|
| |||||||
| Registruotis | Svetainės spy | Narių sąrašas | Donate | Ieškoti | Šiandien Žinutės | Pažymėti forumus kaip skaitytus | Forumo taisyklės |
 |
 |
| | Temos įrankiai |
|
#1
Balandis 8, 2008, 18:17
| |||
| |||
| Užkrėsti spyware Aš užsikrėtę kai kurių šnipinėjimo natūra / Adware, aš po kelių temas čia skelbiamų pranešimų, kurie buvo panašus dalykas, bet nesėkmingai. Adware: Changed My Desktop pranešimą: "spyware grėsmė buvo aptikta, spustelėkite čia, kad pilnas skenavimas", taip pat ji saugo nuo Popping su kampe sako man patį Daiktai burbulas. I've tried atsisiųsti ir paleisti programų, krūva: SmitFraudFix Combofix ATF-Cleaner CCleaner SpyBotSearch & Destroy Tačiau nė vienas iš jų atrodo, kad fiksuoto nieko ... Please help!  Aš pridėti į naujausius rąstų krūva. Žalias |
|
#2
Balandis 8, 2008, 22:49
| |||
| |||
| Užkrėsti spyware Sveiki CJ Greenhorn  Ištrinti šiuos failus / aplankus, taip: 1. Pereiti į Pradžia > Bėgti > Pagal tipą Notepad.exe ir paspauskite Gerai atidarykite "Notepad". Tai privalėti būti Notepad, WordPad nėra.
Kodas Killall: Folder:: C: \ WINDOWS \ FLEOK File: C: \ WINDOWS \ didduid.ini C: \ WINDOWS \ system32 \ wmsdkns.exe 4. Tada spustelėkite Failas > Saugoti 5. Bylos pavadinimas CFScript.txt - Išsaugokite šį failą savo darbalaukyje 6. Vilkite CFScript (paspauskite ir laikykite kairįjį pelės klavišą, vilkite failą) ir palikite jį (spaudai kairįjį pelės mygtuką) į ComboFix.exe kaip matote ekrano apačioje. Svarbu: Atlikti šį nurodymą atidžiai!  ComboFix bus pradėti vykdyti, tiesiog vykdykite ekrane pateikiamas instrukcijas. Po perkrovimo (jei ji prašo paleisti), tai duos žurnalas Jums. Rašyti, kad žurnalas (Combofix.txt) į jūsų kitą atsakymą. Pastaba Don't mouseclick combofix lango kol jis veikia. Tai gali sukelti jūsų sistema įšaldyti ---------- Atidaryti HijackThis ir pasirinkite Ar sistema nuskaito tik. Vieta varnelė prie šių įrašų: (jei yra)
Išeitis HijackThis. ---------- Atsisiųskite ATF Cleaner pagal Atribune. ATF Cleaner.exe Įsitikinkite visi naršyklės langus, yra baigtos.
---------- Svarbu: Pašalinti iš HijackThis versiją turite. yra senas beta versija, ir mes turime turėti naują versiją, taip pat pervardyti jį į Snaiperis. Iškart ČIA ir atlikti šiuos žingsnius norint. Trečias veiksmas -- Malwarebytes 'Anti-Malware (MBAM) Ketvirtas žingsnis -- Atnaujinama Java Žingsnis Šeši -- HijackThis Dabar paleisti naują HijackThis nuskaityti ir po žurnalo kartu su kitais. ---------- Sekantis prašome pridėti Combofix Prisijungti MBAM Prisijungti NAUJAS HijackThis
__________________  |
|
#3
Balandis 9, 2008, 11:51
| |||
| |||
| Užkrėsti spyware Ei, ačiū už šiltas ir greitą atsakymą, taip pat Ačiū Jums už patarimą! Aš po visų jūsų instrukcijas, kaip sakei, įpylus scenarijų comofix virusas atrodė, kad praeina, bet aš po to apie priemones, pailsėti vis tiek į makesure. Aš Aš HijackThis! skenavimas, bet failus paprašė manęs ištrinti nebebuvo ten, so I'm guessing combofix turi ir atsikratyti jų. Išbėgau kenkėjiškų bytes taip pat, ir nustatė kai kuriuos failus, kurių man teko ją ištrinti. Seems like it's all good now, ne daugiau Fono skelbimą arba burbulas langų, aš pridedamas Įrašai prašymu. Teko suspausti 2 iš jų, nes jie buvo per Filesize riba, suspausto su WinRar tada vadinti. ZIP, tikimės, that's ok. Thanks again Evilfantasy. ComboFix 08-04-08.7 - Ashton 2008-04-09 18:21:02.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.682 [GMT 1:00] Veikia nuo: C: \ Documents and Settings \ Ashton \ Desktop \ ComboFix.exe Command jungikliai naudojami: C: \ Documents and Settings \ Ashton \ Desktop \ CFScript.txt * Sukurtas naujas atkūrimo taškas * Imbuvys AV yra aktyvus ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!! Failas: C: \ WINDOWS \ didduid.ini C: \ WINDOWS \ system32 \ wmsdkns.exe . ((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ 180search asistentas C: \ Program Files \ 180search asistentas \ 180sa.exe C: \ Program Files \ 180search asistentas \ sau.exe C: \ Program Files \ 180searchassistant C: \ Program Files \ 180searchassistant \ saap.exe C: \ Program Files \ 180searchassistant \ sac.exe C: \ Program Files \ 180solutions C: \ Program Files \ 180solutions \ sais.exe C: \ Program Files \ seekmo C: \ Program Files \ seekmo \ seekmohook.dll C: \ Program Files \ STC C: \ Program Files \ STC \ csv5p070.exe C: \ Program Files \ Sysmnt C: \ Program Files \ Sysmnt \ Ssmgr.exe C: \ Program Files \ Zango C: \ Program Files \ Zango \ zango.exe C: \ WINDOWS \ 180ax.exe C: \ WINDOWS \ 2020search.dll C: \ WINDOWS \ 2020search2.dll C: \ WINDOWS \ bjam.dll C: \ WINDOWS \ bokja.exe C: \ WINDOWS \ cdsm32.dll C: \ WINDOWS \ default.htm C: \ WINDOWS \ didduid.ini C: \ WINDOWS \ FLEOK C: \ WINDOWS \ FLEOK \ 180ax.exe C: \ WINDOWS \ mspphe.dll C: \ WINDOWS \ mssvr.exe C: \ WINDOWS \ saiemod.dll C: \ WINDOWS \ salm.exe C: \ WINDOWS \ stcloader.exe C: \ WINDOWS \ swin32.dll C: \ WINDOWS \ system32 \ msixu.dll C: \ WINDOWS \ system32 \ wer8274.dll C: \ WINDOWS \ system32 \ wmsdkns.exe C: \ Windows \ Temp \ salm.exe C: \ WINDOWS \ updatetc.exe C: \ WINDOWS \ voiceip.dll . ((((((((((((((((((((((((( Failus, sukurtus nuo 2008/03/09 iki 2008/04/09 ))))))))))) )))))))))))))))))))) . 2008-04-09 08:52. 2008-04-09 08:52 <DIR> d -------- C: \ Program Files \ Sek 2008-04-09 08:36. 2008-04-09 08:36 <DIR> d -------- C: \ Program Files \ Trend Micro 2008-04-09 08:35. 2008-04-09 08:35 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware 2008-04-09 08:35. 2008-04-09 08:35 <DIR> d -------- C: \ Documents and Settings \ Ashton \ Application Data \ Malwarebytes 2008-04-09 08:35. 2008-04-09 08:35 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-04-09 08:31. 2008-04-09 08:31 <DIR> d -------- C: \ Program Files \ Common Files \ Authentium 2008-04-09 08:31. 2008-04-09 18:11 53.192 - ------ C: \ WINDOWS \ system32 \ drivers \ rp_skt32.sys 2008-04-09 08:31. 2007-04-19 11:36 48.384 - ------ C: \ WINDOWS \ system32 \ drivers \ rp_pkt32.sys 2008-04-09 08:30. 2008-04-09 08:30 <DIR> d -------- C: \ Program Files \ Raxco 2008-04-09 08:30. 2008-04-09 18:07 <DIR> d -------- C: \ Program Files \ Common Files \ Skeneriai 2008-04-09 08:30. 2008-04-09 08:30 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Raxco 2008-04-09 08:28. 2008-04-09 08:28 <DIR> d -------- C: \ Documents and Settings \ Ashton \ Application Data \ InstallShield 2008-04-09 08:25. 2008-04-09 08:30 <DIR> d -------- C: \ Program Files \ Virgin Broadband 2008-04-09 01:42. 2008-04-09 01:42 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Kompanionas 2008-04-09 01:14. 2008-04-09 01:14 <DIR> d -------- C: \ Program Files \ Yahoo! 2008-04-09 01:13. 2008-04-09 01:15 <DIR> d -------- C: \ Program Files \ CCleaner 2008-04-09 00:43. 2008-04-09 01:52 3.314 - ------ C: \ WINDOWS \ system32 \ tmp.reg 2008-04-09 00:42. 2007-09-06 00:22 289.144 - ------ C: \ WINDOWS \ system32 \ VCCLSID.exe 2008-04-09 00:42. 2006-04-27 17:49 288.417 - ------ C: \ WINDOWS \ system32 \ SrchSTS.exe 2008-04-09 00:42. 2008-03-29 00:19 86.528 - ------ C: \ WINDOWS \ system32 \ VACFix.exe 2008-04-09 00:42. 2008-04-08 22:44 82.432 - ------ C: \ WINDOWS \ system32 \ IEDFix.exe 2008-04-09 00:42. 2003-06-05 21:13 53.248 - ------ C: \ WINDOWS \ system32 \ Process.exe 2008-04-09 00:42. 2004-07-31 18:50 51.200 - ------ C: \ WINDOWS \ system32 \ dumphive.exe 2008-04-09 00:42. 2007-10-04 00:36 25.600 - ------ C: \ WINDOWS \ system32 \ WS2Fix.exe 2008-04-09 00:01. 2008-04-09 00:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet 2008-04-08 23:57. 2008-04-08 23:57 <DIR> d -------- C: \ Program Files \ Spybot - Search & Destroy 2008-04-08 23:57. 2008-04-09 00:46 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008-04-08 23:50. 2008-04-08 23:50 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ ALM 2008-04-08 23:47. 2008-04-08 23:47 <DIR> d -------- C: \ Program Files \ Bonjour 2008-04-08 23:29. 2008-04-08 23:29 <DIR> d -------- C: \ Program Files \ Common Files \ Macrovision Shared 2008-04-08 22:42. 2008-04-08 22:42 <DIR> d -------- C: \ Program Files \ PowerISO 2008-04-07 01:56. 2008-04-07 01:56 1.110 - ------ C: \ WINDOWS \ mozver.dat 2008-04-01 22:42. 2008-04-01 22:42 <DIR> D - h ----- C: \ Documents and Settings \ All Users \ Application Data \ (0E8E33D8-193a-414A-A909-0F101A142D26) 2008-04-01 22:38. 2008-04-01 22:38 <DIR> d -------- C: \ Program Files \ Stardock Žaidimai 2008-03-28 18:39. 2008-03-28 18:39 <DIR> d -------- C: \ Documents and Settings \ Ashton \ Application Data \ dvdcss 2008-03-14 07:04. 2008-03-14 07:04 46.652 - ------ C: \ WINDOWS \ system32 \ drivers \ scdemu.sys 2008-03-13 23:07. 2008-03-13 23:07 <DIR> d -------- C: \ Program Files \ Common Files \ NSV . (((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-04-09 07:54 --------- d ----- w C: \ Program Files \ Java 2008-04-09 07:30 --------- d ----- w C: \ Program Files \ CA 2008-04-09 07:29 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Virgin Broadband 2008-04-09 07:28 --------- D - h - w C: \ Program Files \ InstallShield įrengimas Informacija 2008-04-09 01:58 --------- d ----- w C: \ Documents and Settings \ Ashton \ Application Data \ Virgin Broadband 2008-04-08 22:47 --------- d ----- w C: \ Program Files \ Common Files \ Adobe 2008-02-26 20:59 --------- d ----- w C: \ Documents and Settings \ Ashton \ Application Data \ ATI 2008-02-26 20:59 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ ATI 2008-02-26 20:50 --------- d ----- w C: \ Program Files \ ATI Technologies 2008-02-26 01:30 --------- d ----- w C: \ Program Files \ Games-Masters.com 2008-02-25 09:39 --------- d ----- w C: \ Program Files \ Common Files \ INCA Bendri 2008-02-25 09:19 --------- d ----- w C: \ Program Files \ GameTribe 2008-02-24 03:18 --------- d ----- w C: \ Program Files \ Temp.p 2008-02-23 22:31 --------- d ----- w C: \ Program Files \ Common Files \ DirectX " 2008-02-23 22:26 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kontiki 2008-02-23 21:42 --------- d ----- w C: \ Program Files \ OGPlanet 2008-02-22 19:06 --------- d ----- w C: \ Documents and Settings \ Ashton \ Application Data \ AdobeUM 2008-02-21 19:33 --------- d ----- w C: \ Program Files \ Trys žiedai Dizainas 2008-02-20 22:40 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Channel4 2008-02-15 19:17 --------- d ----- w C: \ Program Files \ Winamp 2008-02-15 18:00 --------- d ----- w C: \ Program Files \ Hidden Miestas žaidimai 2008-02-15 16:55 --------- d ----- w C: \ Program Files \ SealOnlineUSA 2008-02-13 21:44 --------- d ----- w C: \ Program Files \ Funcom 2007-12-23 19:41 32 ---- ar C: \ Documents and Settings \ All Users \ hash.dat 2004-02-02 10:31 236.510-c - AW C: \ Documents and Settings \ Ashton \ DIAG.EXE 2004-01-30 18:21 62.480-c - AW C: \ Documents and Settings \ Ashton \ FETODI.COM 2004-01-09 14:28 51.356-c - AW C: \ Documents and Settings \ Ashton \ FETND3.sys 2004-01-09 14:27 53.136-c - AW C: \ Documents and Settings \ Ashton \ FETND4.sys 2004-01-09 14:24 40.960-c - AW C: \ Documents and Settings \ Ashton \ FETND5A.sys 2004-01-09 14:23 42.496-c - AW C: \ Documents and Settings \ Ashton \ FETND5B.sys 2003-11-27 15:01 57.344-c - AW C: \ Documents and Settings \ Ashton \ winsetup.exe 2002-10-09 16:29 147.456-c - AW C: \ Documents and Settings \ Ashton \ NTUTIL.DLL 2002-02-20 11:04 15.552-c - AW C: \ Documents and Settings \ Ashton \ WINNDI.DLL . ((((((((((((((((((((((((((((( Fotografiją @ 2008-04-09_ 1.41.00.14 ))))))))))) )))))))))))))))))))))))))))))) . - 2008-04-08 22:11:46 29.696 ---- AW C: \ WINDOWS \ apphelp32.dll + 2008-04-09 17:08:03 9.472 ---- AW C: \ WINDOWS \ apphelp32.dll - 2008-04-08 22:11:46 14.592 ---- AW C: \ WINDOWS \ asferror32.dll + 2008-04-09 17:08:03 8.448 ---- AW C: \ WINDOWS \ asferror32.dll - 2008-04-08 22:11:46 29.952 ---- AW C: \ WINDOWS \ asycfilt32.dll + 2008-04-09 17:08:03 12.800 ---- AW C: \ WINDOWS \ asycfilt32.dll - 2008-04-08 22:11:46 20.480 ---- AW C: \ WINDOWS \ athprxy32.dll + 2008-04-09 17:08:03 18.432 ---- AW C: \ WINDOWS \ athprxy32.dll - 2008-04-08 22:11:46 17.408 ---- AW C: \ WINDOWS \ ati2dvaa32.dll + 2008-04-09 17:08:03 16.896 ---- AW C: \ WINDOWS \ ati2dvaa32.dll - 2008-04-08 22:11:46 10.752 ---- AW C: \ WINDOWS \ ati2dvag32.dll + 2008-04-09 17:08:03 20.480 ---- AW C: \ WINDOWS \ ati2dvag32.dll - 2008-04-08 22:11:46 22.016 ---- AW C: \ WINDOWS \ audiosrv32.dll + 2008-04-09 17:08:03 10.496 ---- AW C: \ WINDOWS \ audiosrv32.dll - 2008-04-08 22:11:47 22.272 ---- AW C: \ WINDOWS \ autodisc32.dll + 2008-04-09 17:08:03 30.464 ---- AW C: \ WINDOWS \ autodisc32.dll - 2008-04-08 22:11:47 12.288 ---- AW C: \ WINDOWS \ avifile32.dll + 2008-04-09 17:08:04 25.856 ---- AW C: \ WINDOWS \ avifile32.dll - 2008-04-08 22:11:47 27.392 ---- AW C: \ WINDOWS \ avisynthex32.dll + 2008-04-09 17:08:04 23.296 ---- AW C: \ WINDOWS \ avisynthex32.dll - 2008-04-08 22:11:47 23.808 ---- AW C: \ WINDOWS \ aviwrap32.dll + 2008-04-09 17:08:04 11.776 ---- AW C: \ WINDOWS \ aviwrap32.dll - 2008-04-08 22:11:47 17.920 ---- AW C: \ WINDOWS \ browserad.dll + 2008-04-09 17:08:04 18.944 ---- AW C: \ WINDOWS \ browserad.dll - 2008-04-08 22:11:45 31.488 ---- AW C: \ WINDOWS \ changeurl_30.dll + 2008-04-09 17:08:03 29.696 ---- AW C: \ WINDOWS \ changeurl_30.dll - 2007-10-10 15:36:22 10.134 ---- ar C: \ WINDOWS \ Installer \ (05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:00 10.134 ---- ar C: \ WINDOWS \ Installer \ (05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:18 26.582 ---- ar C: \ WINDOWS \ Installer \ (212F5777-1190-4DEF-8E4D-6B2F313B45E7) \ PerfectDisk.exe + 2008-04-09 07:30:56 26.582 ---- ar C: \ WINDOWS \ Installer \ (212F5777-1190-4DEF-8E4D-6B2F313B45E7) \ PerfectDisk.exe - 2007-10-10 15:36:46 10.134 ---- ar C: \ WINDOWS \ Installer \ (324D4909-7A7B-45cd-B199-E975DC108249) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:31 10.134 ---- ar C: \ WINDOWS \ Installer \ (324D4909-7A7B-45cd-B199-E975DC108249) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:53 10.134 ---- ar C: \ WINDOWS \ Installer \ (3A836186-46F8-4388-9830-820E35C02992) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:45 10.134 ---- ar C: \ WINDOWS \ Installer \ (3A836186-46F8-4388-9830-820E35C02992) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:53 25.214 ---- ar C: \ WINDOWS \ Installer \ (3A836186-46F8-4388-9830-820E35C02992) \ Sm_En_DiagD_7C6BED816D7E4AD1AEAF5A1A DB6C8676.exe + 2008-04-09 07:31:45 25.214 ---- ar C: \ WINDOWS \ Installer \ (3A836186-46F8-4388-9830-820E35C02992) \ Sm_En_DiagD_7C6BED816D7E4AD1AEAF5A1A DB6C8676.exe - 2007-10-10 15:36:52 10.134 ---- ar C: \ WINDOWS \ Installer \ (3AFF4279-A590-4010-8C8A-3B096A220CFC) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:43 10.134 ---- ar C: \ WINDOWS \ Installer \ (3AFF4279-A590-4010-8C8A-3B096A220CFC) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:59 10.134 ---- ar C: \ WINDOWS \ Installer \ (3C441434-737C-4D54-8EAB-B409BE54E734) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:50 10.134 ---- ar C: \ WINDOWS \ Installer \ (3C441434-737C-4D54-8EAB-B409BE54E734) \ ARPPRODUCTICON.exe - 2007-10-10 15:37:00 10.134 ---- ar C: \ WINDOWS \ Installer \ (53C32728-D434-4143-9C9D-D73D68D00893) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:52 10.134 ---- ar C: \ WINDOWS \ Installer \ (53C32728-D434-4143-9C9D-D73D68D00893) \ ARPPRODUCTICON.exe - 2007-10-10 15:37:02 10.134 ---- ar C: \ WINDOWS \ Installer \ (5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:55 10.134 ---- ar C: \ WINDOWS \ Installer \ (5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:48 10.134 ---- ar C: \ WINDOWS \ Installer \ (6EA0ABC4-172B-48D4-AF26-93322D7FDE72) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:36 10.134 ---- ar C: \ WINDOWS \ Installer \ (6EA0ABC4-172B-48D4-AF26-93322D7FDE72) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:50 10.134 ---- ar C: \ WINDOWS \ Installer \ (A542D695-16D3-4F89-A6F1-091F009B8ABA) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:42 10.134 ---- ar C: \ WINDOWS \ Installer \ (A542D695-16D3-4F89-A6F1-091F009B8ABA) \ ARPPRODUCTICON.exe - 2007-10-10 15:35:46 10.134 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ ARPPRODUCTICON.exe + 2008-04-09 07:30:07 10.134 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ ARPPRODUCTICON.exe - 2007-10-10 15:35:46 25.214 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ Desktop_En_Rps_A64EE928C7A645A784CE5 9FBDBDD9D1B.exe + 2008-04-09 07:30:07 25.214 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ Desktop_En_Rps_A64EE928C7A645A784CE5 9FBDBDD9D1B.exe - 2007-10-10 15:35:46 25.214 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ Sm_En_Rps_A64EE928C7A645A784CE59FBDB DD9D1B.exe + 2008-04-09 07:30:07 25.214 ---- ar C: \ WINDOWS \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ Sm_En_Rps_A64EE928C7A645A784CE59FBDB DD9D1B.exe - 2007-10-10 15:36:49 10.134 ---- ar C: \ WINDOWS \ Installer \ (B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:41 10.134 ---- ar C: \ WINDOWS \ Installer \ (B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:57 10.134 ---- ar C: \ WINDOWS \ Installer \ (C831972C-3834-4D9D-A095-8350B324AC3C) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:47 10.134 ---- ar C: \ WINDOWS \ Installer \ (C831972C-3834-4D9D-A095-8350B324AC3C) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:07 10.134 ---- ar C: \ WINDOWS \ Installer \ (D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D) \ ARPPRODUCTICON.exe + 2008-04-09 07:30:29 10.134 ---- ar C: \ WINDOWS \ Installer \ (D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:11 10.134 ---- ar C: \ WINDOWS \ Installer \ (DD1C392B-226D-42C9-B8E6-2A9BEF7583B4) \ ARPPRODUCTICON.exe + 2008-04-09 07:30:50 10.134 ---- ar C: \ WINDOWS \ Installer \ (DD1C392B-226D-42C9-B8E6-2A9BEF7583B4) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:32 10.134 ---- ar C: \ WINDOWS \ Installer \ (ECBDDBD7-43CC-417C-B87A-943AFED8EB57) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:10 10.134 ---- ar C: \ WINDOWS \ Installer \ (ECBDDBD7-43CC-417C-B87A-943AFED8EB57) \ ARPPRODUCTICON.exe - 2007-10-10 15:36:09 10.134 ---- ar C: \ WINDOWS \ Installer \ (EE1D5780-AF29-4DC4-A107-3FD5F79AC63A) \ ARPPRODUCTICON.exe + 2008-04-09 07:30:32 10.134 ---- ar C: \ WINDOWS \ Installer \ (EE1D5780-AF29-4DC4-A107-3FD5F79AC63A) \ ARPPRODUCTICON.exe - 2007-10-10 15:37:01 10.134 ---- ar C: \ WINDOWS \ Installer \ (FD2EC356-DB5E-40AE-907A-9A1D38F9396D) \ ARPPRODUCTICON.exe + 2008-04-09 07:31:53 10.134 ---- ar C: \ WINDOWS \ Installer \ (FD2EC356-DB5E-40AE-907A-9A1D38F9396D) \ ARPPRODUCTICON.exe - 1998-10-29 16:45:06 306.688 ---- AW C: \ WINDOWS \ IsUninst.exe + 1998-10-29 15:45:06 306.688 ---- AW C: \ WINDOWS \ IsUninst.exe - 2008-04-08 22:11:49 14.080 ---- AW C: \ WINDOWS \ msa64chk.dll + 2008-04-09 17:08:06 11.776 ---- AW C: \ WINDOWS \ msa64chk.dll - 2008-04-08 22:11:49 26.368 ---- AW C: \ WINDOWS \ msapasrc.dll + 2008-04-09 17:08:06 26.624 ---- AW C: \ WINDOWS \ msapasrc.dll - 2008-04-08 22:11:48 25.344 ---- AW C: \ WINDOWS \ ntnut.exe + 2008-04-09 17:08:05 8.960 ---- AW C: \ WINDOWS \ ntnut.exe - 2008-04-08 22:11:47 18.432 ---- AW C: \ WINDOWS \ shdocpe.dll + 2008-04-09 17:08:05 32.000 ---- AW C: \ WINDOWS \ shdocpe.dll - 2008-04-08 22:11:48 21.504 ---- AW C: \ WINDOWS \ shdocpl.dll + 2008-04-09 17:08:05 27.904 ---- AW C: \ WINDOWS \ shdocpl.dll - 2007-09-24 22:30:28 135.168 ---- AW C: \ WINDOWS \ system32 \ java.exe + 2008-02-22 00:23:35 135.168 ---- AW C: \ WINDOWS \ system32 \ java.exe - 2007-09-24 22:30:30 135.168 ---- AW C: \ WINDOWS \ system32 \ javaw.exe + 2008-02-22 00:23:39 135.168 ---- AW C: \ WINDOWS \ system32 \ javaw.exe - 2007-09-24 23:31:42 139.264 ---- AW C: \ WINDOWS \ system32 \ javaws.exe + 2008-02-22 01:33:32 139.264 ---- AW C: \ WINDOWS \ system32 \ javaws.exe - 2008-04-08 22:11:50 9.984 ---- AW C: \ WINDOWS \ system32 \ MSNSA32.dll + 2008-04-09 17:08:07 14.336 ---- AW C: \ WINDOWS \ system32 \ MSNSA32.dll - 2008-04-08 22:11:48 31.488 ---- AW C: \ WINDOWS \ system32 \ ntnut32.exe + 2008-04-09 17:08:05 28.928 ---- AW C: \ WINDOWS \ system32 \ ntnut32.exe - 2008-04-08 22:11:48 21.760 ---- AW C: \ WINDOWS \ system32 \ shdocpe.dll + 2008-04-09 17:08:05 26.880 ---- AW C: \ WINDOWS \ system32 \ shdocpe.dll - 2008-04-08 22:11:48 19.712 ---- AW C: \ WINDOWS \ system32 \ SIPSPI32.dll + 2008-04-09 17:08:06 30.720 ---- AW C: \ WINDOWS \ system32 \ SIPSPI32.dll - 2008-04-08 22:11:47 12.800 ---- AW C: \ WINDOWS \ winsb.dll + 2008-04-09 17:08:04 18.432 ---- AW C: \ WINDOWS \ winsb.dll - 2007-10-10 15:35:42 1.233.920 ---- AW C: \ WINDOWS \ winSxS \ x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9818.0_x-ww_8ff50c5d \ Msxml4.dll + 2008-04-09 07:30:03 1.233.920 ---- AW C: \ WINDOWS \ winSxS \ x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9818.0_x-ww_8ff50c5d \ Msxml4.dll - 2007-10-10 15:35:42 82.432 ---- AW C: \ WINDOWS \ winSxS \ x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.0.0_x-ww_29c3ad6a \ Msxml4r.dll + 2008-04-09 07:30:03 82.432 ---- AW C: \ WINDOWS \ winSxS \ x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.0.0_x-ww_29c3ad6a \ Msxml4r.dll . - Snapshot Reset dabartines data -- . ((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "MsnMsgr" = "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" [2007-01-19 12:54 5674352] "SB Audigy 2 paleisties meniu" = "/ L: ENG" [] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 08:56 15360] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ RunOnce] "IndexCleaner" = "C: \ Program Files \ Mergelių Plačiajuostis \ PCguard \ IdxClnR.exe" [2007-09-05 14:09 61168] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "dla" = "C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe" [2004-03-15 01:04 122933] "UpdateManager" = "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" [2003-08-19 01:01 110592] "CTSysVol" = "C: \ Program Files \ Creative \ SBAudigy2 \ Surround Mixer \ CTSysVol.exe" [2002-10-29 09:18 49152] "CTDVDDet" = "C: \ Program Files \ Creative \ SBAudigy2 \ DVDAudio \ CTDVDDet.EXE" [2002-09-30 01:00 45056] "CTHelper" = "CTHELPER.EXE" [2003-02-20 23:45 28672 C: \ WINDOWS \ system32 \ CTHELPER.EXE] "AsioReg" = "REGSVR32.EXE" [2004-08-04 08:56 11776 C: \ WINDOWS \ system32 \ regsvr32.exe] "UpdReg" = "C: \ WINDOWS \ UpdReg.EXE" [2000-05-11 01:00 90112] "ATIPTA" = "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" [2004-05-25 22:35 335872] "BJCFD" = "C: \ Program Files \ BroadJump \ Client fondas \ CFD.exe" [2003-01-27 17:16 376912] "WinampAgent" = "C: \ Program Files \ Winamp \ winampa.exe" [2008-01-15 23:54 37376] "StartCCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" [2006-11-10 13:35 90112] "PWRISOVM.EXE" = "C: \ Program Files \ PowerISO \ PWRISOVM.EXE" [2008-03-15 00:50 233472] "workflow" = "D: \ installs \ workflow.exe" [] "Broadbandadvisor.exe" = "C: \ Program Files \ Mergelių Plačiajuostis \ patarėjas \ Broadbandadvisor.exe" [2007-08-07 18:49 2061552] "PCguard" = "C: \ Program Files \ Mergelių Plačiajuostis \ PCguard \ Rps.exe" [2007-09-05 14:10 310000] "-FreedomNeedsReboot" = "C: \ Program Files \ Mergelių Plačiajuostis \ PCguard \ ZkRunOnceR.exe" [2007-09-05 14:10 13552] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" [2008-02-22 04:25 144784] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ RunOnce] "IndexCleaner" = "C: \ Program Files \ Mergelių Plačiajuostis \ PCguard \ IdxClnR.exe" [2007-09-05 14:09 61168] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 08:56 15360] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2004-12-14 05:44:06 29696] Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.exe [2000-01-21 09:15:54 65588] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32] "VIDC.X264" = x264vfw.dll "msacm.ac3acm" = AC3ACM.acm "msacm.scg726" = scg726.acm "msacm.alf2cd" = alf2cd.acm "vidc.dvsd" = mcdvd_32.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ DAEMON Tools] - ------ 2007-08-29 16:09 171464 C: \ Program Files \ DAEMON Tools \ daemon.exe [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ System32 \ \ sessmgr.exe" = "C: \ Program Files \ Messenger \ \ msmsgs.exe" = "% windir% \ \ network diagnostic \ \ xpnetdiag.exe" = "C: \ Program Files \ Skype \ \ Phone \ \ Skype.exe" = "C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ MSN Messenger \ \ livecall.exe" = "C: \ Program Files \ \ Stardock žaidynės \ \ Sins of Solar Empire \ \ Sins of Solar Empire.exe" = "C: \ Program Files \ Bonjour \ \ mDNSResponder.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "15.808 TCP" = 15.808: TCP: BitComet 15.808 TCP "15.808: UDP" = 15.808: UDP: BitComet 15.808 UDP "3.724 TCP" = 3.724: TCP: Blizzard Downloader: 3724 S3 iadusb; GlobespanVirata USB IAD LAN Modem, C: \ WINDOWS \ system32 \ drivers \ glauiad.sys [2004-07-02 09:20] S3 Radialpoint saugos paslaugoms; Mergelių Plačiajuostis PCguard, C: \ WINDOWS \ system32 \ dllhost.exe [2004-08-04 08:56] S3 XDva037; XDva037, C: \ WINDOWS \ system32 \ XDva037.sys [] . Turinys "Scheduled Tasks" katalogą "2008-04-03 19:15:02 C: \ WINDOWS \ Uždaviniai \ AppleSoftwareUpdate.job" - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe . ************************************************** ************************ catchme 0.3.1351 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net Rootkit scan 2008-04-09 18:26:36 Windows 5.1.2600 Service Pack 2 NTFS skenavimo paslėptus procesus ... skenavimo paslėptas autostart entries ... skenavimo paslėptus failus ... skenavimas baigtas sėkmingai paslėptus failus: 0 ************************************************** ************************ . ------------------------ Kitos aktyvūs procesai ----------------------- -- . C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ Program Files \ Mergelių Plačiajuostis \ PCguard \ Fws.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ CTsvcCDA.exe C: \ Program Files \ Common Files \ Authentium \ AntiVirus \ dvpapi.exe C: \ Program Files \ CA \ PPRT \ bin \ ITMRTSVC.exe C: \ Program Files \ Raxco \ PerfectDisk \ PDAgent.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ Program Files \ Analog Devices \ SoundMAX \ spkrmon.exe C: \ WINDOWS \ system32 \ wdfmgr.exe C: \ WINDOWS \ system32 \ MsPMSPSv.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE C: \ Program Files \ Raxco \ PerfectDisk \ PDEngine.exe C: \ Program Files \ Mergelių Plačiajuostis \ patarėjas \ BroadbandadvisorComHandler.exe C: \ Program Files \ Mergelių Plačiajuostis \ PCguard \ rpsupdaterR.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe C: \ Program Files \ MSN Messenger \ usnsvc.exe . ************************************************** ************************ . Atlikimo laikas: 2008-04-09 18:31:56 - mašina buvo paleistas ComboFix-karantine-files.txt 2008-04-09 17:31:47 ComboFix2.txt 2008-04-09 00:59:01 ComboFix3.txt 2008-04-09 00:41:25 Pre-Rida: 12340674560 bytes nemokamai Post-Rida: 12324302848 bytes nemokamai . 2008-03-22 04:20:29 --- EOF --- |
|
#4
Balandis 9, 2008, 12:02
| |||
| |||
| Užkrėsti spyware Gera. Dabar paleiskite ATF Cleaner vėl atsikratyti kenksminga failai temp katalogus. Įdėti Combofix prisijungti prie paštu. Aš tikiu, kad jūs galite matyti: ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!! Tai yra bendras ir galite įdiegti atkūrimo konsolę, jei pasirinksite pagal šiuos nurodymus ČIA Laikas padaryti tam valymas ir saugų darbą, kurį atlikote.
 Anksčiau apibūdinta procedūra taip:
1. Dukart spustelėkite OTMoveIt2.exe ją pradėti. Vista vartotojai, spragtelėkite dešiniu klavišu ir pasirinkite Vykdyti kaip administratorius 2. Spauskite Clean! mygtuką. 3. OTMoveIt2 atsisiųsti iš interneto, sąrašą, jei jūsų ugniasienės ar kitų apsauginių programų įspėtų, kad ji gauti. 4. Spauskite TAIP į kitą eilutę (sąrašas atsisiųsti, Ar norite pradėti valymo procesas?)
Sukurti naują atkūrimo tašką, po valymo sistemos leis kompiuterį konstrukcijų Atgal į švarią darbinę būseną, jei reikia.
Pasenusi programinė įranga turi saugumo spragų, kad programinė įranga gali išnaudoti.
Taip pat žiūrėkite Lėtas kompiuterio? Ji negali būti kenkėjiškų programų nemokamai valymo / priežiūros priemones, padedančias išsaugoti savo kompiuteryje, kuriame veikia sklandžiai. Leiskite man žinoti, jei kas nors pasirodo.
__________________ |
|
| |
| Bookmarks |
Panašios Temos | ||||
| Siūlas | Thread Starter | Forumas | Atsakymai | Last Post |
| Užsikrečiama kompiuterio | duskmon10 | Virus, Spyware & Security | 19 | Šiandien 10:12 |
| Mano kompiuteris yra užkrėstas, aš manau? Can anyone help? | lawt555 | Virus, Spyware & Security | 5 | Kovas 16, 2009 04:59 |
| Kids PC infected? | redden137 | Virus, Spyware & Security | 6 | 4 sausis 2009 15:10 |
| Nesu tikras, ar mano kompiuteris yra užkrėstas, ar ne | Rob1 | Virus, Spyware & Security | 4 | 4 vasaris 2008 15:14 |
| Temos įrankiai | |
| |
