Inficēts ar spiegprogrammatūru

Pienapuika · #1 Aprīlis 8, 2008, 18:17

Esmu bijis inficēts ar kādu Spyware / Adware, esmu sekoja vairāki pavedieni šeit ievietoto informāciju, kas bija līdzīga lieta, bet bez rezultātiem.

Adware: Changed my darbvirsmas uz ziņu, sakot "Spyware draudi ir atklāti, un klikšķiniet šeit, lai palaistu pilnu skenēšanas", kā arī tā saglabā attiecībā uz popping up ar burbuli stūrī man saki pats stuff.

I've tried lejupielādēt un darbināt ķekars programmu:

SmitFraudFix
Combofix
ATF-Cleaner
CCleaner
SpyBotSearch & Iznīciniet

Taču neviens no tiem, šķiet, ir noteikts kaut ko ...

Please help!

Esmu pievienots ķekars jaunāko apaļkokiem.

Zaļš

**evilfantasy** · #2 Aprīlis 8, 2008, 22:49

Welcome to CJ pienapuika

Izdzēst šos failus / mapes, tas ir:

1. Doties uz Sākums > Skriet > Type Notepad.exe un noklikšķiniet uz OK atvērt Notepad.
Tas vajag ir Notepad, nevis Wordpad.

Click Sākums , Tad Skriet
Veids notepad.exe in Run Box.

2. Kopēt tekstu tālāk kodu ailē, uzsverot visu tekstu un nospiediet Ctrl + C

Kods:

Killall:: Folder:: C: \ WINDOWS \ FLEOK File: C: \ WINDOWS \ didduid.ini C: \ WINDOWS \ system32 \ wmsdkns.exe

3. Go to Notepad logu un noklikšķiniet uz Rediģēt > Ielīmēt
4. Pēc tam noklikšķiniet uz Fails > Glābt
5. Nosaukums failu CFScript.txt - Saglabāt failu darbvirsmā
6. Velciet CFScript (turiet peles kreiso pogu un velkot failu) un nometiet to (izlaide peles kreiso pogu) pārnes ComboFix.exe kā redzat attēlā zemāk. Svarīgi: Veic šo instrukciju uzmanīgi!

ComboFix sāks izpildīt, vienkārši sekojiet instrukcijām.
Pēc reboot (ja tā lūdz atsāknēšana), tā sagatavos log for you.
Post (Combofix.txt), kas ieiet jūsu nākamo atbildi.

Piezīme: Nav mouseclick combofix loga kamēr tas darbojas. Tas var izraisīt sistēmas iesaldēt

----------

Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai.

Vieta atzīme blakus šādiem ierakstiem: (ja ir)

O2 - BHO: (no name) - (00.000.250-0.320-4dd4-be4f-7566d2314352) - (no file)
O2 - BHO: (no name) - (13197ace-6.851-45c3-a7ff-c281324d5489) - (no file)
O2 - BHO: (no name) - (15651c7c-e812-44a2-a9ac-b467a2233e7d) - (no file)
O2 - BHO: (no name) - (4e1075f4-eec4-4a86-add7-cd5f52858c31) - (no file)
O2 - BHO: (no name) - (4e7bd74f-2b8d-469e-92c6-ce7eb590a94d) - (no file)
O2 - BHO: (no name) - (5929cd6e-2.062-44a4-b2c5-2c7e78fbab38) - (no file)
O2 - BHO: (no name) - (5dafd089-24b1-4c5e-bd42-8ca72550717b) - (no file)
O2 - BHO: (no name) - (5fa6752a-c4a0-4.222-88c2-928ae5ab4966) - (no file)
O2 - BHO: (no name) - (622cc208-b014-4fe0-801b-874a5e5e403a) - (no file)
O2 - BHO: (no name) - (8674aea0-9d3d-11d9-99dc-00600f9a01f1) - (no file)
O2 - BHO: (no name) - (965a592f-8efa-4.250-8.630-7960230792f1) - (no file)
O2 - BHO: (no name) - (9c5b2f29-1f46-4.639-a6b4-828942301d3e) - (no file)
O2 - BHO: (no name) - (cf021f40-3e14-23a5-cba2-717.765.728.274) - (no file)
O2 - BHO: (no name) - (fc3a74e5-f281-4f10-ae1e-733078684f3c) - (no file)
O2 - BHO: (no name) - (ffff0001-0002-101A-a3c9-08002b2f49fb) - (no file)
O4 - HKCU \ .. \ Run: [SB Audigy 2 Startup Menu] / L: ENG<- Ja jūs to vajag palaist startēšanas, kas parasti nav nepieciešama.

Svarīgi: Aizveriet visus logus, izņemot HijackThis un pēc tam noklikšķiniet uz Fix pārbaudīja.

Iziet HijackThis.

----------

Lūdzu, lejupielādējiet ATF Apkopēja by Atribune. ATF Cleaner.exe

Pārliecinieties, ka viss pārlūkprogrammas logus slēgtas.

Under Galvenais tab, nodot pārbaude blakus Atlasīt visu.
Click Empty Selected pogu. (Piezīme: Ja noņemat cookies, automatizēta autorizÄìjoties forumos un vietnēs, tiks izslēgta. Ja jūs to nevēlaties, neatķeksējiet Cookies)
Ja Jūs lietojat Firefox pārlūkprogramma:
Noklikšķiniet uz Firefox uz augšu un nodot pārbaude blakus Atlasīt visu.
Ja vēlaties, lai jūsu saglabātās paroles, noklikšķiniet uz Nē par ātru.
Click Empty Selected pogu. (Piezīme: Ja noņemat cookies, automatizēta autorizÄìjoties forumos un vietnēs, tiks izslēgta. Ja jūs to nevēlaties, neatķeksējiet Cookies)
Ja Jūs lietojat Opera pārlūkprogramma:
Noklikšķiniet uz Opera uz augšu un nodot pārbaude blakus Atlasīt visu.
Ja vēlaties, lai jūsu saglabātās paroles, noklikšķiniet uz Nē par ātru.
Click Empty Selected pogu. (Piezīme: Ja noņemat cookies, automatizēta autorizÄìjoties forumos un vietnēs, tiks izslēgta. Ja jūs to nevēlaties, neatķeksējiet Cookies)

Svarīgi: Restartēt datoru, pirms turpināt.

----------

Svarīgi: Atinstalēt versija HijackThis esat. tas ir vecs Beta versija, un mums ir jauna versija, kā arī pārdēvējot to snaiperis.

Pirmais iet ŠEIT un vai šos lai soļiem.

Step Three -- Malwarebytes "Anti-Malware (MBAM)
Step Four -- Atjaunināšana Java
Step Six -- HijackThis

Tagad sākas jauna HijackThis skenēšanas un pēc log kopā ar citiem.

----------

Next post lūdzu, pievienojiet
Combofix log
MBAM log
NEW HijackThis log

Pienapuika · #3 Aprīlis 9, 2008, 11:51

Hey, paldies par silto uzņemšanu un ātras atbildes, kā arī slava tev par padomu!

Es sekoju visiem jūsu norādījumus, piemēram, jūs teicāt, pēc pievienošanas skriptu comofix vīruss šķiet, izzudīs, bet es pēc pārējo pasākumu anyway to makesure.

I did i HijackThis! scan, bet failus man lūdza izdzēst vairs nebija tur, tāpēc es guessing combofix misas vaļā no tiem.

I ilga Malware bytes kā labi, un tā konstatēja dažus failus, kuru man bija tas izdzēst.

Šķiet tas viss ir labi tagad, ne vairāk Background reklāmas vai burbulis logus, es esmu pievienots žurnālus, kā prasīts. Bija, lai saspiestu 2 no tiem, jo tie bija vairāk nekā filesize limitu, saspiests ar winrar tad pārdēvē. Zip, ceru, ka ir ok.

Thanks again Evilfantasy.

ComboFix 08-04-08.7 - Ashton 2008-04-09 18:21:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.682 [GMT 1:00]
Sākot no: C: \ Documents and Settings \ Ashton \ Desktop \ ComboFix.exe
Komandu slēdžus izmanto:: C: \ Documents and Settings \ Ashton \ Desktop \ CFScript.txt
* Izveido jaunu atjaunošanas punktu
* Resident AV darbojas

WARNING, šī mašīna nav atkop Installed!

ATTĒLS:
C: \ WINDOWS \ didduid.ini
C: \ WINDOWS \ system32 \ wmsdkns.exe
.

((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ 180search palīgs
C: \ Program Files \ 180search palīgs \ 180sa.exe
C: \ Program Files \ 180search palīgs \ sau.exe
C: \ Program Files \ 180searchassistant
C: \ Program Files \ 180searchassistant \ saap.exe
C: \ Program Files \ 180searchassistant \ sac.exe
C: \ Program Files \ 180solutions
C: \ Program Files \ 180solutions \ sais.exe
C: \ Program Files \ seekmo
C: \ Program Files \ seekmo \ seekmohook.dll
C: \ Program Files \ stc
C: \ Program Files \ stc \ csv5p070.exe
C: \ Program Files \ Sysmnt
C: \ Program Files \ Sysmnt \ Ssmgr.exe
C: \ Program Files \ zango
C: \ Program Files \ zango \ zango.exe
C: \ WINDOWS \ 180ax.exe
C: \ WINDOWS \ 2020search.dll
C: \ WINDOWS \ 2020search2.dll
C: \ WINDOWS \ bjam.dll
C: \ WINDOWS \ bokja.exe
C: \ WINDOWS \ cdsm32.dll
C: \ WINDOWS \ default.htm
C: \ WINDOWS \ didduid.ini
C: \ WINDOWS \ FLEOK
C: \ WINDOWS \ FLEOK \ 180ax.exe
C: \ WINDOWS \ mspphe.dll
C: \ WINDOWS \ mssvr.exe
C: \ WINDOWS \ saiemod.dll
C: \ WINDOWS \ salm.exe
C: \ WINDOWS \ stcloader.exe
C: \ WINDOWS \ swin32.dll
C: \ WINDOWS \ system32 \ msixu.dll
C: \ WINDOWS \ system32 \ wer8274.dll
C: \ WINDOWS \ system32 \ wmsdkns.exe
C: \ WINDOWS \ TEMP \ salm.exe
C: \ WINDOWS \ updatetc.exe
C: \ WINDOWS \ voiceip.dll

.
((((((((((((((((((((((((( Faili Created no 2008/03/09 līdz 2008/04/09 ))))))))))) ))))))))))))))))))))
.

2008/04/09 08:52. 2008/04/09 08:52 <DIR> d -------- C: \ Program Files \ Sun
2008/04/09 08:36. 2008/04/09 08:36 <DIR> d -------- C: \ Program Files \ Trend Micro
2008/04/09 08:35. 2008/04/09 08:35 <DIR> d -------- C: \ Program Files \ Malwarebytes "Anti-Malware
2008/04/09 08:35. 2008/04/09 08:35 <DIR> d -------- C: \ Documents and Settings \ Ashton \ Application Data \ Malwarebytes
2008/04/09 08:35. 2008/04/09 08:35 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008/04/09 08:31. 2008/04/09 08:31 <DIR> d -------- C: \ Program Files \ Common Files \ Authentium
2008/04/09 08:31. 2008/04/09 18:11 53.192 - ------ C: \ WINDOWS \ system32 \ drivers \ rp_skt32.sys
2008/04/09 08:31. 2007/04/19 11:36 48.384 - ------ C: \ WINDOWS \ system32 \ drivers \ rp_pkt32.sys
2008/04/09 08:30. 2008/04/09 08:30 <DIR> d -------- C: \ Program Files \ Raxco
2008/04/09 08:30. 2008/04/09 18:07 <DIR> d -------- C: \ Program Files \ Common Files \ Scanner
2008/04/09 08:30. 2008/04/09 08:30 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Raxco
2008/04/09 08:28. 2008/04/09 08:28 <DIR> d -------- C: \ Documents and Settings \ Ashton \ Application Data \ InstallShield
2008/04/09 08:25. 2008/04/09 08:30 <DIR> d -------- C: \ Program Files \ Virgin Broadband
2008/04/09 01:42. 2008/04/09 01:42 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Companion
2008/04/09 01:14. 2008/04/09 01:14 <DIR> d -------- C: \ Program Files \ Yahoo!
2008/04/09 01:13. 2008/04/09 01:15 <DIR> d -------- C: \ Program Files \ CCleaner
2008/04/09 00:43. 2008/04/09 01:52 3.314 - ------ C: \ WINDOWS \ system32 \ tmp.reg
2008/04/09 00:42. 2007/09/06 00:22 289.144 - ------ C: \ WINDOWS \ system32 \ VCCLSID.exe
2008/04/09 00:42. 2006/04/27 17:49 288.417 - ------ C: \ WINDOWS \ system32 \ SrchSTS.exe
2008/04/09 00:42. 2008/03/29 00:19 86.528 - ------ C: \ WINDOWS \ system32 \ VACFix.exe
2008/04/09 00:42. 2008/04/08 22:44 82.432 - ------ C: \ WINDOWS \ system32 \ IEDFix.exe
2008/04/09 00:42. 2003/06/05 21:13 53.248 - ------ C: \ WINDOWS \ system32 \ Process.exe
2008/04/09 00:42. 2004/07/31 18:50 51.200 - ------ C: \ WINDOWS \ system32 \ dumphive.exe
2008/04/09 00:42. 2007/10/04 00:36 25.600 - ------ C: \ WINDOWS \ system32 \ WS2Fix.exe
2008/04/09 00:01. 2008/04/09 00:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet
2008/04/08 23:57. 2008/04/08 23:57 <DIR> d -------- C: \ Program Files \ Spybot - Search & Destroy
2008/04/08 23:57. 2008/04/09 00:46 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008/04/08 23:50. 2008/04/08 23:50 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ ALM
2008/04/08 23:47. 2008/04/08 23:47 <DIR> d -------- C: \ Program Files \ Bonjour
2008/04/08 23:29. 2008/04/08 23:29 <DIR> d -------- C: \ Program Files \ Common Files \ Macrovision Shared
2008/04/08 22:42. 2008/04/08 22:42 <DIR> d -------- C: \ Program Files \ PowerISO
2008/04/07 01:56. 2008/04/07 01:56 1.110 - ------ C: \ WINDOWS \ mozver.dat
2008/04/01 22:42. 2008/04/01 22:42 <DIR> d - h ----- C: \ Documents and Settings \ All Users \ Application Data \ (0E8E33D8-193a-414A-A909-0F101A142D26)
2008/04/01 22:38. 2008/04/01 22:38 <DIR> d -------- C: \ Program Files \ Stardock Spēles
2008/03/28 18:39. 2008/03/28 18:39 <DIR> d -------- C: \ Documents and Settings \ Ashton \ Application Data \ dvdcss
2008/03/14 07:04. 2008/03/14 07:04 46.652 - ------ C: \ WINDOWS \ system32 \ drivers \ scdemu.sys
2008/03/13 23:07. 2008/03/13 23:07 <DIR> d -------- C: \ Program Files \ Common Files \ NSV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/04/09 07:54 --------- d ----- w C: \ Program Files \ Java
2008/04/09 07:30 --------- d ----- w C: \ Program Files \ CA
2008/04/09 07:29 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Virgin Broadband
2008/04/09 07:28 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2008/04/09 01:58 --------- d ----- w C: \ Documents and Settings \ Ashton \ Application Data \ Virgin Broadband
2008/04/08 22:47 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2008/02/26 20:59 --------- d ----- w C: \ Documents and Settings \ Ashton \ Application Data \ ATI
2008/02/26 20:59 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ ATI
2008/02/26 20:50 --------- d ----- w C: \ Program Files \ ATI Technologies
2008/02/26 01:30 --------- d ----- w C: \ Program Files \ Spēles-Masters.com
2008/02/25 09:39 --------- d ----- w C: \ Program Files \ Common Files \ INCA Shared
2008/02/25 09:19 --------- d ----- w C: \ Program Files \ GameTribe
2008/02/24 03:18 --------- d ----- w C: \ Program Files \ Temp.p
2008/02/23 22:31 --------- d ----- w C: \ Program Files \ Common Files \ DirectX
2008/02/23 22:26 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Kontiki
2008/02/23 21:42 --------- d ----- w C: \ Program Files \ OGPlanet
2008/02/22 19:06 --------- d ----- w C: \ Documents and Settings \ Ashton \ Application Data \ AdobeUM
2008/02/21 19:33 --------- d ----- w C: \ Program Files \ Three Rings Design
2008/02/20 22:40 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Channel4
2008/02/15 19:17 --------- d ----- w C: \ Program Files \ Winamp
2008/02/15 18:00 --------- d ----- w C: \ Program Files \ Hidden City Games
2008/02/15 16:55 --------- d ----- w C: \ Program Files \ SealOnlineUSA
2008/02/13 21:44 --------- d ----- w C: \ Program Files \ Funcom
2007/12/23 19:41 32 ---- ar C: \ Documents and Settings \ All Users \ hash.dat
2004/02/02 10:31 236.510-c - aw C: \ Documents and Settings \ Ashton \ DIAG.EXE
2004/01/30 18:21 62.480-c - aw C: \ Documents and Settings \ Ashton \ FETODI.COM
2004/01/09 14:28 51.356-c - aw C: \ Documents and Settings \ Ashton \ FETND3.sys
2004/01/09 14:27 53.136-c - aw C: \ Documents and Settings \ Ashton \ FETND4.sys
2004/01/09 14:24 40.960-c - aw C: \ Documents and Settings \ Ashton \ FETND5A.sys
2004/01/09 14:23 42.496-c - aw C: \ Documents and Settings \ Ashton \ FETND5B.sys
2003/11/27 15:01 57.344-c - aw C: \ Documents and Settings \ Ashton \ winsetup.exe
2002/10/09 16:29 147.456-c - aw C: \ Documents and Settings \ Ashton \ NTUTIL.DLL
2002/02/20 11:04 15.552-c - aw C: \ Documents and Settings \ Ashton \ WINNDI.DLL
.

((((((((((((((((((((((((((((( Momentuzņēmums @ 2008-04-09_ 1.41.00.14 ))))))))))) ))))))))))))))))))))))))))))))
.
- 2008/04/08 22:11:46 29.696 ---- aw C: \ WINDOWS \ apphelp32.dll
+ 2008/04/09 17:08:03 9.472 ---- aw C: \ WINDOWS \ apphelp32.dll
- 2008/04/08 22:11:46 14.592 ---- aw C: \ WINDOWS \ asferror32.dll
+ 2008/04/09 17:08:03 8.448 ---- aw C: \ WINDOWS \ asferror32.dll
- 2008/04/08 22:11:46 29.952 ---- aw C: \ WINDOWS \ asycfilt32.dll
+ 2008/04/09 17:08:03 12.800 ---- aw C: \ WINDOWS \ asycfilt32.dll
- 2008/04/08 22:11:46 20.480 ---- aw C: \ WINDOWS \ athprxy32.dll
+ 2008/04/09 17:08:03 18.432 ---- aw C: \ WINDOWS \ athprxy32.dll
- 2008/04/08 22:11:46 17.408 ---- aw C: \ WINDOWS \ ati2dvaa32.dll
+ 2008/04/09 17:08:03 16.896 ---- aw C: \ WINDOWS \ ati2dvaa32.dll
- 2008/04/08 22:11:46 10.752 ---- aw C: \ WINDOWS \ ati2dvag32.dll
+ 2008/04/09 17:08:03 20.480 ---- aw C: \ WINDOWS \ ati2dvag32.dll
- 2008/04/08 22:11:46 22.016 ---- aw C: \ WINDOWS \ audiosrv32.dll
+ 2008/04/09 17:08:03 10.496 ---- aw C: \ WINDOWS \ audiosrv32.dll
- 2008/04/08 22:11:47 22.272 ---- aw C: \ WINDOWS \ autodisc32.dll
+ 2008/04/09 17:08:03 30.464 ---- aw C: \ WINDOWS \ autodisc32.dll
- 2008/04/08 22:11:47 12.288 ---- aw C: \ WINDOWS \ avifile32.dll
+ 2008/04/09 17:08:04 25.856 ---- aw C: \ WINDOWS \ avifile32.dll
- 2008/04/08 22:11:47 27.392 ---- aw C: \ WINDOWS \ avisynthex32.dll
+ 2008/04/09 17:08:04 23.296 ---- aw C: \ WINDOWS \ avisynthex32.dll
- 2008/04/08 22:11:47 23.808 ---- aw C: \ WINDOWS \ aviwrap32.dll
+ 2008/04/09 17:08:04 11.776 ---- aw C: \ WINDOWS \ aviwrap32.dll
- 2008/04/08 22:11:47 17.920 ---- aw C: \ WINDOWS \ browserad.dll
+ 2008/04/09 17:08:04 18.944 ---- aw C: \ WINDOWS \ browserad.dll
- 2008/04/08 22:11:45 31.488 ---- aw C: \ WINDOWS \ changeurl_30.dll
+ 2008/04/09 17:08:03 29.696 ---- aw C: \ WINDOWS \ changeurl_30.dll
- 2007/10/10 15:36:22 10.134 ---- ar C: \ Windows \ Installer \ (05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:00 10.134 ---- ar C: \ Windows \ Installer \ (05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4) \ ARPPRODUCTICON.exe
- 2007/10/10 15:36:18 26.582 ---- ar C: \ Windows \ Installer \ (212F5777-1190-4DEF-8E4D-6B2F313B45E7) \ PerfectDisk.exe
+ 2008/04/09 07:30:56 26.582 ---- ar C: \ Windows \ Installer \ (212F5777-1190-4DEF-8E4D-6B2F313B45E7) \ PerfectDisk.exe
- 2007/10/10 15:36:46 10.134 ---- ar C: \ Windows \ Installer \ (324D4909-7A7B-45CD-B199-E975DC108249) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:31 10.134 ---- ar C: \ Windows \ Installer \ (324D4909-7A7B-45CD-B199-E975DC108249) \ ARPPRODUCTICON.exe
- 2007/10/10 15:36:53 10.134 ---- ar C: \ Windows \ Installer \ (3A836186-46F8-4.388-9.830-820E35C02992) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:45 10.134 ---- ar C: \ Windows \ Installer \ (3A836186-46F8-4.388-9.830-820E35C02992) \ ARPPRODUCTICON.exe
- 2007/10/10 15:36:53 25.214 ---- ar C: \ Windows \ Installer \ (3A836186-46F8-4.388-9.830-820E35C02992) \ Sm_En_DiagD_7C6BED816D7E4AD1AEAF5A1A DB6C8676.exe
+ 2008/04/09 07:31:45 25.214 ---- ar C: \ Windows \ Installer \ (3A836186-46F8-4.388-9.830-820E35C02992) \ Sm_En_DiagD_7C6BED816D7E4AD1AEAF5A1A DB6C8676.exe
- 2007/10/10 15:36:52 10.134 ---- ar C: \ Windows \ Installer \ (3AFF4279-A590-4010-8C8A-3B096A220CFC) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:43 10.134 ---- ar C: \ Windows \ Installer \ (3AFF4279-A590-4010-8C8A-3B096A220CFC) \ ARPPRODUCTICON.exe
- 2007/10/10 15:36:59 10.134 ---- ar C: \ Windows \ Installer \ (3C441434-737C-4D54-8EAB-B409BE54E734) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:50 10.134 ---- ar C: \ Windows \ Installer \ (3C441434-737C-4D54-8EAB-B409BE54E734) \ ARPPRODUCTICON.exe
- 2007/10/10 15:37:00 10.134 ---- ar C: \ Windows \ Installer \ (53C32728-D434-4.143-9C9D-D73D68D00893) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:52 10.134 ---- ar C: \ Windows \ Installer \ (53C32728-D434-4.143-9C9D-D73D68D00893) \ ARPPRODUCTICON.exe
- 2007/10/10 15:37:02 10.134 ---- ar C: \ Windows \ Installer \ (5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:55 10.134 ---- ar C: \ Windows \ Installer \ (5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166) \ ARPPRODUCTICON.exe
- 2007/10/10 15:36:48 10.134 ---- ar C: \ Windows \ Installer \ (6EA0ABC4-172B-48D4-AF26-93322D7FDE72) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:36 10.134 ---- ar C: \ Windows \ Installer \ (6EA0ABC4-172B-48D4-AF26-93322D7FDE72) \ ARPPRODUCTICON.exe
- 2007/10/10 15:36:50 10.134 ---- ar C: \ Windows \ Installer \ (A542D695-16D3-4F89-A6F1-091F009B8ABA) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:42 10.134 ---- ar C: \ Windows \ Installer \ (A542D695-16D3-4F89-A6F1-091F009B8ABA) \ ARPPRODUCTICON.exe
- 2007/10/10 15:35:46 10.134 ---- ar C: \ Windows \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:30:07 10.134 ---- ar C: \ Windows \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ ARPPRODUCTICON.exe
- 2007/10/10 15:35:46 25.214 ---- ar C: \ Windows \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ Desktop_En_Rps_A64EE928C7A645A784CE5 9FBDBDD9D1B.exe
+ 2008/04/09 07:30:07 25.214 ---- ar C: \ Windows \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ Desktop_En_Rps_A64EE928C7A645A784CE5 9FBDBDD9D1B.exe
- 2007/10/10 15:35:46 25.214 ---- ar C: \ Windows \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ Sm_En_Rps_A64EE928C7A645A784CE59FBDB DD9D1B.exe
+ 2008/04/09 07:30:07 25.214 ---- ar C: \ Windows \ Installer \ (AFE0D559-DAC2-4DF0-B432-4CBA15769AA9) \ Sm_En_Rps_A64EE928C7A645A784CE59FBDB DD9D1B.exe
- 2007/10/10 15:36:49 10.134 ---- ar C: \ Windows \ Installer \ (B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:41 10.134 ---- ar C: \ Windows \ Installer \ (B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0) \ ARPPRODUCTICON.exe
- 2007/10/10 15:36:57 10.134 ---- ar C: \ Windows \ Installer \ (C831972C-3.834-4D9D-A095-8350B324AC3C) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:47 10.134 ---- ar C: \ Windows \ Installer \ (C831972C-3.834-4D9D-A095-8350B324AC3C) \ ARPPRODUCTICON.exe
- 2007/10/10 15:36:07 10.134 ---- ar C: \ Windows \ Installer \ (D8AEA1D1-78FE-4CE1-9.405-D7E55E797C4D) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:30:29 10.134 ---- ar C: \ Windows \ Installer \ (D8AEA1D1-78FE-4CE1-9.405-D7E55E797C4D) \ ARPPRODUCTICON.exe
- 2007/10/10 15:36:11 10.134 ---- ar C: \ Windows \ Installer \ (DD1C392B-226D-42C9-B8E6-2A9BEF7583B4) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:30:50 10.134 ---- ar C: \ Windows \ Installer \ (DD1C392B-226D-42C9-B8E6-2A9BEF7583B4) \ ARPPRODUCTICON.exe
- 2007/10/10 15:36:32 10.134 ---- ar C: \ Windows \ Installer \ (ECBDDBD7-43CC-417C-B87A-943AFED8EB57) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:10 10.134 ---- ar C: \ Windows \ Installer \ (ECBDDBD7-43CC-417C-B87A-943AFED8EB57) \ ARPPRODUCTICON.exe
- 2007/10/10 15:36:09 10.134 ---- ar C: \ Windows \ Installer \ (EE1D5780-AF29-4DC4-A107-3FD5F79AC63A) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:30:32 10.134 ---- ar C: \ Windows \ Installer \ (EE1D5780-AF29-4DC4-A107-3FD5F79AC63A) \ ARPPRODUCTICON.exe
- 2007/10/10 15:37:01 10.134 ---- ar C: \ Windows \ Installer \ (FD2EC356-DB5E-40AE-907A-9A1D38F9396D) \ ARPPRODUCTICON.exe
+ 2008/04/09 07:31:53 10.134 ---- ar C: \ Windows \ Installer \ (FD2EC356-DB5E-40AE-907A-9A1D38F9396D) \ ARPPRODUCTICON.exe
- 1998/10/29 16:45:06 306.688 ---- aw C: \ WINDOWS \ IsUninst.exe
+ 1998/10/29 15:45:06 306.688 ---- aw C: \ WINDOWS \ IsUninst.exe
- 2008/04/08 22:11:49 14.080 ---- aw C: \ WINDOWS \ msa64chk.dll
+ 2008/04/09 17:08:06 11.776 ---- aw C: \ WINDOWS \ msa64chk.dll
- 2008/04/08 22:11:49 26.368 ---- aw C: \ WINDOWS \ msapasrc.dll
+ 2008/04/09 17:08:06 26.624 ---- aw C: \ WINDOWS \ msapasrc.dll
- 2008/04/08 22:11:48 25.344 ---- aw C: \ WINDOWS \ ntnut.exe
+ 2008/04/09 17:08:05 8.960 ---- aw C: \ WINDOWS \ ntnut.exe
- 2008/04/08 22:11:47 18.432 ---- aw C: \ WINDOWS \ shdocpe.dll
+ 2008/04/09 17:08:05 32.000 ---- aw C: \ WINDOWS \ shdocpe.dll
- 2008/04/08 22:11:48 21.504 ---- aw C: \ WINDOWS \ shdocpl.dll
+ 2008/04/09 17:08:05 27.904 ---- aw C: \ WINDOWS \ shdocpl.dll
- 2007/09/24 22:30:28 135.168 ---- aw C: \ WINDOWS \ system32 \ java.exe
+ 2008/02/22 00:23:35 135.168 ---- aw C: \ WINDOWS \ system32 \ java.exe
- 2007/09/24 22:30:30 135.168 ---- aw C: \ WINDOWS \ system32 \ javaw.exe
+ 2008/02/22 00:23:39 135.168 ---- aw C: \ WINDOWS \ system32 \ javaw.exe
- 2007/09/24 23:31:42 139.264 ---- aw C: \ WINDOWS \ system32 \ javaws.exe
+ 2008/02/22 01:33:32 139.264 ---- aw C: \ WINDOWS \ system32 \ javaws.exe
- 2008/04/08 22:11:50 9.984 ---- aw C: \ WINDOWS \ system32 \ MSNSA32.dll
+ 2008/04/09 17:08:07 14.336 ---- aw C: \ WINDOWS \ system32 \ MSNSA32.dll
- 2008/04/08 22:11:48 31.488 ---- aw C: \ WINDOWS \ system32 \ ntnut32.exe
+ 2008/04/09 17:08:05 28.928 ---- aw C: \ WINDOWS \ system32 \ ntnut32.exe
- 2008/04/08 22:11:48 21.760 ---- aw C: \ WINDOWS \ system32 \ shdocpe.dll
+ 2008/04/09 17:08:05 26.880 ---- aw C: \ WINDOWS \ system32 \ shdocpe.dll
- 2008/04/08 22:11:48 19.712 ---- aw C: \ WINDOWS \ system32 \ SIPSPI32.dll
+ 2008/04/09 17:08:06 30.720 ---- aw C: \ WINDOWS \ system32 \ SIPSPI32.dll
- 2008/04/08 22:11:47 12.800 ---- aw C: \ WINDOWS \ winsb.dll
+ 2008/04/09 17:08:04 18.432 ---- aw C: \ WINDOWS \ winsb.dll
- 2007/10/10 15:35:42 1.233.920 ---- aw C: \ WINDOWS \ WinSxS \ x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9818.0_x-ww_8ff50c5d \ msxml4.dll
+ 2008/04/09 07:30:03 1.233.920 ---- aw C: \ WINDOWS \ WinSxS \ x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9818.0_x-ww_8ff50c5d \ msxml4.dll
- 2007/10/10 15:35:42 82.432 ---- aw C: \ WINDOWS \ WinSxS \ x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.0.0_x-ww_29c3ad6a \ msxml4r.dll
+ 2008/04/09 07:30:03 82.432 ---- aw C: \ WINDOWS \ WinSxS \ x86_Microsoft.MSXML2R_6bd6b9abf3 45378f_4.1.0.0_x-ww_29c3ad6a \ msxml4r.dll
.
- Snapshot reset uz pašreizējo datumu --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"MsnMsgr" = "C: \ Program Files \ MSN Messenger \ MsnMsgr.exe" [2007/01/19 12:54 5.674.352]
"SB Audigy 2 Startup Menu" = "/ L: ENG" []
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004/08/04 08:56 15.360]

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ RunOnce]
"IndexCleaner" = "C: \ Program Files \ Virgin Broadband \ PCguard \ IdxClnR.exe" [2007/09/05 14:09 61.168]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"dla" = "C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe" [2004/03/15 01:04 122.933]
"UpdateManager" = "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" [2003/08/19 01:01 110.592]
"CTSysVol" = "C: \ Program Files \ Creative \ SBAudigy2 \ Surround Mixer \ CTSysVol.exe" [2002/10/29 09:18 49.152]
"CTDVDDet" = "C: \ Program Files \ Creative \ SBAudigy2 \ DVDAudio \ CTDVDDet.EXE" [2002/09/30 01:00 45.056]
"CTHelper" = "CTHELPER.EXE" [2003/02/20 23:45 28.672 C: \ WINDOWS \ system32 \ CTHELPER.EXE]
"AsioReg" = "REGSVR32.exe" [2004/08/04 08:56 11.776 C: \ WINDOWS \ system32 \ regsvr32.exe]
"UpdReg" = "C: \ WINDOWS \ UpdReg.EXE" [2000/05/11 01:00 90.112]
"ATIPTA" = "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" [2004/05/25 22:35 335.872]
"BJCFD" = "C: \ Program Files \ BroadJump \ Client Foundation \ CFD.exe" [2003/01/27 17:16 376.912]
"WinampAgent" = "C: \ Program Files \ Winamp \ winampa.exe" [2008/01/15 23:54 37.376]
"StartCCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" [2006/11/10 13:35 90.112]
"PWRISOVM.EXE" = "C: \ Program Files \ PowerISO \ PWRISOVM.EXE" [2008/03/15 00:50 233.472]
"plūsmu" = "D: \ installs \ workflow.exe" []
"Broadbandadvisor.exe" = "C: \ Program Files \ Virgin Broadband \ padomnieks \ Broadbandadvisor.exe" [2007/08/07 18:49 2.061.552]
"PCguard" = "C: \ Program Files \ Virgin Broadband \ PCguard \ Rps.exe" [2007/09/05 14:10 310.000]
"-FreedomNeedsReboot" = "C: \ Program Files \ Virgin Broadband \ PCguard \ ZkRunOnceR.exe" [2007/09/05 14:10 13.552]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" [2008/02/22 04:25 144.784]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ RunOnce]
"IndexCleaner" = "C: \ Program Files \ Virgin Broadband \ PCguard \ IdxClnR.exe" [2007/09/05 14:09 61.168]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ System32 \ CTFMON.EXE" [2004/08/04 08:56 15.360]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe [2004/12/14 05:44:06 29.696]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [2000/01/21 09:15:54 65.588]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.X264" = x264vfw.dll
"msacm.ac3acm" = AC3ACM.acm
"msacm.scg726" = scg726.acm
"msacm.alf2cd" = alf2cd.acm
"vidc.dvsd" = mcdvd_32.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ kopīgi instrumenti \ msconfig \ startupreg \ Daemon Tools]
- ------ 2007/08/29 16:09 171.464 C: \ Program Files \ Daemon Tools \ daemon.exe

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ MSN Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ Stardock Games \ \ Sins of Solar Empire \ \ Sins of Solar Empire.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"15.808: TCP" = 15.808: TCP: BitComet 15.808 TCP
"15.808: UDP" = 15.808: UDP: BitComet 15.808 UDP
"3.724: TCP" = 3.724: TCP: Blizzard Downloader: 3.724

S3 iadusb; GlobespanVirata USB iad LAN, Modem, C: \ WINDOWS \ system32 \ drivers \ glauiad.sys [2004/07/02 09:20]
S3 Radialpoint Security Services; Virgin Broadband PCguard, C: \ WINDOWS \ system32 \ dllhost.exe [2004/08/04 08:56]
S3 XDva037; XDva037, C: \ WINDOWS \ system32 \ XDva037.sys []

.
Saturs "Scheduled Tasks" mape
"2008/04/03 19:15:02 C: \ WINDOWS \ Uzdevumi \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1351 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/04/09 18:26:36
Windows 5.1.2600 Service Pack 2 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptos failus: 0

************************************************** ************************
.
------------------------ Citi Running Processes ----------------------- --
.
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ Program Files \ Virgin Broadband \ PCguard \ Fws.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ WINDOWS \ System32 \ CTsvcCDA.exe
C: \ Program Files \ Common Files \ Authentium \ AntiVirus \ dvpapi.exe
C: \ Program Files \ CA \ PPRT \ bin \ ITMRTSVC.exe
C: \ Program Files \ Raxco \ PerfectDisk \ PDAgent.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ Program Files \ Analog Devices \ SoundMAX \ spkrmon.exe
C: \ WINDOWS \ system32 \ wdfmgr.exe
C: \ WINDOWS \ System32 \ MsPMSPSv.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ Program Files \ Raxco \ PerfectDisk \ PDEngine.exe
C: \ Program Files \ Virgin Broadband \ padomnieks \ BroadbandadvisorComHandler.exe
C: \ Program Files \ Virgin Broadband \ PCguard \ rpsupdaterR.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Program Files \ MSN Messenger \ usnsvc.exe
.
************************************************** ************************
.
Pabeigšanas laiks: 2008/04/09 18:31:56 - mašīna bija rebooted
ComboFix-karantīnā-files.txt 2008/04/09 17:31:47
ComboFix2.txt 2008/04/09 00:59:01
ComboFix3.txt 2008/04/09 00:41:25
Pre-Run: 12340674560 bytes free
Post-Run: 12324302848 bytes free
.
2008/03/22 04:20:29 --- EOF ---

**evilfantasy** · #4 Aprīlis 9, 2008, 12:02

Izskatās labi. Tagad sākas ATF Apkopēja atkal atbrīvoties no ļaunprātīgas failus temp mapes.

Man Combofix ieiet post. Es esmu pārliecināts, ka jūs varat redzēt šo: WARNING, šī mašīna nav atkop Installed! Tas ir vispārzināms, un jūs varat instalēt atjaunošanas konsole, ja izvēlēsieties, ievērojot norādījumus ŠEIT

Laiks darīt kādu tīrīšana un drošu darbu, jums ir darīts.

Click START tad RUN
Tagad tips Combofix / u in runbox
Pārliecinieties, ka tur starp Combofix un telpas / u
Tad hit Enter.

Iepriekš minēto procedūru paredz:

Svītrot:
- ComboFix un ar to saistītos failus un mapes.
- VundoFix backups, ja tāds
- C: \ Deckard mapi, ja tāds
- C: _OtMoveIt mapi, ja tāds
Reset pulksteņa uzstādījumus.
Paslēpt failu paplašinājumus, ja nepieciešams.
Paslēpt System / Hidden failus, ja nepieciešams.
Uzstādīt jaunu, tīru Restore Point.

Download OTMoveIt2 ar oldtimer OTMoveIt2.exe un novietojiet to uz darbvirsmas. (ja jums jau ir it)

1. Dubultklikšķis OTMoveIt2.exe to uzsākt.
Vista lietotājiem labo klikšķi un izvēlies Run As Administrator
2. Noklikšķiniet uz Cleanup! pogu.
3. OTMoveIt2 lejupielādēt sarakstu no interneta, ja jūsu ugunsmūra vai citas aizsardzības programmas jūs brīdina, ļauj tai piekļūt.
4. Click JĀ pie nākamā ātru (saraksts lejupielādēt, Vai vēlaties sākt cleanup process)?

Kad pabeigts izejas no OTMoveIt2

Set New Restore Point ir novērst iespējamo reinfection no vecā
Nosakot jaunu atjaunošanas punktu pēc tīrīšanas jūsu sistēma ļaus jūsu datoru, lai apgāšanās atpakaļ uz tīras darba stāvoklī, ja nepieciešams.

Doties uz Sākums > Programmas > Piederumi > System Tools un noklikšķiniet uz System Restore
Izvēlieties radio pogu ar nosaukumu Izveidot Atjaunot Point gada pirmajā ekrānā noklikšķiniet uz Nākamais Dot Restore Point vārdu tam noklikšķiniet uz Izveidot.
Jauns atjaunot punkts būs apzīmogo ar pašreizējo datumu un laiku. Uzturēt reģistru par šo, lai jūs varētu atrast viegli, būtu nepieciešams izmantot System Restore.
Blakus iet uz Sākums > Skriet un tips Cleanmgr
Click OK
Click Papildu opcijas Tab.
Click Clean Up in System Restore sadaļu, lai likvidētu visus iepriekšējos atjaunošanas punktus, izņemot jaunizveidotā tīru vienu.

Lietošanai Secunia Software Inspector lai pārbaudītu novecojis programmatūru.
Novecojis programmatūra ir drošības ievainojamības, ka ļaundabīgās programmas var izmantot.

Click Start Now
Pārbaudiet lodziņu blakus Enable pilnīgu sistēmu pārbaudi.
Click Sākums
Ļaut skenēt pabeigt un ritiniet uz leju, lai redzētu, vai jebkādu šo ziņu atjauninājumu, ir nepieciešama.
Update kaut kas uzskaitīti.

Izbraukšana Uzturētu sevi droši On Web par padomiem un bezmaksas rīki, lai saglabātu jums droši nākotnē.

Apskatiet arī Lēns dators? To nedrīkst Malware bezmaksas tīrīšanas / uzkopšanas līdzekļus, lai palīdzētu saglabāt jūsu datorā, kurā darbojas gluda.

Let me know if anything else nāk uz augšu.

**evilfantasy** · #5 Aprīlis 9, 2008, 12:14

Gandrīz aizmirsu, jums ir nepieciešams instalēt dažus pretvīrusu ASAP.

Es ieteiktu Avast. Tas ir bezmaksas un darbojas ļoti labi. Redzēt ŠEIT plašāka informācija par jauno versiju.