LSASSMGR.exe (ir kiti) užkrėstų! Bet info / help?

teddynicholas · #1 Rugsėjis 9, 2008, 10:31

Hello all,

Aš labai nauja savo svetainę, bet neįtikėtinai dėkingi, kad jūs čia. Aš aptiko, nes neseniai infekcijos mano mamos laptopo (We share it) ir man neaišku, kaip ją išspręsti.

Apie keturias dienas, IE langus su pop-up reklamos staiga atsitiks su mano Deskbar that reads, "spyware aptikta balionu! Click here to download anti-spyware"

Išbėgau Symantec ir Spybot S & D Visas Scans (ne tikri, kaip šis virusas paslydo abiejų šių) ir jie nerado nieko! Tada aš pradėjau "Google" paiešką ir atsisiųsti Malwarebyte's Anti-kenkėjiškų programų ir bėgti, kad. Jis nustatė tam tikrų dalykų, tačiau jie nebuvo išspręsti problemą.

I downloaded PrevxCSI tačiau aš neturiu pakankamai $ $ $ dar nusipirkti License (bet aš, jei reikia), ir išvardija:

C: \ WINDOWS \ system32 \ DS fmon.dll - kenksminga programinė įranga
C: \ WINDOWS \ system32 \ CSRLT.exe - kenkėjiškų Dropper
C: \ WINDOWS \ MSBLT.exe - kenkėjiškų Dropper
C: \ WINDOWS \ system32 \ LSASSMGR.exe - maskowana kenkėjiškų programų
C: \ Program Files \ Mozilla Firefox \ firefoxe.exe - maskowana kenkėjiškų programų
C: \ Program Files \ Internet Explorer \ iexplor.exe - maskowana kenkėjiškų programų
C: \ WINDOWS \ system32 \ spool.exe - maskowana kenkėjiškų programų
C: \ WINDOWS \ system32 \ srtsrv32.exe - maskowana kenkėjiškų programų
C: \ WINDOWS \ system32 \ LSSMON.exe - kenkėjiškų Dropper
C: \ WINDOWS \ divx32.dll - kenkėjiškų Dropper
C: \ WINDOWS \ system32 \ msupd32.exe - kenkėjiškų Dropper
C: \ WINDOWS \ system32 \ upd01.exe - kenkėjiškų Dropper

Tai atrodo ir skamba daug mane ir aš esu labai susirūpinęs.

Ar kas nors kokių nors naudingų patarimų mane? I am going to turi išleisti daug pinigų, kad išspręsti šią problemą?

Thank you so much!

**evilfantasy** · #2 Rugsėjis 9, 2008, 11:32

Sveiki teddynicholas. Sveiki atvykę į CJ.

Parsisiųsti ComboFix iki einantys iš vienos iš žemiau nuorodų. Būtinai įrašykite jį į viršų Desktop.

Link # 1
Link # 2

** Pastaba: Svarbu, kad ji yra saugomi tiesiai darbalaukyje

Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt) prieš pradedant ComboFix.

Laikinai daryti nepajėgų tavo AntivirusIr bet Antispyware realaus laiko apsauga prieš atlikti nuskaitymo. Spauskite šį saitą matyti saugumo programų sąrašą, kuris turėtų būti išjungtas ir kaip juos išjungti.

Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas.
Baigę ComboFix gamins žurnalas Jums.
Skelbti ComboFix Prisijungti Jūsų kitą atsakymą.

Svarbu: Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti ją gardas.

Atminkite, kad vėl įjungti antivirusinės ir apsaugos nuo šnipinėjimo programų, kai ComboFix baigtas.

teddynicholas · #3 Rugsėjis 16, 2008, 14:27

ComboFix 08-09-15.02 - Teddy 2008-09-16 16:34:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT -4:00]
Veikia nuo: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe
* Sukurtas naujas atkūrimo taškas

ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!!
.

((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ LocalService \ Cookies \ system@ad.yieldmanag er [1]. Txt
C: \ Documents and Settings \ Teddy \ Cookies \ teddy@ad.yieldmanager [1]. Txt
C: \ WINDOWS \ Downloaded Program Files \ setup.inf
C: \ WINDOWS \ system32 \ spool.exe

.
((((((((((((((((((((((((( Failus, sukurtus nuo 2008/08/16 iki 2008/09/16 ))))))))))) ))))))))))))))))))))
.

2008-09-16 16:21. 2008-09-16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-09-16 13:23. 2008-09-16 13:23 <DIR> d -------- C: \ WINDOWS \ LastGood
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iTunes
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iPod
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 13:12. 2008-09-13 13:16 <DIR> d -------- C: \ Program Files \ Common Files \ Apple
2008-09-08 16:10. 2008-09-08 16:10 <DIR> d -------- C: \ Program Files \ Easy SpyRemover
2008-09-08 15:45. 2008-09-06 00:59 741.376 - ------ C: \ WINDOWS \ system32 \ LSSMON.EXE
2008-09-08 15:45. 2008-09-04 21:59 17.920 - ------ C: \ WINDOWS \ system32 \ LSASSMGR.EXE
2008-09-07 22:34. 2008-09-02 00:16 38.528 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-07 22:33. 2008-09-07 22:34 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-02 00:16 17.200 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-06 15:09. 2008-09-06 15:09 90.112 - ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-09-05 10:44. 2008-09-06 00:59 741.376 - ------ C: \ WINDOWS \ system32 \ msupd32.exe
2008-09-04 21:59. 2008-09-07 12:59 741.376 - ------ C: \ WINDOWS \ system32 \ upd01.exe
2008-09-04 21:59. 2008-09-06 00:59 741.376 - ------ C: \ WINDOWS \ divx32.dll
2008-09-04 21:59. 2008-09-04 21:59 17.920 - ------ C: \ WINDOWS \ system32 \ srtsrv32.exe
2008-09-04 21:59. 2008-09-16 16:24 5.903 - ------ C: \ WINDOWS \ system32 \ mssc32.dll
2008-09-04 21:59. 2008-09-16 16:24 5.903 - ------ C: \ WINDOWS \ system32 \ bsc32.dll
2008-09-02 13:23. 2008-09-02 13:23 <DIR> d -------- C: \ Program Files \ PrevxCSI
2008-09-02 13:23. 2008-09-16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI
2008-09-02 13:23. 2008-09-02 13:23 17.408 - ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys
2008-09-01 01:30. 2008-09-02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-09-01 01:20. 2008-09-07 22:19 0 - ------ C: \ WINDOWS \ system32 \ sc02.sc
2008-08-31 01:46. 2007-02-20 16:04 2.463.976 - ------ C: \ WINDOWS \ system32 \ NPSWF32.dll
2008-08-31 01:46. 2007-02-20 16:04 190.696 - ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe
2008-08-30 09:59. 2008-08-30 21:34 <DIR> d -------- C: \ Program Files \ Macromedia
2008-08-30 09:59. 2008-08-30 21:27 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia
2008-08-30 01:25. 2008-09-13 13:18 <DIR> d -------- C: \ Program Files \ Bonjour
2008-08-29 14:33. 2006-09-18 17:55 109.744 - ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS
2008-08-29 14:33. 2006-09-18 17:55 48.816 - ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-08-29 10:18. 2008-08-29 10:18 87.336 - ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - ------ C: \ WINDOWS \ system32 \ dnssd.dll
2008-08-27 04:05. 2008-04-07 05:38 45.392-RA ------ C: \ WINDOWS \ system32 \ AdobePDF.dll
2008-08-27 04:05. 2008-04-07 05:38 22.872-RA ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 20:53 --------- d ----- w C: \ Program Files \ Symantec AntiVirus
2008-09-13 17:17 --------- d ----- w C: \ Program Files \ QuickTime
2008-09-13 17:13 --------- d ----- w C: \ Program Files \ Apple Software Update
2008-09-08 18:53 249.956 ---- AW C: \ WINDOWS \ system32 \ dsfMon.dll
2008-09-01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-09-01 05:56 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-08-30 05:24 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2008-08-29 18:34 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared
2008-08-29 18:33 --------- d ----- w C: \ Program Files \ Symantec
2008-08-29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-08-27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet
2008-08-26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ openoffice.org2
2008-08-13 21:33 --------- d ----- w C: \ Program Files \ Microsoft Silverlight
2008-08-12 02:46 --------- d ----- w C: \ Program Files \ PHM
2008-07-26 08:55 --------- d ----- w C: \ Program Files \ OpenOffice.org 2.4
2008-07-26 08:54 --------- d ----- w C: \ Program Files \ Java
2008-07-19 02:10 94.920 ---- AW C: \ WINDOWS \ system32 \ cdm.dll
2008-07-19 02:10 53.448 ---- AW C: \ WINDOWS \ system32 \ wuauclt.exe
2008-07-19 02:09 563.912 ---- AW C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-19 02:09 325.832 ---- AW C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-19 02:09 205.000 ---- AW C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-19 02:09 1.811.656 ---- AW C: \ WINDOWS \ system32 \ wuaueng.dll
2008-07-07 20:32 253.952 ---- AW C: \ WINDOWS \ system32 \ es.dll
2008-06-24 22:12 295.936 ------ w C: \ WINDOWS \ system32 \ wmpeffects.dll
2008-06-24 16:23 74.240 ---- AW C: \ WINDOWS \ system32 \ mscms.dll
2008-06-23 16:57 826.368 ---- AW C: \ WINDOWS \ system32 \ wininet.dll
2008-06-20 17:41 245.248 ---- AW C: \ WINDOWS \ system32 \ mswsock.dll
2008-04-19 16:57 32 ---- AW C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"SWG" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696]
H / PC Connection Agent "=" C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe "[2006-11-13 1289000]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]
"IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpybotSD TeaTimer" = "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768]
"RoxioEngineUtility" = "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536]
"RoxioAudioCentral" = "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488]
"SiS" Windows KeyHook "=" C: \ WINDOWS \ system32 \ keyhook.exe "[2004-09-02 249856]
"SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004-09-22 106496]
"Apoint" = "C: \ Program Files \ Apoint2K \ Apoint.exe" [2003-12-05 159744]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"DSFHost" = "C: \ Program Files \ Sąsagėlės \ easyprint \ dsfhost.exe" [2006-01-05 2142301]
"Sinchronizavimas Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360]
"Zune launcher" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007-03-14 24104]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan" = "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Acrobat Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe" [2006-07-19 52896]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168]
"Layersecurity Servicemonitor" = "C: \ WINDOWS \ system32 \ LSSMON.EXE" [2008-09-06 741376]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"SoundMan" = "SOUNDMAN.EXE" [2004/09/22 C: \ WINDOWS \ SOUNDMAN.EXE]
"AGRSMMSG" = "AGRSMMSG.exe" [2004/09/22 C: \ WINDOWS \ AGRSMMSG.exe]
"SiSPower" = "SiSPower.dll" [2004/09/22 C: \ WINDOWS \ system32 \ SiSPower.dll]

C: \ Documents and Settings \ Teddy \ Start Menu \ Programs \ Startup \
Adobe Gamma.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005-03-16 113664]
OneNote 2007 "Ekranas Clipper ir Launcher.lnk - C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006-10-26 98632]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Windows Desktop.lnk - C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(56F9679E-7826-4C84-81F3-532071A8BCC5) "=" C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll "[2007-02-05 294400]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = acaptuser32.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ vaizdo failo vykdymas Options \ firefox.exe]
"Debugger" = C: \ Program Files \ Mozilla Firefox \ firefoxe.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ vaizdo failo vykdymas Options \ iexplore.exe]
"Debugger" = C: \ Program Files \ Internet Explorer \ iexplor.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ vaizdo failo vykdymas Options \ Spoolsv.exe]
"Debugger" = C: \ WINDOWS \ system32 \ spool.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" =
"C: \ Program Files \ Common Files \ \ AOL \ \ krautuvas \ \ aolload.exe" =
"C: \ Program Files \ \ BitLord \ \ BitLord.exe" =
"C: \ Program Files \ Soulseek \ \ slsk.exe" =
"C: \ Program Files \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ StubInstaller.exe" =
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ Messenger \ \ msmsgs.exe" =
"C: \ Program Files \ Skype \ \ aim.exe" =
"C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI vadybininkas
"C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager
"C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync
"C: \ Program Files \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"C: \ Program Files \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"C: \ Program Files \ Microsoft Office \ \ Office12 \ \ OneNote.exe" =
"C: \ Program Files \ \ Isadora \ \ isadora.exe" =
"C: \ Program Files \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ Program Files \ Bonjour \ \ mDNSResponder.exe" =
"C: \ Program Files \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3.389 TCP" = 3389: TCP: @ Xpsp2res.dll, -22.009
"1500: TCP" = 1500: TCP: saugi prieiga Konsultantas Uostas
"26.675 TCP" = 26.675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Paslaugos

* Naujai sukurta tarnyba * - catchme
* Naujai sukurta tarnyba * - PROCEXP90
.
Turinys "Scheduled Tasks" katalogą
.
- - - - Orphans nuimti - - - --

HKLM-run-CSRLT.EXE - C: \ WINDOWS \ system32 \ CSRLT.EXE

.
------- Papildomos Scan -------
.
Firefox -: Profilis - C: \ Documents and Settings \ Teddy \ Application Data \ Mozilla \ Firefox \ Profiles \ 6xzfp0sa.default \
Firefox -: prefs.js - SEARCH.DEFAULTURL - hxxp: / / www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q =
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 16:51:46
Windows 5.1.2600 Service Pack 2 NTFS

skenavimo paslėptus procesus ...

skenavimo paslėptas autostart entries ...

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus failus: 0

************************************************** ************************
.
Atlikimo laikas: 2008-09-16 17:15:59
ComboFix-karantine-files.txt 2008-09-16 21:15:16

Pre-Rida: 10478669824 bytes nemokamai
Post-Rida: 10446106624 bytes nemokamai

190 --- EOF --- 2008-09-11 20:07:51

**evilfantasy** · #4 Rugsėjis 16, 2008, 14:45

Pastaba Toliau instrukcijos buvo sukurtas specialiai šiam vartotojui. Jei nėra šio vartotojo NĖRA laikytis šių nurodymų, nes jie gali sugadinti jūsų sistemos veikimą

Ištrinti šiuos failus / aplankus, taip:

1. Pereiti į Pradžia > Bėgti > Pagal tipą Notepad.exe ir paspauskite Gerai atidarykite "Notepad".
Tai privalėti būti Notepad, WordPad nėra.
2. Kopijuoti tekstą žemiau kodą langelyje, pabrėžiant visą tekstą ir paspausdami Ctrl + C

Kodas

Killall: Failas: C: \ Program Files \ Easy SpyRemover C: \ WINDOWS \ system32 \ LSSMON.EXE C: \ WINDOWS \ system32 \ LSASSMGR.EXE C: \ WINDOWS \ system32 \ msupd32.exe C: \ WINDOWS \ system32 \ upd01.exe C: \ WINDOWS \ system32 \ srtsrv32.exe C: \ WINDOWS \ system32 \ mssc32.dll C: \ WINDOWS \ system32 \ bsc32.dll registro: [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ vaizdas failo vykdymas Options \ iexplore.exe] "Debugger" =- [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ vaizdo failo vykdymas Options \ Spoolsv.exe] "Debugger" =-

3. Grįžti į Notepad langą ir paspauskite Redaguoti > Pasta
4. Tada spustelėkite Failas > Saugoti
5. Bylos pavadinimas CFScript.txt - Išsaugokite šį failą savo darbalaukyje
6. Vilkite CFScript (paspauskite ir laikykite kairįjį pelės klavišą, vilkite failą) ir palikite jį (spaudai kairįjį pelės mygtuką) į ComboFix.exe kaip matote ekrano apačioje. Svarbu: Atlikti šį nurodymą atidžiai!

ComboFix bus pradėti vykdyti, tiesiog vykdykite ekrane pateikiamas instrukcijas.
Po perkrovimo (jei ji prašo paleisti), tai duos žurnalas Jums.
Rašyti, kad žurnalas (Combofix.txt) į jūsų kitą atsakymą.

Pastaba Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti jūsų sistema įšaldyti

teddynicholas · #5 Rugsėjis 16, 2008, 15:32

ComboFix 08-09-15.02 - Teddy 2008-09-16 17:49:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.850 [GMT -4:00]
Veikia nuo: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe
Command jungikliai naudojami: C: \ Documents and Settings \ Teddy \ Desktop \ CFScript.txt
* Sukurtas naujas atkūrimo taškas

ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!!
.

((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ WINDOWS \ system32 \ bsc32.dll
C: \ WINDOWS \ system32 \ LSASSMGR.EXE
C: \ WINDOWS \ system32 \ LSSMON.EXE
C: \ WINDOWS \ system32 \ mssc32.dll
C: \ WINDOWS \ system32 \ msupd32.exe
C: \ WINDOWS \ system32 \ spool.exe
C: \ WINDOWS \ system32 \ srtsrv32.exe
C: \ WINDOWS \ system32 \ upd01.exe

.
((((((((((((((((((((((((( Failus, sukurtus nuo 2008/08/16 iki 2008/09/16 ))))))))))) ))))))))))))))))))))
.

2008-09-16 16:21. 2008-09-16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iTunes
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iPod
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 13:12. 2008-09-13 13:16 <DIR> d -------- C: \ Program Files \ Common Files \ Apple
2008-09-08 16:10. 2008-09-08 16:10 <DIR> d -------- C: \ Program Files \ Easy SpyRemover
2008-09-07 22:34. 2008-09-02 00:16 38.528 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-07 22:33. 2008-09-07 22:34 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-02 00:16 17.200 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-06 15:09. 2008-09-06 15:09 90.112 - ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-09-04 21:59. 2008-09-06 00:59 741.376 - ------ C: \ WINDOWS \ divx32.dll
2008-09-02 13:23. 2008-09-02 13:23 <DIR> d -------- C: \ Program Files \ PrevxCSI
2008-09-02 13:23. 2008-09-16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI
2008-09-02 13:23. 2008-09-02 13:23 17.408 - ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys
2008-09-01 01:30. 2008-09-02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-09-01 01:20. 2008-09-07 22:19 0 - ------ C: \ WINDOWS \ system32 \ sc02.sc
2008-08-31 01:46. 2007-02-20 16:04 2.463.976 - ------ C: \ WINDOWS \ system32 \ NPSWF32.dll
2008-08-31 01:46. 2007-02-20 16:04 190.696 - ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe
2008-08-30 09:59. 2008-08-30 21:34 <DIR> d -------- C: \ Program Files \ Macromedia
2008-08-30 09:59. 2008-08-30 21:27 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia
2008-08-30 01:25. 2008-09-13 13:18 <DIR> d -------- C: \ Program Files \ Bonjour
2008-08-29 14:33. 2006-09-18 17:55 109.744 - ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS
2008-08-29 14:33. 2006-09-18 17:55 48.816 - ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-08-29 10:18. 2008-08-29 10:18 87.336 - ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - ------ C: \ WINDOWS \ system32 \ dnssd.dll
2008-08-27 04:05. 2008-04-07 05:38 45.392-RA ------ C: \ WINDOWS \ system32 \ AdobePDF.dll
2008-08-27 04:05. 2008-04-07 05:38 22.872-RA ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 21:33 --------- d ----- w C: \ Program Files \ Symantec AntiVirus
2008-09-13 17:17 --------- d ----- w C: \ Program Files \ QuickTime
2008-09-13 17:13 --------- d ----- w C: \ Program Files \ Apple Software Update
2008-09-01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-09-01 05:56 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-08-30 05:24 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2008-08-29 18:34 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared
2008-08-29 18:33 --------- d ----- w C: \ Program Files \ Symantec
2008-08-29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-08-27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet
2008-08-26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ openoffice.org2
2008-08-13 21:33 --------- d ----- w C: \ Program Files \ Microsoft Silverlight
2008-08-12 02:46 --------- d ----- w C: \ Program Files \ PHM
2008-07-26 08:55 --------- d ----- w C: \ Program Files \ OpenOffice.org 2.4
2008-07-26 08:54 --------- d ----- w C: \ Program Files \ Java
2008-04-19 16:57 32 ---- AW C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat
.

((((((((((((((((((((((((((((( Snapshot@2008-09-16_17.03.48.82 )))))))))) )))))))))))))))))))))))))))))))
.
- 2007-07-30 23:18:40 33.624-c - AW C: \ WINDOWS \ system32 \ dllcache \ wups.dll
+ 2008-07-19 02:10:20 36.552-c - AW C: \ WINDOWS \ system32 \ dllcache \ wups.dll
- 2007-07-30 23:18:40 33.624 ---- AW C: \ WINDOWS \ system32 \ wups.dll
+ 2008-07-19 02:10:20 36.552 ---- AW C: \ WINDOWS \ system32 \ wups.dll
- 2007-07-30 23:19:12 43.352 ---- AW C: \ WINDOWS \ system32 \ wups2.dll
+ 2008-07-19 02:10:40 45.768 ---- AW C: \ WINDOWS \ system32 \ wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"SWG" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696]
H / PC Connection Agent "=" C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe "[2006-11-13 1289000]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]
"IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpybotSD TeaTimer" = "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768]
"RoxioEngineUtility" = "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536]
"RoxioAudioCentral" = "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488]
"SiS" Windows KeyHook "=" C: \ WINDOWS \ system32 \ keyhook.exe "[2004-09-02 249856]
"SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004-09-22 106496]
"Apoint" = "C: \ Program Files \ Apoint2K \ Apoint.exe" [2003-12-05 159744]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"DSFHost" = "C: \ Program Files \ Sąsagėlės \ easyprint \ dsfhost.exe" [2006-01-05 2142301]
"Sinchronizavimas Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360]
"Zune launcher" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007-03-14 24104]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan" = "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Acrobat Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe" [2006-07-19 52896]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"CSRLT.EXE" = "C: \ WINDOWS \ system32 \ CSRLT.EXE" [BU]
"SoundMan" = "SOUNDMAN.EXE" [2004/09/22 C: \ WINDOWS \ SOUNDMAN.EXE]
"AGRSMMSG" = "AGRSMMSG.exe" [2004/09/22 C: \ WINDOWS \ AGRSMMSG.exe]
"SiSPower" = "SiSPower.dll" [2004/09/22 C: \ WINDOWS \ system32 \ SiSPower.dll]

C: \ Documents and Settings \ Teddy \ Start Menu \ Programs \ Startup \
Adobe Gamma.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005-03-16 113664]
OneNote 2007 "Ekranas Clipper ir Launcher.lnk - C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006-10-26 98632]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Windows Desktop.lnk - C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(56F9679E-7826-4C84-81F3-532071A8BCC5) "=" C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll "[2007-02-05 294400]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = acaptuser32.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ vaizdo failo vykdymas Options \ firefox.exe]
"Debugger" = C: \ Program Files \ Mozilla Firefox \ firefoxe.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" =
"C: \ Program Files \ Common Files \ \ AOL \ \ krautuvas \ \ aolload.exe" =
"C: \ Program Files \ \ BitLord \ \ BitLord.exe" =
"C: \ Program Files \ Soulseek \ \ slsk.exe" =
"C: \ Program Files \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ StubInstaller.exe" =
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ Messenger \ \ msmsgs.exe" =
"C: \ Program Files \ Skype \ \ aim.exe" =
"C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI vadybininkas
"C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager
"C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync
"C: \ Program Files \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"C: \ Program Files \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"C: \ Program Files \ Microsoft Office \ \ Office12 \ \ OneNote.exe" =
"C: \ Program Files \ \ Isadora \ \ isadora.exe" =
"C: \ Program Files \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ Program Files \ Bonjour \ \ mDNSResponder.exe" =
"C: \ Program Files \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3.389 TCP" = 3389: TCP: @ Xpsp2res.dll, -22.009
"1500: TCP" = 1500: TCP: saugi prieiga Konsultantas Uostas
"26.675 TCP" = 26.675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Paslaugos

R0 pxark; pxark, C: \ WINDOWS \ system32 \ drivers \ pxark.sys [2008-09-02 17408]
R2 CSIScanner; CSIScanner, C: \ Program Files \ PrevxCSI \ prevxcsi.exe [2008-09-02 618040]
R2 SafeAccessAgent; saugią prieigą Agent; C: \ Program Files \ StillSecure \ saugią prieigą Agent \ SAService.exe [2006-01-27 880640]
R2 Požiūris Manager paslaugos; Požiūris Vadybininkas Paslaugos, C: \ Program Files \ Požiūris \ Common \ ViewpointService.exe [2007-01-04 24652]
S3 HwIOctl; HwIOctl, C: \ Documents and Settings \ Owner \ Desktop \ HwIOctl.sys []
S3 Ktp3; Elantech Touchpad (KTP3), C: \ WINDOWS \ system32 \ drivers \ Ktp3.sy S [2004-09-22 24704]
S3 Memctl; Memctl, C: \ Documents and Settings \ Owner \ Desktop \ Memctl.sys []
.
Turinys "Scheduled Tasks" katalogą
.
- - - - Orphans nuimti - - - --

HKLM-run-Layersecurity Servicemonitor - C: \ WINDOWS \ system32 \ LSSMON.EXE
HKLM-RunOnce-MSBLT.EXE - C: \ WINDOWS \ MSBLT.EXE

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 18:00:27
Windows 5.1.2600 Service Pack 2 NTFS

skenavimo paslėptus procesus ...

skenavimo paslėptas autostart entries ...

skenavimo paslėptus failus ...

************************************************** ************************
.
------------------------ Kitos aktyvūs procesai ----------------------- --
.
C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
C: \ WINDOWS \ system32 \ IoctlSvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ searchindexer.exe
C: \ Program Files \ Požiūris \ Požiūris Manager \ ViewMgr.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ PROGRA ~ 1 \ Micros ~ 3 \ rapimgr.exe
C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ Playlist.exe
C: \ Program Files \ Apoint2K \ ApntEx.exe
C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe
C: \ WINDOWS \ system32 \ searchfilterhost.exe
.
************************************************** ************************
.
Atlikimo laikas: 2008-09-16 18:24:56 - mašina buvo paleistas
ComboFix-karantine-files.txt 2008-09-16 22:23:49
ComboFix2.txt 2008-09-16 21:16:14

Pre-Rida: 10626510848 bytes nemokamai
Post-Rida: 10616803328 bytes nemokamai

205 --- EOF --- 2008-09-11 20:07:51

**evilfantasy** · #6 Rugsėjis 16, 2008, 15:50

Atsisiųsti TrendMicro HijackThis.exe (HJT) į Desktop.

Dukart spustelėkite HJTInstall.
Spauskite Įdiegti mygtuką.
Jis bus automatiškai vieta HJT į C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Po install, HijackThis turėtų atverti jums.
Spauskite Ar sistema nuskaito ir išsaugokite failą mygtukas
HijackThis bus nuskaityti ir tada žurnale bus atidaryta Notepad.
Nukopijuokite ir įklijuokite visą turinį Prisijunkite savo pranešimą.
Ne turi nustatyti HijackThis nieko nėra. Daugiausia, ką ji mano bus nekenksmingas ir netgi būtinas.

teddynicholas · #7 Rugsėjis 23, 2008, 09:24

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 12:21:04, on 9/23/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
C: \ WINDOWS \ system32 \ IoctlSvc.exe
C: \ Program Files \ StillSecure \ saugią prieigą Agent \ SAService.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Požiūris \ Common \ ViewpointService.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ SOUNDMAN.EXE
C: \ WINDOWS \ system32 \ keyhook.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ Sąsagėlės \ easyprint \ dsfhost.exe
C: \ Program Files \ Zune \ ZuneLauncher.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe
C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe
C: \ PROGRA ~ 1 \ Micros ~ 3 \ rapimgr.exe
C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Požiūris \ Požiūris Manager \ ViewMgr.exe
C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ AcroTray.exe
C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
C: \ WINDOWS \ system32 \ kite taskmgr.exe
C: \ WINDOWS \ lsass.exe
C: \ WINDOWS \ system32 \ SPOOLER.EXE
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.averatec.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://oqaserver-a/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = *. vietos
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ Micros ~ 4 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: AOL Toolbar launcher - (7C554162-8CB7-45A4-B8F4-8EA1C75885F9) - C: \ Program Files \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O2 - BHO: Požiūris Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Program Files \ Požiūris \ Požiūris Toolbar \ 3.8.0 \ ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ GoogleToolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - (AE7CD045-E861-484f-8273-0445EE161910) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ SW g.dll
O2 - BHO: SmartSelect - (F4971EE7-DAA0-4053-9964-665D8EE6A077) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ GoogleToolbar2.dll
O3 - Toolbar: ICQ Toolbar - (DE9C389F-3316-41A7-809B-AA305ED9D922) - C: \ Program Files \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O3 - Toolbar: Požiūris Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Program Files \ Common Files \ Požiūris \ Toolbar Trukmė \ 3.8.0 \ IEViewBar.dll
O3 - Toolbar: Adobe PDF - (47833539-D0C5-4125-9FA8-0819E2EAAC93) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [RoxioEngineUtility] "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe"
O4 - HKLM \ .. \ Run: [RoxioAudioCentral] "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe"
O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [SiSPower] RUNDLL32.EXE SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [SiS Windows KeyHook] C: \ WINDOWS \ system32 \ keyhook.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [DSFHost] C: \ Program Files \ Sąsagėlės \ easyprint \ dsfhost.exe
O4 - HKLM \ .. \ Run: [Synchronization Manager]% SystemRoot% \ System32 \ mobsync.exe / logon
O4 - HKLM \ .. \ Run: [Zune Launcher] "C: \ Program Files \ Zune \ ZuneLauncher.exe"
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [NBKeyScan] "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe"
O4 - HKLM \ .. \ Run: [Adobe Acrobat Reader Speed Launcher] "C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe"
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] C: \ WINDOWS \ system32 \ LSSMON.EXE
O4 - HKLM \ .. \ Run: [Spausdinti buferinės] C: \ WINDOWS \ system32 \ SPOOLER.EXE
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKCU \ .. \ Run: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F -39A1E5104020
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater \ AdobeUpdater.exe
O4 - HKLM \ .. \ Policies \ Explorer \ Run: [LocalSecurityAuthoritySubsystem] C: \ WINDOWS \ lsass.exe
O4 - Startup: Adobe Gamma.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Startup: "OneNote 2007" Ekranas Clipper ir Launcher.lnk = C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Windows Desktop.lnk = C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra kontekstinio meniu punktą: & ICQ Toolbar Search - c: \ Program Files \ AOL \ AOL Toolbar 2.0 \ Resources \ lt \ Local \ search.html
O8 - Extra kontekstinio meniu punktą: Pridėti nuorodą Tikslinė į išlikusį PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppendSelLinks.html
O8 - Extra kontekstinio meniu punktą: Pridėti prie esamo PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppend.html
O8 - Extra kontekstinio meniu punktą: Pakeisti nuorodą Tikslinė Adobe PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECaptureSelLinks.html
O8 - Extra kontekstinio meniu punktą: Convert to Adobe PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECapture.html
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 4 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 4 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 4 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ INetRepl.dll
O9 - Extra button: (no name) - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ INetRepl.dll
O9 - Extra 'Tools' MENUITEM: Sukurkite Mobilus Mėgstamiausios ... - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ INetRepl.dll
O9 - Extra button: ICQ Toolbar - (3369AF0D-62E9-4bda-8103-B4C75499B578) - C: \ Program Files \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MIC273 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Skype - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Program Files \ Skype \ aim.exe
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.averatec.com
O16 - DPF: (0D6BB8B8-0257-420C-B9EB-CFA90DB1026C) -- http://svrnsec01.purchase.edu:88/setup.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klasė) -- http://v5.windowsupdate.microsoft.co...?1096453339343
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ Micros ~ 4 \ Office12 \ GR99D3 ~ 1.DLL
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
Ø20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Automatinė LIVEUPDATE Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe
O23 - Service: CSIScanner - Prevx - C: \ Program Files \ PrevxCSI \ prevxcsi.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver lentelė Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LIVEUPDATE - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
O23 - Service: NMIndexingService - Nero AG - C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Technology Inc Prolific - C: \ WINDOWS \ system32 \ IoctlSvc.exe
O23 - Service: saugi prieiga Konsultantas (SafeAccessAgent) - StillSecure - C: \ Program Files \ StillSecure \ saugią prieigą Agent \ SAService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: SymWMI tarnybos (SymWSC) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe
O23 - Service: Požiūris vadybininkas Paslaugos - Požiūris Corporation - C: \ Program Files \ Požiūris \ Common \ ViewpointService.exe

--
End of file - 14.719 baitų

**evilfantasy** · #8 Rugsėjis 23, 2008, 10:25

Atsisiųsti Malwarebytes 'Anti-Malware (MBAM)

Dukart spustelėkite mbam-setup.exe ir vykdykite ekrane pateikiamas instrukcijas įdiegti programą.
Pabaigoje, įsitikinkite, kad žymės yra dedamas šalia taip:
- Atnaujinti Malwarebytes 'Anti-Malware
- Raketa Malwarebytes 'Anti-Malware
Tada spustelėkite Apdaila.
Jeigu atnaujinimas yra nustatyta, tai atsisiųskite ir įdiekite naujausią versiją.
Kai programa paleista, pasirinkite Atlikti greitai nuskaito, Tada Scan.
Kai nuskaitymas bus baigtas, paspauskite Gerai, Tada Rodyti rezultatus peržiūrėti rezultatus.
Būkite tikri, kad viskas yra patikrinta, ir paspauskite Pašalinti pažymėtus.
Jeigu dezinfekavimo užbaigimo, žurnalas bus atidaryta "Notepad" ir jūs galite būti raginami iš naujo paleisti. (Žr. Ekstra pastaba)
Prisijungti automatiškai išgelbėti MBAM ir gali būti peržiūrėti paspaudę Įrašai kortelėje MBAM.
Nukopijuokite ir įklijuokite visą ataskaitą į kitą atsakymą.

Papildomos pastabos: Jei MBAM susitikimai failą, kurį sunku pašalinti, jums bus pateikiamas kartu su 1, 2 ekrane, spustelėkite Gerai, kad nors ir tegul MBAM elgtis su dezinfekavimo procesą, jei paprašys perkrauti kompiuterį, prašome tai padaryti nedelsiant.

----------

Dabar paleisti naują HijackThis nuskaityti ir po žurnalo kartu su MBAM žurnalas.

Panašios Temos
Siūlas	Thread Starter	Forumas	Atsakymai	Last Post
Pagalba valymo infekuotų PC	veritas9	Virus, Spyware & Security	52	11 sausis 2009 15:12
Lsassmgr.exe	Lovelyeyes	Virus, Spyware & Security	4	21 gruodis 2008 13:28
LSASSMGR.exe	Sparky1567	Virus, Spyware & Security	1	16 rugsėjis 2008 11:48
LSSMON.exe LSASSMGR.exe ir srtsrv.exe	krellda	Virus, Spyware & Security	8	15 rugsėjis 2008 12:58