|
|
#1
Maijs 23, 2009, 09:33
| |||
| |||
 Windows Vista nav Update Es esmu par draugiem dators, Vista un Windows nav atjauninājumu. Līdz šim man atrast un izņemt Internet Anti-Virus, Win32Adload.r un video.exe. Tie arī bija, ka kupona spiegprogrammatūru un viņu dēls tur iekraušana limewire. Es noņemt both (LOL limewire instalē pati 400 vietas, man bija jāiet cauri katru mapi un failu atbrīvoties no ka). Bet joprojām logi netiks atjaunots. Es saņemu kods 80072efd, kas saka, ka ugunsmūris novērst logu atjaunināšanu. Es nevaru atrast nevienu ugunsmūri, kas nav Windows un es paskatījos katrā mapē. Šeit ir trīs reģistri, es nevaru atrast neko, es esmu neatbildētos kaut ko? PIEZĪME: Es nevaru augšupielādēt jebkuru no trim baļķiem. Es turpinu kļūst nederīgs failu no vietnes. What's up with that? Vai man ir pārāk daudz attēli šeit? ļaujiet man mēģināt kopēt pastas: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/23/2009 at 04:42 Application Version: 4.26.1002 Core Noteikumi Database Version: 3908 Trace Noteikumi Database Version: 1852 Scan type: Complete Scan Kopā Scan Time: 03:45:40 Atmiņas vienības skenēts: 831 Memory draudiem detected: 0 Reģistra vienības skenēts: 6.407 Reģistrs draudiem detected: 0 File preces skenēts: 326.608 File draudiem detected: 78 Adware.Tracking Cookie C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ realmedia [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ realmedia [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman pārvaldītāju [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ realmedia [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli ck [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@adopt.specificcli ck [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnservices.112.2 o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ realmedia [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman pārvaldītāju [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ realmedia [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli ck [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ Cookies \ shirley@adopt.specificcli ck [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley@msnservices.112.2 o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ realmedia [2]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt Malwarebytes "Anti-Malware 1,36 Database version: 2150 Windows 6.0.6001 Service Pack 1 5/19/2009 8:40:58 mbam-log-2009-05-19 (08-40-58). txt Scan type: Quick Scan Objekti skenēts: 71.524 Laiks pagājis kopš: 3 minūte (s), 23 second (s) Memory Processes Inficētie: 0 Memory Modules Inficētie: 0 Registry Keys Inficētie: 13 Reģistra vērtības Inficētie: 0 Registry Data Items Infected: 3 Mapes Inficētie: 3 Faili Inficētie: 11 Atmiņas procesi Inficētie: (No ļaunprātīgs preces konstatētas) Memory Modules Inficētie: (No ļaunprātīgs preces konstatētas) Registry Keys Inficētie: HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CLASSES_ROOT \ CLSID \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ statistika \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ statistika \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet antivirus pro_is1 (Rogue.InternetAntivirus) -> Karantīnā ievietotie un svītrots veiksmīgi. Reģistra vērtības Inficētie: (No ļaunprātīgs preces konstatētas) Registry Data Items Infected: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Labs: (0) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Labs: (0) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Labs: (0) -> Karantīnā ievietotie un svītrots veiksmīgi. Mapes Inficētie: C: \ Windows \ System32 \ 199.638 (Trojan.FakeAlert) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Program Files \ websrvx (Trojan.Downloader) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Windows \ System32 \ 796.525 (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi. Faili Inficētie: C: \ Windows \ System32 \ 199.638 \ 199638.dll (Trojan.FakeAlert) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Windows \ System32 \ 796.525 \ 796525.dll (Trojan.BHO) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Program Files \ Common Files \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Windows \ msmark2.dat (Worm.KoobFace) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Windows \ f5087.dat (Worm.KoobFace) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ Windows \ f23567.dat (Worm.KoobFace) -> Karantīnā ievietotie un svītrots veiksmīgi. (virs bija pirmais žurnāla, kas ir zemāka ir kārtējā) Malwarebytes "Anti-Malware 1,36 Database version: 2150 Windows 6.0.6001 Service Pack 1 5/23/2009 9:03:23 mbam-log-2009-05-23 (09-03-23). txt Scan type: Quick Scan Objekti skenēts: 70.234 Pagājušo laiku: 2 minūte (s), 28 second (s) Memory Processes Inficētie: 0 Memory Modules Inficētie: 0 Registry Keys Inficētie: 0 Reģistra vērtības Inficētie: 0 Registry Data Items Infected: 0 Mapes Inficētie: 0 Faili Inficētie: 0 Atmiņas procesi Inficētie: (No ļaunprātīgs preces konstatētas) Memory Modules Inficētie: (No ļaunprātīgs preces konstatētas) Registry Keys Inficētie: (No ļaunprātīgs preces konstatētas) Reģistra vērtības Inficētie: (No ļaunprātīgs preces konstatētas) Registry Data Items Infected: (No ļaunprātīgs preces konstatētas) Mapes Inficētie: (No ļaunprātīgs preces konstatētas) Faili Inficētie: (No ļaunprātīgs preces konstatētas) Logfile of Trend Micro HijackThis v2.0.2 Scan saglabāts 9:09:09 gada 5/23/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running procesiem: C: \ Windows \ system32 \ Dwm.exe C: \ Windows \ system32 \ taskeng.exe C: \ Windows \ Explorer.exe C: \ Program Files \ Windows Media Player \ wmpnscfg.exe C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ Windows \ RtHDVCpl.exe C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe C: \ Acer \ Empowering Technology \ SysMonitor.exe C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe C: \ Windows \ System32 \ nvraidservice.exe C: \ Program Files \ Lexmark 4.300 Series \ lxcemon.exe C: \ Program Files \ Lexmark 4.300 Series \ ezprint.exe C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe C: \ Windows \ System32 \ rundll32.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe C: \ Windows \ ehome \ ehtray.exe C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Program Files \ Dzēšgumija \ Eraser.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Kodak \ Kodak EasyShare SOFTWARE \ bin \ EasyShare.exe C: \ Windows \ system32 \ wbem \ unsecapp.exe C: \ ACER \ Empowering Technology \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E C: \ Acer \ Empowering Technology \ eRecovery \ ERAGENT.EXE C: \ Windows \ ehome \ ehmsas.exe C: \ Users \ Shirley \ Desktop \ HiJackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyServer = http = localhost: 7.171 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = O1 - Hosts::: 1 localhost O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file) O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4.283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: (no name) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (no file) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll O2 - BHO: (no name) - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - (no file) O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8.333-CF10577473F7) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4.638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll O2 - BHO: Google Dictionary Kompresijas sdch - (C84D72FE-E17D-4.195-BB24-76C02E2E7C4E) - C: \ Program Files \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll O3 - Toolbar: Google Toolbar - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll O4 - HKLM \ .. \ Run: [Windows Defender]% programfiles% \ Windows Defender \ MSASCui.exe-hide O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" O4 - HKLM \ .. \ Run: [Acer Empowering Technology Monitor] C: \ Acer \ Empowering Technology \ SysMonitor.exe O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe O4 - HKLM \ .. \ Run: [Acer Reģistrācija] "C: \ Program Files \ Acer Reģistrācija \ ACE1.exe" / starta O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ spool \ drivers \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4.300 Sērija \ lxcemon.exe" O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4.300 Sērija \ ezprint.exe" O4 - HKLM \ .. \ Run: [ArcSoft Connection Service] C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 9,0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit O4 - HKLM \ .. \ Run: [Avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - HKCU \ .. \ Run: [Dzēšgumija] C: \ Program Files \ Dzēšgumija \ Eraser.exe-hide O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% programfiles% \ Windows sānjoslas \ Sidebar.exe / detectMem (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% programfiles% \ Windows sānjoslas \ Sidebar.exe / detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Empowering Technology Launcher.lnk =? O4 - Global Startup: Kodak EasyShare software.lnk = C: \ Program Files \ Kodak \ Kodak EasyShare SOFTWARE \ bin \ EasyShare.exe Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000 Ø9 - Extra button: Nosūtīt OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll Ø9 - Extra 'Tools' MENUITEM: S & galu OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ REFIEBAR.DLL Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O13 - Gopher Prefix: Ø16 - DPF: (3860DD98-0.549-4D50-AA72-5D17D200EE10) -- O18 - Filtrs: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Program Files \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc - C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACService.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown īpašnieks - C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: Avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: Avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: Avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent dienests (BUNAgentSvc) - NewTech Infosystems, Inc - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc - C: \ Acer \ Empowering Technology \ eRecovery \ eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown īpašnieks - C: \ Acer \ Empowering Technology \ eSettings \ Service \ capuserv.exe O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe O23 - Service: NTI Backup Now 5 Backup dienests (NTIBackupSvc) - NewTech InfoSystems, Inc - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown īpašnieks - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Drošāka tīkla Ltd - C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe -- End of failu - 9.919 bytes |
|
#2
Maijs 23, 2009, 23:45
| ||||||||||||
| ||||||||||||
| Windows Vista nav Update Hi Bubba .... Mums ir atspējot TeaTimer, jo tas var traucēt nosaka, ka mums ir nepieciešams veikt. 1) Run Spybot-S & D 2) Atveriet Mode izvēlni, un pārliecinieties, ka "Advanced Mode" ir atlasīta 3) kreisajā pusē, izvēlieties Tools -> Resident 4) Noņemiet atzīmi "rezidents TeaTimer" un OK jebkurš uzvedņu 5) Restartējiet datoru. Lejupielādēt ResetTeaTimer.bat ar peles labo pogu noklikšķinot uz saites un izvēloties Save As. * Saglabājiet to savā datorā. * Veiciet dubultklikšķi uz ResetTeaTimer.zip * Veiciet dubultklikšķi uz ResetTeaTimer.bat un noklikšķiniet uz Palaist, lai noņemtu visus ierakstus, ko TeaTimer. Pēc tam, kad visi labojumi ir pilnīgi tas ir ļoti svarīgi, lai Jūs varētu TeaTimer atkal, es par to jums paziņosim, kad to var droši darīt. Tējas Timer Tutorial var atrast šeit -> http://russelltexas.com/malware/teatimer.htm ==========================================\u0 Lejupielādējiet un skenēt ar ComboFix.exe. Lūdzu, apmeklējiet šo interneta lapu download saites un norādījumi par darba rīku: http://www.bleepingcomputer.com/comb...o-use-combofix Nodrošināt jums ir invalīds visi pret vīrusu un pret ļaunprātīgu programmatūru programmas, t.sk. winpatrol lai viņi netraucē darbību ComboFix. Lūdzu, iekļaujiet C: \ ComboFix.txt jūsu nākamajā atbildē uz papildu pārskatīšana. ==========================================\u0 Doties uz Start menu > Select Skriet un copy / paste šādus aspektus Run lodziņā un noklikšķiniet uz Labi: C: \ Qoobox \ Add-Remove Programs.txt Teksta fails ir atvērts. Lūdzu pastu šo failu nākamajā atbildes saturu.
__________________
__________________
Lepoties biedrs ASAP & UNITE Mana sistēma: Steves Urbšanas
|
|
#3
Maijs 24, 2009, 02:33
| |||
| |||
| Windows Vista nav Update Dažas lietas, pirms es post logs: 1. In Tea taimeris apmācība esat saistīti, tā teikt, arī atslēgt iedzīvotājs SDHelper tāpēc es darīju. 2. ComboFix nav displejs back up regisdtry ekrāns, ja vien tas ir ātri ekrānu un es nokavēju to, kamēr meklē savu datoru (atcerieties šī gada ir draugi). Tā nav atvienoties no interneta ne arī es ievēroju, ka mainās laika. Gan ikonas bija redzams, bet combo fix skrēja. Vai šī problēma? Arī pēc darbības Combofix, bilde bija izkropļota, tāpēc es rebooted. Kad computerstarted atpakaļ uz augšu, bilde bija aizgājuši, Firefox vairs noklusējuma pārlūku un ziņu popped up ka IE mājaslapā tika mainīts uz MSN (I think). Is this normal? Arī Winpatrol atzīmēja, ka jaunu pakalpojumu ir pievienots: appmgmts.dll. 3. Pirms jūs atbildat, es vaļā ar Google rīkjoslu. Vairāki HJT ieraksti izskatījās dīvaini. Ar 018, piemēram, to sauca x-sdCH nevis x-SDHC .......... Turklāt lol, I hate rīku joslas, un tās var vienmēr pievienot atpakaļ, ja viņi vēlas to. Neskatoties uz to, ka mainījušies HJT žurnālā. Es arī ieguva atbrīvoties no 2-02's, ka nebija Lietas, kas saistītas ar tiem. 4. Ko mēs meklējam in Combofix? LOL es sāku lejuplādēt un palaist to pirms I posted this thread, bet nolēma es zinu zinām pietiekami daudz vēl putru ar to. Un bez turpmākiem sarežģījumiem: ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Sākot no: c: \ users \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy * invalīdiem * (Novecojušas) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware * invalīdiem * (papildināts) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: Windows Defender * ļāva * (papildināts) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( Faili Created no 2009/04/24 līdz 2009-05-24 ))))))))))) )))))))))))))))))))) . 2009/05/22 23:57. 2009/05/24 08:40 117.760 ---- aw c: \ users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009/05/22 23:56. 2009/05/22 23:56 -------- d ----- wc: \ programdata \ SUPERAntiSpyware.com 2009/05/22 23:52. 2009/05/22 23:52 -------- d ----- wc: \ Program Files \ SUPERAntiSpyware 2009/05/22 23:52. 2009/05/22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com 2009/05/22 20:36. 2009/05/22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard 2009/05/22 15:06. 2009/02/05 20:06 51.376 ---- aw c: \ windows \ system32 \ drivers \ aswTdi.sys 2009/05/22 15:06. 2009/02/05 20:06 23.152 ---- aw c: \ windows \ system32 \ drivers \ aswRdr.sys 2009/05/22 15:06. 2009/02/05 20:07 114.768 ---- aw c: \ windows \ system32 \ drivers \ aswSP.sys 2009/05/22 15:06. 2009/02/05 20:07 20.560 ---- aw c: \ windows \ system32 \ drivers \ aswFsBlk.sys 2009/05/22 15:06. 2009/02/05 20:04 97.480 ---- aw c: \ windows \ system32 \ AvastSS.scr 2009/05/22 15:06. 2009/02/05 20:11 1.256.296 ---- aw c: \ windows \ system32 \ aswBoot.exe 2009/05/22 15:06. 2009/02/05 20:06 51.792 ---- aw c: \ windows \ system32 \ drivers \ aswMonFlt.sys 2009/05/22 15:06. 2009/05/22 15:06 -------- d ----- wc: \ Program Files \ Alwil Software 2009/05/22 04:38. 2009/05/22 04:38 738.120 ---- aw c: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll 2009/05/20 12:43. 2008/06/20 01:14 97.800 ---- aw c: \ windows \ system32 \ infocardapi.dll 2009/05/20 12:43. 2008/06/20 01:14 105.016 ---- aw c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009/05/20 12:43. 2008/06/20 01:14 11.264 ---- aw c: \ windows \ system32 \ icardres.dll 2009/05/20 12:43. 2008/06/20 01:14 622.080 ---- aw c: \ windows \ system32 \ icardagt.exe 2009/05/20 12:43. 2008/06/20 01:14 43.544 ---- aw c: \ windows \ system32 \ PresentationHostProxy.dll 2009/05/20 12:43. 2008/06/20 01:14 781.344 ---- aw c: \ windows \ system32 \ PresentationNative_v0300.dll 2009/05/20 12:43. 2008/06/20 01:14 326.160 ---- aw c: \ windows \ system32 \ PresentationHost.exe 2009/05/20 12:33. 2008/07/27 18:03 96.760 ---- aw c: \ windows \ system32 \ dfshim.dll 2009/05/20 12:33. 2008/07/27 18:03 282.112 ---- aw c: \ windows \ system32 \ mscoree.dll 2009/05/20 12:33. 2008/07/27 18:03 41.984 ---- aw c: \ windows \ system32 \ netfxperf.dll 2009/05/20 12:32. 2008/07/27 18:03 158.720 ---- aw c: \ windows \ system32 \ mscorier.dll 2009/05/20 12:32. 2008/07/27 18:03 83.968 ---- aw c: \ windows \ system32 \ mscories.dll 2009/05/20 11:39. 2009/05/20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight 2009/05/20 04:03. 2009/05/20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Safety Center 2009/05/19 23:20. 2009/05/19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV burvis 2009/05/19 23:10. 2009/05/19 23:10 -------- d ----- wc: \ windows \ Sun 2009/05/19 20:40. 2009/05/19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009/05/19 20:40. 2009/05/19 11:41 38.200 ---- aw c: \ users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe 2009/05/19 18:24. 2009/05/24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Dzēšgumija 2009/05/19 18:24. 2009/05/19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009/05/19 18:24. 2009/05/19 18:24 -------- d ----- wc: \ Program Files \ Dzēšgumija 2009/05/19 17:20. 2009/05/19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi 2009/05/19 17:11. 2008/07/10 06:32 538 ---- aw c: \ windows \ system32 \ RegRaidSedona.bat 2009/05/19 17:07. 2009/05/19 17:07 -------- d ----- w C: \ NVIDIA 2009/05/19 14:04. 2009/05/19 14:05 -------- d ----- wc: \ Program Files \ Spybot - Search & Destroy 2009/05/19 14:04. 2009/05/19 14:05 -------- d ----- wc: \ programdata \ Spybot - Search & Destroy 2009/05/19 13:01. 2009/05/19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol 2009/05/19 13:01. 2006/09/18 21:43 10 ---- aw c: \ users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys 2009/05/19 13:01. 2006/09/18 21:43 24 ---- aw c: \ users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009/05/19 13:01. 2009/05/19 13:01 -------- d ----- wc: \ Program Files \ BillP Studios 2009/05/19 12:26. 2009/05/19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes 2009/05/19 12:26. 2009/04/06 19:32 15.504 ---- aw c: \ windows \ system32 \ drivers \ mbam.sys 2009/05/19 12:26. 2009/04/06 19:32 38.496 ---- aw c: \ windows \ system32 \ drivers \ mbamswissarmy.sys 2009/05/19 12:26. 2009/05/19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes "Anti-Malware 2009/05/19 12:26. 2009/05/19 12:26 -------- d ----- wc: \ programdata \ Malwarebytes 2009/05/19 11:53. 2009/05/19 11:53 0 ---- aw c: \ windows \ nsreg.dat 2009/05/19 11:53. 2009/05/19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla 2009/05/19 11:41. 2009/05/19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR 2009/05/19 11:38. 2009/05/19 12:45 -------- d ----- wc: \ programdata \ NOS 2009/05/19 11:29. 2009/05/19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Seven Zip 2009/05/19 10:41. 2009/03/19 20:32 23.400 ---- aw c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys 2009/05/19 10:41. 2008/04/17 16:12 107.368 ---- aw c: \ windows \ system32 \ GEARAspi.dll 2009/05/19 10:41. 2009/05/20 01:10 -------- d ----- wc: \ Program Files \ iPod 2009/05/19 10:41. 2009/05/19 10:41 -------- d ----- wc: \ programdata \ (8CD7F5AF-ECFA-4.793-BF40-D8F42DBFF906) 2009/05/19 10:41. 2009/05/19 10:41 -------- d ----- wc: \ Program Files \ iTunes 2009/05/19 10:38. 2009/05/19 10:38 -------- d ----- wc: \ Program Files \ QuickTime 2009/05/19 10:34. 2009/05/19 10:34 75.048 ---- aw c: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009/05/19 10:34. 2009/05/19 10:34 -------- d ----- wc: \ Program Files \ Bonjour 2009/05/19 10:33. 2009/05/19 10:33 416.128 ---- aw c: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow se \ NetTVResources.dll 2009/05/19 10:29. 2009/05/19 10:29 410.984 ---- aw c: \ windows \ system32 \ deploytk.dll 2009/05/12 02:36. 2009/05/12 02:36 2.930 --- h - wc: \ windows \ ms49f4d98.dat 2009/05/11 23:55. 2009/04/14 00:39 4.656.976 ---- aw c: \ programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009/05/24 08:39. 2009/02/17 13:54 602 ---- aw c: \ programdata \ ArcSoft \ Kodak-printcreations-22-080.812-OEM \ acforall.dll 2009/05/24 04:22. 2008/09/12 01:46 -------- d ----- wc: \ Program Files \ Google 2009/05/20 11:55. 2008/09/11 17:01 104.472 ---- aw c: \ users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009/05/20 11:51. 2008/02/05 19:30 -------- d ----- wc: \ programdata \ Microsoft Help 2009/05/20 11:49. 2008/02/05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works 2009/05/20 03:54. 2008/09/12 14:01 -------- d ----- wc: \ Program Files \ Lx_cats 2009/05/20 00:42. 2008/02/05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe 2009/05/19 23:28. 2008/02/05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information 2009/05/19 23:27. 2008/02/05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live 2009/05/19 23:20. 2008/09/15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ CyberLink 2009/05/19 21:38. 2008/09/12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Shared 2009/05/19 21:04. 2008/09/12 14:09 1.664 ---- aw c: \ users \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009/05/19 17:29. 2009/03/04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony 2009/05/19 17:20. 2008/02/05 19:22 -------- d ----- wc: \ programdata \ NVIDIA 2009/05/19 16:54. 2008/02/05 18:03 36.864 ---- aw c: \ windows \ system32 \ nvcod100.dll 2009/05/19 16:54. 2007/10/25 11:02 147.456 ---- aw c: \ windows \ system32 \ nvcolor.exe 2009/05/19 16:13. 2008/09/12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ limewire 2009/05/19 11:32. 2008/02/05 20:08 -------- d ----- wc: \ Program Files \ Yahoo! 2009/05/19 11:05. 2008/09/12 01:45 -------- d ----- wc: \ Program Files \ Java 2009/05/19 10:41. 2008/09/13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple 2009/05/19 10:38. 2008/09/13 03:15 -------- d ----- wc: \ programdata \ Apple Computer 2009/05/11 12:10. 2009/05/11 12:10 78.260 ---- aw c: \ programdata \ SPL23D4.tmp 2009/04/17 10:12. 2006/11/02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail 2009/04/02 22:13. 2009/04/02 22:13 702.127 ---- aw c: \ programdata \ SPLFB91.tmp 2009/03/19 20:32. 2009/03/19 20:32 23.400 ---- aw c: \ programdata \ (8CD7F5AF-ECFA-4.793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009/03/17 03:38. 2009/04/17 05:22 13.824 ---- aw c: \ windows \ system32 \ apilogen.dll 2009/03/17 03:38. 2009/04/17 05:22 24.064 ---- aw c: \ windows \ system32 \ amxread.dll 2009/03/08 11:34. 2009/05/20 03:47 914.944 ---- aw c: \ windows \ system32 \ Wininet.dll 2009/03/08 11:34. 2009/05/20 03:47 43.008 ---- aw c: \ windows \ system32 \ licmgr10.dll 2009/03/08 11:33. 2009/05/20 03:47 18.944 ---- aw c: \ windows \ system32 \ corpol.dll 2009/03/08 11:33. 2009/05/20 03:47 109.056 ---- aw c: \ windows \ system32 \ iesysprep.dll 2009/03/08 11:33. 2009/05/20 03:47 109.568 ---- aw c: \ windows \ system32 \ PDMSetup.exe 2009/03/08 11:33. 2009/05/20 03:47 107.520 ---- aw c: \ windows \ system32 \ RegisterIEPKEYs.exe 2009/03/08 11:33. 2009/05/20 03:47 103.936 ---- aw c: \ windows \ system32 \ SetDepNx.exe 2009/03/08 11:33. 2009/05/20 03:47 132.608 ---- aw c: \ windows \ system32 \ ieUnatt.exe 2009/03/08 11:33. 2009/05/20 03:47 107.008 ---- aw c: \ windows \ system32 \ SetIEInstalledDate.exe 2009/03/08 11:33. 2009/05/20 03:47 420.352 ---- aw c: \ windows \ system32 \ vbscript.dll 2009/03/08 11:32. 2009/05/20 03:47 72.704 ---- aw c: \ windows \ system32 \ admparse.dll 2009/03/08 11:32. 2009/05/20 03:47 71.680 ---- aw c: \ windows \ system32 \ iesetup.dll 2009/03/08 11:32. 2009/05/20 03:47 66.560 ---- aw c: \ windows \ system32 \ wextract.exe 2009/03/08 11:32. 2009/05/20 03:47 169.472 ---- aw c: \ windows \ system32 \ iexpress.exe 2009/03/08 11:31. 2009/05/20 03:47 34.816 ---- aw c: \ windows \ system32 \ imgutil.dll 2009/03/08 11:31. 2009/05/20 03:47 48.128 ---- aw c: \ windows \ system32 \ mshtmler.dll 2009/03/08 11:31. 2009/05/20 03:47 45.568 ---- aw c: \ windows \ system32 \ mshta.exe 2009/03/08 11:22. 2009/05/20 03:47 156.160 ---- aw c: \ windows \ system32 \ msls31.dll 2009/03/03 04:46. 2009/04/17 05:22 3.599.328 ---- aw c: \ windows \ system32 \ Ntkrnlpa.exe 2009/03/03 04:46. 2009/04/17 05:22 3.547.632 ---- aw c: \ windows \ system32 \ ntoskrnl.exe 2009/03/03 04:39. 2009/04/17 05:22 183.296 ---- aw c: \ windows \ system32 \ sdohlp.dll 2009/03/03 04:39. 2009/04/17 05:22 551.424 ---- aw c: \ windows \ system32 \ rpcss.dll 2009/03/03 04:39. 2009/04/17 05:22 26.112 ---- aw c: \ windows \ system32 \ printfilterpipelineprxy.dll 2009/03/03 04:37. 2009/04/17 05:22 98.304 ---- aw c: \ windows \ system32 \ iasrecst.dll 2009/03/03 04:37. 2009/04/17 05:22 54.784 ---- aw c: \ windows \ system32 \ iasads.dll 2009/03/03 04:37. 2009/04/17 05:22 44.032 ---- aw c: \ windows \ system32 \ iasdatastore.dll 2009/03/03 03:04. 2009/04/17 05:22 666.624 ---- aw c: \ windows \ system32 \ printfilterpipelinesvc.exe 2009/03/03 02:38. 2009/04/17 05:22 17.408 ---- aw c: \ windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008/01/21 125.952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008/11/07 95.536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008/01/21 202.240] "Eraser" = "C: \ Program Files \ Dzēšgumija \ Eraser.exe" [2007/12/22 916.240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009/05/14 1.830.128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007/12/30 34.552] "Acer Empowering Technology Monitor" = "c: \ acer \ Empowering Technology \ SysMonitor.exe" [2008/01/10 326.176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007/02/02 630.784] "Acer Reģistrācija" = "C: \ Program Files \ Acer Reģistrācija \ ACE1.exe" [2007/10/15 3.387.392] "NVRaidService" = "C: \ Windows \ system32 \ nvraidservice. Exe" [2008/11/12 203.296] "LXCECATS" = "C: \ Windows \ system32 \ spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007/02/22 73.728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4.300 Sērija \ lxcemon.exe" [2007/05/17 205.744] "EzPrint" = "C: \ Program Files \ Lexmark 4.300 Sērija \ ezprint.exe" [2007/05/17 103.344] "ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009/04/29 188.728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009/01/05 413.696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009/04/02 342.312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009/05/19 148.888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9,0 \ Reader \ Reader_sl.exe" [2009/02/27 35.696] "WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009/04/20 337.216] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2009/01/16 13.683.232] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2009/01/16 92.704] "Avast!" = "C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009/02/05 81.000] "RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007/10/11 4.702.208] c: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ Empowering Technology Launcher.lnk - c: \ acer \ Empowering Technology \ eAPLauncher.exe [2008/2/5 535.336] Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare SOFTWARE \ bin \ EasyShare.exe [2008/10/30 282.624] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ SYSTEM] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008/05/13 77.824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon] 2008/12/22 16:05 356.352 ---- aw c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring] "DisableMonitoring" = DWORD: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = DWORD: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = DWORD: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules] "(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: c: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote "(ADE9CF49-7A0E-4.076-9B85-7648EC5E7736)" = TCP: c: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote "(6299EEE5-1.856-4B10-9.916-798B1C1AEF89)" = UDP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(948000F3-8.719-4.206-B4C5-6506B663184F)" = TCP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(CA5E49E2-2.662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: c: \ Windows \ System32 \ lxcecoms.exe: Lexmark sakaru sistēma "(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: c: \ Windows \ System32 \ lxcecoms.exe: Lexmark sakaru sistēma "(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: c: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: c: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = c: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live "(7A37205C-E643-4.464-8C27-FAFCC859102D)" = UDP: c: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote "(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: c: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote "(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: c: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: c: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: c: \ Program Files \ iTunes \ iTunes.exe: iTunes "(F6A110DE-6.630-4.823-B892-60950EB9ED71)" = TCP: c: \ Program Files \ iTunes \ iTunes.exe: iTunes "(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: c: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(6CC4A3BE-8F00-4.983-B199-3050D54509B8)" = TCP: c: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: c: \ Program Files \ Malwarebytes "Anti-Malware \ mbam.exe: Malwarebytes" Anti-Malware "(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: c: \ Program Files \ Malwarebytes "Anti-Malware \ mbam.exe: Malwarebytes" Anti-Malware "(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: c: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: c: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(918FE1A4-6.957-4.640-97D9-C85BED212614)" = UDP: c: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D "(877DB07F-9.298-486A-BB5B-930AF3A683AA)" = TCP: c: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D "(5A664831-D250-4.805-BB75-32612C9742F8)" = UDP: c: \ windows \ ehome \ ehshell.exe: Windows Media Center "(2A157C0E-5.966-4B7E-8D49-178D75EA6009)" = TCP: c: \ windows \ ehome \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP; Avast! Pašaizsardzībai, c: \ Windows \ System32 \ drivers \ aswSP.sys [5/22/2009 11:06 114.768] R1 FAMv4; FAMv4 c: \ Windows \ System32 \ drivers \ FAMv4.sys [12/14/2007 3:35 132.120] R1 SASDIFSV; SASDIFSV c: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 9.968] R1 SASKUTIL; SASKUTIL c: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 72.944] R2 aswFsBlk; aswFsBlk c: \ Windows \ System32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 20.560] R2 aswMonFlt; aswMonFlt c: \ Windows \ System32 \ drivers \ kā wMonFlt.sys [5/22/2009 11:06 51.792] R2 BUNAgentSvc; NTI Backup Now 5 Agent dienests c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 21.752] R2 NTIBackupSvc; NTI Backup Now 5 Backup dienests c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 54.520] R2 NTISchedulerSvc; NTI Backup Now 5 Scheduler Service, c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 136.440] R2 SBSDWSCService; SBSD Security Center Service; c: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 1.153.368] R3 SASENUM; SASENUM c: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 7.408] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aktīvās setup \ uzstādītas sastāvdaļas \> (60B49E34-C7CC-11D0-8.953-00A0C90347FF)] "C: \ Windows \ System32 \ rundll32.exe" "C: \ Windows \ System32 \ iedkcs32.dll" BrandIEActiveSe auns SIGNUP . - - - - Bāreņiem likvidētas - - - -- SafeBoot-procexp90.Sys . ------- Papildu Scan ------- . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet iestatījumi ProxyOverride = <local>; *. vietējās uInternet iestatījumi ProxyServer = http = localhost: 7.171 IE: E & ksportēt uz Microsoft Excel - c: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000 Trusted Zona: microsoft.com \ update Trusted Zona: microsoft.com \ windowsupdate FF - ProfilePath - c: \ users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net Rootkit scan 2009/05/24 04:54 Windows 6.0.6001 Service Pack 1 NTFS skenēšana slēptās procesi ... skenēšana slēptās palaišana ieraksti ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ drivers \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? skenēšana slēptos failus ... scan sekmīgi pabeigta slēptos failus: 0 ************************************************** ************************ . --------------------- Bloķēt reģistra atslēgas --------------------- [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Denied: () (lietotāji) @ Denied: () (ikviens) @ Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = DWORD: 00000000 . Pabeigšanas laiks: 2009/05/24 4:55 ComboFix-karantīnā-files.txt 2009/05/24 08:55 Pre-Run: 173.756.547.072 bytes free Post-Run: 173.859.581.952 bytes free 269 --- EOF --- 2009/05/17 10:04 ADD Remove Programs Microsoft Office Shared MUI (Angļu) 2007 Microsoft Office Shared Setup Metadata MUI (Angļu) 2007 Microsoft Office Word MUI (Angļu) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2.008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 skaļrunis Modem Mozilla Firefox (3.0.10) MSXML 4,0 SP2 (KB936181) MSXML 4,0 SP2 (KB941833) MSXML 4,0 SP2 (KB954430) MSXML 4,0 SP2 Parser un SDK Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 NTI Open File Manager (noņemt tikai) NVIDIA Drivers OfotoXMI OLYMPUS Master 2 OLYMPUS muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Drošības atjauninājums Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition paskaidres Turbo Pizza Atjauninājums Microsoft Office 2007 System (KB967642) Atjauninājums Microsoft Office 2007 Palīdzība kopīgās iezīmes (KB963673) Microsoft Office Excel 2007 Palīdzība (KB963678) Microsoft Office OneNote 2007 Palīdzība (KB963670) Atjauninājums Microsoft Office PowerPoint 2007 Palīdzība (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Microsoft Office Word 2007 Palīdzība (KB963665) VPRINTOL Windows Live OneCare drošības pārbaudes rīks WinPatrol 2.009 WIRELESS Zuma Deluxe EDIT: Vēl trīs jautājumi: es pamanīju limewire DLL, mēs varam nogalināt, ka? Kaut LTI ir likumīga programmu, tas ir vajadzīgs? Es domāju, ka tā nāca komplektā ar šo stulba Acer dators (man viņi slodze šīm lietām līdzi junk), un tiek atlaisti ar iebūvētu Microsoft programmas. LT Kaķi, ir uzcelta spiegprogrammatūru no lprinter ražotāja Lenmark. Es domāju, I got it piemērotām detaļām, bet tajos es nebiju pārliecināts, cik daudz cirvis bez invaliditāti printeri. Vai vēl iet, vai ir tas, kas ir palicis naudas? |
|
#4
Maijs 24, 2009, 04:03
| |||
| |||
| Windows Vista nav Update Hi Bubba Lūdzu, dont play with HJT, ja jūs saprotat par to darbības principiem. Jums jāatceras, ka HJT ir spēkā reģistra redaktoru instrumentu citā kontekstā. Es ienīstu jūs pārvērst datoru stājas dārgs namdurvīm! Divas 02 ieraksti, kas izdzēsāt ir legit, lai gan tas sniedz failu kā trūkst tas ne vienmēr gadījumā. HJT ir zināms, ka misreport dažus ierakstus. Attiecībā uz limewire, jūs esat atinstalēt to, izmantojot vadības paneli? Ja jā, tad mēs varam flush pāris daudz lieka posteņiem, kas ir palikuši pāri. Es redzu dažus vārdus, kas attiecas uz Norton, bija datora šo komplektu vienā reizē? Lūdzu palaist norton noņemšanas līdzeklis, lai attīrītu no reminants. Jūs varat atrast rīks šeit: Norton Removal Tool Kad izdarīts ...... Combofix
Quote:
 Saglabāt kā CFScript.txtJo tajā pašā vietā kā ComboFix.exe  Atsaucoties uz attēlu augstāk, velciet CFScript onto ComboFix.exe. Kad pabeigts, tas rada žurnāls ar jums "C: \ ComboFix.txt" Nav mouseclick combofix loga kamēr tas darbojas. Tas var izraisīt to apstāsies. UZMANĪBU! Kāds cits domā izmantot iepriekšminēto skriptu dara to uz savu risku - Jums var nonākt no jauna instalēt Windows! Lūdzu, sūtiet log C: \ ComboFix.txt par turpmāku pārskatīšanu. ===================================== Es ievēroju, ka uninstall log tika nogriezts uz augšu, jūs varat nepārpublicējiet to me please. Arī ved mani updated on kāda ir sistēma gudrs
__________________ Lepoties biedrs ASAP & UNITE |
|
#5
Maijs 24, 2009, 04:53
| |||
| |||
| Windows Vista nav Update Limewire nerādīs atbalstīts programmu un funkciju panelis atinstalēt. failus uz "Run", tas man tika konstatēti app failus, nevis exe, tāpēc es trudged ar C disku, un tie jāizdzēš viss, ko es varētu atrast. Es redzu Es nokavēju vismaz viens reģistra though. Kas attiecas uz Norton ........ yeah, Acer ielādes izmēģinājuma versiju. Es atinstalēt to caur kontroles paneli un tad izmanto Norton Removal Tool. (Tas bija pirmā lieta, ko es izdarīju, pat pirms es ielādes Spybot, Winpatrol un pārējo stuff.) Kad es biju iet caur C diska failus es tur atrast vairāk paliekas Norton un izdzēst tos kā man gāja. Tā nekad nav noticis man palaist to no jauna, bet es to darīt tagad. LOL Šos trīs failus Combofix bija trīs man visvairāk ieinteresēti. Nav jābūt proxy uzņēmējas, ne arī es domāju, ka profili ir bloķēta pret visiem. Bet man nav pētīta Combofix vēl, kas ir iemesls, kāpēc es neizmantoja pats, kā, piemēram, es biju clueless par to, ko darīt ar šiem trim, vai pat, ja viņi faktiski bija "slikta". Atvainojiet par griešana galvas atinstalēt žurnālā, kas ir muļķīgs ir paskatījos uz to divas reizes, jo tas nebija noteikšanu, un neatbildēto mana kļūda abas reizes. EDIT: un es vēl aizmirsu post to: 2007 Microsoft Office Suite Service Pack 2 (SP2) Acer Arcade Live Main Page Acer Empowering Technology ACER ePerformance Management ACER eSettings Management Acer GameZone Console DTV 2.0.1.1 ACER Reģistrācija Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.1.1 Adobe Shockwave Player 11,5 Agatha Christie Nāve uz Nīlas Alice Greenfingers Apple Mobile Device Support Apple Software Update ArcSoft Print Creations ArcSoft Drukāt Creations - Album Page ArcSoft Drukāt Creations - Funhouse ArcSoft Drukāt Creations - apsveikuma Card ArcSoft Drukāt Creations - Foto Book ArcSoft Drukāt Creations - Foto Calendar ArcSoft Drukāt Creations - Īsu paziņojumu albums ArcSoft Drukāt Creations - SLIMLINE Card Avast! Antivirus Azada Backspin Billiards Big Kahuna Reef Bonjour Grāmatu tārps Deluxe Bricks of Egypt Cake Mania CCScore Chicken Invaders 3 Chuzzle Diner Dash Flo uz lapas Dzēšgumija ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSTOOLS essvatgt Flip Words 2 HijackThis 2.0.2 Labojumfaila Microsoft. NET Framework 3.5 SP1 (KB953595) Labojumfaila Microsoft. NET Framework 3.5 SP1 (KB958484) iTunes Java (TM) 6 Update 13 Jewel Quest Solitaire kgcbaby kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday Kick N Rush Kodak EasyShare programmatūra KODAK Galerija Upload Software Lexmark 4.300 Series Mahjong Escape Senā Ķīna Mahjongg artifacts Malwarebytes "Anti-Malware Memorex exPressit Label Design Studio Microsoft. NET Framework 3.5 SP1 Microsoft Office Excel MUI (Angļu) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (Angļu) 2007 Microsoft Office PowerPoint MUI (Angļu) 2007 Microsoft Office Proof (Angļu) 2007 Microsoft Office Proof (Franču) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Angļu) 2007 Microsoft Office Shared MUI (Angļu) 2007 Microsoft Office Shared Setup Metadata MUI (Angļu) 2007 Microsoft Office Word MUI (Angļu) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2.008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 skaļrunis Modem Mozilla Firefox (3.0.10) MSXML 4,0 SP2 (KB936181) MSXML 4,0 SP2 (KB941833) MSXML 4,0 SP2 (KB954430) MSXML 4,0 SP2 Parser un SDK Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 NTI Open File Manager (noņemt tikai) NVIDIA Drivers OfotoXMI OLYMPUS Master 2 OLYMPUS muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Drošības atjauninājums Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition paskaidres Turbo Pizza Atjauninājums Microsoft Office 2007 System (KB967642) Atjauninājums Microsoft Office 2007 Palīdzība kopīgās iezīmes (KB963673) Microsoft Office Excel 2007 Palīdzība (KB963678) Microsoft Office OneNote 2007 Palīdzība (KB963670) Atjauninājums Microsoft Office PowerPoint 2007 Palīdzība (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Microsoft Office Word 2007 Palīdzība (KB963665) VPRINTOL Windows Live OneCare drošības pārbaudes rīks WinPatrol 2.009 WIRELESS Zuma Deluxe |
|
#6
Maijs 24, 2009, 05:58
| |||
| |||
| Windows Vista nav Update Hi there Bubba Paldies par atjaunināto uninstall sarakstu - jūs varat pēc jaunā combofix log man, kā prasīts. Quote:
Attiecībā LTCats: No tā, ko es varu pateikt tas ir derīgs ieraksts, bet ir klasificēta kā "lietotāja izvēles" par to, vai tā darbojas uzsākšanai Attiecībā limewire: Es redzu pāris ierakstus, kas joprojām pastāv, taču mēs varam ge tos ar nākamo palaist no combofix
__________________ Lepoties biedrs ASAP & UNITE |
|
#7
Maijs 24, 2009, 07:03
| |||
| |||
| Windows Vista nav Update Sakta, dators aizvērti un slēgti, kā tas izskatījās kā Combofix gatavojās pabeigt līdz. Tā rebooted un es izvēlējos safemode. Es nedomāju, ka tas radīja žurnālā, bet es nezinu, for sure. Šeit ir Microsoft uznirstošo logu. Logi ir atguvusies no negaidītas izslēgšanu. Problem signature: Problem Event Name: Blue Screen OS Version: 6.0.6001.2.1.0.768.3 Locale ID: 1033 Papildu informācija par problēmu: BCCODE: 50 BCP1: E0858E9B BCP2: 00000000 BCP3: 9B9D2D10 BCP4: 00.000.002 OS Version: 6_6_6001 Service Pack: 1_0 PRODUKTS: 768_1 FILES kas apraksta problēmu: C \ Windows \ minidump \ mini052409-01.dmp C \ Users \ Shirley \ appdata \ temp \ wer-85.644-0.systemdata.xml C \ Users \ Shirley \ appdata \ Local \ Temp \ WERC6C7.tmp.ver sion.txt Es esmu pa kreisi, ka dators uz šī ekrāna safemode. Ko tu gribi ar to darīt? Es esmu atstājot to safemode, kamēr es dzirdu kaut ko, man iet filma tagad būt atpakaļ aptuveni 3 stundas. Man tas ir jauki strādā kāds cits datorā, tāpēc man ir raktuves, joprojām saņemt palīdzību šeit. EDIT: Man nav mēģinājis, bet es esmu pārliecināts, ka es varētu saņemt šo safemode failus, ja jums nepieciešams zināt, ko viņi saka, bet es arī nezinu, kā atvērt XML failu. |
|
#8
Maijs 24, 2009, 07:11
| |||
| |||
| Windows Vista nav Update Hi Bubba Izmēģiniet rebooting un paskatīties, vai zābaki veiksmīgi atkal, ja nemēģinātu nospiežot F8, lai piekļūtu boot ekrāna palaišanas un izvēlieties iespēju Last Known Good Configuration.
__________________ Lepoties biedrs ASAP & UNITE |
|
#9
Maijs 24, 2009, 07:50
| |||
| |||
| Windows Vista nav Update Tā booted un tur bija ComboFix2 log tur ir diezgan identisks pirmā, bet pastāv 10:04 laikspiedolu atsaucoties uz karantīnas log. Quarentine log ir tukšs. Šeit ir lietas, es nezinu, vai tā ir pilnīga, vai ko jūs vēlaties. Tagad man ir sadalīt. ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Sākot no: c: \ users \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy * invalīdiem * (Novecojušas) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware * invalīdiem * (papildināts) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: Windows Defender * ļāva * (papildināts) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( Faili Created no 2009/04/24 līdz 2009-05-24 ))))))))))) )))))))))))))))))))) . 2009/05/22 23:57. 2009/05/24 08:40 117.760 ---- aw c: \ users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009/05/22 23:56. 2009/05/22 23:56 -------- d ----- wc: \ programdata \ SUPERAntiSpyware.com 2009/05/22 23:52. 2009/05/22 23:52 -------- d ----- wc: \ Program Files \ SUPERAntiSpyware 2009/05/22 23:52. 2009/05/22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com 2009/05/22 20:36. 2009/05/22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard 2009/05/22 15:06. 2009/02/05 20:06 51.376 ---- aw c: \ windows \ system32 \ drivers \ aswTdi.sys 2009/05/22 15:06. 2009/02/05 20:06 23.152 ---- aw c: \ windows \ system32 \ drivers \ aswRdr.sys 2009/05/22 15:06. 2009/02/05 20:07 114.768 ---- aw c: \ windows \ system32 \ drivers \ aswSP.sys 2009/05/22 15:06. 2009/02/05 20:07 20.560 ---- aw c: \ windows \ system32 \ drivers \ aswFsBlk.sys 2009/05/22 15:06. 2009/02/05 20:04 97.480 ---- aw c: \ windows \ system32 \ AvastSS.scr 2009/05/22 15:06. 2009/02/05 20:11 1.256.296 ---- aw c: \ windows \ system32 \ aswBoot.exe 2009/05/22 15:06. 2009/02/05 20:06 51.792 ---- aw c: \ windows \ system32 \ drivers \ aswMonFlt.sys 2009/05/22 15:06. 2009/05/22 15:06 -------- d ----- wc: \ Program Files \ Alwil Software 2009/05/22 04:38. 2009/05/22 04:38 738.120 ---- aw c: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll 2009/05/20 12:43. 2008/06/20 01:14 97.800 ---- aw c: \ windows \ system32 \ infocardapi.dll 2009/05/20 12:43. 2008/06/20 01:14 105.016 ---- aw c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009/05/20 12:43. 2008/06/20 01:14 11.264 ---- aw c: \ windows \ system32 \ icardres.dll 2009/05/20 12:43. 2008/06/20 01:14 622.080 ---- aw c: \ windows \ system32 \ icardagt.exe 2009/05/20 12:43. 2008/06/20 01:14 43.544 ---- aw c: \ windows \ system32 \ PresentationHostProxy.dll 2009/05/20 12:43. 2008/06/20 01:14 781.344 ---- aw c: \ windows \ system32 \ PresentationNative_v0300.dll 2009/05/20 12:43. 2008/06/20 01:14 326.160 ---- aw c: \ windows \ system32 \ PresentationHost.exe 2009/05/20 12:33. 2008/07/27 18:03 96.760 ---- aw c: \ windows \ system32 \ dfshim.dll 2009/05/20 12:33. 2008/07/27 18:03 282.112 ---- aw c: \ windows \ system32 \ mscoree.dll 2009/05/20 12:33. 2008/07/27 18:03 41.984 ---- aw c: \ windows \ system32 \ netfxperf.dll 2009/05/20 12:32. 2008/07/27 18:03 158.720 ---- aw c: \ windows \ system32 \ mscorier.dll 2009/05/20 12:32. 2008/07/27 18:03 83.968 ---- aw c: \ windows \ system32 \ mscories.dll 2009/05/20 11:39. 2009/05/20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight 2009/05/20 04:03. 2009/05/20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Safety Center 2009/05/19 23:20. 2009/05/19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV burvis 2009/05/19 23:10. 2009/05/19 23:10 -------- d ----- wc: \ windows \ Sun 2009/05/19 20:40. 2009/05/19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009/05/19 20:40. 2009/05/19 11:41 38.200 ---- aw c: \ users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ bin \ airapp ... pinstaller.exe 2009/05/19 18:24. 2009/05/24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Dzēšgumija 2009/05/19 18:24. 2009/05/19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009/05/19 18:24. 2009/05/19 18:24 -------- d ----- wc: \ Program Files \ Dzēšgumija 2009/05/19 17:20. 2009/05/19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi 2009/05/19 17:11. 2008/07/10 06:32 538 ---- aw c: \ windows \ system32 \ RegRaidSedona.bat 2009/05/19 17:07. 2009/05/19 17:07 -------- d ----- w C: \ NVIDIA 2009/05/19 14:04. 2009/05/19 14:05 -------- d ----- wc: \ Program Files \ Spybot - Search & Destroy 2009/05/19 14:04. 2009/05/19 14:05 -------- d ----- wc: \ programdata \ Spybot - Search & Destroy 2009/05/19 13:01. 2009/05/19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol 2009/05/19 13:01. 2006/09/18 21:43 10 ---- aw c: \ users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys 2009/05/19 13:01. 2006/09/18 21:43 24 ---- aw c: \ users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009/05/19 13:01. 2009/05/19 13:01 -------- d ----- wc: \ Program Files \ BillP Studios 2009/05/19 12:26. 2009/05/19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes 2009/05/19 12:26. 2009/04/06 19:32 15.504 ---- aw c: \ windows \ system32 \ drivers \ mbam.sys 2009/05/19 12:26. 2009/04/06 19:32 38.496 ---- aw c: \ windows \ system32 \ drivers \ mbamswissarmy.sys 2009/05/19 12:26. 2009/05/19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes "Anti-Malware 2009/05/19 12:26. 2009/05/19 12:26 -------- d ----- wc: \ programdata \ Malwarebytes 2009/05/19 11:53. 2009/05/19 11:53 0 ---- aw c: \ windows \ nsreg.dat 2009/05/19 11:53. 2009/05/19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla 2009/05/19 11:41. 2009/05/19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR 2009/05/19 11:38. 2009/05/19 12:45 -------- d ----- wc: \ programdata \ NOS 2009/05/19 11:29. 2009/05/19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Seven Zip 2009/05/19 10:41. 2009/03/19 20:32 23.400 ---- aw c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys 2009/05/19 10:41. 2008/04/17 16:12 107.368 ---- aw c: \ windows \ system32 \ GEARAspi.dll 2009/05/19 10:41. 2009/05/20 01:10 -------- d ----- wc: \ Program Files \ iPod 2009/05/19 10:41. 2009/05/19 10:41 -------- d ----- wc: \ programdata \ (8CD7F5AF-ECFA-4.793-BF40-D8F42DBFF906) 2009/05/19 10:41. 2009/05/19 10:41 -------- d ----- wc: \ Program Files \ iTunes 2009/05/19 10:38. 2009/05/19 10:38 -------- d ----- wc: \ Program Files \ QuickTime 2009/05/19 10:34. 2009/05/19 10:34 75.048 ---- aw c: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009/05/19 10:34. 2009/05/19 10:34 -------- d ----- wc: \ Program Files \ Bonjour 2009/05/19 10:33. 2009/05/19 10:33 416.128 ---- aw c: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow se \ NetTVResources.dll 2009/05/19 10:29. 2009/05/19 10:29 410.984 ---- aw c: \ windows \ system32 \ deploytk.dll 2009/05/12 02:36. 2009/05/12 02:36 2.930 --- h - wc: \ windows \ ms49f4d98.dat 2009/05/11 23:55. 2009/04/14 00:39 4.656.976 ---- aw c: \ programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009/05/24 08:39. 2009/02/17 13:54 602 ---- aw c: \ programdata \ ArcSoft \ Kodak-printcreations-22-080.812-OEM \ acforall.dll 2009/05/24 04:22. 2008/09/12 01:46 -------- d ----- wc: \ Program Files \ Google 2009/05/20 11:55. 2008/09/11 17:01 104.472 ---- aw c: \ users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009/05/20 11:51. 2008/02/05 19:30 -------- d ----- wc: \ programdata \ Microsoft Help 2009/05/20 11:49. 2008/02/05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works 2009/05/20 03:54. 2008/09/12 14:01 -------- d ----- wc: \ Program Files \ Lx_cats 2009/05/20 00:42. 2008/02/05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe 2009/05/19 23:28. 2008/02/05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information 2009/05/19 23:27. 2008/02/05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live 2009/05/19 23:20. 2008/09/15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ CyberLink 2009/05/19 21:38. 2008/09/12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Shared 2009/05/19 21:04. 2008/09/12 14:09 1.664 ---- aw c: \ users \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009/05/19 17:29. 2009/03/04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony 2009/05/19 17:20. 2008/02/05 19:22 -------- d ----- wc: \ programdata \ NVIDIA 2009/05/19 16:54. 2008/02/05 18:03 36.864 ---- aw c: \ windows \ system32 \ nvcod100.dll 2009/05/19 16:54. 2007/10/25 11:02 147.456 ---- aw c: \ windows \ system32 \ nvcolor.exe 2009/05/19 16:13. 2008/09/12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ limewire 2009/05/19 11:32. 2008/02/05 20:08 -------- d ----- wc: \ Program Files \ Yahoo! 2009/05/19 11:05. 2008/09/12 01:45 -------- d ----- wc: \ Program Files \ Java 2009/05/19 10:41. 2008/09/13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple 2009/05/19 10:38. 2008/09/13 03:15 -------- d ----- wc: \ programdata \ Apple Computer 2009/05/11 12:10. 2009/05/11 12:10 78.260 ---- aw c: \ programdata \ SPL23D4.tmp 2009/04/17 10:12. 2006/11/02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail 2009/04/02 22:13. 2009/04/02 22:13 702.127 ---- aw c: \ programdata \ SPLFB91.tmp 2009/03/19 20:32. 2009/03/19 20:32 23.400 ---- aw c: \ programdata \ (8CD7F5AF-ECFA-4.793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009/03/17 03:38. 2009/04/17 05:22 13.824 ---- aw c: \ windows \ system32 \ apilogen.dll 2009/03/17 03:38. 2009/04/17 05:22 24.064 ---- aw c: \ windows \ system32 \ amxread.dll 2009/03/08 11:34. 2009/05/20 03:47 914.944 ---- aw c: \ windows \ system32 \ Wininet.dll 2009/03/08 11:34. 2009/05/20 03:47 43.008 ---- aw c: \ windows \ system32 \ licmgr10.dll 2009/03/08 11:33. 2009/05/20 03:47 18.944 ---- aw c: \ windows \ system32 \ corpol.dll 2009/03/08 11:33. 2009/05/20 03:47 109.056 ---- aw c: \ windows \ system32 \ iesysprep.dll 2009/03/08 11:33. 2009/05/20 03:47 109.568 ---- aw c: \ windows \ system32 \ PDMSetup.exe 2009/03/08 11:33. 2009/05/20 03:47 107.520 ---- aw c: \ windows \ system32 \ RegisterIEPKEYs.exe 2009/03/08 11:33. 2009/05/20 03:47 103.936 ---- aw c: \ windows \ system32 \ SetDepNx.exe 2009/03/08 11:33. 2009/05/20 03:47 132.608 ---- aw c: \ windows \ system32 \ ieUnatt.exe 2009/03/08 11:33. 2009/05/20 03:47 107.008 ---- aw c: \ windows \ system32 \ SetIEInstalledDate.exe 2009/03/08 11:33. 2009/05/20 03:47 420.352 ---- aw c: \ windows \ system32 \ vbscript.dll 2009/03/08 11:32. 2009/05/20 03:47 72.704 ---- aw c: \ windows \ system32 \ admparse.dll 2009/03/08 11:32. 2009/05/20 03:47 71.680 ---- aw c: \ windows \ system32 \ iesetup.dll 2009/03/08 11:32. 2009/05/20 03:47 66.560 ---- aw c: \ windows \ system32 \ wextract.exe 2009/03/08 11:32. 2009/05/20 03:47 169.472 ---- aw c: \ windows \ system32 \ iexpress.exe 2009/03/08 11:31. 2009/05/20 03:47 34.816 ---- aw c: \ windows \ system32 \ imgutil.dll 2009/03/08 11:31. 2009/05/20 03:47 48.128 ---- aw c: \ windows \ system32 \ mshtmler.dll 2009/03/08 11:31. 2009/05/20 03:47 45.568 ---- aw c: \ windows \ system32 \ mshta.exe 2009/03/08 11:22. 2009/05/20 03:47 156.160 ---- aw c: \ windows \ system32 \ msls31.dll 2009/03/03 04:46. 2009/04/17 05:22 3.599.328 ---- aw c: \ windows \ system32 \ Ntkrnlpa.exe 2009/03/03 04:46. 2009/04/17 05:22 3.547.632 ---- aw c: \ windows \ system32 \ ntoskrnl.exe 2009/03/03 04:39. 2009/04/17 05:22 183.296 ---- aw c: \ windows \ system32 \ sdohlp.dll 2009/03/03 04:39. 2009/04/17 05:22 551.424 ---- aw c: \ windows \ system32 \ rpcss.dll 2009/03/03 04:39. 2009/04/17 05:22 26.112 ---- aw c: \ windows \ system32 \ printfilterpipelineprxy.dll 2009/03/03 04:37. 2009/04/17 05:22 98.304 ---- aw c: \ windows \ system32 \ iasrecst.dll 2009/03/03 04:37. 2009/04/17 05:22 54.784 ---- aw c: \ windows \ system32 \ iasads.dll 2009/03/03 04:37. 2009/04/17 05:22 44.032 ---- aw c: \ windows \ system32 \ iasdatastore.dll 2009/03/03 03:04. 2009/04/17 05:22 666.624 ---- aw c: \ windows \ system32 \ printfilterpipelinesvc.exe 2009/03/03 02:38. 2009/04/17 05:22 17.408 ---- aw c: \ windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008/01/21 125.952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008/11/07 95.536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008/01/21 202.240] "Eraser" = "C: \ Program Files \ Dzēšgumija \ Eraser.exe" [2007/12/22 916.240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009/05/14 1.830.128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007/12/30 34.552] "Acer Empowering Technology Monitor" = "c: \ acer \ Empowering Technology \ SysMonitor.exe" [2008/01/10 326.176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007/02/02 630.784] "Acer Reģistrācija" = "C: \ Program Files \ Acer Reģistrācija \ ACE1.exe" [2007/10/15 3.387.392] "NVRaidService" = "C: \ Windows \ system32 \ nvraidservice. Exe" [2008/11/12 203.296] "LXCECATS" = "C: \ Windows \ system32 \ spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007/02/22 73.728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4.300 Sērija \ lxcemon.exe" [2007/05/17 205.744] "EzPrint" = "C: \ Program Files \ Lexmark 4.300 Sērija \ ezprint.exe" [2007/05/17 103.344] "ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009/04/29 188.728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009/01/05 413.696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009/04/02 342.312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009/05/19 148.888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9,0 \ Reader \ Reader_sl.exe" [2009/02/27 35.696] "WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009/04/20 337.216] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2009/01/16 13.683.232] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2009/01/16 92.704] "Avast!" = "C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009/02/05 81.000] "RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007/10/11 4.702.208] c: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ Empowering Technology Launcher.lnk - c: \ acer \ Empowering Technology \ eAPLauncher.exe [2008/2/5 535.336] Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare SOFTWARE \ bin \ EasyShare.exe [2008/10/30 282.624] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ SYSTEM] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008/05/13 77.824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon] 2008/12/22 16:05 356.352 ---- aw c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring] "DisableMonitoring" = DWORD: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = DWORD: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = DWORD: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules] "(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: c: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote "(ADE9CF49-7A0E-4.076-9B85-7648EC5E7736)" = TCP: c: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote "(6299EEE5-1.856-4B10-9.916-798B1C1AEF89)" = UDP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(948000F3-8.719-4.206-B4C5-6506B663184F)" = TCP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(CA5E49E2-2.662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: c: \ Windows \ System32 \ lxcecoms.exe: Lexmark sakaru sistēma "(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: c: \ Windows \ System32 \ lxcecoms.exe: Lexmark sakaru sistēma "(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: c: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: c: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = c: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live "(7A37205C-E643-4.464-8C27-FAFCC859102D)" = UDP: c: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote "(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: c: \ Program Files \ Microsoft Office \ Office12 \ OneNote.exe: Microsoft Office OneNote "(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: c: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: c: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: c: \ Program Files \ iTunes \ iTunes.exe: iTunes "(F6A110DE-6.630-4.823-B892-60950EB9ED71)" = TCP: c: \ Program Files \ iTunes \ iTunes.exe: iTunes "(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: c: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(6CC4A3BE-8F00-4.983-B199-3050D54509B8)" = TCP: c: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: c: \ Program Files \ Malwarebytes "Anti-Malware \ mbam.exe: Malwarebytes" Anti-Malware "(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: c: \ Program Files \ Malwarebytes "Anti-Malware \ mbam.exe: Malwarebytes" Anti-Malware "(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: c: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: c: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(918FE1A4-6.957-4.640-97D9-C85BED212614)" = UDP: c: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D "(877DB07F-9.298-486A-BB5B-930AF3A683AA)" = TCP: c: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D "(5A664831-D250-4.805-BB75-32612C9742F8)" = UDP: c: \ windows \ ehome \ ehshell.exe: Windows Media Center "(2A157C0E-5.966-4B7E-8D49-178D75EA6009)" = TCP: c: \ windows \ ehome \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP; Avast! Pašaizsardzībai, c: \ Windows \ System32 \ drivers \ aswSP.sys [5/22/2009 11:06 114.768] R1 FAMv4; FAMv4 c: \ Windows \ System32 \ drivers \ FAMv4.sys [12/14/2007 3:35 132.120] R1 SASDIFSV; SASDIFSV c: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 9.968] R1 SASKUTIL; SASKUTIL c: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 72.944] R2 aswFsBlk; aswFsBlk c: \ Windows \ System32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 20.560] R2 aswMonFlt; aswMonFlt c: \ Windows \ System32 \ drivers \ kā wMonFlt.sys [5/22/2009 11:06 51.792] R2 BUNAgentSvc; NTI Backup Now 5 Agent dienests c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 21.752] R2 NTIBackupSvc; NTI Backup Now 5 Backup dienests c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 54.520] R2 NTISchedulerSvc; NTI Backup Now 5 Scheduler Service, c: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 136.440] R2 SBSDWSCService; SBSD Security Center Service; c: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 1.153.368] R3 SASENUM; SASENUM c: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 7.408] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aktīvās setup \ uzstādītas sastāvdaļas \> (60B49E34-C7CC-11D0-8.953-00A0C90347FF)] "C: \ Windows \ System32 \ rundll32.exe" "C: \ Windows \ System32 \ iedkcs32.dll" BrandIEActiveSe auns SIGNUP . - - - - Bāreņiem likvidētas - - - -- SafeBoot-procexp90.Sys . ------- Papildu Scan ------- . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet iestatījumi ProxyOverride = <local>; *. vietējās uInternet iestatījumi ProxyServer = http = localhost: 7.171 IE: E & ksportēt uz Microsoft Excel - c: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000 Trusted Zona: microsoft.com \ update Trusted Zona: microsoft.com \ windowsupdate FF - ProfilePath - c: \ users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net Rootkit scan 2009/05/24 04:54 Windows 6.0.6001 Service Pack 1 NTFS skenēšana slēptās procesi ... skenēšana slēptās palaišana ieraksti ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ drivers \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? skenēšana slēptos failus ... scan sekmīgi pabeigta slēptos failus: 0 ************************************************** ************************ . --------------------- Bloķēt reģistra atslēgas --------------------- [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Denied: () (lietotāji) @ Denied: () (ikviens) @ Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = DWORD: 00000000 . Pabeigšanas laiks: 2009/05/24 4:55 ComboFix-karantīnā-files.txt 2009/05/24 08:55 Pre-Run: 173.756.547.072 bytes free Post-Run: 173.859.581.952 bytes free 269 --- EOF --- 2009/05/17 10:04 EDIT: Nē, ātri salīdzināt pirmais, es domāju, ka tas ir identisks. |
|
#10
Maijs 24, 2009, 10:38
| |||
| |||
| Windows Vista nav Update Hi Bubba, Quote:
Pašreizējā žurnālu var atrast C: / combofix.txt.
__________________ Lepoties biedrs ASAP & UNITE |
 |
 |
| Bookmarks |
Similar Threads | ||||
| Pavediens | Thread Starter | Forums | Replies | Last Post |
| Vista atjauninājums Pieturvietas Windows no Booting | mrdaveyk | Windows Operating Systems | 1 | 8 oktobris 2009 02:27 |
| Windows Vista Will Not Update | gamiseta | Windows Operating Systems | 6 | 4 februāris 2009 11:44 |
| Windows Vista Update problēmas - KB36330 - KB950759 | katiecoos | Windows Operating Systems | 3 | 18 jūnijs 2008 16:08 |
| Windows Vista Update Error | robina80 | Windows Operating Systems | 1 | 12 jūnijs 2008 09:09 |
| Vista Windows Update | Lubu romāns | Windows Operating Systems | 1 | 13 janvāris 2008 11:26 |
| Thread Tools | |
| |
