[rsteenoven]

Aš perskaičiau, kad tai yra blogai, aš neturiu Atidarykite Internet Explorer, bet ji vis dar veikia, mano Task Manager (I dont think tai turėtų būti didžiosiomis raidėmis), tai stabdo mano kompiuterio darbą. Ar tai virusas? šnipinėjimo ir tt?

Kaip man jį pašalinti?

[evilfantasy]

Lets Take a quick look.

Atsisiųskite ir pervardinti HijackThis (HJT)

• Dukart spustelėkite HJTInstall.
• Spauskite Įdiegti mygtuką.
• Jis bus automatiškai vieta HJT į C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
• Po install, HijackThis turėtų atverti jums.
  • Uždaryti HijackThis ir pervadinti.
  • Eikite į C: \ Program Files \ Trend Micro \HijackThis.exe
  • Dešiniuoju pelės mygtuku spustelėkite HijackThis.exe pasirinkite Pervadinti.
  • Įveskite sniper.exe paspauskite Registracija.
  • Dešiniuoju pelės mygtuku spustelėkite ant sniper.exe pasirinkite Siųsti > Desktop (Sukurti nuorodą)
• Nuo darbastalio atidaryti HiackThis.
• Jei naudojate "Windows Vista", įsitikinkite, Vykdyti kaip administratorius
• Spauskite Ar sistema nuskaito ir išsaugokite failą mygtukas
• HijackThis bus nuskaityti ir tada žurnale bus atidaryta Notepad.
• Nukopijuokite ir įklijuokite savo pranešimą Prisijungti.
  • Ne turi nustatyti HijackThis nieko nėra. Daugiausia, ką ji mano bus nekenksmingas ir netgi būtina.

Nors mes pervadintas HijackThis Snaiperis, mes vis dar galime kreiptis į jį kaip HijackThis ar HJT.

[rsteenoven]

Dėl tam tikrų priežasčių i cant see IEXPLORE.exe čia, bet tai tikrai į tm

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 7:02:55 dėl 1/15/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Windows Live \ Messenger \ usnsvc.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Windows Media Player \ Wmplayer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ NKP \ ycomp5_6_0_1.d LL
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ NKP \ ycomp5_6_0_1.d LL
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / autostart
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Antroji BAT Creative piko] C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat \ mirę lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Robertas \ applic ~ 1 \ WAYBOW ~ 1 \ NURB daugiau noun.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klasė) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient klasė) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of file - 7.104 baitų

[evilfantasy]

Taip turite blogą infekcijos.

1 pakopa

Atsisiųskite NoLop.exe darbastalio:

• Uždarykite visas programas, kurios veikia nuo perkrauti reikia
• Dukart spustelėkite NoLop.exe paleisti
• Kitas, spauskite mygtuką: Search and Destroy
  <<Jūsų kompiuteris dabar bus nuskaityta infekuotų files>>
• Kai nuskaito apdailai, jeigu infekuota, esate raginami iš naujo paleisti
• Spustelėkite Gerai
• Dabar spauskite: Reboot
• Pranešimas turėtų iššokantį nuo NoLop. Jei ne, dukart spustelėkite programos ir vėl jį baigs.
• Rašyti turinys C: \ NoLop.log į kitą atsakymą.

Pastaba: Jei gaunate klaidos pranešimą "mscomctl.ocx arba vienas iš jo priklausomybės nėra tinkamai įregistruotas," atsisiųskite mscomctl.ocx į aplanką System32 tada Pakartotinas programa.

---------------

2 pakopa

Atsisiųsti SUPERAntispyware Free Edition (SAS)

• Dukart spustelėkite piktogramą darbalaukyje, kad pradėtumėte įdiegimo procedūrą.
• Kai prašoma Atnaujinti Programa apibrėžimai, paspauskite Taip
• Kitas paspauskite Parinktys mygtuką.
• Spauskite Skenavimo Control tab.
• Po Skeneris Funkcijos įsitikinkite, kad tik taip būtų tikrinami:
  • Uždaryti naršyklių iki nuskaitymo
  • Skaitymo sekimo slapukų
  • Nutraukti atminties grėsmių iki karantino
  • Prašome palikti kitiems nepatikrintas.
  • Spustelėkite mygtuką Uždaryti palikti kontrolės centras ekrane.
• Spauskite Uždaryti mygtuką, norėdami išeiti kontrolės centras ekrane.
• Dėl pagrindinio ekrano paspauskite Skanuoti kompiuterį
• Kairėje patikrinti C: \ Fixed Drive
• Dešinėje pasirinkti Atlikti Complete Scan
• Spauskite Kitas pradėti nuskaityti. Būkite kantrūs, kol ji nuskaito jūsų kompiuterį.
• Po nuskaitymo yra pilnas santrauka langelyje pasirodys. Spauskite Gerai
• Įsitikinkite, kad viskas balta lauke turi patikrinti, šalia, tada Kitas
• Ji bus karantine, ką ji rado ir jei jis prašo, jei norite iš naujo paleisti kompiuterį, spustelėkite Taip
• Norėdami gauti informacijos išsiuntimo atlikite šiuos veiksmus:
  • Po perkrovimo, dukart spustelėkite SUPERAntiSpyware piktogramą darbalaukyje.
  • Spauskite Parinktys. Spauskite Statistika / Įrašai tab.
  • Pagal Skeneris Įrašai, dukart spustelėkite SUPERAntiSpyware Scan Prisijungti.
  • Tai atidarys jūsų numatytąjį teksto redaktoriumi (pavyzdžiui, Notepad / Wordpad).
  • Prisiminti Notepad failą darbalaukyje, spustelėkite (Notepad)Failas"Save As"
• Prisiminti Prisijungti kažkur galite lengvai jį rasti. (paprastai Desktop)
• Spustelėkite Uždaryti, uždaryti ir vėl išeiti programą.
• Nukopijuokite ir įklijuokite šį puslapį per jūsų pareigas.

----------

Step 3

Pradėti naują HijackThis nuskaityti ir po Prisijungti

----------

Sekantis prašom pridėti.
C Turinys: \ NoLop.log
SuperAntispyware Prisijungti
Naujas HijackThis

Tai gali užtrukti daugiau nei vieną pranešimą, kad gauti visi Įrašai Posted. Tai gerai, jei reikia.

[rsteenoven]

Nolop Prisijungti:

NoLop! Prisijungti by Skate_Punk_21

Fix skaičiuojamas nuo: C: \ Program Files \ Mozilla Firefox
[1/15/2008]
[7:34:10]

--- Infekcija Failai Found/Removed---
C: \ WINDOWS \ užduočių \ ADB7C425918477B9.job

Pradžia šalinimo ...
Paleista ...
Šalinama Lop's Leftover files / folders ...
Taisomas registro ...
** Fix Complete! **

--- Sąrašas AppData sub katalogų ---

C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ Apple
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Avg7
C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat
C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus! - Tuščią katalogą
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Pagalba
C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA - tuščią katalogą
C: \ Documents and Settings \ All Users \ Application Data \ Sony
C: \ Documents and Settings \ All Users \ Application Data \ Temp - tuščią katalogą
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ Wlinstaller
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ Localservice \ Application Data \ Avg7 - tuščią katalogą
C: \ Documents and Settings \ Localservice \ Application Data \ Microsoft
C: \ Documents and Settings \ Localservice \ Application Data \ Xfire - tuščią katalogą
C: \ Documents and Settings \ NetworkService \ Application Data \ Microsoft
C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire - tuščią katalogą
C: \ Documents and Settings \ Robertas \ Application Data \ Adobe
C: \ Documents and Settings \ Robertas \ Application Data \ Apple Computer
C: \ Documents and Settings \ Robertas \ Application Data \ Avg7
C: \ Documents and Settings \ Robertas \ Application Data \ Bittorrent
C: \ Documents and Settings \ Robertas \ Application Data \ Divx
C: \ Documents and Settings \ Robertas \ Application Data \ Dna
C: \ Documents and Settings \ Robertas \ Application Data \ Dvdcss
C: \ Documents and Settings \ Robertas \ Application Data \ Fotowire
C: \ Documents and Settings \ Robertas \ Application Data \ GTK 2,0
C: \ Documents and Settings \ Robertas \ Application Data \ Identities
C: \ Documents and Settings \ Robertas \ Application Data \ InstallShield
C: \ Documents and Settings \ Robertas \ Application Data \ Macromedia
C: \ Documents and Settings \ Robertas \ Application Data \ Microsoft
C: \ Documents and Settings \ Robertas \ Application Data \ Monkeyjam
C: \ Documents and Settings \ Robertas \ Application Data \ Mozilla
C: \ Documents and Settings \ Robertas \ Application Data \ Paskelbti Providers - tuščią katalogą
C: \ Documents and Settings \ Robertas \ Application Data \ Real
C: \ Documents and Settings \ Robertas \ Application Data \ SmartFTP
C: \ Documents and Settings \ Robertas \ Application Data \ Sony
C: \ Documents and Settings \ Robertas \ Application Data \ Sony sąranka
C: \ Documents and Settings \ Robertas \ Application Data \ Sun
C: \ Documents and Settings \ Robertas \ Application Data \ Systemrequirementslab
C: \ Documents and Settings \ Robertas \ Application Data \ vlc
C: \ Documents and Settings \ Robertas \ Application Data \ Waybowsreal
C: \ Documents and Settings \ Robertas \ Application Data \ Xfire


Super anti spyware Prisijungti:

SUPERAntiSpyware Scan Prisijungti
http://www.superantispyware.com

At 08:32 01/15/2008 Generated PM

Application Version: 3.9.1008

Core Taisyklės Database Versija: 3.380
Sekti Taisyklės duomenų bazė Versija: 1.374

Scan Type: Complete Scan
Iš viso nuskaitymo laikas: 00:46:41

Atminties elementai nuskaityta: 385
Atminties grėsmių detected: 0
Registro objektų nuskaitomi: 5.574
Registras grėsmių detected: 0
Failo elementai nuskaityta: 40.825
Failo grėsmių aptikta: 66

Adware.Tracking Cookie
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ cassava [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ fastclick [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ casalemedia [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@www.ppctracking [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ serving-sys [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@www.adserver5 [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ carphonewarehouse .112.2 o7 [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@m1.webstats.motig o [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@ads.vlaze [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@reduxads.valuead [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ 888 [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ UK [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ 247realmedia [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@adfarm1.adition [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@login.tracking101 [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@stats.channel4 [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ azjmp [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@partygaming.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ DoubleClick "[2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ reklamos [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ Bluestreak [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@anad.tacoda [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@ehg-youtube.hitbox [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@banner.carnavalca sino [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ 60915153 [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@tracking.foxnews [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@ads.veoh [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@www.clash-media [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@a.websponsors [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@banner.casino.bla ckpoolclub.co [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@prospect.adbureau [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ adrevolver [3]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@banner.bingo.blac kpoolclub.co [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ p [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ Lycos de [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@eas.apm.emediate [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@ad.zanox [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ neto-Įplaukos [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ hitbox [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ revsci [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@statse.webtrendsl IVE [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ questionmarket [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ 2o7 [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ pacificpoker [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ Mediaplex [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@media.xfire [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ atdmt [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ apmebf [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ party poker [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ Zedo [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ adrevolver [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ richard@adserver.filefron T [1]. Txt
C: \ Documents and Settings \ Robertas \ Cookies \ Richard @ [1]. Txt

Adware.180solutions/ZangoSearch
C: \ System Volume Information \ _Restore (39B7D61A-C471-441E-B6D4-5930E1D582CD) \ RP37 \ A0003673.EXE

Hi Jack Prisijungti:

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 8:38:58 dėl 1/15/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ NKP \ ycomp5_6_0_1.d LL
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ NKP \ ycomp5_6_0_1.d LL
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / autostart
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Antroji BAT Creative piko] C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat \ mirę lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Robertas \ applic ~ 1 \ WAYBOW ~ 1 \ NURB daugiau noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klasė) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient klasė) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of file - 7.041 baitų


Tikiuosi, kad tai yra pakankamas

[evilfantasy]

Atidaryti HijackThis ir pasirinkite Ar sistema nuskaito tik tada vieta žymės langelį:

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)


Uždaryti visus išskyrus HijackThis ir spustelėkite Windows Fix patikrinta

Išeitis HijackThis.

----------

Atsisiųskite Combofix iki einantys iš vienos iš žemiau nuorodų.
(Pabandykite visi trys, jei reikia)

• Link # 1
• Link # 2
• Nuoroda # 3

SVARBU - Combofix.exe TURI bus išsaugotas jūsų Desktop.

• Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt)
• Uždaryti / išjungti visi antivirusinę ir kovos kenkėjiškų programų kad jie netrukdytų Combofix. <- DĖMESIO
  • Spauskite šį saitą pamatyti programų sąrašą, kurios turi būti išjungta. Jei Jūsų nėra šiame sąraše, ir jūs nežinote, kaip ją išjungti, kreipkitės.
• Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas.
  • Iš klaviatūros pasirinkite 1 paspauskite Registracija
• Kai bus baigta, bus pateikti žurnalas Jums.
• Skelbti kad Prisijungti kitą atsakymą.

Don't mouseclick combofix lango, o tai veikia.
Scan bus laikinai išjungti savo darbalaukyje.
Jeigu nutraukiamas, jis gali palikti kompiuterį užšaldyti.
Jei taip atsitinka, prašom perkrauti atkurti darbastalio.


----------

Sekantis
Combofix Prisijungti

[rsteenoven]

ComboFix 08-01-15.4 - Richard 2008-01-15 21:03:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.587 [GMT 0:00]
Veikia nuo: C: \ Documents and Settings \ Robertas \ Desktop \ ComboFix.exe
* Sukurtas naujas atkūrimo taškas

ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!!
.

((((((((((((((((((((((((( Failus, sukurtus nuo 2007/12/15 iki 2008/01/15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51.200 - ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2.297.552 - ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22.328 - ------ C: \ Documents and Settings \ Robertas \ Application Data \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> D - SS ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54.608 - ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> D - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Gyventi
2008-01-03 18:00. 2008-01-15 19:36 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ WayBowsReal
2008-01-03 18:00. 2008-01-15 16:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Program Files \ Whisper Technologijos
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client 2,5 Setup Files
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ Paskelbti Providers
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Program Files \ Sony sąranka
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ Sony sąranka
2007-12-29 23:30. 2008-01-15 17:00 54.156 - Ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1.409 - ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286.720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73.216 - ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10.880 - ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10.880 - - --- C C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - - --- C C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ sxs
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Program Files \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ DIVX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2007-12-24 17:11. 2007-07-30 19:19 271.224 - ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207.736 - ------ C: \ WINDOWS \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30.072 - ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ gtk-2.0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Robertas \. Miniatiūros
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Program Files \ GIMP-2.0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Robertas \. GIMP 2.4
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Program Files \ DNR
2007-12-22 15:39. 2008-01-15 20:56 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ DNR
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ BitTorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424.960 - ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32.592 - ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> DR-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Pagalba
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Program Files \ DIVX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ vlc
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Xing bendrai
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Robertas \ Application Data \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-15 17:46 22.328 ---- AW C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008-01-15 17:46 107.832 ---- AW C: \ WINDOWS \ system32 \ PnkBstrB.exe
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Robertas \ Application Data \ Xfire
2008-01-11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008-01-11 22:26 5.615 ---- AW C: \ Program Files \ install.log
2008-01-11 19:06 66.872 ---- AW C: \ WINDOWS \ system32 \ PnkBstrA.exe
2008-01-11 10:25 --------- D - h - w C: \ Program Files \ InstallShield įrengimas Informacija
2007-12-22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Robertas \ Application Data \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007-12-10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Program Files \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Robertas \ Application Data \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Program Files \ Windows Live "
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner V2.06
2007-12-08 22:50 12.464 ---- AW C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007-12-07 18:43 499.712 ---- AW C: \ WINDOWS \ system32 \ msvcp71.dll
2007-12-07 18:43 348.160 ---- AW C: \ WINDOWS \ system32 \ msvcr71.dll
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Robertas \ Application Data \ InstallShield
2007-12-07 17:44 4.716 ---- AW C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007-12-04 01:33 823.296 ---- AW C: \ WINDOWS \ system32 \ divx_xx0c.dll
2007-12-04 01:33 823.296 ---- AW C: \ WINDOWS \ system32 \ divx_xx07.dll
2007-12-04 01:33 802.816 ---- AW C: \ WINDOWS \ system32 \ divx_xx11.dll
2007-12-04 01:33 682.496 ---- AW C: \ WINDOWS \ system32 \ DivX.dll
2007-11-29 22:30 524.288 ---- AW C: \ WINDOWS \ system32 \ DivXsm.exe
2007-11-29 22:30 3.596.288 ---- AW C: \ WINDOWS \ system32 \ qt-dx331.dll
2007-11-29 22:30 200.704 ---- AW C: \ WINDOWS \ system32 \ ssldivx.dll
2007-11-29 22:30 1.044.480 ---- AW C: \ WINDOWS \ system32 \ libdivx.dll
2007-11-29 22:28 81.920 ---- AW C: \ WINDOWS \ system32 \ dpl100.dll
2007-11-29 22:28 196.608 ---- AW C: \ WINDOWS \ system32 \ dtu100.dll
2007-11-28 21:55 156.992 ---- AW C: \ WINDOWS \ system32 \ DivXCodecVersionChecker.exe
2007-11-28 21:53 593.920 ---- AW C: \ WINDOWS \ system32 \ dpuGUI11.dll
2007-11-28 21:53 57.344 ---- AW C: \ WINDOWS \ system32 \ dpv11.dll
2007-11-28 21:53 53.248 ---- AW C: \ WINDOWS \ system32 \ dpuGUI10.dll
2007-11-28 21:53 344.064 ---- AW C: \ WINDOWS \ system32 \ dpus11.dll
2007-11-28 21:53 294.912 ---- AW C: \ WINDOWS \ system32 \ dpu11.dll
2007-11-28 21:53 294.912 ---- AW C: \ WINDOWS \ system32 \ dpu10.dll
2007-11-28 21:52 12.288 ---- AW C: \ WINDOWS \ system32 \ DivXWMPExtType.dll
2007-11-21 18:23 81.920 ---- AW C: \ WINDOWS \ system32 \ frapsvid.dll
2007-10-18 11:31 51.224 ---- AW C: \ WINDOWS \ system32 \ sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent" DNR "=" C: \ Program Files \ DNA \ btdna.exe "[2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Robertas \ applic ~ 1 \ WAYBOW ~ 1 \ NURB daugiau noun.exe" [2008-01-15 16:32 443904]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Antroji BAT Creative piko" = "C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat \ mirę lite.exe" [2008-01-15 20:37 1348608]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "= C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv, C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0), C: \ WINDOWS \ system32 \ drivers \ CamDrL2 1.sys [2004-02-14 04:09]

* Naujai sukurta tarnyba * - PROCEXP90
.
Turinys "Scheduled Tasks" katalogą
"2007-12-12 20:03:45 C: \ WINDOWS \ Uždaviniai \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 21:04:58
Windows 5.1.2600 Service Pack 2 NTFS

skenavimo paslėptus procesus ...

skenavimo paslėptas autostart entries ...

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus failus: 0

************************************************** ************************
.
Atlikimo laikas: 2008-01-15 21:05:11
.
2008-01-05 21:00:15 --- EOF ---

[evilfantasy]

Ištrinti šiuos failus / aplankus, taip:

1. Pereiti į Pradžia > Bėgti > Pagal tipą Notepad.exe ir paspauskite Gerai atidarykite "Notepad".
Tai privalėti būti Notepad, WordPad nėra.

• Spauskite Pradžia , Tada Bėgti
• Rūšis notepad.exe Vykdyti langelyje.

2. Nukopijuokite bold tekstą žemiau, pabrėžiant visą tekstą ir paspausdami Ctrl + C


Failas:
C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat \ mirę lite.exe
C: \ DOCUME ~ 1 \ Robertas \ applic ~ 1 \ WAYBOW ~ 1 \ NURB daugiau noun.exe

Registras:
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"curblicense" =-
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Antroji BAT Creative piko" =-


3. Grįžti į Notepad langą ir paspauskite Redaguoti > Pasta
4. Tada spustelėkite Failas > Saugoti
5. Bylos pavadinimas CFScript.txt - Išsaugokite šį failą savo darbalaukyje
6. Vilkite CFScript (paspauskite ir laikykite kairįjį pelės klavišą, vilkite failą) ir palikite jį (spaudai kairįjį pelės mygtuką) į ComboFix.exe kaip matote ekrano apačioje. Svarbu: Atlikti šį nurodymą atidžiai!



ComboFix bus pradėti vykdyti, tiesiog vykdykite ekrane pateikiamas instrukcijas.
Po perkrovimo (jei ji prašo paleisti), tai duos žurnalas Jums.
Rašyti, kad žurnalas (Combofix.txt) į jūsų kitą atsakymą.

Pastaba Don't mouseclick combofix lango kol jis veikia. Tai gali sukelti jūsų sistema įšaldyti

----------

Pradėti naują HijackThis skenavimo ir po žurnalą.

----------

Sekantis
Combofix Prisijungti
Naujas HijackThis

[rsteenoven]

ComboFix 08-01-15.4 - Richard 2008-01-15 22:03:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.560 [GMT 0:00]
Veikia nuo: C: \ Documents and Settings \ Robertas \ Desktop \ ComboFix.exe
Command jungikliai naudojami: C: \ Documents and Settings \ Robertas \ Desktop \ CFScript.txt
* Sukurtas naujas atkūrimo taškas

ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!!

FILE
C: \ DOCUME ~ 1 \ Robertas \ applic ~ 1 \ WAYBOW ~ 1 \ NURB daugiau noun.exe
C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat \ mirę lite.exe
.

((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ DOCUME ~ 1 \ Robertas \ applic ~ 1 \ WAYBOW ~ 1 \ NURB daugiau noun.exe
C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat \ mirę lite.exe

.
((((((((((((((((((((((((( Failus, sukurtus nuo 2007/12/15 iki 2008/01/15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51.200 - ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2.297.552 - ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22.328 - ------ C: \ Documents and Settings \ Robertas \ Application Data \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> D - SS ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54.608 - ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> D - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Gyventi
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ WayBowsReal
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Program Files \ Whisper Technologijos
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client 2,5 Setup Files
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ Paskelbti Providers
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Program Files \ Sony sąranka
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ Sony sąranka
2007-12-29 23:30. 2008-01-15 17:00 54.156 - Ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1.409 - ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286.720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73.216 - ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10.880 - ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10.880 - - --- C C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - - --- C C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ sxs
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Program Files \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ DIVX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2007-12-24 17:11. 2007-07-30 19:19 271.224 - ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207.736 - ------ C: \ WINDOWS \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30.072 - ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ gtk-2.0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Robertas \. Miniatiūros
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Program Files \ GIMP-2.0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Robertas \. GIMP 2.4
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Program Files \ DNR
2007-12-22 15:39. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ DNR
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ BitTorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424.960 - ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32.592 - ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> DR-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Pagalba
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Program Files \ DIVX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ vlc
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Robertas \ Application Data \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Xing bendrai
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Robertas \ Application Data \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-15 17:46 22.328 ---- AW C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Robertas \ Application Data \ Xfire
2008-01-11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008-01-11 22:26 5.615 ---- AW C: \ Program Files \ install.log
2008-01-11 10:25 --------- D - h - w C: \ Program Files \ InstallShield įrengimas Informacija
2007-12-22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Robertas \ Application Data \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007-12-10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Program Files \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Robertas \ Application Data \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Program Files \ Windows Live "
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner V2.06
2007-12-08 22:50 12.464 ---- AW C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Robertas \ Application Data \ InstallShield
2007-12-07 17:44 4.716 ---- AW C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
.

((((((((((((((((((((((((((((( Snapshot@2008-01-15_21.05.00.95 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008-01-15 21:03:50 225.280 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000001 \ Ntuser.dat
+ 2008-01-15 22:03:02 225.280 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000001 \ Ntuser.dat
- 2008-01-15 21:03:50 8.192 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000002 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000002 \ UsrClass.dat
- 2008-01-15 21:03:50 229.376 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000003 \ Ntuser.dat
+ 2008-01-15 22:03:02 229.376 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000003 \ Ntuser.dat
- 2008-01-15 21:03:50 8.192 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000004 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000004 \ UsrClass.dat
- 2008-01-15 21:03:50 3.670.016 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000005 \ Ntuser.dat
+ 2008-01-15 22:03:02 3.670.016 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000005 \ Ntuser.dat
- 2008-01-15 21:03:50 208.896 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000006 \ UsrClass.dat
+ 2008-01-15 22:03:02 208.896 ---- AW C: \ WINDOWS \ erdnt \ ŽIV-backup \ Users \00000006 \ UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent" DNR "=" C: \ Program Files \ DNA \ btdna.exe "[2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Robertas \ applic ~ 1 \ WAYBOW ~ 1 \ NURB daugiau noun.exe" []
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Antroji BAT Creative piko" = "C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat \ mirę lite.exe" []

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "= C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv, C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0), C: \ WINDOWS \ system32 \ drivers \ CamDrL2 1.sys [2004-02-14 04:09]

.
Turinys "Scheduled Tasks" katalogą
"2007-12-12 20:03:45 C: \ WINDOWS \ Uždaviniai \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:05:20
Windows 5.1.2600 Service Pack 2 NTFS

skenavimo paslėptus procesus ...

skenavimo paslėptas autostart entries ...

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus failus: 0

************************************************** ************************
.
Atlikimo laikas: 2008-01-15 22:06:11 - mašina buvo paleistas
ComboFix-karantine-files.txt 2008-01-15 22:06:09
ComboFix2.txt 2008-01-15 21:05:12
.
2008-01-05 21:00:15 --- EOF ---


Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 10:07:19, on 1/15/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ NKP \ ycomp5_6_0_1.d LL
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ NKP \ ycomp5_6_0_1.d LL
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / autostart
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Antroji BAT Creative piko] C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat \ mirę lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Robertas \ applic ~ 1 \ WAYBOW ~ 1 \ NURB daugiau noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klasė) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient klasė) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
End of file - 6.716 baitų

[evilfantasy]

Pereiti į My Computer-> Tools-> Folder Options-> View skirtuke

• Pagal Paslėpti failai ir aplankai Antraštė:
• Pasirinkite Rodyti paslėptus failus ir aplankus.
• Nuimkite Slėpti apsaugotus operacinės sistemos failus (rekomenduojama) galimybę.
• Pat įsitikinkite, kad nėra varnelę šalia Slėpti žinomų failų tipų failus.
• Spauskite Gerai

----------

Paspauskite CTRL + ALT + DELETE pareikšti procesas Monitorius. Spustelėkite skirtuką procesai ir žudyti procesus,

lite.exe <<Ar mirę Lite.exe
noun.exe <<Arba NURB daugiau noun.exe

----------

Atidaryti HijackThis ir pasirinkite Ar sistema nuskaito tik tada vieta žymės langelį: (jei rasta)

O4 - HKLM \ .. \ Run: [Antroji BAT Creative piko] C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat \ mirę lite.exe
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Robertas \ applic ~ 1 \ WAYBOW ~ 1 \ NURB daugiau noun.exe

Uždaryti visus išskyrus HijackThis ir spustelėkite Windows Fix patikrinta

Išeitis HijackThis.

----------

Atidarykite Mano kompiuteris iš darbastalio ir locathe ir ištrinkite šias failai. (jei rasta)

C: \ Documents and Settings \ All Users \ Application Data \ kryptis Readme Antra Bat \negyvas lite.exe

C: \ DOCUME ~ 1 \ Robertas \ applic ~ 1 \ WAYBOW ~ 1 \NURB daugiau noun.exe

----------

Paleiskite F-Secure Online Scanner

Pastaba Šis skaitytuvas veikia su "Internet Explorer Only!

• Pereikite į puslapį ir spustelėkite Pradėti nuskaitymo mygtukas apačioje. Langas.
• Leisti ActiveX kontrolė turi būti įdiegta į jūsų kompiuterį, spustelėkite mygtuką Sutinku
• Spauskite Visas sistemos Scan ir leisti komponentai parsisiųsti ir skanuoti baigti.
• Jei nustatoma, kenkėjiška programa, patikrinkite, ar Pateikti pavyzdžius F-Secure pasirinkite Automatinis valymas
• Valant turi finitished, spustelėkite Rodyti ataskaitą (šis atvers langą Internet Explorer yra ataskaita)
• Paryškinti ir Kopijuoti (Ctrl + C) išsamią ataskaitą ir Įklijuoti (CTRL + V) į naują atsakymą į šį pranešimą
  • Jei automatinis valymas su Pateikite pavyzdžių stringa, paspauskite Atšaukti, Tada Nauji Scan
• Kai valymo variantas yra pateiktas, Nuimkite Pateikti pavyzdžius F-Secure
• Spauskite Automatinis valymas
• Valant turi finitished, paspauskite Rodyti pranešimą (tai bus atidaryti "Internet Explorer langas su pranešimu)
• Paryškinti ir Kopijuoti (Ctrl + C) išsamią ataskaitą ir Įklijuoti (CTRL + V) į naują atsakymą į šį pranešimą
• Nuskaitymas gali užtrukti gana ilgą laiką, todėl būkite kantrūs

----------

Sekantis Pridėti
F-Secure Prisijungti
Naujas HijackThis