[RB211]

Hi guys .. I just atidarė laišką ir gavo hitą Antivirus XP 2008 virusą. Cant atsikratyti jo. Any help much appreciated ..

[evilfantasy]

Pradžia ČIA

Rašyti Įrašai kai baigtas.

[RB211]

Atsiprašome mate I dont suprasti .. Ką tu nori man daryti su juo visus?

[Hybr! D]

Imtis laiko jį perskaityti ir paleiskite programa ir po failus, kad mes galėtume pamatyti, kas vyksta su jūsų kompiuteriu.

[RB211]

Heres Įrašai:

SUPERAntiSpyware Scan Prisijungti
http://www.superantispyware.com
At 05:20 07/05/2008 Generated PM
Prašymas Versija: 4.15.1000
Core Taisyklės Database Versija: 3.497
Sekti Taisyklės duomenų bazė Versija: 1.488
Scan Type: Quick Scan
Iš viso nuskaitymo laikas: 00:10:14
Atminties elementai nuskaityta: 268
Atminties grėsmių nustatyti: 1
Registro objektų nuskaityta: 407
Registras grėsmių aptikta: 26
Failo elementai nuskaityta: 6977
Failo grėsmių aptikta: 175
Rogue.AntiVirus XP 2008
C: \ Program Files \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Program Files \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008 \ Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008 \ Kaip užsiregistruoti Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008 \ License Agreement.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008 \ Registruotis Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008 \ Uninstall.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Antivirus XP 2008
C: \ AA \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
Rogue.Dropper / Gen
[lphctv6j0erel] C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ burstnet [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ Clickbank [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ advertpro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wjnywnc5eeo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserver.mediarun [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ 192 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ adviva [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-mgnlimited.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ sex-video [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.onestat [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ adrevenue [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.videhost [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pugetsoundsoftwar E [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ reklamos [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ DoubleClick "[2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.burstnet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@tracking.summitmedia. CO [1]. txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ tacoda [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ s [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ Kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@data.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ questionmarket [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ roiservice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ Adbrite [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@counter.hitslink [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserving.muppetism [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ cgi-bin [4]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@vhost.oddcast [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@rotator.adjuggler [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@s1.trafficmaxx [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.ookla [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ neocounter2 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.doublepimp [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@te.kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ 9167811 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ adrevolver [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ indextools [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ sexyandshocking [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ yadro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@w00tpublishers.wootme dieną [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@dynamic.media.adrevol žiūrėkite [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wfkokkcjcao.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ atwola [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ Zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ adecn [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@mobilefun.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@m1.webstats.motigo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ 1068755026 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ specificclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ firstchoice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ 2o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ TradeDoubler "[1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.techguy [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ adultadworld [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-bestbuy.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ firstchoice [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-twi.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ revsci [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@exchange.ggmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ adlegend [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ cgi-bin [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@shopping.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-iwantoneofthose.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.digitalrock.co [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ 63701567 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ Overture [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ Bluestreak [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ StatCounter [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ atdmt [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pubmatic [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ 247realmedia [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@avgtechnologies.112.2 o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ Bravenet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@heavycom.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.dealtime [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@server.iad.liveperson [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ fastclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ Tripod [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ adtech [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ didinti [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-systemax.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ gostats [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@network-ca.247realmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ AdRotator [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ 1048893890 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ cgi-bin [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.clash-media [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ Danny @ indexstats [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@test.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@eas.apm.emediate [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ Danny @ adtech [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ehg-iwantoneofthose.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ Danny @ sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@metacafe.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@stat.onestat [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter4.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ Danny @ DoubleClick "[1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ Danny @ atdmt [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@as1.falkag [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@c1.zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter13.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter15.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ Danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ Danny @ adrevolver [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ Danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ Danny @ Zedo [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ Danny @ targetnet [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@adopt.hbmediapro [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ Danny @ 2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ Danny @ atwola [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@stats.searchtrack [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ atdmt [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ penkiolika [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.fifteen [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflisidjkko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ adtech [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@marksandspencer.122 ,2 o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ adrevolver [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@perf.overture [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ WindowsMedia [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ StatCounter [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ atskaitomybės [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflyckcjabo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-debenhams.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@tracker.roitesting [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ Bravenet [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@data4.perf.overture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ revsci [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@etype.adbureau [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@112.2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-bskyb.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ads.telegraph.co [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@statse.webtrendsliv E [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ questionmarket [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ serving-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indextools [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ 2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ reklamos [2]. Txt
Rogue.AntiSpywareExpert
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC # NextInstance
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Service
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Palikimas
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ConfigFlags
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # klasė
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ClassGUID
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # DeviceDesc
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control # ActiveService
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ty pe
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Art ST
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Er rorControl
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Im agePath
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Di splayName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ob jectName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Op T
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se biologinio saugumo
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se biologinio saugumo # Saugumas
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # 0
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # Count
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # NextInstance
NotHarmful.Sysinternals Bluescreen Ekrano
C: \ WINDOWS \ SYSTEM32 \ BLPHCTV6J0EREL.SCR
Trojan.Unclassified / CBEvtSvc
C: \ WINDOWS \ SYSTEM32 \ CBEVTSVC.EXE
C: \ WINDOWS \ prefetch \ CBEVTSVC.EXE-2F4C36CD.pf
Trojan.Unknown Kilmės
C: \ WINDOWS \ SYSTEM32 \ PHCTV6J0EREL.BMP



Malwarebytes 'Anti-Malware 1,19
Duomenų bazės versija: 924
Windows 5.1.2600 Service Pack 3
19:22:42 05/07/2008
mbam-log-7-5-2008 (19-22-42). Txt
Scan Type: Full Scan (C: \ | D: \ | D: \ |)
Objektai nuskaitomi: 113.635
Praėjęs laikas: 42 minučių (-ai), 4 sekunde (s)
Atminties procesai Infected: 0
Atminties moduliai Infected: 0
Registro raktus Infected: 1
Vertybių registrą Infected: 0
Registro duomenų elementų Infected: 2
Katalogai Infected: 0
Failai Infected: 4
Atminties procesai Infected:
(Nr. kenksminga daiktų aptikti)
Atminties moduliai Infected:
(Nr. kenksminga daiktų aptikti)
Registro raktus Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Software pranešimai (Rogue.Multiple) -> Karantinas ir sėkmingai ištrintas.
Vertybių registrą Infected:
(Nr. kenksminga daiktų aptikti)
Registro duomenų elementų Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Gera: (0) -> Karantinas ir sėkmingai ištrintas.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Gera: (0) -> Karantinas ir sėkmingai ištrintas.
Katalogai Infected:
(Nr. kenksminga daiktų aptikti)
Failai Infected:
C: \ System Volume Information \ _Restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP2 \ A0000029.exe (Trojan.Downloader) -> Karantinas ir sėkmingai ištrintas.
C: \ System Volume Information \ _Restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP2 \ A0000047.dll (Rogue.AntivirusXP2008) -> Karantinas ir sėkmingai ištrintas.
C: \ System Volume Information \ _Restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000262.exe (Trojan.Downloader) -> Karantinas ir sėkmingai ištrintas.
C: \ System Volume Information \ _Restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000485.dll (Rogue.AntivirusXP2008) -> Karantinas ir sėkmingai ištrintas.

JavaRa 1,08 išbraukimas Log.Report taip po linija .------------------------------------ JavaRa pašalinimo procesas prasidėjo diena 05 Sat Jul 19:49:54 2008
Rasti ir pašalinti: C: \ Program Files \ Java \ jre1.6.0_05Found ir nuimti: Software \ Javasoft \ Java Runtime Environment \ 1.4Found ir nuimti: SOFTWARE \ Classes \ JavaWebStart.isInstalled.1.5.0.0F ound ir nuimti: Software \ Javasoft \ Java2D \ 1.5.0_02Found ir nuimti: Software \ Javasoft \ Java2D \ 1.5.0_04Found ir nuimti: Software \ Javasoft \ Java2D \ 1.5.0_06Found ir nuimti: Software \ Javasoft \ Java2D \ 1.5.0_09Found ir nuimti: Software \ Javasoft \ Java2D \ 1.5.0_10Found ir nuimti: Software \ Javasoft \ Java2D \ 1.5.0_11Found ir nuimti: SOFTWARE \ Classes \ JavaPlugin.150_02Found ir nuimti: SOFTWARE \ Classes \ JavaPlugin.150_04Found ir nuimti: SOFTWARE \ Classes \ JavaPlugin.150_06Found ir pašalinti: SOFTWARE \ Classes \ JavaPlugin.150_09Found ir nuimti: SOFTWARE \ Classes \ JavaPlugin.150_10--------------------------------- --- Pasibaigę ataskaitų.


Thanks guys

[evilfantasy]

Need HijackThis dabar.

[RB211]

Oi atsiprašau. Štai jis:

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 20:24:21, on 05/07/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ system32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ patikėtas ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Jungtinių Perspėjimai \ UnitedAlerts.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-GB \ bin \ WindowsSearch.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-GB \ bin \ WindowsSearchIndexer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-GB \ bin \ WindowsSearchFilter.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Atsisiųsti ir įrašų Įskiepis Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ "RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-GB \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-GB \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SU] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ patikėtas ~ 1 \ realmon.exe-S
O4 - HKLM \ .. \ Run: [UserFaultCheck]% SystemRoot% \ System32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] RUNDLL32.EXE SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" atnaujinti atidėti 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [United Perspėjimai] C: \ Program Files \ Jungtinių Perspėjimai \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop.lnk = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-GB \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Extra kontekstinio meniu punktą: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra kontekstinio meniu punktą: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Extra kontekstinio meniu punktą: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-GB \ msntb.dll / search.htm
O8 - Extra kontekstinio meniu punktą: Backward Links - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra kontekstinio meniu punktą: Cached Snapshot of Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra kontekstinio meniu punktą: Atidaryti naujame skirtuke fone - res: / / C: \ Program Files \ MSN Toolbar Suite \ tab \ 02.05.0001.1119 \ en-GB \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra kontekstinio meniu punktą: Atidaryti naujame skirtuke žinių - res: / / C: \ Program Files \ MSN Toolbar Suite \ tab \ 02.05.0001.1119 \ en-GB \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra kontekstinio meniu punktą: "Panašūs puslapiai" - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra kontekstinio meniu punktą: išversti į anglų kalbą - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra button: Medion-UK - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI klasė) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klasė) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasė) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl klasė) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Žaidimai Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Darbo Server (InoTask) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
--
End of file - 10.438 baitų

[evilfantasy]

Dar kai ką nuveikti.

Atsisiųsti SDFix.exe ir išsaugokite jį darbalaukyje.

Dukart spustelėkite SDFix.exe ir jis bus išskleisti failus į% SystemDrive%
(Diskas, kuriame yra Windows kataloge, paprastai tai C: \ SDFix)

Dabar tada perkraukite kompiuterį Safe Mode atlikdami šiuos veiksmus:

• Paleiskite kompiuterį
• Išklausęs kompiuterio beep kartą paleisties metu, bet prieš "Windows", pasirodo piktograma, bakstelėkite F8 nuolat;
• Vietoj Windows pakrovimą, kaip įprasta, Advanced Options meniu turėtų pasirodyti;
• Pasirinkite pirmąjį variantą, paleisti Windows "Safe Mode, tada paspauskite Registracija.
• Pasirinkite savo įprastinę sąskaitą.
• Atidaryti išgauti SDFix katalogą ir dukart paspauskite RunThis.bat paleisti scenarijų.
• Rūšis Y pradėti valymo procesas.
• Ji bus pašalinti Trojan Paslaugos ir registro įrašus, kad ji nustato, tada greitai paspausti bet kurį klavišą, kad paleisti.
• Paspauskite bet kurį klavišą, ir ji bus paleisti kompiuterį.
• Kai kompiuteris bus paleistas iš naujo Fixtool bus paleisti iš naujo ir pašalinimo procesas, tada ekrane Baigta, Paspauskite bet kurį mygtuką pabaigoje scenarijų ir įkelti savo darbalaukio piktogramos.
• Po darbalaukio piktogramos įkelti SDFix ataskaita bus atidarytas ekrane, o taip pat išsaugoti į SDFix aplanką, Report.txt
  (Report.txt taip pat bus nukopijuotas į mainų sritį).
• Galiausiai nukopijuokite ir įklijuokite į rezultatus turinys failą Report.txt su NEW HijackThis Jūsų kitą atsakymą.

Jei SDFix neveiks arba gaunate klaidos, sekite nuorodą, instrukcijas eksploatuoti SDFix. Kaip naudotis SDFix

----------

Sekantis Pridėti
SDFix Prisijungti
NAUJAS HijackThis

[RB211]

Gerai Kitas Įrašai

SDFix: Versija 1,201
Pradėti pagal Danny on 05/07/2008 at 21:08
Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ Songs \ SDFix
Tikrinimas Paslaugos :

Atkurti numatytąjį apsaugos vertybės
Atkūrimas Numatytasis Hosts File
Paleista

Tikrinimas Failai :
Nr Trojos failus iš katalogo



Šalinama Temp failai
ADS keista :


Galutinis patikrinimas :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:21:39
Windows 5.1.2600 Service Pack 3 NTFS
skenavimo paslėptus procesus ...
skenavimo paslaugų paslėptas ir sistemos avilio ...
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ BTHPORT \ Parameters \ Keys \ 000c55050b1d]
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ B THPORT \ Parameters \ Keys \ 000c55050b1d]
skenavimo paslėptas registro įrašus ...
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Prefetcher]
"TracesProcessed" = dword: 000000aa
"TracesSuccessful" = dword: 00000005
skenavimo paslėptus failus ...
skenavimas baigtas sėkmingai
paslėptus procesus: 0
paslėptas paslaugos: 0
paslėptus failus: 0

Kitų paslaugų :


Įgaliotas rakto taikymu eksportui:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ standartas profilis \ authorizedapplications \ list]
"% windir% \ \ System32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22.019"
"C: \ Program Files \ CA \ \ eTrust Antivirus \ \ InoRpc.exe" = "C: \ Program Files \ CA \ \ eTrust Antivirus \ \ InoRpc.exe: *: Enabled: eTrust Antivirus - RPC serveris "
"C: \ Program Files \ CA \ \ eTrust Antivirus \ \ InocIT.exe" = "C: \ Program Files \ CA \ \ eTrust Antivirus \ \ InocIT.exe: *: Enabled: eTrust Antivirus - Vietos Skeneriai "
"C: \ Program Files \ CA \ \ eTrust Antivirus \ \ Realmon.exe" = "C: \ Program Files \ CA \ \ eTrust Antivirus \ \ Realmon.exe: *: Enabled: eTrust Antivirus - Realtime ekranu "
"C: \ Program Files \ Messenger \ \ msmsgs.exe" = "C: \ Program Files \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ Program Files \ Jungtinių Perspėjimai \ \ UnitedAlerts.exe" = "C: \ Program Files \ Jungtinių Perspėjimai \ \ UnitedAlerts.exe"
"C: \ Program Files \ Skype \ \ Icq.exe" = "C: \ Program Files \ Skype \ \ Icq.exe: *: Enabled: ICQ"
"C: \ Program Files \ CA \ \ eTrust Antivirus \ \ Shellscn.exe" = "C: \ Program Files \ CA \ \ eTrust Antivirus \ \ Shellscn.exe: *: Enabled: Shellscn"
"C: \ Program Files \ iTunes \ \ iTunes.exe" = "C: \ Program Files \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ StubInstaller.exe" = "C: \ \ StubInstaller.exe: *: El nabled: LimeWire swarmed Montuotojas"
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"C: \ Program Files \ \ BitTorrent_DNA \ \ dna.exe" = "C: \ Program Files \ \ BitTorrent_DNA \ \ dna.exe: *: Enabled: BitTorren T DNR"
"C: \ Program Files \ \ DNA \ \ btdna.exe" = "C: \ Program Files \ \ DNA \ \ btdna.exe: *: Enabled: DNR"
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ network diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20.000"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ System32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22.019"
"C: \ Program Files \ Jungtinių Perspėjimai \ \ UnitedAlerts.exe" = "C: \ Program Files \ Jungtinių Perspėjimai \ \ UnitedAlerts.exe"
"C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ network diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20.000"
Likęs Failai :

Failai su Hidden atributus :
Tr 26 sausis 2005 4.704 A.SH. --- "C: \ WINDOWS \ system32 \ KGyGaAvL.sys"
Mon Jul 2005 13 4.348 .. SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Šeš 5 liepa 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Pr 13 birželis 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar15.tmp"
Pr 13 birželis 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar9.tmp"
Pr 13 birželis 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ MarA.tmp"
Šeš 5 liepa 2008 96 A.. H. --- "C: \ Documents and Settings \ All Users \ Application Data \ avg8 (2) \ scanlogs \ srmcheck.tmp"
Tr 13 liepa 2005 4.348 ... H. --- "C: \ Documents and Settings \ Danny \ My Documents \ My Music \ License Backup \ drmv1key.bak"
Tr sausis 25, 2006 20 A.. H. --- "C: \ Documents and Settings \ Danny \ My Documents \ My Music \ License Backup \ drmv1lic.bak"
Tr 13 liepa 2005 312 A.SH. --- "C: \ Documents and Settings \ Danny \ My Documents \ My Music \ License Backup \ drmv2key.bak"
Pavyko!


ir


Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 21:33:52, on 05/07/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ system32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ patikėtas ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Jungtinių Perspėjimai \ UnitedAlerts.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ WINDOWS \ System32 \ Msiexec.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-GB \ bin \ WindowsSearch.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-GB \ bin \ WindowsSearchIndexer.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-GB \ bin \ WindowsSearchFilter.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Atsisiųsti ir įrašų Įskiepis Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ "RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-GB \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-GB \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SU] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ patikėtas ~ 1 \ realmon.exe-S
O4 - HKLM \ .. \ Run: [UserFaultCheck]% SystemRoot% \ System32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] RUNDLL32.EXE SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" atnaujinti atidėti 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [United Perspėjimai] C: \ Program Files \ Jungtinių Perspėjimai \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop.lnk = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-GB \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Extra kontekstinio meniu punktą: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra kontekstinio meniu punktą: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Extra kontekstinio meniu punktą: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-GB \ msntb.dll / search.htm
O8 - Extra kontekstinio meniu punktą: Backward Links - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra kontekstinio meniu punktą: Cached Snapshot of Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra kontekstinio meniu punktą: Atidaryti naujame skirtuke fone - res: / / C: \ Program Files \ MSN Toolbar Suite \ tab \ 02.05.0001.1119 \ en-GB \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra kontekstinio meniu punktą: Atidaryti naujame skirtuke žinių - res: / / C: \ Program Files \ MSN Toolbar Suite \ tab \ 02.05.0001.1119 \ en-GB \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra kontekstinio meniu punktą: "Panašūs puslapiai" - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra kontekstinio meniu punktą: išversti į anglų kalbą - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra button: Medion-UK - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI klasė) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klasė) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasė) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl klasė) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Žaidimai Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Darbo Server (InoTask) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
--
End of file - 10.422 baitų

[evilfantasy]

Man reikia šiek tiek daugiau informacijos apie failų pora. Rašyti nuorodos čia norėdami rezultatų, kai baigta.

Skaitymo Įtartinas failas (-ai)

Aplankykite Virustotal
(Jei daugiau nei vienas failas turi nuskaityti turi būti daroma atskirai ir žurnalai Posted už kiekvieną)

• Nukopijuokite failą į kelias žemiau kodas dėžė:

Kodas

C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe

• Tuo įkelti puslapį, paspauskite vieną kartą lango viduje šalia Žmonės.
• Spauda Ctrl + V klaviatūra (ir tuo pačiu metu), įrašykite kelią iki failo į langą.
• Kitas paspauskite Siųsti failą
  • Jūsų byla greičiausiai bus įrašytas į eilę, kuri paprastai trunka mažiau nei minutę, aišku.
• Tai atliks nuskaitymo daugelyje skirtingų virusų skanavimo sistemos.
• Svarbu: Palaukite, visos skanavimo variklių užpildyti.
• Nukopijuokite ir įklijuokite nuorodą į kitą Atsakyti rezultatai.

Dabar daryti tą patį su šia byla.

Kodas

C: \ Program Files \ Jungtinių Perspėjimai \ UnitedAlerts.exe