|
| |||||||
 |
 |
| | Thread Tools |
|
#1
Jūnijs 23, 2009, 10:38
| |||
| |||
| Inficēti ar MultiPacked.Multi.Generic Malware! Es nesen lejupielādēt tēmas pieteikumu. Pēc uzstādīšanas, Kaspersky lūgts brīdinājums sakot, dators ir inficēts ar MultiPacked.Multi.Generic malware. Mana Kaspersky pārtrauca darbu un manu logu tēma ir pazudis, es esmu iestrēdzis ar windows classic. Help please! |
|
#2
Jūnijs 23, 2009, 11:25
| |||
| |||
| Inficēti ar MultiPacked.Multi.Generic Malware! Censties iegūt man kādu no apaļkokiem Jūs varat saņemt šeit. http://www.computer-juice.com/forums...-posting-7476/
__________________  |
|
#3
Jūnijs 24, 2009, 11:44
| |||
| |||
| Inficēti ar MultiPacked.Multi.Generic Malware! Izskatās forumos bija glitch. Lūdzu, pēc šīs DDS apaļkokiem. Download DDS no | Šeit | vai | Šeit | vai | Šeit | un saglabājiet to savā datorā. Vista lietotājiem labais klikšķis uz DDS un izvēlieties Palaist kā administratoram (jūs saņemsiet UAC ātru, lūdzu, atļauj to) * XP lietotājiem Divreiz uzklikšķiniet uz DDS lai tā varētu darboties. * Ja jūsu antivīruss vai ugunsmūra mēģināt bloķēt DDS tad, lūdzu, lai tā varētu darboties. * Kad pabeigts DDS tiks atvērta divu (2) apaļkokiem. 1) DDS.txt 2) Attach.txt * Save gan apaļkokus uz Jūsu rakstāmgalda. * Lūdzu, nokopējiet un ielīmējiet visu saturu gan savā nākamajā atbildes logs. Piezīme: DDS Jums dos norādījumus, lai ievietotu Attach.txt žurnālā, kā pielikumu. Lūdzu, tikai pēc tā, kā jūs jebkuru citu žurnālu, ko kopēt un ielīmēt to atbildi.
__________________ |
|
#4
Jūnijs 24, 2009, 13:55
| |||
| |||
| Inficēti ar MultiPacked.Multi.Generic Malware! DDS (Ver_09-05-14,01) - NTFSx86 Vada pele ar 16:53:23.36 no 06/24/2009 Tr Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00] AV: Kaspersky Internet Security * On-access skenēšana invalīdu * (papildināts) (2C4D4BC6-0.793-4.956-A9F9-E252435469C0) FW: Kaspersky Internet Security * ļāva * (2C4D4BC6-0.793-4.956-A9F9-E252435469C0) ============== Running Processes =============== C: \ WINDOWS \ system32 \ svchost-k DcomLaunch svchost.exe C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs C: \ WINDOWS \ system32 \ svchost.exe-k WudfServiceGroup svchost.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Windows \ Explorer.exe C: \ WINDOWS \ system32 \ CTHELPER.EXE C: \ WINDOWS \ system32 \ CTXFIHLP.EXE C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe C: \ WINDOWS \ system32 \ RUNDLL32.EXE C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ WINDOWS \ SYSTEM32 \ CTXFISPI.EXE C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe C: \ PROGRA ~ 1 \ Micros ~ 4 \ rapimgr.exe svchost.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ WINDOWS \ System32 \ svchost.exe-k imgsvc C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ System32 \ svchost.exe-k HTTPFilter C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ limewire \ LimeWire.exe C: \ Documents and Settings \ Peles \ Desktop \ dds.com ============== Pseudo HJT Ziņojums =============== uStart Page = hxxp: / / google.com / uInternet iestatījumi ProxyOverride = *. vietējo BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll BHO: Skype add-on (mastermind) (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll BHO: IEVkbdBHO Klase: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ievkbd.dll BHO: Java (tm) Plug-In 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll BHO: JQSIEStartDetectorImpl Klase: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - C: \ Program Files \ Java \ jre6 \ lib \ izvietot \ jqs \ ti \ jqs_plugin.dll TB: Veoh Browser Plug-in: (d0943516-5.076-4.020-a3b5-aefaf26ab263) - C: \ Program Files \ veoh tīkli \ veoh \ plugins \ reg \ VeohToolbar.dll EB: (32683183-48a0-441b-a342-7c2a440a9478) - Nr File uRun: [ctfmon.exe] C: \ Windows \ system32 \ ctfmon.exe uRun: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c: \ windows \ system32 \ NvCpl.dll, NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTDVDDET] "C: \ Program Files \ radošs \ Sound Blaster X-Fi \ dvdaudio \ CTDVDDET.EXE" mRun: [RCSystem] "C: \ Program Files \ radošs \ kopīgi files \ module loader \ DLLML.exe" RCSystem *-Startup mRun: [AudioDrvEmulator] "C: \ Program Files \ radošs \ kopīgi files \ module loader \ dllml.exe" -1 audiodrvemulator "C: \ Program Files \ radošs \ kopīgi files \ module loader \ audio emulatora \ AudDrvEm.dll" mRun: [VolPanel] "C: \ Program Files \ radošs \ Sound Blaster X-Fi \ tilpums panelis \ VolPanlu.exe" / r mRun: [NvMediaCenter] RUNDLL32.EXE c: \ windows \ system32 \ NvMcTray.dll, NvTaskbarInit mRun: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" mRun: [QuickTime Task] "C: \ Program Files \ quicktime \ QTTask.exe"-atboottime mRun: [AppleSyncNotifier] C: \ Program Files \ Common Files \ ābols \ mobilo ierīci Support \ bin \ AppleSyncNotifier.exe mRun: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" IE: Pievienot Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksportēt uz Microsoft Excel - c: \ PROGRA ~ 1 \ Micros ~ 2 \ office10 \ EXCEL.EXE/3000 IE: (e2e2dd38-d088-4.134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll IE: (2EAF5BB1-070F-11D3-9.307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9.307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ Micros ~ 4 \ INetRepl.dll IE: (2EAF5BB2-070F-11D3-9.307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9.307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ Micros ~ 4 \ INetRepl.dll IE: (77BF5300-1.474-4EC7-9.980-D32B190E9B07) - (77BF5300-1.474-4EC7-9.980-D32B190E9B07) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll DPF: Microsoft XML Parser par Java - file: / / c: \ windows \ java \ Classes \ xmldso.cab DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / fwlink /? Linkid = 39.204 DPF: (45B69029-F3AB-4.204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / terminālā / InstallerControl.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939 DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-ffff-ffff-ffff-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab # Version = 6030,2008,0904,1947 Handler: CDO - (CD00020A-8B95-11D1-82dB-00C04FB1625D) - C: \ Program Files \ Common Files \ Microsoft kopīgi \ www mapes \ PKMCDO.DLL Handler: skype4com - (FFC8B962-9B40-4DFF-9.458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ Common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Paziņot:! SASWinLogon - C: \ Program Files \ superantispyware \ SASWINLO.DLL Paziņot: klogon - c: \ windows \ system32 \ klogon.dll AppInit_DLLs: c: \ PROGRA ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ mzvkbd.dll, c: \ PROGRA ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ adialhk.dll, c: \ PROGRA ~ 1 \ kaspe r ~ 1 \ kasper ~ 1 \ kloehk.dll SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ Windows \ system32 \ WPDShServiceObj.dll SEH: SABShellExecuteHook Klase: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - C: \ Program Files \ superantispyware \ SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath -- ============= PAKALPOJUMI / Drivers =============== R0 kl1; Kl1 c: \ windows \ system32 \ drivers \ kl1.sys [2007/10/31 112.144] R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [2008/1/29 33.808] R1 klif; Kaspersky Lab Driver; c: \ windows \ system32 \ drivers \ klif.sys [2008/4/18 213.520] R1 SASKUTIL; SASKUTIL c: \ Program Files \ superantispyware \ SASKUTIL.SYS [2008/2/29 55.024] R1 UGURU; UGURU c: \ windows \ system32 \ drivers \ uGuru.sys [2008/5/12 14.592] R2 AVP; Kaspersky Internet Security c: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-R -> C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r [? ] R2 Viewpoint Manager Service; Viewpoint Manager dienests c: \ Program Files \ viedoklis \ Common \ ViewpointService.exe [2008/12/7 24.652] R3 KLFLTDEV; Kaspersky Lab KLFltDev c: \ windows \ system32 \ drivers \ klfltdev.sys [2008/3/13 26.640] R3 klim5, Kaspersky Anti-Virus NDIS Filtrs: c: \ windows \ system32 \ drivers \ klim5.sys [2007/12/13 24.592] R3 SASENUM; SASENUM c: \ Program Files \ superantispyware \ SASENUM.SYS [2006/2/16 4.096] S1 SASDIFSV; SASDIFSV c: \ Program Files \ superantispyware \ SASDIFSV.SYS [2008/2/29 9.968] S2 Cubase32; Cubase32 c: \ windows \ system32 \ drivers \ Kuba se32.sys [2009/4/5 11.808] S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53 c: \ windows \ syste M32 \ drivers \ IlvMoney1215.sys [2008/8/21 30.080] =============== Izveidots Pēdējā 30 ================ 2009/06/17 13:58 <DIR> - d ----- c: \ Program Files \ LSoft Technologies 2009/06/13 12:32 <DIR> - d ----- c: \ Program Files \ iPod 2009/06/13 12:32 <DIR> - d ----- c: \ Program Files \ iTunes ==================== Find3M ==================== ============= Apdare: 16:54:12.42 =============== Ja vien īpaši apmācīti, DO NOT POST THIS LOG. Ja to pieprasa, ZIP IT UP & PIEVIENOJIET IT DDS (Ver_09-05-14,01) Microsoft Windows XP Professional Boot Device \ Device \ HarddiskVolume1 Install Date: 5/12/2008 2:38:20 System Uptime: 6/24/2009 12:33:35 PM (4 stundas atpakaļ) Motherboard: http://www.abit.com.tw/ | | IP35 PRO (P35 + ICH9R) Procesors: Intel (R) Pentium (R) 4 CPU 2.80GHz | Socket 775 | 3024/216mhz ==== Disk Starpsienas ========================= : Ir Removable C: ir fiksēts (NTFS) - 128 GiB Kopā 60,146 GiB bezmaksas. D: ir FIXED (NTFS) - 69 GiB Kopā 60,479 GiB bezmaksas. E: ir CDROM (CDFS) F: ir CDROM (CDFS) G: ir fiksēts (NTFS) - 245 GiB total, 138,326 GiB bezmaksas. H: ir CDROM () I: ir CDROM () J: Vai CDROM () K: nav CDROM () ==== Disabled Device Manager Items ============= Klase GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Apraksts: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Ražotājs: Realtek Semiconductor Corp Vārds: Realtek RTL8169/8110 Family Gigabit Ethernet NIC # 3 PNP Device ID PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Service: RTL8023xp Klase GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Apraksts: MAC Bridge Miniport Device ID: ROOT \ MS_BRIDGEMP \ 0.000 Ražotājs: Microsoft Vārds: MAC Bridge Miniport PNP Device ID: ROOT \ MS_BRIDGEMP \ 0.000 Service: BridgeMP ==== System Restore Points =================== RP202: 3/26/2009 6:14:01 PM - System Checkpoint RP203: 3/27/2009 9:06:08 PM - System Checkpoint RP204: 3/30/2009 12:43:20 PM - System Checkpoint RP205: 4/1/2009 5:11:23 PM - System Checkpoint RP206: 4/3/2009 3:31:49 PM - System Checkpoint RP207: 4/6/2009 11:30:33 AM - System Checkpoint RP208: 4/8/2009 1:48:55 AM - Removed MapleStory GL. RP209: 4/8/2009 1:49:05 AM - Installed MapleStory. RP210: 4/8/2009 2:00:33 AM - Removed MapleStory. RP211: 4/8/2009 2:12:11 AM - Installed MapleStory. RP212: 4/9/2009 1:53:58 PM - System Checkpoint RP213: 4/11/2009 6:22:36 AM - System Checkpoint RP214: 4/14/2009 11:18:28 AM - System Checkpoint RP215: 4/15/2009 5:50:23 PM - Software Distribution Service 3,0 RP216: 4/18/2009 1:32:37 AM - System Checkpoint RP217: 4/21/2009 2:37:36 PM - System Checkpoint RP218: 4/22/2009 5:07:27 PM - System Checkpoint RP219: 4/24/2009 2:41:28 PM - System Checkpoint RP220: 4/25/2009 10:07:27 PM - System Checkpoint RP221: 4/28/2009 6:48:10 AM - Installed Java (TM) 6 Update 13 RP222: 5/2/2009 7:23:06 PM - System Checkpoint RP223: 5/3/2009 11:36:18 PM - System Checkpoint RP224: 5/5/2009 2:29:10 PM - System Checkpoint RP225: 5/6/2009 8:29:33 PM - System Checkpoint RP226: 5/7/2009 3:00:17 AM - Software Distribution Service 3,0 RP227: 5/7/2009 11:16:03 AM - Installed Windows XP WgaNotify. RP228: 5/9/2009 11:12:42 AM - System Checkpoint RP229: 5/10/2009 5:10:12 PM - System Checkpoint RP230: 5/11/2009 9:02:07 PM - System Checkpoint RP231: 5/13/2009 12:26:07 AM - Software Distribution Service 3,0 RP232: 5/14/2009 2:28:00 PM - Removed ZU-ONLINE RP233: 5/15/2009 2:47:49 PM - System Checkpoint RP234: 5/17/2009 1:28:31 AM - System Checkpoint RP235: 5/17/2009 4:58:00 PM - Installed LG USB Modem vadītāja RP236: 5/19/2009 11:34:48 AM - System Checkpoint RP237: 5/20/2009 12:47:48 PM - System Checkpoint RP238: 5/23/2009 10:08:08 AM - System Checkpoint RP239: 6/1/2009 10:03:10 AM - System Checkpoint RP240: 6/2/2009 10:03:30 AM - System Checkpoint RP241: 6/3/2009 11:47:56 AM - System Checkpoint RP242: 6/5/2009 11:10:53 PM - System Checkpoint RP243: 6/7/2009 2:46:24 PM - System Checkpoint RP244: 6/9/2009 11:32:41 AM - System Checkpoint RP245: 6/10/2009 5:52:30 PM - System Checkpoint RP246: 6/10/2009 11:00:09 PM - Software Distribution Service 3,0 RP247: 6/12/2009 12:14:34 PM - System Checkpoint RP248: 6/13/2009 1:12:33 PM - System Checkpoint RP249: 6/14/2009 9:20:14 PM - System Checkpoint RP250: 6/15/2009 9:53:46 PM - System Checkpoint RP251: 6/17/2009 12:27:01 AM - System Checkpoint RP252: 6/21/2009 7:28:06 PM - System Checkpoint RP253: 6/22/2009 8:08:50 PM - System Checkpoint RP254: 6/23/2009 2:54:41 PM - Removed Garmin City Navigator North America NT 2.009 Update RP255: 6/23/2009 2:58:20 PM - Removed palmOne RP256: 6/24/2009 3:58:18 PM - System Checkpoint ==== Installed Programs ====================== ==== Event Viewer ziņas no pagājušajā nedēļā ======== ==== End Of File =========================== |
|
#5
Jūnijs 24, 2009, 14:05
| |||
| |||
| Inficēti ar MultiPacked.Multi.Generic Malware! Download ComboFix © by subs no vienas no saitēm. Pārliecinieties top saglabājiet to Desktop. Link # 1 Link # 2 ** Piezīme: Ir svarīgi, ka tā ir saglabāta tieši jūsu Desktop DO NOT palaist vēl! Piezīme: Instrukcijas turpmāk tika izveidota speciāli šim lietotājam. Ja Jums nav šī lietotāja, DO NOT ievērojiet šos norādījumus, jo tie varētu kaitēt jūsu sistēmas darbības principus Izdzēst šos failus / mapes, tas ir: 1. Doties uz Sākums > Skriet > Type Notepad.exe un noklikšķiniet uz OK atvērt Notepad. Tas vajag ir Notepad, nevis Wordpad. 2. Kopēt tekstu tālāk kodu ailē, uzsverot visu tekstu un nospiediet Ctrl + C Kods: Killall:: DDS:: uInternet iestatījumi ProxyOverride = *. vietējo EB: (32683183-48a0-441b-a342-7c2a440a9478) - Nr File IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ messenger \ msmsgs.exe DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Driver: Viewpoint Manager Service Mape:: c: \ Program Files \ viedoklis 4. Pēc tam noklikšķiniet uz Fails > Glābt 5. Nosaukums failu CFScript.txt - Saglabāt failu darbvirsmā 6. Velciet CFScript (turiet peles kreiso pogu un velkot failu) un nometiet to (izlaide peles kreiso pogu) pārnes ComboFix.exe kā redzat attēlā zemāk. Svarīgi: Veic šo instrukciju uzmanīgi!  ComboFix sāks izpildīt, vienkārši sekojiet instrukcijām. Pēc reboot (ja tā lūdz atsāknēšana), tā sagatavos log for you. Post (Combofix.txt), kas ieiet jūsu nākamo atbildi. Piezīme: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt sistēmas iesaldēt
__________________ |
|
#6
Jūnijs 25, 2009, 08:45
| |||
| |||
| Inficēti ar MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/24/2009 17:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Sākot no: c: \ Documents and Settings \ Peles \ Desktop \ ComboFix.exe Komandu slēdžus izmanto:: c: \ Documents and Settings \ Peles \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access skenēšana invalīdu * (papildināts) (2C4D4BC6-0.793-4.956-A9F9-E252435469C0) FW: Kaspersky Internet Security * ļāva * (2C4D4BC6-0.793-4.956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ Program Files \ viedoklis c: \ pārstrādātāji \ S-1-5-21-1957994488-1801674531-1177238915-1004 c: \ pārstrādātāji \ S-1-5-21-789336058-2025429265-1644491937-1003 c: \ windows \ system32 \ drivers \ kl1.sys c: \ Program Files \ Messenger \ msmsgs.exe c: \ Program Files \ viedoklis \ Common \ ViewpointService.exe c: \ Program Files \ viedoklis \ Common \ VistaBoot.sdll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ AxMetaStream.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ ClassIDs.ini c: \ Program Files \ viedoklis \ Viewpoint Media Player \ ComponentMgr.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ MetaStreamID.ini c: \ Program Files \ viedoklis \ Viewpoint Media Player \ MtsAxInstaller.exe c: \ Program Files \ viedoklis \ Viewpoint Media Player \ NewComponents \ AOLUserShell.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ NewComponents \ Cursors.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ NewComponents \ JpegReader.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ NewComponents \ Mts3Reader.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ NewComponents \ SceneComponent.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ NewComponents \ SreeDMMX.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ NewComponents \ SWFView.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ NewComponents \ VETScriptInterpreter.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ NewComponents \ VMPSpeech.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ NewComponents \ VMPVideo2.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ npViewpoint.dll c: \ Program Files \ viedoklis \ Viewpoint Media Player \ npViewpoint.xpt c: \ pārstrādātāji \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ desktop.ini c: \ pārstrādātāji \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2 c: \ pārstrādātāji \ S-1-5-21-789336058-2025429265-1644491937-1003 \ desktop.ini c: \ pārstrādātāji \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2 c: \ windows \ emMON.exe c: \ windows \ system32 \ Codecs \ 7zAES.dll c: \ windows \ system32 \ Codecs \ AES.dll c: \ windows \ system32 \ Codecs \ Branch.dll c: \ windows \ system32 \ Codecs \ BZip2.dll c: \ windows \ system32 \ Codecs \ Copy.dll c: \ windows \ system32 \ Codecs \ Deflate.dll c: \ windows \ system32 \ Codecs \ LZMA.dll c: \ windows \ system32 \ Codecs \ PPMd.dll c: \ windows \ system32 \ Codecs \ Rar29.dll c: \ windows \ system32 \ Codecs \ Swap.dll c: \ windows \ system32 \ drivers \ ctoss2k.sys c: \ windows \ system32 \ Formas \ 7z.dll . ((((((((((((((((((((((((((((((((((((((( Drivers / Pakalpojumi )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_ILVMONEYDRIVER53 ------- \ Legacy_VIEWPOINT_MANAGER_SERVICE ------- \ Service_IlvMoneyDRIVER53 ------- \ Service_Viewpoint Manager Service ------- \ Legacy_ossrv ------- \ Service_ossrv ((((((((((((((((((((((((( Faili Created no 2009/05/24 līdz 2009/06/24 ))))))))))) )))))))))))))))))))) . 2009/06/23 18:47. 2009/06/24 16:37 117.760 ---- aw-c: \ Documents and Settings \ Peles \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009/06/17 17:58. 2009/06/17 18:10 -------- d ----- w C: \ Program Files \ LSoft Technologies 2009/06/13 16:32. 2009/06/13 16:32 -------- d ----- w C: \ Program Files \ iPod 2009/06/13 16:32. 2009/06/13 16:32 -------- d ----- w C: \ Program Files \ iTunes 2009/06/13 16:28. 2009/06/13 16:29 -------- d ----- w C: \ Program Files \ QuickTime 2009/06/13 16:23. 2009/06/13 16:23 75.048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009/06/10 23:14. 2001/08/18 02:36 462.848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009/06/10 23:14. 2001/08/18 02:36 462.848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009/06/10 23:13. 2009/06/11 07:20 -------- d ----- w C: \ Descent3 2009/06/10 23:13. 2009/06/10 23:13 -------- d ----- w C: \ Games 2009/06/10 20:13. 2009/05/07 15:32 345.600-c ---- W-c: \ windows \ system32 \ dllcache \ localspl.dll 2009/06/10 20:13. 2009/04/15 14:51 585.216-c ---- W-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009/06/24 23:25. 2008/05/16 03:35 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009/06/24 21:26. 2008/05/16 03:35 761.888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009/06/24 21:26. 2008/05/16 03:35 64.388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009/06/24 21:26. 2008/05/16 03:35 4.571.424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009/06/24 21:26. 2008/05/16 03:35 29.696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009/06/24 21:09. 2008/05/17 00:25 -------- d ----- w C: \ Documents and Settings \ Peles \ Application Data \ limewire 2009/06/24 16:37. 2008/05/19 02:02 -------- d ----- w C: \ Program Files \ SUPERAntiSpyware 2009/06/23 19:00. 2008/10/16 02:40 -------- d ----- w C: \ Program Files \ Pando Networks 2009/06/23 18:59. 2008/11/29 18:36 -------- d ----- w C: \ Program Files \ palmOne 2009/06/21 23:00. 2009/02/09 03:50 138.184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009/06/21 23:00. 2009/02/09 03:50 183.112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009/06/18 22:35. 2008/06/17 15:40 -------- d ----- w C: \ Program Files \ Diablo II 2009/06/18 22:31. 2008/06/02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009/06/17 22:51. 2008/05/15 04:41 -------- d ----- w C: \ Documents and Settings \ Peles \ Application Data \ uTorrent 2009/06/13 16:32. 2008/08/19 04:10 -------- d ----- w C: \ Program Files \ Common Files \ Apple 2009/05/20 16:16. 2008/05/16 03:36 94.643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009/05/20 16:16. 2008/05/16 03:36 105.395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009/05/17 20:58. 2009/05/17 20:58 -------- d ----- w C: \ Program Files \ LG Electronics 2009/05/17 20:58. 2008/05/12 09:20 -------- d - h - w-c: \ Program Files \ InstallShield Installation Information 2009/05/17 20:57. 2008/05/12 09:20 -------- d ----- w C: \ Program Files \ Common Files \ InstallShield 2009/05/07 15:32. 2003/03/31 12:00 345.600 ---- aw-c: \ windows \ system32 \ localspl.dll 2009/04/29 04:46. 2003/03/31 12:00 666.624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009/04/29 04:46. 2008/05/16 21:18 81.920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009/04/28 10:48. 2008/05/17 00:24 -------- d ----- w C: \ Program Files \ Java 2009/04/28 10:47. 2009/04/28 10:47 152.576 ---- aw-c: \ Documents and Settings \ Peles \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll 2009/04/26 01:13. 2009/04/26 00:43 -------- d ----- w C: \ Documents and Settings \ Peles \ Application Data \ Move Networks 2009/04/17 12:26. 2003/03/31 12:00 1.847.168 ---- aw-c: \ windows \ system32 \ win32k.sys 2009/04/15 14:51. 2003/03/31 12:00 585.216 ---- aw-c: \ windows \ system32 \ rpcrt4.dll 2009/04/08 06:13. 2009/04/08 06:13 45.056 ---- ar-C: \ Documents and Settings \ Peles \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009/04/08 06:13. 2009/04/08 06:13 45.056 ---- ar-C: \ Documents and Settings \ Peles \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009/04/08 06:13. 2009/04/08 06:13 10.134 ---- ar-C: \ Documents and Settings \ Peles \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009/04/05 23:39. 2008/05/16 02:24 23.032 ---- aw-c: \ Documents and Settings \ Peles \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009/04/05 23:27. 2009/04/05 23:28 5.433.520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2008/04/14 15.360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006/11/13 1.289.000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008/05/03 13.529.088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003/06/18 45.056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005/11/04 49.152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005/11/04 49.152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006/07/28 122.880] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008/05/03 86.016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009/02/05 201.992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009/05/26 413.696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009/05/14 177.472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009/06/05 292.136] "CTHelper" = "CTHELPER.EXE" - C: \ Windows \ system32 \ CtHelper.exe [2008/02/21 19.456] "CTxfiHlp" = "CTXFIHLP.EXE" - C: \ Windows \ system32 \ Ctxfihlp.exe [2008/02/21 19.968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009/01/01 77.824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon] 2009/01/01 04:29 356.352 ---- aw-c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ pakalpojumi] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp plānotājs 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center] "AntiVirusOverride" = DWORD: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = DWORD: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "C: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "C: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "C: \ \ Program Files \ \ limewire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "C: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "C: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ angļu \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = c: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = c: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = c: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6.112: TCP" = 6.112: TCP: Diablo 2 "26.675: TCP" = 26.675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58.398: TCP" = 58.398: TCP: Pando Media Booster "58.398: UDP" = 58.398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 33.808] R1 SASDIFSV; SASDIFSV c: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 9.968] R1 SASKUTIL; SASKUTIL c: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 55.024] R1 UGURU; UGURU c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 14.592] R3 KLFLTDEV; Kaspersky Lab KLFltDev c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 26.640] R3 klim5, Kaspersky Anti-Virus NDIS Filtrs: c: \ windows \ system32 \ drivers \ klim5.sys [12/13/2007 1:28 24.592] S2 Cubase32; Cubase32 c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 11.808] S3 SASENUM; SASENUM c: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 4.096] --- Citi pakalpojumi / Drivers atmiņa --- * NewlyCreated * - SASDIFSV . Saturs "Scheduled Tasks" mape 2009/06/13 c: \ windows \ Uzdevumi \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008/07/30 17:34] 2009/06/24 c: \ windows \ Uzdevumi \ Malwarebytes "Anti-Malware.job - C: \ PROGRA ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008/05/19 00:52] . - - - - Bāreņiem likvidētas - - - -- SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . ------- Papildu Scan ------- . uStart Page = hxxp: / / google.com / IE: Pievienot Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksportēt uz Microsoft Excel - c: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser par Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net Rootkit scan 2009/06/24 19:25 Windows 5.1.2600 Service Pack 3 NTFS skenēšana slēptās procesi ... skenēšana slēptās palaišana ieraksti ... skenēšana slēptos failus ... scan sekmīgi pabeigta slēptos failus: 0 ************************************************** ************************ . --------------------- Bloķēt reģistra atslēgas --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, D1 34, d2, D9, C8, 28,51, af, B0, 29, a3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, E2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, c2, dc, E4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, E9, A8, 42, 2f, C4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, ec, 7e, 55,20, C9, 26, eb, A7, df, 4d, 25, C2, 62,83,25, da, EK, 7e, 55,20, C9, 26, a3, f2, 65, ed, 80,3 e, E4, F6, ff, 7c, 85, E0, 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4.708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9.e, E0, 57,5, 93,61, f2, a1, b4, 61,82, bb, ab, D5, 3e, 1e, 9.e, E0, 57,5, 93,61,6 f, 0E, 5c, ae, EK, 4F, E7, 8d, 86,8 c, 21,01, BE, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, CF, C8, 7.e, 4a, D5, 24,8 d, 3a, 49, C4, B0, 18, ed, A7, 3f, 8d, 37, a4, 29, B5, 53,9, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, B1, F8, 68,02,09, D4, 0a, F3, 53, bc, 62,26,31,77, E1, ba, B1, F8, 68,02,77, C3, de, c6, 98,79, 54,2 c, FB, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3, 48, fc, e8, 04,4, f1, df, 00, D5, 43, ff, F8, 0f, f3, 83,6 c, 56,8 b, A0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, ea, F8, C4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14 CC, 82, ac, 7a, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4.288-8.073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2.d, 45, aa, 78,0 b, ba, 41,78,8, C9, 90,04, B1, cd, 45,5, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5D, 45,06,19,5 e, 30,20, E6, E3, 0E, 66, d5, eb, bc, 2.f, 6b, e1, 69,31, ac, dd, BA, 7f, 02,2, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, D4, 3.b, 6b, 70, A5, 97,0, 6e, 8a, sal, 52,73, fa, ea, 66,7 f, D4, 3.b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ lietotāju datu \ LocalSystem \ Componen ts \ h-€ | "gggg" ¤ • € | U • ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL Loaded Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe "(1028) c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (3.748) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Citi Running Processes ----------------------- -- . c: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe c: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe c: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ PROGRA ~ 1 \ Micros ~ 4 \ rapimgr.exe c: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Pabeigšanas laiks: 2009/06/24 19:29 - mašīna bija rebooted ComboFix-karantīnā-files.txt 2009/06/24 23:29 ComboFix2.txt 2008/05/20 17:05 Pre-Run: 65511231488 bytes free Post-Run: 67799437312 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S [operating systems] c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = optin / fastdetect multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / fastdetect / noexecute = OptIn Current = 3 default = 3 Failed = 1 LastKnownGood = 4 Sets = 1,2,3,4 335 --- EOF --- 2009/06/11 03:03 |
|
#7
Jūnijs 25, 2009, 09:58
| |||
| |||
| Inficēti ar MultiPacked.Multi.Generic Malware! Izdzēst šos failus / mapes, tas ir: 1. Doties uz Sākums > Skriet > Type Notepad.exe un noklikšķiniet uz OK atvērt Notepad. Tas vajag ir Notepad, nevis Wordpad. 2. Kopēt tekstu tālāk kodu ailē, uzsverot visu tekstu un nospiediet Ctrl + C Kods: Killall:: RegLock: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4.708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4.288-8.073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ lietotāju datu \ LocalSystem \ Componen ts \ h-€ | "gggg" ¤ • € | U • ~ *] 4. Pēc tam noklikšķiniet uz Fails > Glābt 5. Nosaukums failu CFScript.txt - Saglabāt failu darbvirsmā 6. Velciet CFScript (turiet peles kreiso pogu un velkot failu) un nometiet to (izlaide peles kreiso pogu) pārnes ComboFix.exe kā redzat attēlā zemāk. Svarīgi: Veic šo instrukciju uzmanīgi! ComboFix sāks izpildīt, vienkārši sekojiet instrukcijām. Pēc reboot (ja tā lūdz atsāknēšana), tā sagatavos log for you. Post (Combofix.txt), kas ieiet jūsu nākamo atbildi. Piezīme: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt sistēmas iesaldēt ---------- Arī ļaujiet man zināt, kā dators darbojas tagad. .
__________________ |
|
#8
Jūnijs 25, 2009, 16:17
| |||
| |||
| Inficēti ar MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/25/2009 19:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00] Sākot no: c: \ Documents and Settings \ Peles \ Desktop \ ComboFix.exe Komandu slēdžus izmanto:: c: \ Documents and Settings \ Peles \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access skenēšana invalīdu * (papildināts) (2C4D4BC6-0.793-4.956-A9F9-E252435469C0) FW: Kaspersky Internet Security * invalīdiem * (2C4D4BC6-0.793-4.956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Faili Created no 2009/05/25 līdz 2009-06-25 ))))))))))) )))))))))))))))))))) . 2009/06/24 23:28. 2009/06/24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009/06/23 18:47. 2009/06/24 16:37 117.760 ---- aw-c: \ Documents and Settings \ Peles \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009/06/17 17:58. 2009/06/17 18:10 -------- d ----- w C: \ Program Files \ LSoft Technologies 2009/06/13 16:32. 2009/06/13 16:32 -------- d ----- w C: \ Program Files \ iPod 2009/06/13 16:32. 2009/06/13 16:32 -------- d ----- w C: \ Program Files \ iTunes 2009/06/13 16:28. 2009/06/13 16:29 -------- d ----- w C: \ Program Files \ QuickTime 2009/06/13 16:23. 2009/06/13 16:23 75.048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009/06/10 23:14. 2001/08/18 02:36 462.848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009/06/10 23:14. 2001/08/18 02:36 462.848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009/06/10 23:13. 2009/06/11 07:20 -------- d ----- w C: \ Descent3 2009/06/10 23:13. 2009/06/10 23:13 -------- d ----- w C: \ Games 2009/06/10 20:13. 2009/05/07 15:32 345.600-c ---- W-c: \ windows \ system32 \ dllcache \ localspl.dll 2009/06/10 20:13. 2009/04/15 14:51 585.216-c ---- W-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009/06/25 23:11. 2008/05/16 03:35 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009/06/25 23:09. 2008/05/16 03:35 761.888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009/06/25 23:09. 2008/05/16 03:35 64.388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009/06/25 23:09. 2008/05/16 03:35 4.571.424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009/06/25 23:09. 2008/05/16 03:35 29.696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009/06/24 23:59. 2008/01/29 22:29 33.808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009/06/24 23:59. 2009/02/05 00:58 33.808 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009/06/24 23:59. 2008/05/16 03:36 94.643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009/06/24 23:59. 2008/05/16 03:36 105.395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009/06/24 23:59. 2008/07/17 23:08 213.520 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009/06/24 23:59. 2008/07/17 23:08 861.448 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009/06/24 21:09. 2008/05/17 00:25 -------- d ----- w C: \ Documents and Settings \ Peles \ Application Data \ limewire 2009/06/24 16:37. 2008/05/19 02:02 -------- d ----- w C: \ Program Files \ SUPERAntiSpyware 2009/06/23 19:00. 2008/10/16 02:40 -------- d ----- w C: \ Program Files \ Pando Networks 2009/06/23 18:59. 2008/11/29 18:36 -------- d ----- w C: \ Program Files \ palmOne 2009/06/21 23:00. 2009/02/09 03:50 138.184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009/06/21 23:00. 2009/02/09 03:50 183.112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009/06/18 22:35. 2008/06/17 15:40 -------- d ----- w C: \ Program Files \ Diablo II 2009/06/18 22:31. 2008/06/02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009/06/17 22:51. 2008/05/15 04:41 -------- d ----- w C: \ Documents and Settings \ Peles \ Application Data \ uTorrent 2009/06/13 16:32. 2008/08/19 04:10 -------- d ----- w C: \ Program Files \ Common Files \ Apple 2009/05/17 20:58. 2009/05/17 20:58 -------- d ----- w C: \ Program Files \ LG Electronics 2009/05/17 20:58. 2008/05/12 09:20 -------- d - h - w-c: \ Program Files \ InstallShield Installation Information 2009/05/17 20:57. 2008/05/12 09:20 -------- d ----- w C: \ Program Files \ Common Files \ InstallShield 2009/05/07 15:32. 2003/03/31 12:00 345.600 ---- aw-c: \ windows \ system32 \ localspl.dll 2009/04/29 04:46. 2003/03/31 12:00 666.624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009/04/29 04:46. 2008/05/16 21:18 81.920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009/04/28 10:48. 2008/05/17 00:24 -------- d ----- w C: \ Program Files \ Java 2009/04/28 10:47. 2009/04/28 10:47 152.576 ---- aw-c: \ Documents and Settings \ Peles \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll 2009/04/17 12:26. 2003/03/31 12:00 1.847.168 ---- aw-c: \ windows \ system32 \ win32k.sys 2009/04/15 14:51. 2003/03/31 12:00 585.216 ---- aw-c: \ windows \ system32 \ rpcrt4.dll 2009/04/08 06:13. 2009/04/08 06:13 45.056 ---- ar-C: \ Documents and Settings \ Peles \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009/04/08 06:13. 2009/04/08 06:13 45.056 ---- ar-C: \ Documents and Settings \ Peles \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009/04/08 06:13. 2009/04/08 06:13 10.134 ---- ar-C: \ Documents and Settings \ Peles \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009/04/05 23:39. 2008/05/16 02:24 23.032 ---- aw-c: \ Documents and Settings \ Peles \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009/04/05 23:27. 2009/04/05 23:28 5.433.520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008/03/26 00:07. 2008/03/26 00:07 24.592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007/12/13 17:28. 2008/03/26 00:07 24.592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009/06/24 23:28. 2008/10/16 19:09 51.224 c: \ windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009/06/24 23:28. 2008/04/14 00:12 82.432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009/06/24 23:28. 2008/04/14 00:12 26.112 c: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009/06/24 23:28. 2008/04/14 00:12 14.336 c: \ windows \ system32 \ dllcache \ cache \ svchost.exe + 2009/06/24 23:28. 2008/04/14 00:12 57.856 c: \ windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009/06/24 23:28. 2008/04/14 00:12 17.408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009/06/24 23:28. 2008/04/14 00:12 13.312 c: \ windows \ system32 \ dllcache \ cache \ lsass.exe + 2009/06/24 23:28. 2008/04/13 18:39 24.576 c: \ windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009/06/24 23:28. 2008/04/13 18:53 36.608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009/06/24 23:28. 2008/04/14 00:12 15.360 c: \ windows \ system32 \ dllcache \ cache \ ctfmon.exe - 2008/04/18 17:53. 2009/02/05 00:58 213.520 c: \ windows \ system32 \ drivers \ klif.sys + 2008/04/18 17:53. 2009/06/24 23:59 213.520 c: \ windows \ system32 \ drivers \ klif.sys + 2009/06/24 23:28. 2008/04/14 00:12 507.904 c: \ windows \ system32 \ dllcache \ cache \ winlogon.exe + 2009/06/24 23:28. 2009/04/29 04:46 666.624 c: \ windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009/06/24 23:28. 2008/04/14 00:12 578.560 c: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009/06/24 23:28. 2008/04/14 00:12 295.424 c: \ windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009/06/24 23:28. 2008/06/20 11:51 361.600 c: \ windows \ system32 \ dllcache \ cache \ Tcpip.sys + 2009/06/24 23:28. 2009/02/06 11:11 110.592 c: \ windows \ system32 \ dllcache \ cache \ services.exe + 2009/06/24 23:28. 2008/04/13 19:20 182.656 c: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009/06/24 23:28. 2009/03/21 14:06 989.696 c: \ windows \ system32 \ dllcache \ cache \ Kernel32.dll + 2009/06/24 23:28. 2008/04/14 00:11 110.080 c: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009/06/24 23:28. 2008/04/14 00:11 167.936 c: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009/06/24 23:28. 2008/04/14 00:12 1.614.848 c: \ windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009/06/24 23:28. 2009/02/06 11:06 2.145.280 c: \ windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009/06/24 23:28. 2009/02/06 10:32 2.023.936 c: \ windows \ system32 \ dllcache \ cache \ Ntkrnlpa.exe + 2009/06/24 23:28. 2008/04/14 00:12 1.033.728 c: \ windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2008/04/14 15.360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006/11/13 1.289.000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008/05/03 13.529.088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003/06/18 45.056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005/11/04 49.152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005/11/04 49.152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006/07/28 122.880] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008/05/03 86.016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009/02/05 201.992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009/05/26 413.696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009/05/14 177.472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009/06/05 292.136] "CTHelper" = "CTHELPER.EXE" - C: \ Windows \ system32 \ CtHelper.exe [2008/02/21 19.456] "CTxfiHlp" = "CTXFIHLP.EXE" - C: \ Windows \ system32 \ Ctxfihlp.exe [2008/02/21 19.968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009/01/01 77.824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon] 2009/01/01 04:29 356.352 ---- aw-c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ pakalpojumi] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp plānotājs 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center] "AntiVirusOverride" = DWORD: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = DWORD: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "C: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "C: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "C: \ \ Program Files \ \ limewire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "C: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "C: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ angļu \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = c: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = c: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = c: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6.112: TCP" = 6.112: TCP: Diablo 2 "26.675: TCP" = 26.675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58.398: TCP" = 58.398: TCP: Pando Media Booster "58.398: UDP" = 58.398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 33.808] R1 SASDIFSV; SASDIFSV c: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 9.968] R1 SASKUTIL; SASKUTIL c: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 55.024] R1 UGURU; UGURU c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 14.592] R3 KLFLTDEV; Kaspersky Lab KLFltDev c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 26.640] R3 klim5, Kaspersky Anti-Virus NDIS Filtrs: c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 24.592] S2 Cubase32; Cubase32 c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 11.808] S3 SASENUM; SASENUM c: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 4.096] . Saturs "Scheduled Tasks" mape 2009/06/13 c: \ windows \ Uzdevumi \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008/07/30 17:34] 2009/06/25 c: \ windows \ Uzdevumi \ Malwarebytes "Anti-Malware.job - C: \ PROGRA ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008/05/19 00:52] . . ------- Papildu Scan ------- . uStart Page = hxxp: / / google.com / IE: Pievienot Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksportēt uz Microsoft Excel - c: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser par Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net Rootkit scan 2009/06/25 19:11 Windows 5.1.2600 Service Pack 3 NTFS skenēšana slēptās procesi ... skenēšana slēptās palaišana ieraksti ... skenēšana slēptos failus ... scan sekmīgi pabeigta slēptos failus: 0 ************************************************** ************************ . --------------------- Bloķēt reģistra atslēgas --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, D1 34, d2, D9, C8, 28,51, af, B0, 29, a3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, E2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, c2, dc, E4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, E9, A8, 42, 2f, C4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, ec, 7e, 55,20, C9, 26, eb, A7, df, 4d, 25, C2, 62,83,25, da, EK, 7e, 55,20, C9, 26, a3, f2, 65, ed, 80,3 e, E4, F6, ff, 7c, 85, E0, 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4.708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9.e, E0, 57,5, 93,61, f2, a1, b4, 61,82, bb, ab, D5, 3e, 1e, 9.e, E0, 57,5, 93,61,6 f, 0E, 5c, ae, EK, 4F, E7, 8d, 86,8 c, 21,01, BE, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, CF, C8, 7.e, 4a, D5, 24,8 d, 3a, 49, C4, B0, 18, ed, A7, 3f, 8d, 37, a4, 29, B5, 53,9, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, B1, F8, 68,02,09, D4, 0a, F3, 53, bc, 62,26,31,77, E1, ba, B1, F8, 68,02,77, C3, de, c6, 98,79, 54,2 c, FB, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3, 48, fc, e8, 04,4, f1, df, 00, D5, 43, ff, F8, 0f, f3, 83,6 c, 56,8 b, A0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, ea, F8, C4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14 CC, 82, ac, 7a, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4.288-8.073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2.d, 45, aa, 78,0 b, ba, 41,78,8, C9, 90,04, B1, cd, 45,5, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5D, 45,06,19,5 e, 30,20, E6, E3, 0E, 66, d5, eb, bc, 2.f, 6b, e1, 69,31, ac, dd, BA, 7f, 02,2, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, D4, 3.b, 6b, 70, A5, 97,0, 6e, 8a, sal, 52,73, fa, ea, 66,7 f, D4, 3.b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ lietotāju datu \ LocalSystem \ Componen ts \ h-€ | "gggg" ¤ • € | U • ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL Loaded Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe "(1028) c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (212) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Citi Running Processes ----------------------- -- . c: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe c: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe c: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ PROGRA ~ 1 \ Micros ~ 4 \ rapimgr.exe c: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ CTxfispi.exe c: \ windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Pabeigšanas laiks: 2009/06/25 19:14 - mašīna bija rebooted ComboFix-karantīnā-files.txt 2009/06/25 23:14 ComboFix2.txt 2009/06/24 23:29 ComboFix3.txt 2008/05/20 17:05 Pre-Run: 67819319296 bytes free Post-Run: 67883995136 bytes free Current = 3 default = 3 Failed = 1 LastKnownGood = 4 Sets = 1,2,3,4 310 --- EOF --- 2009/06/11 03:03 |
|
#9
Jūnijs 25, 2009, 18:13
| |||
| |||
| Inficēti ar MultiPacked.Multi.Generic Malware! Sorry es aizmirst kaut ko. Izdzēst šos failus / mapes, tas ir: 1. Doties uz Sākums > Skriet > Type Notepad.exe un noklikšķiniet uz OK atvērt Notepad. Tas vajag ir Notepad, nevis Wordpad. 2. Kopēt tekstu tālāk kodu ailē, uzsverot visu tekstu un nospiediet Ctrl + C Kods: Killall:: RegLock: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CCD-F60F-4.708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E8-7.488-4.926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE5-B0E2-4.288-8.073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Installer \ lietotāju datu \ LocalSystem \ Komponentes \ h-€ | "gggg" ¤ • € | U • ~ *] 4. Pēc tam noklikšķiniet uz Fails > Glābt 5. Nosaukums failu CFScript.txt - Saglabāt failu darbvirsmā 6. Velciet CFScript (turiet peles kreiso pogu un velkot failu) un nometiet to (izlaide peles kreiso pogu) pārnes ComboFix.exe kā redzat attēlā zemāk. Svarīgi: Veic šo instrukciju uzmanīgi! ComboFix sāks izpildīt, vienkārši sekojiet instrukcijām. Pēc reboot (ja tā lūdz atsāknēšana), tā sagatavos log for you. Post (Combofix.txt), kas ieiet jūsu nākamo atbildi. Piezīme: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt sistēmas iesaldēt ---------- Arī ļaujiet man zināt, kā dators darbojas tagad. .
__________________ |
|
#10
Jūnijs 26, 2009, 00:59
| |||
| |||
| Inficēti ar MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/26/2009 3:47.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Sākot no: c: \ Documents and Settings \ Peles \ Desktop \ ComboFix.exe Komandu slēdžus izmanto:: c: \ Documents and Settings \ Peles \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * On-access skenēšana invalīdu * (papildināts) (2C4D4BC6-0.793-4.956-A9F9-E252435469C0) FW: Kaspersky Internet Security * invalīdiem * (2C4D4BC6-0.793-4.956-A9F9-E252435469C0) . ((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Faili Created no 2009/05/26 līdz 2009/06/26 ))))))))))) )))))))))))))))))))) . 2009/06/24 23:28. 2009/06/24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009/06/23 18:47. 2009/06/24 16:37 117.760 ---- aw-c: \ Documents and Settings \ Peles \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009/06/17 17:58. 2009/06/17 18:10 -------- d ----- w C: \ Program Files \ LSoft Technologies 2009/06/13 16:32. 2009/06/13 16:32 -------- d ----- w C: \ Program Files \ iPod 2009/06/13 16:32. 2009/06/13 16:32 -------- d ----- w C: \ Program Files \ iTunes 2009/06/13 16:28. 2009/06/13 16:29 -------- d ----- w C: \ Program Files \ QuickTime 2009/06/13 16:23. 2009/06/13 16:23 75.048 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009/06/10 23:14. 2001/08/18 02:36 462.848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009/06/10 23:14. 2001/08/18 02:36 462.848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009/06/10 23:13. 2009/06/11 07:20 -------- d ----- w C: \ Descent3 2009/06/10 23:13. 2009/06/10 23:13 -------- d ----- w C: \ Games 2009/06/10 20:13. 2009/05/07 15:32 345.600-c ---- W-c: \ windows \ system32 \ dllcache \ localspl.dll 2009/06/10 20:13. 2009/04/15 14:51 585.216-c ---- W-c: \ windows \ system32 \ dllcache \ rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009/06/26 07:54. 2008/05/16 03:35 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009/06/26 07:52. 2008/05/16 03:35 761.888 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009/06/26 07:52. 2008/05/16 03:35 64.388 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009/06/26 07:52. 2008/05/16 03:35 4.571.424 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009/06/26 07:52. 2008/05/16 03:35 29.696 - SHA-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009/06/25 23:24. 2008/01/29 22:29 33.808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009/06/25 23:24. 2008/05/16 03:36 94.643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009/06/25 23:24. 2008/05/16 03:36 105.395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009/06/25 23:24. 2009/02/05 00:58 33.808 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009/06/25 23:24. 2008/07/17 23:08 213.520 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009/06/25 23:24. 2008/07/17 23:08 861.448 ---- aw-c: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009/06/24 21:09. 2008/05/17 00:25 -------- d ----- w C: \ Documents and Settings \ Peles \ Application Data \ limewire 2009/06/24 16:37. 2008/05/19 02:02 -------- d ----- w C: \ Program Files \ SUPERAntiSpyware 2009/06/23 19:00. 2008/10/16 02:40 -------- d ----- w C: \ Program Files \ Pando Networks 2009/06/23 18:59. 2008/11/29 18:36 -------- d ----- w C: \ Program Files \ palmOne 2009/06/21 23:00. 2009/02/09 03:50 138.184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009/06/21 23:00. 2009/02/09 03:50 183.112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009/06/18 22:35. 2008/06/17 15:40 -------- d ----- w C: \ Program Files \ Diablo II 2009/06/18 22:31. 2008/06/02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009/06/17 22:51. 2008/05/15 04:41 -------- d ----- w C: \ Documents and Settings \ Peles \ Application Data \ uTorrent 2009/06/13 16:32. 2008/08/19 04:10 -------- d ----- w C: \ Program Files \ Common Files \ Apple 2009/05/17 20:58. 2009/05/17 20:58 -------- d ----- w C: \ Program Files \ LG Electronics 2009/05/17 20:58. 2008/05/12 09:20 -------- d - h - w-c: \ Program Files \ InstallShield Installation Information 2009/05/17 20:57. 2008/05/12 09:20 -------- d ----- w C: \ Program Files \ Common Files \ InstallShield 2009/05/07 15:32. 2003/03/31 12:00 345.600 ---- aw-c: \ windows \ system32 \ localspl.dll 2009/04/29 04:46. 2003/03/31 12:00 666.624 ---- aw-c: \ windows \ system32 \ Wininet.dll 2009/04/29 04:46. 2008/05/16 21:18 81.920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009/04/28 10:48. 2008/05/17 00:24 -------- d ----- w C: \ Program Files \ Java 2009/04/28 10:47. 2009/04/28 10:47 152.576 ---- aw-c: \ Documents and Settings \ Peles \ Application Data \ Sun \ Java \ jre1.6.0_13 \ lzma.dll 2009/04/17 12:26. 2003/03/31 12:00 1.847.168 ---- aw-c: \ windows \ system32 \ win32k.sys 2009/04/15 14:51. 2003/03/31 12:00 585.216 ---- aw-c: \ windows \ system32 \ rpcrt4.dll 2009/04/08 06:13. 2009/04/08 06:13 45.056 ---- ar-C: \ Documents and Settings \ Peles \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009/04/08 06:13. 2009/04/08 06:13 45.056 ---- ar-C: \ Documents and Settings \ Peles \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009/04/08 06:13. 2009/04/08 06:13 10.134 ---- ar-C: \ Documents and Settings \ Peles \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009/04/05 23:39. 2008/05/16 02:24 23.032 ---- aw-c: \ Documents and Settings \ Peles \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009/04/05 23:27. 2009/04/05 23:28 5.433.520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008/03/26 00:07. 2008/03/26 00:07 24.592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007/12/13 17:28. 2008/03/26 00:07 24.592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009/06/24 23:28. 2008/10/16 19:09 51.224 c: \ windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009/06/24 23:28. 2008/04/14 00:12 82.432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009/06/24 23:28. 2008/04/14 00:12 26.112 c: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009/06/24 23:28. 2008/04/14 00:12 14.336 c: \ windows \ system32 \ dllcache \ cache \ svchost.exe + 2009/06/24 23:28. 2008/04/14 00:12 57.856 c: \ windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009/06/24 23:28. 2008/04/14 00:12 17.408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009/06/24 23:28. 2008/04/14 00:12 13.312 c: \ windows \ system32 \ dllcache \ cache \ lsass.exe + 2009/06/24 23:28. 2008/04/13 18:39 24.576 c: \ windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009/06/24 23:28. 2008/04/13 18:53 36.608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009/06/24 23:28. 2008/04/14 00:12 15.360 c: \ windows \ system32 \ dllcache \ cache \ ctfmon.exe - 2008/04/18 17:53. 2009/02/05 00:58 213.520 c: \ windows \ system32 \ drivers \ klif.sys + 2008/04/18 17:53. 2009/06/25 23:24 213.520 c: \ windows \ system32 \ drivers \ klif.sys + 2009/06/24 23:28. 2008/04/14 00:12 507.904 c: \ windows \ system32 \ dllcache \ cache \ winlogon.exe + 2009/06/24 23:28. 2009/04/29 04:46 666.624 c: \ windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009/06/24 23:28. 2008/04/14 00:12 578.560 c: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009/06/24 23:28. 2008/04/14 00:12 295.424 c: \ windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009/06/24 23:28. 2008/06/20 11:51 361.600 c: \ windows \ system32 \ dllcache \ cache \ Tcpip.sys + 2009/06/24 23:28. 2009/02/06 11:11 110.592 c: \ windows \ system32 \ dllcache \ cache \ services.exe + 2009/06/24 23:28. 2008/04/13 19:20 182.656 c: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009/06/24 23:28. 2009/03/21 14:06 989.696 c: \ windows \ system32 \ dllcache \ cache \ Kernel32.dll + 2009/06/24 23:28. 2008/04/14 00:11 110.080 c: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009/06/24 23:28. 2008/04/14 00:11 167.936 c: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009/06/24 23:28. 2008/04/14 00:12 1.614.848 c: \ windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009/06/24 23:28. 2009/02/06 11:06 2.145.280 c: \ windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009/06/24 23:28. 2009/02/06 10:32 2.023.936 c: \ windows \ system32 \ dllcache \ cache \ Ntkrnlpa.exe + 2009/06/24 23:28. 2008/04/14 00:12 1.033.728 c: \ windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2008/04/14 15.360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006/11/13 1.289.000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2008/05/03 13.529.088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003/06/18 45.056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005/11/04 49.152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005/11/04 49.152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006/07/28 122.880] "NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2008/05/03 86.016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009/02/05 201.992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009/05/26 413.696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009/05/14 177.472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009/06/05 292.136] "CTHelper" = "CTHELPER.EXE" - C: \ Windows \ system32 \ CtHelper.exe [2008/02/21 19.456] "CTxfiHlp" = "CTXFIHLP.EXE" - C: \ Windows \ system32 \ Ctxfihlp.exe [2008/02/21 19.968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009/01/01 77.824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon] 2009/01/01 04:29 356.352 ---- aw-c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ PSS \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ PSS \ HOTSYNCSHORTCUTNAME.lnkCommo n Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Start Menu Programs ^ ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ PSS \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ pakalpojumi] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp plānotājs 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center] "AntiVirusOverride" = DWORD: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = DWORD: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "C: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "C: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "C: \ \ Program Files \ \ limewire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "C: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "C: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "C: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ angļu \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = c: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = c: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = c: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6.112: TCP" = 6.112: TCP: Diablo 2 "26.675: TCP" = 26.675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58.398: TCP" = 58.398: TCP: Pando Media Booster "58.398: UDP" = 58.398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 33.808] R1 SASDIFSV; SASDIFSV c: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 9.968] R1 SASKUTIL; SASKUTIL c: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 55.024] R1 UGURU; UGURU c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 14.592] R3 KLFLTDEV; Kaspersky Lab KLFltDev c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 26.640] R3 klim5, Kaspersky Anti-Virus NDIS Filtrs: c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 24.592] S2 Cubase32; Cubase32 c: \ windows \ system32 \ drivers \ Kuba se32.sys [4/5/2009 7:02 11.808] S3 SASENUM; SASENUM c: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 4.096] . Saturs "Scheduled Tasks" mape 2009/06/13 c: \ windows \ Uzdevumi \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008/07/30 17:34] 2009/06/26 c: \ windows \ Uzdevumi \ Malwarebytes "Anti-Malware.job - C: \ PROGRA ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008/05/19 00:52] . . ------- Papildu Scan ------- . uStart Page = hxxp: / / google.com / IE: Pievienot Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & ksportēt uz Microsoft Excel - c: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser par Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net Rootkit scan 2009/06/26 03:54 Windows 5.1.2600 Service Pack 3 NTFS skenēšana slēptās procesi ... skenēšana slēptās palaišana ieraksti ... skenēšana slēptos failus ... scan sekmīgi pabeigta slēptos failus: 0 ************************************************** ************************ . --------------------- Bloķēt reģistra atslēgas --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, eb, 16,2 b, de, ff, 66,8 f, 81, D1 34, d2, D9, C8, 28,51, af, B0, 29, a3, 98, A9, C3, A8, 8a, 5e, d3, 39,87, E2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, c2, dc, E4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, E9, A8, 42, 2f, C4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, ec, 7e, 55,20, C9, 26, eb, A7, df, 4d, 25, C2, 62,83,25, da, EK, 7e, 55,20, C9, 26, a3, f2, 65, ed, 80,3 e, E4, F6, ff, 7c, 85, E0, 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4.708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9.e, E0, 57,5, 93,61, f2, a1, b4, 61,82, bb, ab, D5, 3e, 1e, 9.e, E0, 57,5, 93,61,6 f, 0E, 5c, ae, EK, 4F, E7, 8d, 86,8 c, 21,01, BE, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, B9, A6, 33,6 c, cd, 91, D7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, B9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, CF, C8, 7.e, 4a, D5, 24,8 d, 3a, 49, C4, B0, 18, ed, A7, 3f, 8d, 37, a4, 29, B5, 53,9, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, B1, F8, 68,02,09, D4, 0a, F3, 53, bc, 62,26,31,77, E1, ba, B1, F8, 68,02,77, C3, de, c6, 98,79, 54,2 c, FB, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3, 48, fc, e8, 04,4, f1, df, 00, D5, 43, ff, F8, 0f, f3, 83,6 c, 56,8 b, A0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 b, 89, C9, 6a, ea, F8, C4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 e, 14 CC, 82, ac, 7a, 83, eb, 90, 81, C6, F6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4.288-8.073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, ea, 26, 2.d, 45, aa, 78,0 b, ba, 41,78,8, C9, 90,04, B1, cd, 45,5, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3d, CE, ea, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, B7, cc, B5, B9, 7f, 41, E7, 5D, 45,06,19,5 e, 30,20, E6, E3, 0E, 66, d5, eb, bc, 2.f, 6b, e1, 69,31, ac, dd, BA, 7f, 02,2, B7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, ea, 66,7 f, D4, 3.b, 6b, 70, A5, 97,0, 6e, 8a, sal, 52,73, fa, ea, 66,7 f, D4, 3.b, 6b, 70,30,24, ea, 79, a1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Installer \ lietotāju datu \ LocalSystem \ Componen ts \ h-€ | "gggg" ¤ • € | U • ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLL Loaded Under Running Processes --------------------- - - - - - - -> 'Winlogon.exe "(672) c: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (288) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Citi Running Processes ----------------------- -- . c: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe c: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe c: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ PROGRA ~ 1 \ Micros ~ 4 \ rapimgr.exe c: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Pabeigšanas laiks: 2009/06/26 3:57 - mašīna bija rebooted ComboFix-karantīnā-files.txt 2009/06/26 07:57 ComboFix2.txt 2009/06/25 23:14 ComboFix3.txt 2009/06/24 23:29 ComboFix4.txt 2008/05/20 17:05 Pre-Run: 67824807936 bytes free Post-Run: 67888648192 bytes free Current = 3 default = 3 Failed = 1 LastKnownGood = 4 Sets = 1,2,3,4 311 --- EOF --- 2009/06/11 03:03 |
|
| |
| Bookmarks |
Similar Threads | ||||
| Pavediens | Thread Starter | Forums | Replies | Last Post |
| Problēma ar Trojan Horse Downloader Generic 9 | ÖGB | Vīrusu, spiegprogrammatūru un drošība | 7 | 21 novembris 2009 13:06 |
| Multi Desktop Application? | Haun | General Software Čats | 6 | 31 marts 2009 01:30 |
| Heur Trojan Generic | kathymer | Vīrusu, spiegprogrammatūru un drošība | 10 | 29 novembris 2008 12:58 |
| Inficēti ar Heur.trojan.generic Lūdzu Palīdzība | ruffryder2k7 | Vīrusu, spiegprogrammatūru un drošība | 17 | 6 novembris, 2008 10:39 |
| Vai jūs varētu sinhronizēt generic MP3 atskaņotājs [nav iPod] ar iTunes? | reyrey_angulo | Sound, Skaļruņi un MP3 pleijeri | 1 | 18 marts 2007 15:39 |
| Thread Tools | |
| |
