dat 2009-05-19 11:53. 2009-05-19 11:53 -------- ----- WC d: \ Users \ Shirley \ AppData \ Local \ Mozilla 2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- WC: \ Program Files \ Common Files \ Adobe AIR " 2009-05-19 11:38. 2009-05-19 12:45 -------- ----- WC d: \ Programdata \ NOS 2009-05-19 11:29. 2009-05-19 11:29 -------- ----- WC d: \ Users \ Shirley \ AppData \ Local \ Septyni Zip 2009-05-19 10:41. 2009-03-19 20:32 23400 ---- AW C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys 2009-05-19 10:41. 2008-04-17 16:12 107368 ---- AW C: \ Windows \ system32 \ GEARAspi.dll 2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- WC: \ Program Files \ iPod 2009-05-19 10:41. 2009-05-19 10:41 -------- ----- WC d: \ Programdata \ (8CD7F5AF-ECFA-4793-bf40-D8F42DBFF906) 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- WC: \ Program Files \ iTunes 2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- WC: \ Program Files \ QuickTime 2009-05-19 10:34. 2009-05-19 10:34 75048 ---- AW C: \ Programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- WC: \ Program Files \ Bonjour 2009-05-19 10:33. 2009-05-19 10:33 416128 AW ---- C: \ Programdata \ Microsoft \ eHome \ programos \ NetTV \ brow se \ NetTVResources.dll 2009-05-19 10:29. 2009-05-19 10:29 410984 ---- AW C: \ Windows \ system32 \ deploytk.dll 2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - WC: \ Windows \ ms49f4d98.dat 2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- AW C: \ Programdata \ Microsoft \ Windows Defender \ Apibrėžimas Atnaujinimai \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 08:39. 2009-02-17 13:54 602 ---- AW C: \ Programdata \ "ArcSoft \ Kodak-printcreations-22-080812-OEM \ acforall.dll 2009-05-24 04:22. 2008-09-12 01:46 -------- ----- WC d: \ Program Files \ Google 2009-05-20 11:55. 2008-09-11 17:01 104472 AW ---- C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009-05-20 11:51. 2008-02-05 19:30 -------- ----- WC d: \ Programdata \ Microsoft Pagalba 2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- WC: \ Program Files \ Microsoft Works 2009-05-20 03:54. 2008-09-12 14:01 -------- ----- WC d: \ Program Files \ Lx_cats 2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- WC: \ Program Files \ Common Files \ Adobe 2009-05-19 23:28. 2008-02-05 19:26 -------- D - h - WC: \ Program Files \ InstallShield įrengimas Informacija 2009-05-19 23:27. 2008-02-05 19:49 -------- ----- WC d: \ Program Files \ Acer Arcade Live 2009-05-19 23:20. 2008-09-15 23:24 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ CyberLink 2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- WC: \ Program Files \ Common Files \ SureThing Bendri 2009-05-19 21:04. 2008-09-12 14:09 1664 ---- o C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009-05-19 17:29. 2009-03-04 15:55 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ Sony 2009-05-19 17:20. 2008-02-05 19:22 -------- ----- WC d: \ Programdata \ NVIDIA 2009-05-19 16:54. 2008-02-05 18:03 36864 ---- AW C: \ Windows \ system32 \ nvcod100.dll 2009-05-19 16:54. 2007-10-25 11:02 147456 ---- AW C: \ Windows \ system32 \ nvcolor.exe 2009-05-19 16:13. 2008-09-12 01:47 -------- ----- WC d: \ Users \ Shirley \ AppData \ Roaming \ LimeWire 2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- WC: \ Program Files \ Yahoo! 2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- WC: \ Program Files \ Java 2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- WC: \ Program Files \ Common Files \ Apple 2009-05-19 10:38. 2008-09-13 03:15 -------- ----- WC d: \ Programdata \ "Apple Computer 2009-05-11 12:10. 2009-05-11 12:10 78260 ---- AW C: \ Programdata \ SPL23D4.tmp 2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- WC: \ Program Files \ Windows Mail 2009-04-02 22:13. 2009-04-02 22:13 702127 AW ---- C: \ Programdata \ SPLFB91.tmp 2009-03-19 20:32. 2009-03-19 20:32 23400 ---- AW C: \ Programdata \ (8CD7F5AF-ECFA-4793-bf40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009-03-17 03:38. 2009-04-17 05:22 13824 ---- AW C: \ Windows \ system32 \ apilogen.dll 2009-03-17 03:38. 2009-04-17 05:22 24064 ---- AW C: \ Windows \ system32 \ amxread.dll 2009-03-08 11:34. 2009-05-20 03:47 914944 AW ---- C: \ Windows \ system32 \ wininet.dll 2009-03-08 11:34. 2009-05-20 03:47 43008 ---- AW C: \ Windows \ system32 \ licmgr10.dll 2009-03-08 11:33. 2009-05-20 03:47 18944 ---- AW C: \ Windows \ system32 \ corpol.dll 2009-03-08 11:33. 2009-05-20 03:47 109056 ---- AW C: \ Windows \ system32 \ iesysprep.dll 2009-03-08 11:33. 2009-05-20 03:47 109568 ---- AW C: \ Windows \ system32 \ PDMSetup.exe 2009-03-08 11:33. 2009-05-20 03:47 107520 ---- AW C: \ Windows \ system32 \ RegisterIEPKEYs.exe 2009-03-08 11:33. 2009-05-20 03:47 103936 ---- AW C: \ Windows \ system32 \ SetDepNx.exe 2009-03-08 11:33. 2009-05-20 03:47 132608 ---- AW C: \ Windows \ system32 \ ieUnatt.exe 2009-03-08 11:33. 2009-05-20 03:47 107008 ---- AW C: \ Windows \ system32 \ SetIEInstalledDate.exe 2009-03-08 11:33. 2009-05-20 03:47 420352 AW ---- C: \ Windows \ system32 \ vbscript.dll 2009-03-08 11:32. 2009-05-20 03:47 72704 ---- AW C: \ Windows \ system32 \ admparse.dll 2009-03-08 11:32. 2009-05-20 03:47 71680 ---- AW C: \ Windows \ system32 \ iesetup.dll 2009-03-08 11:32. 2009-05-20 03:47 66560 ---- AW C: \ Windows \ system32 \ wextract.exe 2009-03-08 11:32. 2009-05-20 03:47 169472 ---- AW C: \ Windows \ system32 \ iexpress.exe 2009-03-08 11:31. 2009-05-20 03:47 34816 ---- AW C: \ Windows \ system32 \ imgutil.dll 2009-03-08 11:31. 2009-05-20 03:47 48128 ---- AW C: \ Windows \ system32 \ mshtmler.dll 2009-03-08 11:31. 2009-05-20 03:47 45568 ---- AW C: \ Windows \ system32 \ Mshta.exe 2009-03-08 11:22. 2009-05-20 03:47 156160 ---- AW C: \ Windows \ system32 \ msls31.dll 2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- AW C: \ Windows \ system32 \ Ntkrnlpa.exe 2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- AW C: \ Windows \ System32 \ Ntoskrnl.exe 2009-03-03 04:39. 2009-04-17 05:22 183296 ---- AW C: \ Windows \ system32 \ sdohlp.dll 2009-03-03 04:39. 2009-04-17 05:22 551424 ---- AW C: \ Windows \ system32 \ Rpcss.dll 2009-03-03 04:39. 2009-04-17 05:22 26112 ---- AW C: \ Windows \ system32 \ printfilterpipelineprxy.dll 2009-03-03 04:37. 2009-04-17 05:22 98304 ---- AW C: \ Windows \ system32 \ iasrecst.dll 2009-03-03 04:37. 2009-04-17 05:22 54784 ---- AW C: \ Windows \ system32 \ iasads.dll 2009-03-03 04:37. 2009-04-17 05:22 44032 ---- AW C: \ Windows \ system32 \ iasdatastore.dll 2009-03-03 03:04. 2009-04-17 05:22 666624 ---- AW C: \ Windows \ system32 \ printfilterpipelinesvc.exe 2009-03-03 02:38. 2009-04-17 05:22 17408 ---- AW C: \ Windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "C: \ Windows \ eHoMe \ ehTray.exe" [2008-01-21 125952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ Olympus Master 2 \ MMonitor.exe" [2008-11-07 95536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240] "Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "BkupTray" = "C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552] "Acer Empowering Technology Monitor" = "C: \ Acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784] "Acer Produkto registravimas" = "C: \ Program Files \ Acer Registracijos \ ACE1.exe" [2007-10-15 3387392] "NVRaidService" = "C: \ Windows \ system32 \ nvraidservice. Exe [2008-11-12 203296] "LXCECATS" = "C: \ Windows \ system32 \ spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4.300 serija \ lxcemon.exe" [2007-05-17 205744] "EzPrint" = "C: \ Program Files \ Lexmark 4.300 serija \ ezprint.exe" [2007-05-17 103344] "" ArcSoft ryšio paslaugą "=" C: \ Program Files \ Common Files \ "ArcSoft \ ryšio paslaugą \ bin \ ACDaemon.exe" [2009-04-29 188728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696] "WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2009-01-16 13683232] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704] "Avast!" = "C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. Exe" [2009-02-05 81000] "RtHDVCpl" = "RtHDVCpl.exe" - C: \ Windows \ RtHDVCpl.exe [2007-10-11 4702208] C: \ Programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ Empowering Technology Launcher.lnk - C: \ Acer \ Empowering Technology \ eAPLauncher.exe [2008-2-5 535336] Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe [2008-10-30 282624] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Policies \ System] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] (5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "=" C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL "[2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-12-22 16:05 356352 AW ---- C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ safeboot \ Minimal \ WinDefend] @ = "Paslaugos" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ FirewallRules] (2E9A4533-1359-46B6-B326-2B899D73FD10) "= UDP: C: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote (ADE9CF49-7A0E-4076-9B85-7648EC5E7736) "= TCP: C: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote (6299EEE5-1856-4B10-9916-798B1C1AEF89) "= UDP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe (F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5) "= UDP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe (D430641B-178B-4C39-B53C-F6B3221DB01A) "= TCP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe (948000F3-8719-4206-B4C5-6506B663184F) "= TCP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe (8BCD640B-594A-465F-8A9E-E5A6C07DC081) "= UDP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe (7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A) "= TCP: C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe (CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B) "= UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark ryšio sistemos (61DAEE1D-D19E-4F1A-B41E-603246AF524C) "= TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark ryšio sistemos (EB8798E6-4DDA-358B-A219-21BBC5D3C79A) "= UDP: C: \ Windows \ System32 \ spool \ drivers \ W32x86 \ 3 \ lxc epswx.exe: Spausdintuvas Statusas langas (C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0) "= TCP: C: \ Windows \ System32 \ spool \ drivers \ W32x86 \ 3 \ lxc epswx.exe: Spausdintuvas Statusas langas "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = "c: \ program files \ Acer Arcade Live \ Acer Arcade Live titulinis \ Acer Arcade Live.exe: Acer Arcade Live (7A37205C-E643-4464-8C27-FAFCC859102D) "= UDP: C: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote (1DF156D1-94E3-4B3D-A91E-724DFC89819E) "= TCP: C: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote (B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D) "= UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour (D7D156E3-7B84-41F2-9FD8-CF9860453F65) "= TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour (F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB) "= UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes (F6A110DE-6630-4823-B892-60950EB9ED71) "= TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes (8640BFAB-1B85-48CC-95D5-9AABB44E4D95) "= UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol (6CC4A3BE-8F00-4983-B199-3050D54509B8) "= TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol (1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F) "= UDP: C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware (DDDCF108-71DF-48CD-AD53-71D17C3F2C5C) "= TCP: C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware (F98C3B13-2099-40EC-B504-2445C9C5B1B0) "= UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy (3DB81CCD-4E96-40B3-8CA9-0089C89C294B) "= TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy (918FE1A4-6957-4640-97D9-C85BED212614) "= UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Atnaujinti Spybot-S & D (877DB07F-9298-486A-BB5B-930AF3A683AA) "= TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Atnaujinti Spybot-S & D (5A664831-D250-4805-BB75-32612C9742F8) "= UDP: C: \ Windows \ eHoMe \ ehshell.exe: Windows Media Center (2A157C0E-5966-4B7E-8D49-178D75EA6009) "= TCP: C: \ Windows \ eHoMe \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP; Avast! Savigynai; c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 114.768] R1 FAMv4; FAMv4; c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 132.120] R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 9.968] R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 72.944] R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 20.560] R2 aswMonFlt; aswMonFlt; c: \ windows \ system32 \ drivers \ kaip wMonFlt.sys [5/22/2009 11:06 51.792] R2 BUNAgentSvc; NTI Backup Now 5 agento paslaugos; C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 21.752] R2 NTIBackupSvc; NTI Backup Now 5 Backup Service, C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 54.520] R2 NTISchedulerSvc; NTI Backup Now 5 grafikas Paslaugos, C: \ Program Files \ NEWTECH Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 136.440] R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 1.153.368] R3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 7.408] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)] "C: \ Windows \ System32 \ rundll32.exe" "C: \ Windows \ System32 \ iedkcs32.dll" BrandIEActiveSe Baba REGISTRUOKIS . - - - - Orphans nuimti - - - -- Safeboot-procexp90.Sys . ------- Papildomos Scan ------- . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet Nustatymai, ProxyOverride = <local>, *. vietos uInternet Parametrai ProxyServer = http = localhost: 7171 IE: E & Eksportuoti į "Microsoft Excel - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000 Patikimas Zona: microsoft.com \ update Patikimas Zona: microsoft.com \ WindowsUpdate FF - ProfilePath - C: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net Rootkit scan 2009-05-24 04:54 Windows 6.0.6001 Service Pack 1 NTFS skenavimo paslėptus procesus ... skenavimo paslėptas autostart entries ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ drivers \ W32x86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? skenavimo paslėptus failus ... skenavimas baigtas sėkmingai paslėptus failus: 0 ************************************************** ************************ . --------------------- LOCKED registro raktus --------------------- [HKEY_LOCAL_MACHINE \ SYSTEM \ controlset001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Uždrausta: () (vartotojai) @ Uždrausta: () (Visi) Leidžiami @: (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = dword: 00000000 . Atlikimo laikas: 2009-05-24 4:55 ComboFix-karantine-files.txt 2009-05-24 08:55 Pre-Rida: 173.756.547.072 baitų nemokamai Post-Rida: 173.859.581.952 baitų nemokamai 269 --- EOF --- 2009-05-17 10:04 EDIT: nope, greitai palyginti pirmasis, manau, yra vienodi. |
|
#10
Gegužė 24, 2009, 10:38
| |||
| |||
| "Windows Vista" neatnaujins Sveiki, Bubba Citata:
Dabartinis žurnale galima rasti adresu C: / combofix.txt.
__________________ Didžiuotis narys ASAP & UNITE |
|
| |
| Bookmarks |
Panašios Temos | ||||
| Siūlas | Thread Starter | Forumas | Atsakymai | Last Post |
| Stotelės "Windows Vista" naujinimas nuo Atsisiuntimas | mrdaveyk | Windows "operacinės sistemos | 1 | 8 spalis 2009 02:27 |
| "Windows Vista" neatnaujins | gamiseta | Windows "operacinės sistemos | 6 | 4 vasaris 2009 11:44 |
| "Windows Vista" naujinimas, problemos - KB36330 - KB950759 | katiecoos | Windows "operacinės sistemos | 3 | Birželis 18, 2008 16:08 |
| "Windows Vista" naujinimas Klaida | robina80 | Windows "operacinės sistemos | 1 | Birželis 12, 2008 09:09 |
| "Windows Vista" naujinimas | Shocker | Windows "operacinės sistemos | 1 | 13 sausis 2008 11:26 |
| Temos įrankiai | |
| |
