Ryšio problemos

**rocker9455** · #1 Lapkritis 5, 2008, 12:37

Labas,
Man buvo pasakyta, kad po svetimą šį serverguy LOGFILE iš šio pranešimo:
http://www.computer-juice.com/forums...998/ # post90830

Štai jis:
Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 19:36:22, on 05/11/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Nepavyko gauti "Internet Explorer versija!
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ PeerGuardian2 \ pg2.exe
C: \ Program Files \ POP Lūrētājs \ POPPeeper.exe
C: \ Program Files \ uTorrent \ utorrent.exe
C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ update \ GoogleUpdate.exe
C: \ Program Files \ filehippo.com \ UpdateChecker.exe
C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program Files \ CalcFire \ CalcFire.exe
C: \ Program Files \ FreshIP \ FreshIP.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = *. vietos
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Click-to-Call BHO - (5C255C8A-E604-49b4-9D64-90988571CECB) - C: \ Program Files \ Windows Live \ Messenger \ wlchtc.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ dislokuoti \ jqs \ ty \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [SiSPower] RUNDLL32.EXE SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [egui] "C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe" / paslėpti / waitservice
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [PeerGuardian] C: \ Program Files \ PeerGuardian2 \ pg2.exe
O4 - HKCU \ .. \ Run: [pop Lūrētājs] "C: \ Program Files \ POP Lūrētājs \ POPPeeper.exe"-min
O4 - HKCU \ .. \ Run: [μTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [uTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [Google Update] C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ update \ GoogleUpdate.exe "/ c
O4 - HKCU \ .. \ Run: [filehippo.com] "C: \ Program Files \ filehippo.com \ UpdateChecker.exe" / background
O4 - HKCU \ .. \ Run: [AnyDVD] C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_3] rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C, 4, N (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'Default user')
O4 - Startup: CalcFire.lnk = C: \ Program Files \ CalcFire \ CalcFire.exe
O4 - Startup: FreshIP.lnk = C: \ Program Files \ FreshIP \ FreshIP.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Apribojimai pateikti
O6 - HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Apribojimai pateikti
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 1 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Pradžia Prefiksas:
O13 - Mosaic Prefiksas:
O13 - FTP Prefiksas
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe

--
End of file - 5.869 baitų

**evilfantasy** · #2 Lapkritis 5, 2008, 15:27

Atsisiųsti Malwarebytes 'Anti-Malware (MBAM)

Dukart spustelėkite mbam-setup.exe ir vykdykite ekrane pateikiamas instrukcijas įdiegti programą.
Pabaigoje, įsitikinkite, kad žymės yra dedamas šalia taip:
- Atnaujinti Malwarebytes 'Anti-Malware
- Raketa Malwarebytes 'Anti-Malware
Tada spustelėkite Apdaila.
Jeigu atnaujinimas yra nustatyta, tai atsisiųskite ir įdiekite naujausią versiją.
Kai programa paleista, pasirinkite Atlikti greitai nuskaito, Tada Scan.
Kai nuskaitymas bus baigtas, paspauskite Gerai, Tada Rodyti rezultatus peržiūrėti rezultatus.
Būkite tikri, kad viskas yra patikrinta, ir paspauskite Pašalinti pažymėtus.
Jeigu dezinfekavimo užbaigimo, žurnalas bus atidaryta "Notepad" ir jūs galite būti raginami iš naujo paleisti. (Žr. Ekstra pastaba)
Prisijungti automatiškai išgelbėti MBAM ir gali būti peržiūrėti paspaudę Įrašai kortelėje MBAM.
Nukopijuokite ir įklijuokite visą ataskaitą į kitą atsakymą.

Papildomos pastabos: Jei MBAM susitikimai failą, kurį sunku pašalinti, jums bus pateikiamas kartu su 1, 2 ekrane, spustelėkite Gerai, kad nors ir tegul MBAM elgtis su dezinfekavimo procesą, jei paprašys perkrauti kompiuterį, prašome tai padaryti nedelsiant.

**rocker9455** · #3 Lapkritis 6, 2008, 01:01

Malwarebytes 'Anti-Malware 1,30
Duomenų bazės versija: 1368
Windows 5.1.2600 Service Pack 2

06/11/2008 07:44:27
mbam-log-2008-11-06 (07-44-27). Txt

Scan Type: Quick Scan
Objektai nuskaitomi: 43.086
Praėjo: 3 minute (s) 25 second (s)

Atminties procesai Infected: 0
Atminties moduliai Infected: 0
Registro raktus Infected: 0
Vertybių registrą Infected: 0
Registro duomenų elementų Infected: 3
Katalogai Infected: 0
Infected files: 1

Atminties procesai Infected:
(Nr. kenksminga daiktų aptikti)

Atminties moduliai Infected:
(Nr. kenksminga daiktų aptikti)

Registro raktus Infected:
(Nr. kenksminga daiktų aptikti)

Vertybių registrą Infected:
(Nr. kenksminga daiktų aptikti)

Registro duomenų elementų Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Gera: (1) -> Karantinas ir sėkmingai ištrintas.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Gera: (1) -> Karantinas ir sėkmingai ištrintas.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Explorer \ Advanced \ StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Gera: (0) -> Karantinas ir sėkmingai ištrintas.

Katalogai Infected:
(Nr. kenksminga daiktų aptikti)

Failai Infected:
C: \ WINDOWS \ run32.sys (Trojan.Agent) -> Karantinas ir sėkmingai ištrintas.

**evilfantasy** · #4 Lapkritis 6, 2008, 09:35

Parsisiųsti ComboFix iki einantys iš vienos iš žemiau nuorodų. Būtinai įrašykite jį į viršų Desktop.

Link # 1
Link # 2

** Pastaba: Svarbu, kad ji yra saugomi tiesiai darbalaukyje

Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt) prieš pradedant ComboFix.

Laikinai daryti nepajėgų tavo AntivirusIr bet Antispyware realaus laiko apsauga prieš atlikti nuskaitymo. Spauskite šį saitą matyti saugumo programų sąrašą, kuris turėtų būti išjungtas ir kaip juos išjungti.

Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas.

Windows XP sistemos diegimo atkūrimo konsolė:

- Jei naudojate Windows XP ir dar neturite atkūrimo konsolę, įrengtas, prašome įsitikinti, kad jūsų interneto ryšys yra aktyvus (jeigu įmanoma) ir spauskite Taip.
- Jeigu dėl kažkokių priežasčių jūsų internetas yra ne darbo paspauskite Ne.
-- Jei naudojate Windows XP, jums nebus pasiūlyta.
- Kai esate raginami sutikti su EULA paspauskite Gerai.
- Priimti Microsoft EULA (Paspauskite Taip).
- Kai jūs pasakė, kad RC yra įdiegtas spustelėkite TAIP toliau nuskaitymo kenkėjiškų programų.

Baigę ComboFix gamins žurnalas Jums.
Skelbti ComboFix Prisijungti ir nauja HijackThis Jūsų kitą atsakymą.

Svarbu: Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti ją gardas.

Atminkite, kad vėl įjungti antivirusinės ir apsaugos nuo šnipinėjimo programų, kai ComboFix baigtas.

**rocker9455** · #5 Lapkritis 6, 2008, 10:56

ComboFix 08-11-05.02 - administratorius 2008-11-06 17:52:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.607 [GMT 0:00]
Veikia nuo: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
.

((((((((((((((((((((((((( Failus, sukurtus nuo 2008/10/06 iki 2008/11/06 ))))))))))) ))))))))))))))))))))
.

2008-11-06 07:59. 2008-11-06 07:59 236 - ------ C: \ sqmdata02.sqm
2008-11-06 07:59. 2008-11-06 07:59 200 - ------ C: \ sqmnoopt02.sqm
2008-11-06 07:39. 2008-11-06 07:39 236 - ------ C: \ sqmdata01.sqm
2008-11-06 07:39. 2008-11-06 07:39 200 - ------ C: \ sqmnoopt01.sqm
2008-11-05 22:36. 2008-11-05 22:36 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-11-05 22:35. 2008-11-05 22:35 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-11-05 22:35. 2008-11-05 22:35 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-11-05 22:35. 2008-10-22 16:10 38.496 - ------ c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2008-11-05 22:35. 2008-10-22 16:10 15.504 - ------ c: \ windows \ system32 \ drivers \ mbam.sys
2008-11-05 19:35. 2008-11-05 19:35 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-11-04 22:07. 2008-11-04 22:07 <DIR> d -------- C: \ Program Files \ Cabos
2008-11-04 22:07. 2008-11-04 22:07 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Shared
2008-11-04 22:07. 2008-11-04 22:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Cabos
2008-11-04 17:50. 2008-11-04 17:50 <DIR> d -------- C: \ CloneDVDTemp
2008-11-04 17:49. 2008-11-04 17:49 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Parengti baitų
2008-11-04 17:37. 2008-11-04 17:37 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SlySoft
2008-11-04 17:33. 2008-11-04 17:33 <DIR> d -------- C: \ Program Files \ Parengti baitų
2008-11-04 17:31. 2008-11-04 17:31 <DIR> d -------- C: \ Program Files \ SlySoft
2008-11-03 17:05. 2008-11-03 17:05 2.560 - ------ C: \ Windows \ _MSRSTRT.EXE
2008-11-03 17:05. 2008-11-03 17:05 236 - ------ C: \ sqmdata00.sqm
2008-11-03 17:05. 2008-11-03 17:05 200 - ------ C: \ sqmnoopt00.sqm
2008-11-03 17:04. 2008-11-03 17:05 <DIR> d -------- C: \ Program Files \ Your Uninstaller 2.008
2008-11-03 17:04. 2008-11-03 17:05 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-11-03 17:04. 2008-11-03 17:04 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ URSoft
2008-11-03 17:01. 2008-11-03 17:09 158 - ------ C: \ Windows \ nurtab.bat
2008-11-03 07:53. 2008-11-03 07:53 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ ImgBurn
2008-11-03 07:50. 2008-11-03 07:50 0 --------- C: \ Windows \ WB.ini
2008-11-02 13:19. 2008-11-02 13:36 64 - ------ C: \ Windows \ prio.ini
2008-11-01 22:23. 2008-11-01 22:23 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ vlc
2008-11-01 18:49. 2008-11-01 18:49 410.976 - ------ C: \ Windows \ system32 \ deploytk.dll
2008-11-01 11:04. 2008-11-06 07:46 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Tracing
2008-11-01 11:00. 2008-11-01 11:03 <DIR> d -------- C: \ Program Files \ Mozilla Firefox 3.1 beta 1
2008-11-01 10:59. 2008-11-01 10:59 <DIR> d -------- C: \ Program Files \ Microsoft
2008-11-01 10:57. 2008-11-01 10:58 <DIR> d -------- C: \ Program Files \ Windows Live "
2008-11-01 10:54. 2008-11-01 10:54 <DIR> d -------- C: \ Program Files \ filehippo.com
2008-11-01 10:51. 2008-11-01 10:51 <DIR> d -------- C: \ Program Files \ Common Files \ Windows Live "
2008-10-31 13:40. 2008-11-04 21:34 <DIR> d -------- C: \ Program Files \ DupeEliminator
2008-10-31 10:32. 2008-10-31 10:32 <DIR> d -------- C: \ Program Files \ Foxit Software
2008-10-30 23:21. 2008-10-30 23:21 <DIR> d -------- C: \ Windows \ Sek
2008-10-30 22:55. 2008-10-30 23:00 <DIR> d -------- C: \ Program Files \ Free Music Zilla
2008-10-30 22:55. 2008-10-30 22:59 <DIR> d -------- C: \ downloads
2008-10-30 22:55. 2008-10-30 22:55 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ FMZilla
2008-10-30 22:38. 2008-10-31 22:55 <DIR> d -------- C: \ DVDVideoSoft
2008-10-30 21:03. 2008-10-30 21:03 <DIR> d -------- C: \ Program Files \ Belkin
2008-10-30 21:03. 2005-10-03 09:49 204.800 - ------ C: \ Windows \ system32 \ UploadDLL.dll
2008-10-30 21:03. 2005-11-20 04:31 192.512 - ------ C: \ Windows \ system32 \ blkwcd.dll
2008-10-30 21:03. 2005-10-03 09:50 167.936 - ------ C: \ Windows \ system32 \ BelkinwcuiDLL.dll
2008-10-30 21:03. 2005-10-03 09:50 101.888 - ------ C: \ Windows \ system32 \ CrashRpt.dll
2008-10-30 21:03. 2005-10-03 09:49 81.920 - ------ C: \ Windows \ system32 \ brdcm2k.dll
2008-10-30 21:03. 2005-10-03 09:49 61.440 - ------ C: \ Windows \ system32 \ BelkinHWStatus.dll
2008-10-30 21:03. 2004-10-29 12:09 53.248 - ------ C: \ Windows \ system32 \ preflib.dll
2008-10-30 20:23. 2008-10-30 20:23 20.747 - ------ c: \ windows \ system32 \ drivers \ AegisP.sys
2008-10-30 20:23. 2003-07-24 12:10 17.149 - ------ C: \ Windows \ system32 \ DNINDIS5.SYS
2008-10-30 20:21. 2008-10-30 20:21 <DIR> d -------- C: \ Program Files \ DVDVideoSoft
2008-10-30 20:21. 2008-10-30 20:22 <DIR> d -------- C: \ Program Files \ Common Files \ DVDVideoSoft
2008-10-30 20:21. 2002-01-05 14:37 344.064 - ------ C: \ Windows \ system32 \ msvcr70.dll
2008-10-30 11:23. 2008-10-30 11:23 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ vsosdk
2008-10-30 09:53. 2008-11-02 16:08 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ VSO
2008-10-30 09:53. 2008-10-30 09:53 47.360 - ------ c: \ windows \ system32 \ drivers \ pcouffin.sys
2008-10-30 09:53. 2008-10-30 09:53 47.360 - ------ C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
2008-10-30 09:52. 2008-10-30 09:52 <DIR> d -------- C: \ Program Files \ VSO
2008-10-30 09:52. 2004-05-04 12:53 1.645.320 - ------ C: \ Windows \ Gdiplus.dll
2008-10-30 09:52. 2006-05-20 17:16 1.184.984 - ------ C: \ Windows \ system32 \ wvc1dmod.dll
2008-10-30 09:52. 2006-05-11 20:21 626.688 - ------ C: \ Windows \ system32 \ vp7vfw.dll
2008-10-30 09:52. 2006-09-29 13:24 217.127 - ------ C: \ Windows \ system32 \ drv43260.dll
2008-10-30 09:52. 2006-09-29 13:25 208.935 - ------ C: \ Windows \ system32 \ drv33260.dll
2008-10-30 09:52. 2006-09-29 13:26 176.165 - ------ C: \ Windows \ system32 \ drv23260.dll
2008-10-30 09:52. 2007-03-18 21:37 65.602 - ------ C: \ Windows \ system32 \ cook3260.dll
2008-10-29 14:11. 2008-10-29 15:48 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ dvdcss
2008-10-29 13:17. 2008-10-29 13:17 376 - ------ C: \ Windows \ ODBC.INI
2008-10-29 13:16. 2003-06-18 17:31 17.920 - ------ C: \ Windows \ system32 \ mdimon.dll
2008-10-29 13:13. 2008-10-29 13:13 <DIR> d -------- C: \ Program Files \ Microsoft ActiveSync
2008-10-29 13:10. 2008-10-29 13:10 <DIR> d -------- C: \ Windows \ SHELLNEW
2008-10-29 13:10. 2008-10-29 13:10 <DIR> d -------- C: \ Program Files \ Microsoft.NET
2008-10-29 13:08. 2008-10-29 13:08 <DIR> DR-h ----- C: \ MSOCache
2008-10-29 11:53. 2008-10-29 11:53 12.670 - ------ C: \ Windows \ system32 \ LexFiles.ulf
2008-10-29 11:52. 2008-10-30 09:38 <DIR> d -------- C: \ Temp \ (9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15)
2008-10-29 11:52. 2008-10-29 11:53 <DIR> d -------- C: \ Program Files \ Serija Lexmark 730
2008-10-29 11:17. 2008-10-31 13:03 <DIR> d -------- C: \ Program Files \ rankinio
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Program Files \ FreshIP
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Program Files \ Išmetiklis
2008-10-29 09:27. 2008-10-29 09:27 <DIR> d -------- C: \ Program Files \ CalcFire
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Windows \ SIS
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Program Files \ sisagp
2008-10-29 09:26. 2008-10-29 09:26 <DIR> d -------- C: \ Program Files \ SiS VGA Įvairūs V3.81
2008-10-29 09:26. 2008-10-30 21:03 <DIR> D - h ----- C: \ Program Files \ InstallShield įrengimas Informacija
2008-10-29 09:26. 2008-10-30 21:03 <DIR> d -------- C: \ Program Files \ Common Files \ InstallShield
2008-10-29 09:26. 2007-06-25 16:45 262.144 - ------ C: \ Windows \ system32 \ sistray.exe
2008-10-29 09:26. 2006-04-12 19:35 208.896 - ------ C: \ Windows \ Progress.exe
2008-10-29 09:26. 2007-06-25 16:44 135.168 --------- C: \ Windows \ system32 \ SiSApCom.dll
2008-10-29 09:26. 2007-06-25 16:46 110.592 --------- C: \ Windows \ system32 \ TVMode.dll
2008-10-29 09:26. 2007-06-29 21:04 92.761 - ------ C: \ Windows \ VGAsetup.ini
2008-10-29 09:26. 2008-10-29 09:26 78.664 - ------ C: \ Windows \ system32 \ VGAunistlog.ini
2008-10-29 09:26. 2007-06-25 16:46 65.536 --------- C: \ Windows \ system32 \ SiSHook.dll
2008-10-29 09:25. 2007-06-25 16:46 9.728 - ------ C: \ Windows \ system32 \ SiSPIns2.dll
2008-10-28 20:06. 2004-08-03 22:58 5.504 - ------ c: \ windows \ system32 \ drivers \ MSTEE.sys
2008-10-28 20:05. 2004-08-03 23:10 85.376 - ------ c: \ windows \ system32 \ drivers \ NABTSFEC.sys
2008-10-28 20:05. 2004-08-03 23:10 19.328 - ------ c: \ windows \ system32 \ drivers \ WSTCODEC.SYS
2008-10-28 20:05. 2004-08-03 23:10 17.024 - ------ c: \ windows \ system32 \ drivers \ CCDECODE.sys
2008-10-28 20:05. 2004-08-04 00:56 16.384 - ------ C: \ Windows \ system32 \ ipsink.ax
2008-10-28 20:05. 2004-08-03 23:10 15.360 - ------ c: \ windows \ system32 \ drivers \ StreamIP.sys
2008-10-28 20:05. 2004-08-03 23:10 11.136 - ------ c: \ windows \ system32 \ drivers \ SLIP.sys
2008-10-28 20:05. 2004-08-03 23:10 10.880 - ------ c: \ windows \ system32 \ drivers \ NdisIP.sys
2008-10-28 19:49. 2008-10-28 19:49 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS
2008-10-28 19:49. 1998-01-23 12:22 304.128 - ------ C: \ Windows \ IsUninst.exe
2008-10-28 19:49. 2002-08-20 14:58 139.264 - ------ C: \ Windows \ system32 \ IDEproperty.dll
2008-10-28 19:49. 2002-10-17 15:14 49.024 - ------ c: \ windows \ system32 \ drivers \ sisidex.sys
2008-10-28 19:49. 2002-08-20 17:19 9.472 - ------ c: \ windows \ system32 \ drivers \ sisperf.sys
2008-10-28 19:49. 2003-03-25 17:50 4.096 - ------ c: \ windows \ system32 \ drivers \ siside.sys
2008-10-28 18:36. 2008-10-28 18:36 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Media Player Classic
2008-10-28 18:19. 2008-10-28 18:49 <DIR> d -------- C: \ Windows \ system32 \ Adobe
2008-10-28 18:19. 2008-08-06 15:27 499.712 - ------ C: \ Windows \ system32 \ msvcp71.dll
2008-10-28 18:10. 2008-10-28 18:10 822 - ------ C: \ Windows \ langorig.ini
2008-10-28 17:58. 2008-03-03 14:25 5.702 - Ah ----- C: \ Windows \ nod32restoretemdono.reg
2008-10-28 17:58. 2008-03-03 18:21 568 - Ah ----- C: \ Windows \ nod32fixtemdono.reg
2008-10-28 17:57. 2008-10-28 17:57 <DIR> d -------- C: \ Program Files \ Eset
2008-10-28 17:57. 2008-10-28 17:57 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Eset
2008-10-28 17:49. 2008-10-28 17:49 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Kontaktai
2008-10-28 17:07. 2008-10-28 17:07 <DIR> d -------- C: \ Program Files \ POP Viščiukas
2008-10-28 17:07. 2008-11-04 20:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ POP Viščiukas
2008-10-28 17:02. 2008-10-28 17:02 <DIR> d -------- C: \ Documents and Settings \ Administrator \ dwhelper
2008-10-28 17:01. 2008-10-28 17:01 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Apple Computer
2008-10-28 17:01. 2008-04-17 13:12 107.368 - ------ C: \ Windows \ system32 \ GEARAspi.dll
2008-10-28 17:01. 2008-04-17 13:12 15.464 - ------ c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys
2008-10-28 17:00. 2008-10-28 17:00 <DIR> d -------- C: \ Program Files \ QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 15:52 --------- d ----- WC: \ Program Files \ Opera
2008-10-23 15:07 99.904 ---- AW C: \ Windows \ system32 \ drivers \ AnyDVD.sys
2008-09-09 00:03 51.712 ---- AW C: \ Windows \ system32 \ sirenacm.dll
2008-08-29 10:18 87.336 ---- AW C: \ Windows \ system32 \ dns-sd.exe
2008-08-29 09:53 61.440 ---- AW C: \ Windows \ system32 \ dnssd.dll
2007-07-31 12:00 34.048 ---- ar C: \ Program Files \ Mozilla Firefox \ Plugins \ upd62i9x.dll
2007-07-31 12:00 45.056 ---- ar C: \ Program Files \ Mozilla Firefox \ Plugins \ upd62int.dll
2007-07-31 12:00 34.048 ---- ar C: \ Program Files \ Opera \ program \ plugins \ upd62i9x.dll
2007-07-31 12:00 45.056 ---- ar C: \ Program Files \ Opera \ program \ plugins \ upd62int.dll
.

------- ------- Sigcheck

2007-07-31 12:00 360576 c7be59b07c6eb74bea6fd67c1b164015 C: \ Windows \ system32 \ drivers \ Tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"PeerGuardian" = "C: \ Program Files \ PeerGuardian2 \ pg2.exe" [2007-01-30 1432064]
"POP Viščiukas" = "C: \ Program Files \ POP Lūrētājs \ POPPeeper.exe" [2008-07-18 1437696]
"μTorrent" = "C: \ Program Files \ uTorrent \ utorrent.exe" [2008-10-28 270128]
"uTorrent" = "C: \ Program Files \ uTorrent \ utorrent.exe" [2008-10-28 270128]
"msnmsgr" = "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" [2008-09-09 3513344]
"Google" Update "=" C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ update \ GoogleUpdate.exe "[2008-11-01 133104]
"filehippo.com" = "C: \ Program Files \ filehippo.com \ UpdateChecker.exe" [2008-10-22 147968]
"AnyDVD" = "C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe" [2008-11-04 2259904]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-10-01 289576]
"egui" = "C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe" [2008-02-20 1443072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2008-11-01 136600]
"SiSPower" = "SiSPower.dll" [2007-06-25 C: \ Windows \ system32 \ SiSPower.dll]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"nltide_2" = "shell32" [X]
"nltide_3" = "advpack.dll" [2007/07/31 C: \ WINDOWS \ system32 \ advpack.dll]

C: \ Documents and Settings \ Administrator \ Start Menu \ Programs \ Startup \
CalcFire.lnk - C: \ Program Files \ CalcFire \ CalcFire.exe [2008-09-04 283529]
FreshIP.lnk - C: \ Program Files \ FreshIP \ FreshIP.exe [2008-09-15 232891]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Naudingumas Tray.lnk - C: \ Windows \ system32 \ sistray.exe [2008-10-29 262144]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Policies \ Explorer]
"MemCheckBoxInRunDlg" = 1 (0x1)
"StartMenuFavorites" = 0 (0x0)
"Start_ShowMyComputer" = 1 (0x1)
"Start_ShowMyDocs" = 1 (0x1)
"Start_ShowMyMusic" = 0 (0x0)
"Start_ShowRun" = 1 (0x1)
"Start_ShowSearch" = 0 (0x0)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ Explorer]
"NoSMHelp" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoResolveTrack" = 1 (0x1)
"NoResolveSearch" = 1 (0x1)
"NoSMMyPictures" = 1 (0x1)
"NoSMConfigurePrograms" = 1 (0x1)
"MemCheckBoxInRunDlg" = 1 (0x1)

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ dab rentversion \ Policies \ Explorer]
"NoInternetIcon" = 1 (0x1)
"NoSMHelp" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoResolveTrack" = 1 (0x1)
"NoResolveSearch" = 1 (0x1)
"NoSMMyPictures" = 1 (0x1)
"NoSMConfigurePrograms" = 1 (0x1)
"MemCheckBoxInRunDlg" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ WBSrv]
2008-09-16 08:44 174328 C: \ program files \ Stardock \ Object Desktop \ WindowBlinds \ WbSrv.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = wbsys.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SecurityProviders]
SecurityProviders Schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center]
"UpdatesDisableNotify" = dword: 00000001
"AntiVirusDisableNotify" = dword: 00000001
"AntiVirusOverride" = dword: 00000001
"FirewallOverride" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" =
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ Bonjour \ \ mDNSResponder.exe" =
"C: \ Program Files \ iTunes \ \ iTunes.exe" =
"C: \ Program Files \ uTorrent \ \ utorrent.exe" =
"C: \ Program Files \ Free Music Zilla \ \ FMZilla.exe" =
"C: \ Program Files \ Windows Live \ \ Messenger \ \ wlcsdk.exe" =
"C: \ Program Files \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ WINDOWS \ \ System32 \ \ java.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ IcmpSettings]
"AllowInboundEchoRequest" = 1 (0x1)

R1 epfwtdir; epfwtdir; c: \ windows \ system32 \ drivers \ epfw tdir.sys [2008-02-20 33800]
R1 lusbaudio; Logitech USB Mikrofonas, c: \ windows \ system32 \ drivers \ OVSound2.sy S [2001-08-17 25216]
R2 JavaQuickStarterService; Java Quick Starter, C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe [2008-11-01 152984]
R3 QCEmerald; Logitech QuickCam Web, C: \ Windows \ system32 \ drivers \ OVCE.sys [2001-08-17 31872]
S2 NOD32FiXTemDono; ESET NOD32 Boot; c: \ windows \ system32 \ Regedt32.exe [2007-07-31 3584]
S3 DNINDIS5; DNINDIS5 NDIS protokolo Driver; C: \ PROGRA ~ 1 \ Belkin \ BELKIN ~ 1.11G \ DNINDIS5.SY S [2003-07-24 17149]

Netsvcs BŪTINA Remontas - šiuo metu įrašų rodomas
6to4
AppMgmt
AudioSrv
Naršyklė
Cryptsvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
TAS
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
NLA
NtmsSvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Nuotolinis
Tvarkaraštis
Seclogon
SENS
SharedAccess
Srservice
TapiSrv
Temos
TrkWks
W32Time
WZCSVC
WMI
WmdmPmSp
WinMgmt
xmlprov
ShellHWDetection

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - netsvcs

* Naujai sukurta tarnyba * - catchme
* Naujai sukurta tarnyba * - PROCEXP90
.
Turinys "Scheduled Tasks" katalogą

2008/11/03 C: \ Windows \ Uždaviniai \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 12:34]

2008/11/06 C: \ Windows \ Uždaviniai \ GoogleUpdateTaskUser.job
- C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ update \ GoogleUpdate.exe [2008-11-01 10:54]
.
.
------- Papildomos Scan -------
.
Firefox -: Profilis - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ p2eog6ij.default \
Firefox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / www.google.com/
FF -: plugin - C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ update \ 1.2.131.25 \ npGoogleOneClick6.dl L
FF -: plugin - C: \ Program Files \ iTunes \ Mozilla Plugins \ npitunes.dll
FF -: plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npdeploytk.dll
FF -: plugin - C: \ Program Files \ Java \ jre6 \ bin \ new_plugin \ npjp2.dll
FF -: plugin - C: \ Program Files \ K-Lite Codec Pack \ Real \ browser \ Plugins \ nppl3260.dll
FF -: plugin - C: \ Program Files \ K-Lite Codec Pack \ Real \ browser \ Plugins \ nprpjplug.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 17:53:46
Windows 5.1.2600 Service Pack 2 NTFS

skenavimo paslėptus procesus ...

skenavimo paslėptas autostart entries ...

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus failus: 0

************************************************** ************************
.
Atlikimo laikas: 2008-11-06 17:55:07
ComboFix-karantine-files.txt 2008-11-06 17:54:43
ComboFix2.txt 2008-11-06 17:44:22

Pre-Rida: 71168983040 bytes nemokamai
Post-Rida: 71160324096 bytes nemokamai

306

**rocker9455** · #6 Lapkritis 6, 2008, 10:56

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 17:56:55, on 06/11/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Nepavyko gauti "Internet Explorer versija!
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ POP Lūrētājs \ POPPeeper.exe
C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ update \ GoogleUpdate.exe
C: \ Program Files \ filehippo.com \ UpdateChecker.exe
C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ iTunes \ iTunes.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Sniper.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = *. vietos
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Click-to-Call BHO - (5C255C8A-E604-49b4-9D64-90988571CECB) - C: \ Program Files \ Windows Live \ Messenger \ wlchtc.dll
O2 - BHO: Java (tm) Plug-In SSV Helper - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ dislokuoti \ jqs \ ty \ jqs_plugin.dll
O4 - HKLM \ .. \ Run: [SiSPower] RUNDLL32.EXE SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [egui] "C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ egui.exe" / paslėpti / waitservice
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [PeerGuardian] C: \ Program Files \ PeerGuardian2 \ pg2.exe
O4 - HKCU \ .. \ Run: [pop Lūrētājs] "C: \ Program Files \ POP Lūrētājs \ POPPeeper.exe"-min
O4 - HKCU \ .. \ Run: [μTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [uTorrent] "C: \ Program Files \ uTorrent \ utorrent.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [Google Update] C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Google \ update \ GoogleUpdate.exe "/ c
O4 - HKCU \ .. \ Run: [filehippo.com] "C: \ Program Files \ filehippo.com \ UpdateChecker.exe" / background
O4 - HKCU \ .. \ Run: [AnyDVD] C: \ Program Files \ SlySoft \ AnyDVD \ AnyDVDtray.exe
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide_3] rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C, 4, N (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide_2] regsvr32 / s / n / i: U shell32 (User 'Default user')
O4 - Startup: CalcFire.lnk = C: \ Program Files \ CalcFire \ CalcFire.exe
O4 - Startup: FreshIP.lnk = C: \ Program Files \ FreshIP \ FreshIP.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O6 - HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Apribojimai pateikti
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 1 \ Office11 \ REFIEBAR.DLL
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Pradžia Prefiksas:
O13 - Mosaic Prefiksas:
O13 - FTP Prefiksas
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C: \ WINDOWS \ system32 \ cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C: \ Program Files \ ESET \ ESET NOD32 Antivirus \ ekrn.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe
O23 - Service: lxcf_device - - C: \ WINDOWS \ system32 \ lxcfcoms.exe

--
End of file - 5.724 baitų

**evilfantasy** · #7 6 lapkritis 2008 11:30

Atidaryti HijackThis ir pasirinkite Ar sistema nuskaito tik.

Vieta varnelė prie šių įrašų: (jei yra)

O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Pradžia Prefiksas:
O13 - Mosaic Prefiksas:
O13 - FTP Prefiksas
O13 - Gopher Prefix:

Svarbu: Uždaryti visus išskyrus HijackThis langai ir spustelėkite Fix patikrinta.

Išeitis HijackThis.

----------

Atsisiųsti CCleaner Slim ir išsaugokite jį darbalaukyje .- Pakaitinis parsisiuntimo nuorodą
Jei failas buvo išsaugotas, eikite į savo darbastalio ir dukart paspauskite ccsetupxxx_slim.exe
Vykdykite nurodymus, kad įdiegti šią programą.
Dukart spustelėkite CCleaner nuorodą darbalaukyje pradėti programą.

Spauskite Funkcijos blokas kairėje, tada pasirinkite Slapukų.
Po Naikinti slapukus, Pabrėžti visus slapukus norite palikti visam laikui

Spauskite rodyklę į dešinę > perkelti juos į Cookie palaikyti langas.

Pereiti į Funkcijos > Detaliai JTtikrinti Tik ištrinti failus Windows Temp katalogus vyresni nei 48 valandų

Spauskite Cleaner kairėje tada Pradėti Cleaner dėl teisės paleisti programą.

Svarbu: Įsitikinkite VISI naršyklės langus, yra uždarytos prieš pasirinkdami Pradėti Cleaner

Atsargiai! Naudoti tik Registras funkciją, jei esate labai gerai susipažinęs su registre.
Visada Atgal į viršų savo registro prieš padaryti pakeitimų.
Išeitis CCleaner po to, kai ji baigė tai procesas.

----------

Atsisiųsti SUPERAntiSpyware.exe

Pakaitinis Download Link 1
Pakaitinis Download Link 2

Dukart spustelėkite piktogramą darbalaukyje, kad pradėtumėte įdiegimo procedūrą.
Kai prašoma Atnaujinti Programa apibrėžimai, paspauskite Taip
Jei pastebėsite kokių nors problemų, o atsisiųsti naujinimus, rankiniu būdu atsisiųsti ir Išimkite juos čia
Kitas paspauskite Parinktys mygtuką.

Po Start-Up Funkcijos išvalykite taip:

Pradėti SUPERAntiSpyware paleidžiant Windows

Rodyti SUPERAntiSpyware piktogramą sistemos dėkle

Rodyti splash screen on startup

Spauskite Skenavimo Control tab.
Po Skeneris Funkcijos įsitikinkite, kad tik taip būtų tikrinami:

Uždaryti naršyklių iki nuskaitymo

Skaitymo sekimo slapukų

Nutraukti atminties grėsmių iki karantino

Skaitymo Pakaitinis duomenų srautus

Prašome palikti kitiems nepatikrintas.

Spauskite Uždaryti mygtuką, norėdami išeiti kontrolės centro ekrane.

Dėl pagrindinio ekrano paspauskite Skanuoti kompiuterį

Kairėje pusėje pažymėkite disko nuskaityti lauką.

Dešinėje pasirinkti Atlikti Complete Scan

Spauskite Kitas pradėti nuskaityti. Būkite kantrūs, kol ji nuskaito jūsų kompiuterį.

Po nuskaitymo yra pilnas santrauka langelyje pasirodys. Spauskite Gerai

Įsitikinkite, kad viskas balta lauke turi patikrinti, šalia, tada Kitas

Ji bus karantine, ką ji rado ir jei jis prašo, jei norite iš naujo paleisti kompiuterį, spustelėkite Taip

Norėdami gauti informacijos išsiuntimo atlikite šiuos veiksmus:

Po perkrovimo, dukart spustelėkite SUPERAntiSpyware piktogramą darbalaukyje.

Spauskite Parinktys. Spauskite Statistika / Įrašai tab.

Pagal Skeneris Įrašai, dukart spustelėkite SUPERAntiSpyware Scan Prisijungti.

Tai atidarys jūsų numatytąjį teksto redaktorius (pageidautina Notepad).

Prisiminti Notepad failą darbalaukyje, spustelėkite (Notepad) Failas > Save As...

Prisiminti Prisijungti kažkur galite lengvai jį rasti. (paprastai Desktop)
Spustelėkite Uždaryti, uždaryti ir vėl išeiti programą.
Kopijuoti ir Įklijuoti Jūsų pašto prisijunkite.

Panašios Temos
Siūlas	Thread Starter	Forumas	Atsakymai	Last Post
MP3 grotuvai ryšio problemų per USB	Wizosir	Sound, Speakers & MP3 Players	1	26 liepa 2008 10:18
LAN / Internet connection problemos	lloydwoodford91	Networking, Modems & VoIP	7	Gegužė 26, 2008 05:38
Hamachi problemų, blogas ryšys.	euhlol	BENDROJI PROGRAMINĖS ĮRANGOS Pokalbiai	1	24 sausis 2008 14:29
Interneto ryšio problemos	opnight	Networking, Modems & VoIP	6	21 sausis 2008 06:38
PC interneto ryšio triktis	tjhawg	Networking, Modems & VoIP	6	Rugpjūtis 27, 2007 20:34