Infekuotų MultiPacked.Multi.Generic kenkėjiška!

**ruffryder2k7** · #1 Birželis 23, 2009, 10:38

Neseniai atsisiųsti tema taikymas. Po įdiegimo, Kaspersky įvesti perspėjimą sakydamas kompiuteris užkrėstas MultiPacked.Multi.Generic kenkėjiškų programų. Mano Kaspersky nustojo veikti, ir mano langai tema is gone, I'm stuck with Windows Classic. Help please!

**evilfantasy** · #2 Birželis 23, 2009, 11:25

Pabandykite gauti man bet Įrašai galite iš čia. http://www.computer-juice.com/forums...-posting-7476/

**evilfantasy** · #3 Birželis 24, 2009, 11:44

Atrodo Forumai turėjo gedimo. Prašome rašyti šiems DDS rąstų.

Atsisiųsti DDS nuo | Here | arba | Here | arba | Here | ir išsaugokite jį savo kompiuteryje.

Vista vartotojai Dešiniuoju pelės mygtuku spustelėkite dds pasirinkite Vykdyti kaip administratorius (Jūs gausite UAC eilutę, leiskite ji)

* XP vartotojams Dukart spustelėkite dds paleisti.
* Jei jūsų antivirusinė ar ugniasienė bando blokuoti DDS tada leiskite jį paleisti.
* Kai baigsite DDS bus atidaryti du (2) rąstų.

1) DDS.txt
2) Attach.txt

* Išsaugoti tiek Įrašai darbalaukyje.
* Nukopijuokite ir įklijuokite visą turinį ir į kitą Atsakyti rąstų.

Pastaba DDS pamokys rašyti Attach.txt prisijungti kaip priedą.
Prašome tik po to, kaip bet kurį kitą žurnalą pagal nukopijuokite ir įklijuokite jį į atsakymą.

**ruffryder2k7** · #4 Birželis 24, 2009, 13:55

DDS (Ver_09-05-14,01) - NTFSx86
Pradėti pele per 16:53:23.36 Wed 06/24/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00]

AV: Kaspersky Internet Security * On-nuskaitymo prieigos neįgaliesiems * (Atnaujinta) (2C4D4BC6-0793-4956-A9F9-E252435469C0)
FW: Kaspersky Internet Security * įjungtas * (2C4D4BC6-0793-4956-A9F9-E252435469C0)

============== Aktyvūs procesai ===============

C: \ WINDOWS \ system32 \ Svchost-k DcomLaunch
svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs
C: \ WINDOWS \ System32 \ svchost.exe-k WudfServiceGroup
svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Creative \ Bendri failai \ CTAudSvc.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ CTHELPER.EXE
C: \ WINDOWS \ system32 \ CTXFIHLP.EXE
C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE
C: \ Program Files \ Creative \ Bendri failai \ module loader \ DLLML.exe
C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ SYSTEM32 \ CTXFISPI.EXE
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe
C: \ PROGRA ~ 1 \ Micros ~ 4 \ rapimgr.exe
svchost.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ System32 \ svchost.exe-k imgsvc
C: \ Program Files \ Creative \ Sound Blaster X-Fi \ pramogų centro \ EAXLoadr.exe
C: \ Program Files \ Požiūris \ Common \ ViewpointService.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ System32 \ svchost.exe-k HTTPFilter
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ LimeWire \ LimeWire.exe
C: \ Documents and Settings \ Pelė \ Desktop \ dds.com

============== Pseudo HJT Pranešimas ===============

uStart Page = hxxp: / / google.com /
uInternet Parametrai ProxyOverride = *. vietos
BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
BHO: Skype add-on (Mastermind): (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - C: \ Program Files \ Skype \ įrankių \ Internet Explorer \ SkypeIEPlugin.dll
BHO: IEVkbdBHO klasė: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ievkbd.dll
BHO: Java (tm) Plug-in 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
BHO: JQSIEStartDetectorImpl klasė: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - C: \ Program Files \ Java \ jre6 \ lib \ dislokuoti \ jqs \ ty \ jqs_plugin.dll
TB: Veoh plug-in: (d0943516-5076-4020-a3b5-aefaf26ab263) - C: \ Program Files \ Veoh tinkluose \ Veoh \ Plugins \ reg \ VeohToolbar.dll
EB: (32683183-48a0-441b-a342-7c2a440a9478) - Nėra failų
uRun: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
uRun: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTDVDDET] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ dvdaudio \ CTDVDDET.EXE"
mRun: [RCSystem] "C: \ Program Files \ Creative \ obschie Files \ module loader \ DLLML.exe" RCSystem *-startup
mRun: [AudioDrvEmulator] "C: \ Program Files \ Creative \ obschie Files \ module loader \ dllml.exe" -1 audiodrvemulator "C: \ Program Files \ Creative \ obschie Files \ module loader \ Garso emuliatorius \ AudDrvEm.dll"
mRun: [VolPanel] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" / R
mRun: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
mRun: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe"
mRun: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
mRun: [AppleSyncNotifier] C: \ Program Files \ Common Files \ Apple \ mobiliojo prietaiso Support \ bin \ AppleSyncNotifier.exe
mRun: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
IE: Pridėti prie Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm
IE: E & Eksportuoti į "Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000
IE: (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ network diagnostic \ xpnetdiag.exe
IE: (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll
IE: (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ micros ~ 4 \ INetRepl.dll
IE: (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ micros ~ 4 \ INetRepl.dll
IE: (77BF5300-1474-4EC7-9980-D32B190E9B07) - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ įrankių \ Internet Explorer \ SkypeIEPlugin.dll
DPF: Microsoft XML Parser for Java - file: / / C: \ Windows \ Java \ Classes \ xmldso.cab
DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / fwlink /? Linkid = 39.204
DPF: (45B69029-F3AB-4204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / terminalo / InstallerControl.cab
DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll
DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939
DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: (CAFEEFAC-ffff-ffff-ffff-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab # version = 6030,2008,0904,1947
Handler: CDO - (CD00020A-8B95-11D1-82dB-00C04FB1625D) - C: \ Program Files \ Common Files \ Microsoft Shared \ Web Folders \ PKMCDO.DLL
Handler: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
Įspėti:! SASWinLogon - C: \ Program Files \ superantispyware \ SASWINLO.DLL
Praneša: klogon - C: \ Windows \ system32 \ klogon.dll
AppInit_DLLs: C: \ PROGRA ~ 1 \ Kasper ~ 1 \ Kasper ~ 1 \ mzvkbd.dll, C: \ PROGRA ~ 1 \ Kasper ~ 1 \ Kasper ~ 1 \ adialhk.dll, C: \ PROGRA ~ 1 \ kaspe R ~ 1 \ Kasper ~ 1 \ kloehk.dll
SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ Windows \ system32 \ WPDShServiceObj.dll
SEH: SABShellExecuteHook klasė: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - C: \ Program Files \ superantispyware \ SASSEH.DLL

=================== ================= FIREFOX

FF - ProfilePath --

============= PASLAUGOS / drivers ===============

R0 kl1; Kl1; c: \ windows \ system32 \ drivers \ kl1.sys [2007-10-31 112144]
R0 klbg; Kaspersky Lab Įkėlimo Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [2008-1-29 33808]
R1 KLIF; Kaspersky Lab Driver; c: \ windows \ system32 \ drivers \ klif.sys [2008-4-18 213520]
R1 SASKUTIL; SASKUTIL, C: \ Program Files \ superantispyware \ SASKUTIL.SYS [2008-2-29 55024]
R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [2008-5-12 14592]
R2 avp; Kaspersky Internet Security, C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-R -> C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r [? ]
R2 Požiūris Manager paslaugos; Požiūris Manager paslaugos; C: \ Program Files \ požiūriu \ Common \ ViewpointService.exe [2008-12-7 24652]
R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [2008-3-13 26640]
R3 klim5; Kaspersky Anti-Virus NDIS filtras; c: \ windows \ system32 \ drivers \ klim5.sys [2007-12-13 24592]
R3 SASENUM; SASENUM, C: \ Program Files \ superantispyware \ SASENUM.SYS [2006-2-16 4096]
S1 SASDIFSV; SASDIFSV, C: \ Program Files \ superantispyware \ SASDIFSV.SYS [2008-2-29 9968]
S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Kuba se32.sys [2009-4-5 11808]
S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53, C: \ Windows \ syste M32 \ drivers \ IlvMoney1215.sys [2008-8-21 30080]

=============== Sukurta Paskutinis 30 ================

2009-06-17 13:58 <DIR> - D ----- C: \ Program Files \ LSoft Technologies
2009-06-13 12:32 <DIR> - D ----- C: \ Program Files \ iPod
2009-06-13 12:32 <DIR> - D ----- C: \ Program Files \ iTunes

==================== ==================== Find3M

============= Apdaila: 16:54:12.42 ===============

Nebent tai būtų konkrečiai nurodyta, Neskelbti šį failą.
Jei prašoma, ZIP IT UP & pridėti jį

DDS (Ver_09-05-14,01)

Microsoft Windows XP Professional
Boot Device \ Device \ HarddiskVolume1
Įdiekite Data: 5/12/2008 2:38:20
Sistema veikia: 6/24/2009 12:33:35 PM (4 valandos)

Pagrindinė plokštė: http://www.abit.com.tw/ | | IP35 Pro (P35 + ICH9R)
Procesorius: Intel (R) Pentium (R) 4 CPU 2.80GHz | Socket 775 | 3024/216mhz

==== Disko skirsnių =========================

: Nuimama
C: Fixed (NTFS) - 128 GB iš viso 60,146 GB nemokamai.
D: Fixed (NTFS) - 69 GB iš viso 60,479 GB nemokamai.
E: yra CDROM (CDFS)
F: yra CDROM (CDFS)
G: yra fiksuotas (NTFS) - 245 GB iš viso 138,326 GB nemokamai.
H: CDROM ()
I: yra CDROM ()
J: yra CDROM ()
K: CDROM ()

==== Neįgaliųjų Device Manager daiktai =============

Klasė GUID: (4D36E972-E325-11CE-BFC1-08002BE10318)
Aprašymas: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
Device ID PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0
Gamintojas: Realtek Semiconductor Corp
Vardas: Realtek RTL8169/8110 Family Gigabit Ethernet NIC # 3
PNP Device ID PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0
Paslaugos: RTL8023xp

Klasė GUID: (4D36E972-E325-11CE-BFC1-08002BE10318)
Aprašymas: MAC tiltas miniprievado
Įrenginio ID: Root \ MS_BRIDGEMP \ 0000
Gamintojas: Microsoft
Vardas: MAC tiltas miniprievado
PNP Device ID: Root \ MS_BRIDGEMP \ 0000
Paslaugos: BridgeMP

==== Sistemos atkūrimo Taškai ===================

RP202: 3/26/2009 6:14:01 PM - sistema Checkpoint
RP203: 3/27/2009 9:06:08 PM - sistema Checkpoint
RP204: 3/30/2009 12:43:20 PM - sistema Checkpoint
RP205: 4/1/2009 5:11:23 PM - sistema Checkpoint
RP206: 4/3/2009 3:31:49 PM - sistema Checkpoint
RP207: 4/6/2009 11:30:33 AM - sistemos Checkpoint
RP208: 4/8/2009 1:48:55 AM - Pašalinta MapleStory GL.
RP209: 4/8/2009 1:49:05 AM - Įdiegta MapleStory.
RP210: 4/8/2009 2:00:33 AM - Pašalinta MapleStory.
RP211: 4/8/2009 2:12:11 AM - Įdiegta MapleStory.
RP212: 4/9/2009 1:53:58 PM - sistema Checkpoint
RP213: 4/11/2009 6:22:36 AM - sistemos Checkpoint
RP214: 4/14/2009 11:18:28 AM - sistemos Checkpoint
RP215: 4/15/2009 5:50:23 PM - Software Distribution Service 3,0
RP216: 4/18/2009 1:32:37 AM - sistemos Checkpoint
RP217: 4/21/2009 2:37:36 PM - sistema Checkpoint
RP218: 4/22/2009 5:07:27 PM - sistema Checkpoint
RP219: 4/24/2009 2:41:28 PM - sistema Checkpoint
RP220: 4/25/2009 10:07:27 PM - sistema Checkpoint
RP221: 4/28/2009 6:48:10 AM - Įdiegta Java (TM) 6 Update 13
RP222: 5/2/2009 7:23:06 PM - sistema Checkpoint
RP223: 5/3/2009 11:36:18 PM - sistema Checkpoint
RP224: 5/5/2009 2:29:10 PM - sistema Checkpoint
RP225: 5/6/2009 8:29:33 PM - sistema Checkpoint
RP226: 5/7/2009 3:00:17 AM - Software Distribution Service 3,0
RP227: 5/7/2009 11:16:03 AM - įdiegta Windows XP WgaNotify.
RP228: 5/9/2009 11:12:42 AM - sistemos Checkpoint
RP229: 5/10/2009 5:10:12 PM - sistema Checkpoint
RP230: 5/11/2009 9:02:07 PM - sistema Checkpoint
RP231: 5/13/2009 12:26:07 AM - Software Distribution Service 3,0
RP232: 5/14/2009 2:28:00 PM - Pašalinta ZU-ONLINE
RP233: 5/15/2009 2:47:49 PM - sistema Checkpoint
RP234: 5/17/2009 1:28:31 AM - sistemos Checkpoint
RP235: 5/17/2009 4:58:00 PM - Įdiegta Nokia USB modemo tvarkyklę
RP236: 5/19/2009 11:34:48 AM - sistemos Checkpoint
RP237: 5/20/2009 12:47:48 PM - sistema Checkpoint
RP238: 5/23/2009 10:08:08 AM - sistemos Checkpoint
RP239: 6/1/2009 10:03:10 AM - sistemos Checkpoint
RP240: 6/2/2009 10:03:30 AM - sistemos Checkpoint
RP241: 6/3/2009 11:47:56 AM - sistemos Checkpoint
RP242: 6/5/2009 11:10:53 PM - sistema Checkpoint
RP243: 6/7/2009 2:46:24 PM - sistema Checkpoint
RP244: 6/9/2009 11:32:41 AM - sistemos Checkpoint
RP245: 6/10/2009 5:52:30 PM - sistema Checkpoint
RP246: 6/10/2009 11:00:09 PM - Software Distribution Service 3,0
RP247: 6/12/2009 12:14:34 PM - sistema Checkpoint
RP248: 6/13/2009 1:12:33 PM - sistema Checkpoint
RP249: 6/14/2009 9:20:14 PM - sistema Checkpoint
RP250: 6/15/2009 9:53:46 PM - sistema Checkpoint
RP251: 6/17/2009 12:27:01 AM - sistemos Checkpoint
RP252: 6/21/2009 7:28:06 PM - sistema Checkpoint
RP253: 6/22/2009 8:08:50 PM - sistema Checkpoint
RP254: 6/23/2009 2:54:41 PM - Ištrinta Garmin City Navigator North America NT 2.009 Update
RP255: 6/23/2009 2:58:20 PM - Pašalinta PalmOne
RP256: 6/24/2009 3:58:18 PM - sistema Checkpoint

==== Installed Programs ======================

==== Vyki Žinutės iš praeities ======== savaitė

==== Pabaigoje failą ===========================

**evilfantasy** · #5 Birželis 24, 2009, 14:05

Parsisiųsti ComboFix © by einantys iš vienos iš žemiau nuorodų. Būtinai įrašykite jį į viršų Desktop.

Link # 1
Link # 2

** Pastaba: Svarbu, kad ji yra saugomi tiesiai darbalaukyje

NĖRA paleisti dar!

Pastaba Toliau instrukcijos buvo sukurtas specialiai šiam vartotojui. Jei nėra šio vartotojo NĖRA laikytis šių nurodymų, nes jie gali sugadinti jūsų sistemos veikimą

Ištrinti šiuos failus / aplankus, taip:

1. Pereiti į Pradžia > Bėgti > Pagal tipą Notepad.exe ir paspauskite Gerai atidarykite "Notepad".
Tai privalėti būti Notepad, WordPad nėra.
2. Kopijuoti tekstą žemiau kodą langelyje, pabrėžiant visą tekstą ir paspausdami Ctrl + C

Kodas

Killall: DDS: uInternet Parametrai ProxyOverride = *. vietos EB: (32683183-48a0-441b-a342-7c2a440a9478) - Nr Failas IE: (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Driver: Požiūris Vadybininkas Paslaugos katalogą: C: \ Program Files \ požiūriu

3. Grįžti į Notepad langą ir paspauskite Redaguoti > Pasta
4. Tada spustelėkite Failas > Saugoti
5. Bylos pavadinimas CFScript.txt - Išsaugokite šį failą savo darbalaukyje
6. Vilkite CFScript (paspauskite ir laikykite kairįjį pelės klavišą, vilkite failą) ir palikite jį (spaudai kairįjį pelės mygtuką) į ComboFix.exe kaip matote ekrano apačioje. Svarbu: Atlikti šį nurodymą atidžiai!

ComboFix bus pradėti vykdyti, tiesiog vykdykite ekrane pateikiamas instrukcijas.
Po perkrovimo (jei ji prašo paleisti), tai duos žurnalas Jums.
Rašyti, kad žurnalas (Combofix.txt) į jūsų kitą atsakymą.

Pastaba Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti jūsų sistema įšaldyti

**ruffryder2k7** · #6 Birželis 25, 2009, 08:45

ComboFix 09-06-23.01 - Mouse 06/24/2009 17:18.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00]
Veikia nuo: C: \ Documents and Settings \ Pelė \ Desktop \ ComboFix.exe
Command jungikliai naudojami: C: \ Documents and Settings \ Pelė \ Desktop \ CFScript.txt
AV: Kaspersky Internet Security * On-nuskaitymo prieigos neįgaliesiems * (Atnaujinta) (2C4D4BC6-0793-4956-A9F9-E252435469C0)
FW: Kaspersky Internet Security * įjungtas * (2C4D4BC6-0793-4956-A9F9-E252435469C0)
.

((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ požiūriu
C: \ perdirbėjai \ S-1-5-21-1957994488-1801674531-1177238915-1004
C: \ perdirbėjai \ S-1-5-21-789336058-2025429265-1644491937-1003
C: \ Windows \ system32 \ drivers \ kl1.sys
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ požiūriu \ Common \ ViewpointService.exe
C: \ Program Files \ požiūriu \ Common \ VistaBoot.sdll
c: kataloge \ Program Files \ požiūriu \ Viewpoint Media Player \ AxMetaStream.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ ClassIDs.ini
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ ComponentMgr.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ MetaStreamID.ini
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ MtsAxInstaller.exe
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ NewComponents \ AOLUserShell.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ NewComponents \ Cursors.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ NewComponents \ JpegReader.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ NewComponents \ Mts3Reader.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ NewComponents \ SceneComponent.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ NewComponents \ SreeDMMX.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ NewComponents \ SWFView.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ NewComponents \ VETScriptInterpreter.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ NewComponents \ VMPSpeech.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ NewComponents \ VMPVideo2.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ npViewpoint.dll
C: \ Program Files \ požiūriu \ Viewpoint Media Player \ npViewpoint.xpt
C: \ perdirbėjai \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ Desktop.ini
C: \ perdirbėjai \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2
C: \ perdirbėjai \ S-1-5-21-789336058-2025429265-1644491937-1003 \ Desktop.ini
D: \ perdirbėjai \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2
C: \ Windows \ emMON.exe
C: \ Windows \ system32 \ codecs \ 7zAES.dll
C: \ Windows \ system32 \ codecs \ AES.dll
C: \ Windows \ system32 \ codecs \ Branch.dll
C: \ Windows \ system32 \ codecs \ BZip2.dll
C: \ Windows \ system32 \ codecs \ Copy.dll
C: \ Windows \ system32 \ codecs \ Deflate.dll
C: \ Windows \ system32 \ codecs \ LZMA.dll
C: \ Windows \ system32 \ codecs \ PPMd.dll
C: \ Windows \ system32 \ codecs \ Rar29.dll
C: \ Windows \ system32 \ codecs \ Swap.dll
C: \ Windows \ system32 \ drivers \ ctoss2k.sys
C: \ Windows \ system32 \ formatai \ 7z.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers / Paslaugos )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_ILVMONEYDRIVER53
------- \ Legacy_VIEWPOINT_MANAGER_SERVICE
------- \ Service_IlvMoneyDRIVER53
------- \ Service_Viewpoint Manager paslaugos
------- \ Legacy_ossrv
------- \ Service_ossrv

((((((((((((((((((((((((( Failus, sukurtus nuo 2009/05/24 iki 2009/06/24 ))))))))))) ))))))))))))))))))))
.

2009-06-23 18:47. 2009-06-24 16:37 117760 ---- AW-C: \ Documents and Settings \ Pelė \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- W-c: \ Program Files \ LSoft Technologies
2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w C: \ Program Files \ iPod
2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w C: \ Program Files \ iTunes
2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w C: \ Program Files \ QuickTime
2009-06-13 16:23. 2009-06-13 16:23 75048 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe
2009-06-10 23:14. 2001-08-18 02:36 462848-C - AW-c: \ windows \ system32 \ dllcache \ a3dapi.dll
2009-06-10 23:14. 2001-08-18 02:36 462848 ---- AW-c: \ windows \ system32 \ a3dapi.dll
2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3
2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Games
2009-06-10 20:13. 2009-05-07 15:32 345600-C ---- W-c: \ windows \ system32 \ dllcache \ Localspl.dll
2009-06-10 20:13. 2009-04-15 14:51 585216-C ---- W-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 23:25. 2008-05-16 03:35 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab
2009-06-24 21:26. 2008-05-16 03:35 761888 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox2.dat
2009-06-24 21:26. 2008-05-16 03:35 64388 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox.idx
2009-06-24 21:26. 2008-05-16 03:35 4571424 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox.dat
2009-06-24 21:26. 2008-05-16 03:35 29696 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox2.idx
2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w C: \ Documents and Settings \ Pelė \ Application Data \ LimeWire
2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w C: \ Program Files \ Pando Networks
2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- W-c: \ Program Files \ PalmOne
2009-06-21 23:00. 2009-02-09 03:50 138184 ---- AW-c: \ windows \ system32 \ drivers \ PnkBstrK.sys
2009-06-21 23:00. 2009-02-09 03:50 183112 ---- AW-c: \ windows \ system32 \ PnkBstrB.exe
2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- W-c: \ Program Files \ Diablo II
2009-06-18 22:31. 2008-06-02 00:09 -------- d --- AW-C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w C: \ Documents and Settings \ Pelė \ Application Data \ uTorrent
2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w C: \ Program Files \ Common Files \ Apple
2009-05-20 16:16. 2008-05-16 03:36 94643 ---- AW-c: \ windows \ system32 \ drivers \ klick.dat
2009-05-20 16:16. 2008-05-16 03:36 105395 ---- AW-c: \ windows \ system32 \ drivers \ klin.dat
2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- W-c: \ program files \ LG
2009-05-17 20:58. 2008-05-12 09:20 -------- D - H - W-c: \ Program Files \ InstallShield įrengimas Informacija
2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2009-05-07 15:32. 2003-03-31 12:00 345600 ---- AW-c: \ windows \ system32 \ Localspl.dll
2009-04-29 04:46. 2003-03-31 12:00 666624 ---- AW-c: \ windows \ system32 \ wininet.dll
2009-04-29 04:46. 2008-05-16 21:18 81920 ------ W-c: \ windows \ system32 \ ieencode.dll
2009-04-28 10:48. D 2008-05-17 00:24 -------- ----- w C: \ Program Files \ Java
2009-04-28 10:47. 2009-04-28 10:47 152576 ---- AW-C: \ Documents and Settings \ Pelė \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll
2009-04-26 01:13. 2009-04-26 00:43 -------- d ----- w C: \ Documents and Settings \ Pelė \ Application Data \ Move Networks
2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- AW-c: \ windows \ system32 \ Win32k.sys
2009-04-15 14:51. 2003-03-31 12:00 585216 ---- AW-c: \ windows \ system32 \ Rpcrt4.dll
2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-c: \ Documents and Settings \ Pelė \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe
2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-c: \ Documents and Settings \ Pelė \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe
2009-04-08 06:13. 2009-04-08 06:13 10134 ---- AR-c: \ Documents and Settings \ Pelė \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe
2009-04-05 23:39. 2008-05-16 02:24 23032 ---- AW-C: \ Documents and Settings \ Pelė \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT
2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- AW-c: \ windows \ system32 \ SpoonUninstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360]
H / PC Connection Agent "=" C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe "[2006-11-13 1289000]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008-05-03 13529088]
"CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056]
"RCSystem" = "C: \ Program Files \ Creative \ Bendri failai \ module loader \ DLLML.exe" [2005-11-04 49152]
"AudioDrvEmulator" = "C: \ Program Files \ Creative \ Bendri failai \ module loader \ DLLML.exe" [2005-11-04 49152]
"VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880]
"NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016]
"AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136]
"CTHelper" = "CTHELPER.EXE" - C: \ Windows \ system32 \ CtHelper.exe [2008-02-21 19456]
"CTxfiHlp" = "CTXFIHLP.EXE" - C: \ Windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "=" C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL "[2009-01-01 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2009-01-01 04:29 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ safeboot \ Minimal \ Wdf01000.sys]
@ = "Driver"

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Startup Adobe Gamma Loader.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk
Backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Paleidimas HOTSYNCSHORTCUTNAME.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk
Backup = C: \ Windows \ PSS \ n HOTSYNCSHORTCUTNAME.lnkCommo Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ paleisties Microsoft Office.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk
Backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Paleidimas

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ Services]
"StyleXPService" = 2 (0x2)
"PLFlash DeviceIoControl Service" = 2 (0x2)
"NMIndexingService" = 3 (0x3)
"Nero BackItUp Scheduler 3" = 2 (0x2)
"MDM" = 2 (0x2)
"ZuneNetworkSvc" = 3 (0x3)
"WMPNetworkSvc" = 3 (0x3)
"npkcmsvc" = 2 (0x2)
"JavaQuickStarterService" = 2 (0x2)
"IDriverT" = 3 (0x3)
"iPod Service" = 3 (0x3)
"idsvc" = 3 (0x3)
"Adobe LM Service" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center]
"AntiVirusOverride" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ KasperskyAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" =
"C: \ Program Files \ uTorrent \ \ uTorrent.exe" =
"C: \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" =
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"C: \ Program Files \ Sierra \ \ FEAR \ \ FEAR.exe" =
"C: \ Program Files \ \ Xfire \ \ xfire.exe" =
"C: \ Program Files \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" =
"C: \ Program Files \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" =
"C: \ Program Files \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" =
"C: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ Kaspersky Internet Security 2009 \ \ Anglų \ \ setup.exe" =
"C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI vadybininkas
"C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager
"C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ Program Files \ Common Files \ \ AOL \ \ krautuvas \ \ aolload.exe" =
"C: \ Program Files \ \ AIM6 \ \ aim6.exe" =
"C: \ Program Files \ Bonjour \ \ mDNSResponder.exe" =
"C: \ Program Files \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"6.112 TCP" = 6.112: TCP: Diablo 2
"26.675 TCP" = 26.675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Paslaugos
"58.398 TCP" = 58.398: TCP: Pando Žiniasklaida Booster
"58.398: UDP" = 58.398: UDP: Pando Žiniasklaida Booster

R0 klbg; Kaspersky Lab Įkėlimo Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 33.808]
R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 9.968]
R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 55.024]
R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 14.592]
R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 26.640]
R3 klim5; Kaspersky Anti-Virus NDIS filtras; c: \ windows \ system32 \ drivers \ klim5.sys [12/13/2007 1:28 24.592]
S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 11.808]
S3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 4.096]

--- Kitos paslaugos / vairuotojai Atmintis ---

* NewlyCreated * - SASDIFSV
.
Turinys "Scheduled Tasks" katalogą

2009/06/13 C: \ Windows \ Uždaviniai \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34]

2009/06/24 C: \ Windows \ Uždaviniai \ Malwarebytes 'Anti-Malware.job
- C: \ PROGRA ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52]
.
- - - - Orphans nuimti - - - --

Safeboot-AVG Anti-spyware Vairuotojas
Safeboot-AVG Anti-Spyware Guard

.
------- Papildomos Scan -------
.
uStart Page = hxxp: / / google.com /
IE: Pridėti prie Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm
IE: E & Eksportuoti į "Microsoft Excel - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file: / / C: \ Windows \ Java \ Classes \ xmldso.cab
DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll
FF - ProfilePath --
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 19:25
Windows 5.1.2600 Service Pack 3 NTFS

skenavimo paslėptus procesus ...

skenavimo paslėptas autostart entries ...

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus failus: 0

************************************************** ************************
.
--------------------- LOCKED registro raktus ---------------------

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, EB, 16,2 B, DE, ff, 66,8 f, 81, D1,
34, D2, D9, C8, 28,51, AF, B0, 29, A3, 98, A9, C3, A8, 8a, 5e, D3, 39,87, e2, 63,26, F1, 3f, C8, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 B, 04,66, 8b, 46,0 d, 96, C2, C2, DC, E4, A8,
65,45,2 e, 71,3 B, 04,66,8 b, 46,0 d, 96,21,7 C, AA, E9, A8, 42, 2f, C4, 6a, 9c, D6, 61, AF 45, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"2c81e34222e8052573023a60d06dd016" = hex: 25, DA, EB, 7e, 55,20, C9, 26, EB, A7, DF, 4d, 25,
C2, 62,83,25, DA, EB, 7E, 55,20, C9, 26, A3, F2, 65, DE, 80,3 e, E4, F6, FF, 7c, 85, e0, 43, D4, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"2582ae41fb52324423be06337561aa48" = hex: 3e, 1E, 9e, e0, 57,5, 93,61, F2, a1, b4, 61,82,
bb, AB, D5, 3e, 1E, 9e, e0, 57,5, 93,61,6 f, 0E, 5c, AE, EC, 4F, E7, 8D, 86,8 c, 21,01, BE, 91, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"caaeda5fd7a9ed7697d9686d4b818472" = hex: CD, 44 CD, B9, A6, 33,6 c, CD, 91, D7, 7a, 29,97,
C7, 40,4 B, CD, 44 CD, B9, A6, 33,6 c, CD, 49,19,95,11,6 F, AC, 43,68, F5, 1d, 4d, 73, A8, 13, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 B, CF, C8, 7e, 4a, d5, 24,8 d,
3a, 49, C4, B0, 18, DE, A7, 3f, 8D, 37, A4, 29, B5, 53,9, D3, 4a, 02,51, df, 20,58,62,78,6 B \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, BA, B1, F8, 68,02,09, D4, 0a, F3, 53,
BC, 62,26,31,77, E1, BA, B1, F8, 68,02,77, C3, DE, C6, 98,79, 54,2 c, FB, A7, 78, e6, 12,2 f, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"1d68fe701cdea33e477eb204b76f993d" = hex: 01,3, 48, FC, e8, 04,4, F1, DF, 00, d5, 43, FF,
F8, 0F, F3, 83,6 c, 56,8 B, A0, 85,96, AB, D5, 19,39,90, DA, 30, 2a, 05,01,3, 48, FC, E8, 04, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0F, 4e, 58, 98,5 B, 89, C9, 6a, ea, F8, C4, 82,
1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14 cc, 82, AC, 7a, 83, eb, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5 B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, AA, 78,0 b, ba, 41,78,8,
C9, 90,04, B1, CD, 45,5, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3D, CE, ea, 26,2 d, 45, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5D, 45,06,19,5 E
30,20, E6, E3, 0E, 66, D5, eb, BC, 2f, 6b, E1, 69,31, AC, dd, BA, 7f, 02,2 A, B7, cc, B5, B9, 7f, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"8a8aec57dd6508a385616fbc86791ec2" = hex: fa, EA, 66,7 f, D4, 3b, 6b, 70, a5, 97,0, 6e, 8a,
CF, 52,73, fa, EA, 66,7 f, D4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen TS \ h-€ | "yyyy ¤ • € | U • ~ *]
"AB141C35E9F4BF344B9FC010BB17F68A" = ""
.
--------------------- DLL Loaded Pagal aktyvūs procesai ---------------------

- - - - - - -> "Winlogon.exe" (1028)
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
C: \ Windows \ system32 \ klogon.dll

- - - - - - -> "Explorer.exe" (3748)
C: \ Windows \ system32 \ WPDShServiceObj.dll
C: \ Windows \ system32 \ PortableDeviceTypes.dll
C: \ Windows \ system32 \ PortableDeviceApi.dll
.
------------------------ Kitos aktyvūs procesai ----------------------- --
.
C: \ Program Files \ Creative \ Bendri failai \ CTAudSvc.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Windows \ system32 \ nvsvc32.exe
C: \ Windows \ system32 \ PnkBstrA.exe
C: \ Windows \ system32 \ rundll32.exe
C: \ PROGRA ~ 1 \ Micros ~ 4 \ rapimgr.exe
C: \ Program Files \ Creative \ Sound Blaster X-Fi \ pramogų centro \ EAXLoadr.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Windows \ system32 \ wscntfy.exe
C: \ Windows \ system32 \ CTxfispi.exe
.
************************************************** ************************
.
Atlikimo laikas: 2009-06-24 19:29 - mašina buvo paleistas
ComboFix-karantine-files.txt 2009-06-24 23:29
ComboFix2.txt 2008-05-20 17:05

Pre-Rida: 65511231488 bytes nemokamai
Post-Rida: 67799437312 bytes nemokamai

WindowsXP-KB310994-SP2-Pro-BOOTDISK-LTH.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S
[operating systems]
C: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / fastdetect / noexecute = OptIn

Aktualus = 3 Default = 3 Failed = 1 LastKnownGood = 4 Komplektai = 1,2,3,4
335 --- EOF --- 2009-06-11 03:03

**evilfantasy** · #7 Birželis 25, 2009, 09:58

Ištrinti šiuos failus / aplankus, taip:

1. Pereiti į Pradžia > Bėgti > Pagal tipą Notepad.exe ir paspauskite Gerai atidarykite "Notepad".
Tai privalėti būti Notepad, WordPad nėra.
2. Kopijuoti tekstą žemiau kodą langelyje, pabrėžiant visą tekstą ir paspausdami Ctrl + C

Kodas

Killall: RegLock: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5 B0E2-4288-8073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen TS \ h-€ | "yyyy ¤ • € | U • ~ *]

3. Grįžti į Notepad langą ir paspauskite Redaguoti > Pasta
4. Tada spustelėkite Failas > Saugoti
5. Bylos pavadinimas CFScript.txt - Išsaugokite šį failą savo darbalaukyje
6. Vilkite CFScript (paspauskite ir laikykite kairįjį pelės klavišą, vilkite failą) ir palikite jį (spaudai kairįjį pelės mygtuką) į ComboFix.exe kaip matote ekrano apačioje. Svarbu: Atlikti šį nurodymą atidžiai!

ComboFix bus pradėti vykdyti, tiesiog vykdykite ekrane pateikiamas instrukcijas.
Po perkrovimo (jei ji prašo paleisti), tai duos žurnalas Jums.
Rašyti, kad žurnalas (Combofix.txt) į jūsų kitą atsakymą.

Pastaba Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti jūsų sistema įšaldyti

----------

Taip pat norėčiau žinoti, kaip kompiuteris veikia dabar.

.

**ruffryder2k7** · #8 Birželis 25, 2009, 16:17

ComboFix 09-06-23.01 - Mouse 06/25/2009 19:04.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00]
Veikia nuo: C: \ Documents and Settings \ Pelė \ Desktop \ ComboFix.exe
Command jungikliai naudojami: C: \ Documents and Settings \ Pelė \ Desktop \ CFScript.txt
AV: Kaspersky Internet Security * On-nuskaitymo prieigos neįgaliesiems * (Atnaujinta) (2C4D4BC6-0793-4956-A9F9-E252435469C0)
FW: Kaspersky Internet Security * neįgaliesiems * (2C4D4BC6-0793-4956-A9F9-E252435469C0)
.

((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Windows \ system32 \ drivers \ kl1.sys

.
((((((((((((((((((((((((( Failus, sukurtus nuo 2009/05/25 iki 2009/06/25 ))))))))))) ))))))))))))))))))))
.

2009-06-24 23:28. 2009-06-24 23:28 -------- DC ---- W-c: \ windows \ system32 \ dllcache \ cache
2009-06-23 18:47. 2009-06-24 16:37 117760 ---- AW-C: \ Documents and Settings \ Pelė \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- W-c: \ Program Files \ LSoft Technologies
2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w C: \ Program Files \ iPod
2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w C: \ Program Files \ iTunes
2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w C: \ Program Files \ QuickTime
2009-06-13 16:23. 2009-06-13 16:23 75048 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe
2009-06-10 23:14. 2001-08-18 02:36 462848-C - AW-c: \ windows \ system32 \ dllcache \ a3dapi.dll
2009-06-10 23:14. 2001-08-18 02:36 462848 ---- AW-c: \ windows \ system32 \ a3dapi.dll
2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3
2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Games
2009-06-10 20:13. 2009-05-07 15:32 345600-C ---- W-c: \ windows \ system32 \ dllcache \ Localspl.dll
2009-06-10 20:13. 2009-04-15 14:51 585216-C ---- W-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 23:11. 2008-05-16 03:35 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab
2009-06-25 23:09. 2008-05-16 03:35 761888 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox2.dat
2009-06-25 23:09. 2008-05-16 03:35 64388 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox.idx
2009-06-25 23:09. 2008-05-16 03:35 4571424 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox.dat
2009-06-25 23:09. 2008-05-16 03:35 29696 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox2.idx
2009-06-24 23:59. 2008-01-29 22:29 33808 ---- AW-c: \ windows \ system32 \ drivers \ klbg.sys
2009-06-24 23:59. 2009-02-05 00:58 33808 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Laikini Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys
2009-06-24 23:59. 2008-05-16 03:36 94643 ---- AW-c: \ windows \ system32 \ drivers \ klick.dat
2009-06-24 23:59. 2008-05-16 03:36 105395 ---- AW-c: \ windows \ system32 \ drivers \ klin.dat
2009-06-24 23:59. 2008-07-17 23:08 213520 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Laikini Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys
2009-06-24 23:59. 2008-07-17 23:08 861448 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Laikini Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll
2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w C: \ Documents and Settings \ Pelė \ Application Data \ LimeWire
2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w C: \ Program Files \ Pando Networks
2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- W-c: \ Program Files \ PalmOne
2009-06-21 23:00. 2009-02-09 03:50 138184 ---- AW-c: \ windows \ system32 \ drivers \ PnkBstrK.sys
2009-06-21 23:00. 2009-02-09 03:50 183112 ---- AW-c: \ windows \ system32 \ PnkBstrB.exe
2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- W-c: \ Program Files \ Diablo II
2009-06-18 22:31. 2008-06-02 00:09 -------- d --- AW-C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w C: \ Documents and Settings \ Pelė \ Application Data \ uTorrent
2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w C: \ Program Files \ Common Files \ Apple
2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- W-c: \ program files \ LG
2009-05-17 20:58. 2008-05-12 09:20 -------- D - H - W-c: \ Program Files \ InstallShield įrengimas Informacija
2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2009-05-07 15:32. 2003-03-31 12:00 345600 ---- AW-c: \ windows \ system32 \ Localspl.dll
2009-04-29 04:46. 2003-03-31 12:00 666624 ---- AW-c: \ windows \ system32 \ wininet.dll
2009-04-29 04:46. 2008-05-16 21:18 81920 ------ W-c: \ windows \ system32 \ ieencode.dll
2009-04-28 10:48. D 2008-05-17 00:24 -------- ----- w C: \ Program Files \ Java
2009-04-28 10:47. 2009-04-28 10:47 152576 ---- AW-C: \ Documents and Settings \ Pelė \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll
2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- AW-c: \ windows \ system32 \ Win32k.sys
2009-04-15 14:51. 2003-03-31 12:00 585216 ---- AW-c: \ windows \ system32 \ Rpcrt4.dll
2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-c: \ Documents and Settings \ Pelė \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe
2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-c: \ Documents and Settings \ Pelė \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe
2009-04-08 06:13. 2009-04-08 06:13 10134 ---- AR-c: \ Documents and Settings \ Pelė \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe
2009-04-05 23:39. 2008-05-16 02:24 23032 ---- AW-C: \ Documents and Settings \ Pelė \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT
2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- AW-c: \ windows \ system32 \ SpoonUninstall.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) )))))))))))))))))))))))))))))
.
+ 2008-03-26 00:07. 2008-03-26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys
- 2007-12-13 17:28. 2008-03-26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys
+ 2009-06-24 23:28. 2008-10-16 19:09 51224 C: \ Windows \ system32 \ dllcache \ cache \ wuauclt.exe
+ 2009-06-24 23:28. 2008-04-14 00:12 82432 C: \ Windows \ system32 \ dllcache \ cache \ ws2_32.dll
+ 2009-06-24 23:28. 2008-04-14 00:12 26112 C: \ Windows \ system32 \ dllcache \ cache \ userinit.exe
+ 2009-06-24 23:28. 2008-04-14 00:12 14336 C: \ Windows \ system32 \ dllcache \ cache \ svchost.exe
+ 2009-06-24 23:28. 2008-04-14 00:12 57856 C: \ Windows \ system32 \ dllcache \ cache \ Spoolsv.exe
+ 2009-06-24 23:28. 2008-04-14 00:12 17408 C: \ Windows \ system32 \ dllcache \ cache \ powrprof.dll
+ 2009-06-24 23:28. 2008-04-14 00:12 13312 C: \ Windows \ system32 \ dllcache \ cache \ lsass.exe
+ 2009-06-24 23:28. 2008-04-13 18:39 24576 C: \ Windows \ system32 \ dllcache \ cache \ Kbdclass.sys
+ 2009-06-24 23:28. 2008-04-13 18:53 36608 C: \ Windows \ system32 \ dllcache \ cache \ ip6fw.sys
+ 2009-06-24 23:28. 2008-04-14 00:12 15360 C: \ Windows \ system32 \ dllcache \ cache \ Ctfmon.exe
- 2008-04-18 17:53. 2009-02-05 00:58 213520 C: \ Windows \ system32 \ drivers \ klif.sys
+ 2008-04-18 17:53. 2009-06-24 23:59 213520 C: \ Windows \ system32 \ drivers \ klif.sys
+ 2009-06-24 23:28. 2008-04-14 00:12 507904 C: \ Windows \ system32 \ dllcache \ cache \ winlogon.exe
+ 2009-06-24 23:28. 2009-04-29 04:46 666624 C: \ Windows \ system32 \ dllcache \ cache \ wininet.dll
+ 2009-06-24 23:28. 2008-04-14 00:12 578560 C: \ Windows \ system32 \ dllcache \ cache \ User32.dll
+ 2009-06-24 23:28. 2008-04-14 00:12 295424 C: \ Windows \ system32 \ dllcache \ cache \ Termsrv.dll
+ 2009-06-24 23:28. 2008-06-20 11:51 361600 C: \ Windows \ system32 \ dllcache \ cache \ Tcpip.sys
+ 2009-06-24 23:28. 2009-02-06 11:11 110592 C: \ Windows \ system32 \ dllcache \ cache \ SERVICES.EXE
+ 2009-06-24 23:28. 2008-04-13 19:20 182656 C: \ Windows \ system32 \ dllcache \ cache \ Ndis.sys
+ 2009-06-24 23:28. 2009-03-21 14:06 989696 C: \ Windows \ system32 \ dllcache \ cache \ kernel32.dll
+ 2009-06-24 23:28. 2008-04-14 00:11 110080 C: \ Windows \ system32 \ dllcache \ cache \ imm32.dll
+ 2009-06-24 23:28. 2008-04-14 00:11 167936 C: \ Windows \ system32 \ dllcache \ cache \ appmgmts.dll
+ 2009-06-24 23:28. 2008-04-14 00:12 1614848 c: \ windows \ system32 \ dllcache \ cache \ Sfcfiles.dll
+ 2009-06-24 23:28. 2009-02-06 11:06 2145280 c: \ windows \ system32 \ dllcache \ cache \ Ntoskrnl.exe
+ 2009-06-24 23:28. 2009-02-06 10:32 2023936 c: \ windows \ system32 \ dllcache \ cache \ Ntkrnlpa.exe
+ 2009-06-24 23:28. 2008-04-14 00:12 1033728 c: \ windows \ system32 \ dllcache \ cache \ explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360]
H / PC Connection Agent "=" C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe "[2006-11-13 1289000]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008-05-03 13529088]
"CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056]
"RCSystem" = "C: \ Program Files \ Creative \ Bendri failai \ module loader \ DLLML.exe" [2005-11-04 49152]
"AudioDrvEmulator" = "C: \ Program Files \ Creative \ Bendri failai \ module loader \ DLLML.exe" [2005-11-04 49152]
"VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880]
"NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016]
"AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136]
"CTHelper" = "CTHELPER.EXE" - C: \ Windows \ system32 \ CtHelper.exe [2008-02-21 19456]
"CTxfiHlp" = "CTXFIHLP.EXE" - C: \ Windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "=" C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL "[2009-01-01 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2009-01-01 04:29 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ safeboot \ Minimal \ Wdf01000.sys]
@ = "Driver"

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Startup Adobe Gamma Loader.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk
Backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Paleidimas HOTSYNCSHORTCUTNAME.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk
Backup = C: \ Windows \ PSS \ n HOTSYNCSHORTCUTNAME.lnkCommo Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ paleisties Microsoft Office.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk
Backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Paleidimas

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ Services]
"StyleXPService" = 2 (0x2)
"PLFlash DeviceIoControl Service" = 2 (0x2)
"NMIndexingService" = 3 (0x3)
"Nero BackItUp Scheduler 3" = 2 (0x2)
"MDM" = 2 (0x2)
"ZuneNetworkSvc" = 3 (0x3)
"WMPNetworkSvc" = 3 (0x3)
"npkcmsvc" = 2 (0x2)
"JavaQuickStarterService" = 2 (0x2)
"IDriverT" = 3 (0x3)
"iPod Service" = 3 (0x3)
"idsvc" = 3 (0x3)
"Adobe LM Service" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center]
"AntiVirusOverride" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ KasperskyAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" =
"C: \ Program Files \ uTorrent \ \ uTorrent.exe" =
"C: \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" =
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"C: \ Program Files \ Sierra \ \ FEAR \ \ FEAR.exe" =
"C: \ Program Files \ \ Xfire \ \ xfire.exe" =
"C: \ Program Files \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" =
"C: \ Program Files \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" =
"C: \ Program Files \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" =
"C: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ Kaspersky Internet Security 2009 \ \ Anglų \ \ setup.exe" =
"C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI vadybininkas
"C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager
"C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ Program Files \ Common Files \ \ AOL \ \ krautuvas \ \ aolload.exe" =
"C: \ Program Files \ \ AIM6 \ \ aim6.exe" =
"C: \ Program Files \ Bonjour \ \ mDNSResponder.exe" =
"C: \ Program Files \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"6.112 TCP" = 6.112: TCP: Diablo 2
"26.675 TCP" = 26.675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Paslaugos
"58.398 TCP" = 58.398: TCP: Pando Žiniasklaida Booster
"58.398: UDP" = 58.398: UDP: Pando Žiniasklaida Booster

R0 klbg; Kaspersky Lab Įkėlimo Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 33.808]
R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 9.968]
R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 55.024]
R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 14.592]
R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 26.640]
R3 klim5; Kaspersky Anti-Virus NDIS filtras; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 24.592]
S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 11.808]
S3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 4.096]
.
Turinys "Scheduled Tasks" katalogą

2009/06/13 C: \ Windows \ Uždaviniai \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34]

2009/06/25 C: \ Windows \ Uždaviniai \ Malwarebytes 'Anti-Malware.job
- C: \ PROGRA ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52]
.
.
------- Papildomos Scan -------
.
uStart Page = hxxp: / / google.com /
IE: Pridėti prie Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm
IE: E & Eksportuoti į "Microsoft Excel - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file: / / C: \ Windows \ Java \ Classes \ xmldso.cab
DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll
FF - ProfilePath --
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 19:11
Windows 5.1.2600 Service Pack 3 NTFS

skenavimo paslėptus procesus ...

skenavimo paslėptas autostart entries ...

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus failus: 0

************************************************** ************************
.
--------------------- LOCKED registro raktus ---------------------

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, EB, 16,2 B, DE, ff, 66,8 f, 81, D1,
34, D2, D9, C8, 28,51, AF, B0, 29, A3, 98, A9, C3, A8, 8a, 5e, D3, 39,87, e2, 63,26, F1, 3f, C8, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 B, 04,66, 8b, 46,0 d, 96, C2, C2, DC, E4, A8,
65,45,2 e, 71,3 B, 04,66,8 b, 46,0 d, 96,21,7 C, AA, E9, A8, 42, 2f, C4, 6a, 9c, D6, 61, AF 45, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"2c81e34222e8052573023a60d06dd016" = hex: 25, DA, EB, 7e, 55,20, C9, 26, EB, A7, DF, 4d, 25,
C2, 62,83,25, DA, EB, 7E, 55,20, C9, 26, A3, F2, 65, DE, 80,3 e, E4, F6, FF, 7c, 85, e0, 43, D4, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"2582ae41fb52324423be06337561aa48" = hex: 3e, 1E, 9e, e0, 57,5, 93,61, F2, a1, b4, 61,82,
bb, AB, D5, 3e, 1E, 9e, e0, 57,5, 93,61,6 f, 0E, 5c, AE, EC, 4F, E7, 8D, 86,8 c, 21,01, BE, 91, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"caaeda5fd7a9ed7697d9686d4b818472" = hex: CD, 44 CD, B9, A6, 33,6 c, CD, 91, D7, 7a, 29,97,
C7, 40,4 B, CD, 44 CD, B9, A6, 33,6 c, CD, 49,19,95,11,6 F, AC, 43,68, F5, 1d, 4d, 73, A8, 13, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 B, CF, C8, 7e, 4a, d5, 24,8 d,
3a, 49, C4, B0, 18, DE, A7, 3f, 8D, 37, A4, 29, B5, 53,9, D3, 4a, 02,51, df, 20,58,62,78,6 B \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, BA, B1, F8, 68,02,09, D4, 0a, F3, 53,
BC, 62,26,31,77, E1, BA, B1, F8, 68,02,77, C3, DE, C6, 98,79, 54,2 c, FB, A7, 78, e6, 12,2 f, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"1d68fe701cdea33e477eb204b76f993d" = hex: 01,3, 48, FC, e8, 04,4, F1, DF, 00, d5, 43, FF,
F8, 0F, F3, 83,6 c, 56,8 B, A0, 85,96, AB, D5, 19,39,90, DA, 30, 2a, 05,01,3, 48, FC, E8, 04, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0F, 4e, 58, 98,5 B, 89, C9, 6a, ea, F8, C4, 82,
1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14 cc, 82, AC, 7a, 83, eb, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5 B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, AA, 78,0 b, ba, 41,78,8,
C9, 90,04, B1, CD, 45,5, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3D, CE, ea, 26,2 d, 45, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5D, 45,06,19,5 E
30,20, E6, E3, 0E, 66, D5, eb, BC, 2f, 6b, E1, 69,31, AC, dd, BA, 7f, 02,2 A, B7, cc, B5, B9, 7f, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"8a8aec57dd6508a385616fbc86791ec2" = hex: fa, EA, 66,7 f, D4, 3b, 6b, 70, a5, 97,0, 6e, 8a,
CF, 52,73, fa, EA, 66,7 f, D4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen TS \ h-€ | "yyyy ¤ • € | U • ~ *]
"AB141C35E9F4BF344B9FC010BB17F68A" = ""
.
--------------------- DLL Loaded Pagal aktyvūs procesai ---------------------

- - - - - - -> "Winlogon.exe" (1028)
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
C: \ Windows \ system32 \ klogon.dll

- - - - - - -> "Explorer.exe" (212)
C: \ Windows \ system32 \ WPDShServiceObj.dll
C: \ Windows \ system32 \ PortableDeviceTypes.dll
C: \ Windows \ system32 \ PortableDeviceApi.dll
.
------------------------ Kitos aktyvūs procesai ----------------------- --
.
C: \ Program Files \ Creative \ Bendri failai \ CTAudSvc.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Windows \ system32 \ nvsvc32.exe
C: \ Windows \ system32 \ PnkBstrA.exe
C: \ Windows \ system32 \ rundll32.exe
C: \ Program Files \ Creative \ Sound Blaster X-Fi \ pramogų centro \ EAXLoadr.exe
C: \ PROGRA ~ 1 \ Micros ~ 4 \ rapimgr.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Windows \ system32 \ CTxfispi.exe
C: \ Windows \ system32 \ wscntfy.exe
.
************************************************** ************************
.
Atlikimo laikas: 2009-06-25 19:14 - mašina buvo paleistas
ComboFix-karantine-files.txt 2009-06-25 23:14
ComboFix2.txt 2009-06-24 23:29
ComboFix3.txt 2008-05-20 17:05

Pre-Rida: 67819319296 bytes nemokamai
Post-Rida: 67883995136 bytes nemokamai

Aktualus = 3 Default = 3 Failed = 1 LastKnownGood = 4 Komplektai = 1,2,3,4
310 --- EOF --- 2009-06-11 03:03

**evilfantasy** · #9 Birželis 25, 2009, 18:13

Atsiprašome aš pamiršti kažką.

Ištrinti šiuos failus / aplankus, taip:

1. Pereiti į Pradžia > Bėgti > Pagal tipą Notepad.exe ir paspauskite Gerai atidarykite "Notepad".
Tai privalėti būti Notepad, WordPad nėra.
2. Kopijuoti tekstą žemiau kodą langelyje, pabrėžiant visą tekstą ir paspausdami Ctrl + C

Kodas

Killall: RegLock: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CCD-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Installer \ UserData \ LocalSystem \ Components \ h-€ | "yyyy ¤ • € | U • ~ *]

3. Grįžti į Notepad langą ir paspauskite Redaguoti > Pasta
4. Tada spustelėkite Failas > Saugoti
5. Bylos pavadinimas CFScript.txt - Išsaugokite šį failą savo darbalaukyje
6. Vilkite CFScript (paspauskite ir laikykite kairįjį pelės klavišą, vilkite failą) ir palikite jį (spaudai kairįjį pelės mygtuką) į ComboFix.exe kaip matote ekrano apačioje. Svarbu: Atlikti šį nurodymą atidžiai!

ComboFix bus pradėti vykdyti, tiesiog vykdykite ekrane pateikiamas instrukcijas.
Po perkrovimo (jei ji prašo paleisti), tai duos žurnalas Jums.
Rašyti, kad žurnalas (Combofix.txt) į jūsų kitą atsakymą.

Pastaba Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti jūsų sistema įšaldyti

----------

Taip pat norėčiau žinoti, kaip kompiuteris veikia dabar.

.

**ruffryder2k7** · #10 Birželis 26, 2009, 00:59

ComboFix 09-06-23.01 - Mouse 06/26/2009 3:47.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00]
Veikia nuo: C: \ Documents and Settings \ Pelė \ Desktop \ ComboFix.exe
Command jungikliai naudojami: C: \ Documents and Settings \ Pelė \ Desktop \ CFScript.txt
AV: Kaspersky Internet Security * On-nuskaitymo prieigos neįgaliesiems * (Atnaujinta) (2C4D4BC6-0793-4956-A9F9-E252435469C0)
FW: Kaspersky Internet Security * neįgaliesiems * (2C4D4BC6-0793-4956-A9F9-E252435469C0)
.

((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Windows \ system32 \ drivers \ kl1.sys

.
((((((((((((((((((((((((( Failus, sukurtus nuo 2009/05/26 iki 2009/06/26 ))))))))))) ))))))))))))))))))))
.

2009-06-24 23:28. 2009-06-24 23:28 -------- DC ---- W-c: \ windows \ system32 \ dllcache \ cache
2009-06-23 18:47. 2009-06-24 16:37 117760 ---- AW-C: \ Documents and Settings \ Pelė \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-06-17 17:58. 2009-06-17 18:10 -------- d ----- W-c: \ Program Files \ LSoft Technologies
2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w C: \ Program Files \ iPod
2009-06-13 16:32. 2009-06-13 16:32 -------- d ----- w C: \ Program Files \ iTunes
2009-06-13 16:28. 2009-06-13 16:29 -------- d ----- w C: \ Program Files \ QuickTime
2009-06-13 16:23. 2009-06-13 16:23 75048 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe
2009-06-10 23:14. 2001-08-18 02:36 462848-C - AW-c: \ windows \ system32 \ dllcache \ a3dapi.dll
2009-06-10 23:14. 2001-08-18 02:36 462848 ---- AW-c: \ windows \ system32 \ a3dapi.dll
2009-06-10 23:13. 2009-06-11 07:20 -------- d ----- w C: \ Descent3
2009-06-10 23:13. 2009-06-10 23:13 -------- d ----- w C: \ Games
2009-06-10 20:13. 2009-05-07 15:32 345600-C ---- W-c: \ windows \ system32 \ dllcache \ Localspl.dll
2009-06-10 20:13. 2009-04-15 14:51 585216-C ---- W-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 07:54. 2008-05-16 03:35 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab
2009-06-26 07:52. 2008-05-16 03:35 761888 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox2.dat
2009-06-26 07:52. 2008-05-16 03:35 64388 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox.idx
2009-06-26 07:52. 2008-05-16 03:35 4571424 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox.dat
2009-06-26 07:52. 2008-05-16 03:35 29696 - SHA-W-c: \ windows \ system32 \ drivers \ fidbox2.idx
2009-06-25 23:24. 2008-01-29 22:29 33808 ---- AW-c: \ windows \ system32 \ drivers \ klbg.sys
2009-06-25 23:24. 2008-05-16 03:36 94643 ---- AW-c: \ windows \ system32 \ drivers \ klick.dat
2009-06-25 23:24. 2008-05-16 03:36 105395 ---- AW-c: \ windows \ system32 \ drivers \ klin.dat
2009-06-25 23:24. 2009-02-05 00:58 33808 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Laikini Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys
2009-06-25 23:24. 2008-07-17 23:08 213520 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Laikini Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys
2009-06-25 23:24. 2008-07-17 23:08 861448 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Laikini Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll
2009-06-24 21:09. 2008-05-17 00:25 -------- d ----- w C: \ Documents and Settings \ Pelė \ Application Data \ LimeWire
2009-06-24 16:37. 2008-05-19 02:02 -------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2009-06-23 19:00. 2008-10-16 02:40 -------- d ----- w C: \ Program Files \ Pando Networks
2009-06-23 18:59. 2008-11-29 18:36 -------- d ----- W-c: \ Program Files \ PalmOne
2009-06-21 23:00. 2009-02-09 03:50 138184 ---- AW-c: \ windows \ system32 \ drivers \ PnkBstrK.sys
2009-06-21 23:00. 2009-02-09 03:50 183112 ---- AW-c: \ windows \ system32 \ PnkBstrB.exe
2009-06-18 22:35. 2008-06-17 15:40 -------- d ----- W-c: \ Program Files \ Diablo II
2009-06-18 22:31. 2008-06-02 00:09 -------- d --- AW-C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2009-06-17 22:51. 2008-05-15 04:41 -------- d ----- w C: \ Documents and Settings \ Pelė \ Application Data \ uTorrent
2009-06-13 16:32. 2008-08-19 04:10 -------- d ----- w C: \ Program Files \ Common Files \ Apple
2009-05-17 20:58. 2009-05-17 20:58 -------- d ----- W-c: \ program files \ LG
2009-05-17 20:58. 2008-05-12 09:20 -------- D - H - W-c: \ Program Files \ InstallShield įrengimas Informacija
2009-05-17 20:57. 2008-05-12 09:20 -------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2009-05-07 15:32. 2003-03-31 12:00 345600 ---- AW-c: \ windows \ system32 \ Localspl.dll
2009-04-29 04:46. 2003-03-31 12:00 666624 ---- AW-c: \ windows \ system32 \ wininet.dll
2009-04-29 04:46. 2008-05-16 21:18 81920 ------ W-c: \ windows \ system32 \ ieencode.dll
2009-04-28 10:48. D 2008-05-17 00:24 -------- ----- w C: \ Program Files \ Java
2009-04-28 10:47. 2009-04-28 10:47 152576 ---- AW-C: \ Documents and Settings \ Pelė \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll
2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- AW-c: \ windows \ system32 \ Win32k.sys
2009-04-15 14:51. 2003-03-31 12:00 585216 ---- AW-c: \ windows \ system32 \ Rpcrt4.dll
2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-c: \ Documents and Settings \ Pelė \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe
2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-c: \ Documents and Settings \ Pelė \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe
2009-04-08 06:13. 2009-04-08 06:13 10134 ---- AR-c: \ Documents and Settings \ Pelė \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe
2009-04-05 23:39. 2008-05-16 02:24 23032 ---- AW-C: \ Documents and Settings \ Pelė \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT
2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- AW-c: \ windows \ system32 \ SpoonUninstall.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) )))))))))))))))))))))))))))))
.
+ 2008-03-26 00:07. 2008-03-26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys
- 2007-12-13 17:28. 2008-03-26 00:07 24592 C: \ Windows \ system32 \ drivers \ klim5.sys
+ 2009-06-24 23:28. 2008-10-16 19:09 51224 C: \ Windows \ system32 \ dllcache \ cache \ wuauclt.exe
+ 2009-06-24 23:28. 2008-04-14 00:12 82432 C: \ Windows \ system32 \ dllcache \ cache \ ws2_32.dll
+ 2009-06-24 23:28. 2008-04-14 00:12 26112 C: \ Windows \ system32 \ dllcache \ cache \ userinit.exe
+ 2009-06-24 23:28. 2008-04-14 00:12 14336 C: \ Windows \ system32 \ dllcache \ cache \ svchost.exe
+ 2009-06-24 23:28. 2008-04-14 00:12 57856 C: \ Windows \ system32 \ dllcache \ cache \ Spoolsv.exe
+ 2009-06-24 23:28. 2008-04-14 00:12 17408 C: \ Windows \ system32 \ dllcache \ cache \ powrprof.dll
+ 2009-06-24 23:28. 2008-04-14 00:12 13312 C: \ Windows \ system32 \ dllcache \ cache \ lsass.exe
+ 2009-06-24 23:28. 2008-04-13 18:39 24576 C: \ Windows \ system32 \ dllcache \ cache \ Kbdclass.sys
+ 2009-06-24 23:28. 2008-04-13 18:53 36608 C: \ Windows \ system32 \ dllcache \ cache \ ip6fw.sys
+ 2009-06-24 23:28. 2008-04-14 00:12 15360 C: \ Windows \ system32 \ dllcache \ cache \ Ctfmon.exe
- 2008-04-18 17:53. 2009-02-05 00:58 213520 C: \ Windows \ system32 \ drivers \ klif.sys
+ 2008-04-18 17:53. 2009-06-25 23:24 213520 C: \ Windows \ system32 \ drivers \ klif.sys
+ 2009-06-24 23:28. 2008-04-14 00:12 507904 C: \ Windows \ system32 \ dllcache \ cache \ winlogon.exe
+ 2009-06-24 23:28. 2009-04-29 04:46 666624 C: \ Windows \ system32 \ dllcache \ cache \ wininet.dll
+ 2009-06-24 23:28. 2008-04-14 00:12 578560 C: \ Windows \ system32 \ dllcache \ cache \ User32.dll
+ 2009-06-24 23:28. 2008-04-14 00:12 295424 C: \ Windows \ system32 \ dllcache \ cache \ Termsrv.dll
+ 2009-06-24 23:28. 2008-06-20 11:51 361600 C: \ Windows \ system32 \ dllcache \ cache \ Tcpip.sys
+ 2009-06-24 23:28. 2009-02-06 11:11 110592 C: \ Windows \ system32 \ dllcache \ cache \ SERVICES.EXE
+ 2009-06-24 23:28. 2008-04-13 19:20 182656 C: \ Windows \ system32 \ dllcache \ cache \ Ndis.sys
+ 2009-06-24 23:28. 2009-03-21 14:06 989696 C: \ Windows \ system32 \ dllcache \ cache \ kernel32.dll
+ 2009-06-24 23:28. 2008-04-14 00:11 110080 C: \ Windows \ system32 \ dllcache \ cache \ imm32.dll
+ 2009-06-24 23:28. 2008-04-14 00:11 167936 C: \ Windows \ system32 \ dllcache \ cache \ appmgmts.dll
+ 2009-06-24 23:28. 2008-04-14 00:12 1614848 c: \ windows \ system32 \ dllcache \ cache \ Sfcfiles.dll
+ 2009-06-24 23:28. 2009-02-06 11:06 2145280 c: \ windows \ system32 \ dllcache \ cache \ Ntoskrnl.exe
+ 2009-06-24 23:28. 2009-02-06 10:32 2023936 c: \ windows \ system32 \ dllcache \ cache \ Ntkrnlpa.exe
+ 2009-06-24 23:28. 2008-04-14 00:12 1033728 c: \ windows \ system32 \ dllcache \ cache \ explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360]
H / PC Connection Agent "=" C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe "[2006-11-13 1289000]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008-05-03 13529088]
"CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056]
"RCSystem" = "C: \ Program Files \ Creative \ Bendri failai \ module loader \ DLLML.exe" [2005-11-04 49152]
"AudioDrvEmulator" = "C: \ Program Files \ Creative \ Bendri failai \ module loader \ DLLML.exe" [2005-11-04 49152]
"VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880]
"NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016]
"AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136]
"CTHelper" = "CTHELPER.EXE" - C: \ Windows \ system32 \ CtHelper.exe [2008-02-21 19456]
"CTxfiHlp" = "CTXFIHLP.EXE" - C: \ Windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "=" C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL "[2009-01-01 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2009-01-01 04:29 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ safeboot \ Minimal \ Wdf01000.sys]
@ = "Driver"

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Startup Adobe Gamma Loader.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk
Backup = C: \ Windows \ PSS \ Adobe Gamma Loader.lnkCommon Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Paleidimas HOTSYNCSHORTCUTNAME.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk
Backup = C: \ Windows \ PSS \ n HOTSYNCSHORTCUTNAME.lnkCommo Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ paleisties Microsoft Office.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk
Backup = C: \ Windows \ PSS \ Microsoft Office.lnkCommon Paleidimas

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ Services]
"StyleXPService" = 2 (0x2)
"PLFlash DeviceIoControl Service" = 2 (0x2)
"NMIndexingService" = 3 (0x3)
"Nero BackItUp Scheduler 3" = 2 (0x2)
"MDM" = 2 (0x2)
"ZuneNetworkSvc" = 3 (0x3)
"WMPNetworkSvc" = 3 (0x3)
"npkcmsvc" = 2 (0x2)
"JavaQuickStarterService" = 2 (0x2)
"IDriverT" = 3 (0x3)
"iPod Service" = 3 (0x3)
"idsvc" = 3 (0x3)
"Adobe LM Service" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center]
"AntiVirusOverride" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ KasperskyAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" =
"C: \ Program Files \ uTorrent \ \ uTorrent.exe" =
"C: \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" =
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"C: \ Program Files \ Sierra \ \ FEAR \ \ FEAR.exe" =
"C: \ Program Files \ \ Xfire \ \ xfire.exe" =
"C: \ Program Files \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" =
"C: \ Program Files \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" =
"C: \ Program Files \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" =
"C: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ Kaspersky Internet Security 2009 \ \ Anglų \ \ setup.exe" =
"C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI vadybininkas
"C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager
"C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ Program Files \ Common Files \ \ AOL \ \ krautuvas \ \ aolload.exe" =
"C: \ Program Files \ \ AIM6 \ \ aim6.exe" =
"C: \ Program Files \ Bonjour \ \ mDNSResponder.exe" =
"C: \ Program Files \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"6.112 TCP" = 6.112: TCP: Diablo 2
"26.675 TCP" = 26.675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Paslaugos
"58.398 TCP" = 58.398: TCP: Pando Žiniasklaida Booster
"58.398: UDP" = 58.398: UDP: Pando Žiniasklaida Booster

R0 klbg; Kaspersky Lab Įkėlimo Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 33.808]
R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 9.968]
R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 55.024]
R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 14.592]
R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 26.640]
R3 klim5; Kaspersky Anti-Virus NDIS filtras; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 24.592]
S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 11.808]
S3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 4.096]
.
Turinys "Scheduled Tasks" katalogą

2009/06/13 C: \ Windows \ Uždaviniai \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34]

2009/06/26 C: \ Windows \ Uždaviniai \ Malwarebytes 'Anti-Malware.job
- C: \ PROGRA ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52]
.
.
------- Papildomos Scan -------
.
uStart Page = hxxp: / / google.com /
IE: Pridėti prie Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm
IE: E & Eksportuoti į "Microsoft Excel - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file: / / C: \ Windows \ Java \ Classes \ xmldso.cab
DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll
FF - ProfilePath --
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 03:54
Windows 5.1.2600 Service Pack 3 NTFS

skenavimo paslėptus procesus ...

skenavimo paslėptas autostart entries ...

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus failus: 0

************************************************** ************************
.
--------------------- LOCKED registro raktus ---------------------

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, EB, 16,2 B, DE, ff, 66,8 f, 81, D1,
34, D2, D9, C8, 28,51, AF, B0, 29, A3, 98, A9, C3, A8, 8a, 5e, D3, 39,87, e2, 63,26, F1, 3f, C8, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 B, 04,66, 8b, 46,0 d, 96, C2, C2, DC, E4, A8,
65,45,2 e, 71,3 B, 04,66,8 b, 46,0 d, 96,21,7 C, AA, E9, A8, 42, 2f, C4, 6a, 9c, D6, 61, AF 45, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"2c81e34222e8052573023a60d06dd016" = hex: 25, DA, EB, 7e, 55,20, C9, 26, EB, A7, DF, 4d, 25,
C2, 62,83,25, DA, EB, 7E, 55,20, C9, 26, A3, F2, 65, DE, 80,3 e, E4, F6, FF, 7c, 85, e0, 43, D4, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"2582ae41fb52324423be06337561aa48" = hex: 3e, 1E, 9e, e0, 57,5, 93,61, F2, a1, b4, 61,82,
bb, AB, D5, 3e, 1E, 9e, e0, 57,5, 93,61,6 f, 0E, 5c, AE, EC, 4F, E7, 8D, 86,8 c, 21,01, BE, 91, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"caaeda5fd7a9ed7697d9686d4b818472" = hex: CD, 44 CD, B9, A6, 33,6 c, CD, 91, D7, 7a, 29,97,
C7, 40,4 B, CD, 44 CD, B9, A6, 33,6 c, CD, 49,19,95,11,6 F, AC, 43,68, F5, 1d, 4d, 73, A8, 13, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 B, CF, C8, 7e, 4a, d5, 24,8 d,
3a, 49, C4, B0, 18, DE, A7, 3f, 8D, 37, A4, 29, B5, 53,9, D3, 4a, 02,51, df, 20,58,62,78,6 B \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, BA, B1, F8, 68,02,09, D4, 0a, F3, 53,
BC, 62,26,31,77, E1, BA, B1, F8, 68,02,77, C3, DE, C6, 98,79, 54,2 c, FB, A7, 78, e6, 12,2 f, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"1d68fe701cdea33e477eb204b76f993d" = hex: 01,3, 48, FC, e8, 04,4, F1, DF, 00, d5, 43, FF,
F8, 0F, F3, 83,6 c, 56,8 B, A0, 85,96, AB, D5, 19,39,90, DA, 30, 2a, 05,01,3, 48, FC, E8, 04, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0F, 4e, 58, 98,5 B, 89, C9, 6a, ea, F8, C4, 82,
1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14 cc, 82, AC, 7a, 83, eb, 90, 81, C6, F6, 0F, 4e, 58,98,5 b, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5 B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2d, 45, AA, 78,0 b, ba, 41,78,8,
C9, 90,04, B1, CD, 45,5, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3D, CE, ea, 26,2 d, 45, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5D, 45,06,19,5 E
30,20, E6, E3, 0E, 66, D5, eb, BC, 2f, 6b, E1, 69,31, AC, dd, BA, 7f, 02,2 A, B7, cc, B5, B9, 7f, \

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *]
"ThreadingModel" = "Apartment"
@ = "C: \ \ WINDOWS \ \ System32 \ \ ole32.dll"
"8a8aec57dd6508a385616fbc86791ec2" = hex: fa, EA, 66,7 f, D4, 3b, 6b, 70, a5, 97,0, 6e, 8a,
CF, 52,73, fa, EA, 66,7 f, D4, 3b, 6b, 70,30,24, ea, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen TS \ h-€ | "yyyy ¤ • € | U • ~ *]
"AB141C35E9F4BF344B9FC010BB17F68A" = ""
.
--------------------- DLL Loaded Pagal aktyvūs procesai ---------------------

- - - - - - -> "Winlogon.exe" (672)
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
C: \ Windows \ system32 \ klogon.dll

- - - - - - -> "Explorer.exe" (288)
C: \ Windows \ system32 \ WPDShServiceObj.dll
C: \ Windows \ system32 \ PortableDeviceTypes.dll
C: \ Windows \ system32 \ PortableDeviceApi.dll
.
------------------------ Kitos aktyvūs procesai ----------------------- --
.
C: \ Program Files \ Creative \ Bendri failai \ CTAudSvc.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Windows \ system32 \ nvsvc32.exe
C: \ Windows \ system32 \ PnkBstrA.exe
C: \ Windows \ system32 \ rundll32.exe
C: \ Program Files \ Creative \ Sound Blaster X-Fi \ pramogų centro \ EAXLoadr.exe
C: \ PROGRA ~ 1 \ Micros ~ 4 \ rapimgr.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Windows \ system32 \ wscntfy.exe
C: \ Windows \ system32 \ CTxfispi.exe
.
************************************************** ************************
.
Baigimo laikas: 2009-06-26 3:57 - mašina buvo paleistas
ComboFix-karantine-files.txt 2009-06-26 07:57
ComboFix2.txt 2009-06-25 23:14
ComboFix3.txt 2009-06-24 23:29
ComboFix4.txt 2008-05-20 17:05

Pre-Rida: 67824807936 bytes nemokamai
Post-Rida: 67888648192 bytes nemokamai

Aktualus = 3 Default = 3 Failed = 1 LastKnownGood = 4 Komplektai = 1,2,3,4
311 --- EOF --- 2009-06-11 03:03